Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes
Project description
Introduction
This tool is the implementation in Python of Bintropy, presented in this paper. It implements both modes of operation, either on the entire binary or per section. It uses the entropy values mentioned in the paper for deciding whether the binary contains compressed/encrypted bytes.
Setup
This tool is available as a package from PyPi.
$ pip install bintropy
Usage
The help message explains every option.
$ bintropy --help
Per-section operation mode
For this mode, do not use the -f
/--full
option. Moreover, you can use the --dot-not-decide
option to prevent the tool from returning the boolen but the entropy values instead.
$ bintropy binary
<<< boolean >>>
$ bintropy binary --dot-not-decide
<<< highest block entropy, average block entropy >>>
Full-binary operation mode
For this mode, use the -f
/--full
option. Moreover, you can use the --dot-not-decide
option to prevent the tool from returning the boolen but the entropy values instead.
$ bintropy binary -f
<<< boolean >>>
$ bintropy binary -f --do-not-decide
<<< highest block entropy, average block entropy >>>
Benchmarking
Use the -b
/--benchmark
option to get one more value, the processing time in seconds.
$ bintropy binary
<<< boolean, processing time >>>
$ bintropy binary -f --do-not-decide
<<< highest block entropy, average block entropy, processing time >>>
Overriding default entropy values
The reference paper uses 6.677 for the average block entropy and 7.199 for the highest block entropy. These values can be overriden with the dedicated options.
$ bintropy binary --threshold-average-entropy 5.678 --threshold-highest-entropy 6.789
[...]
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.