Skip to content

macaugh/large-file-entropy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
3rdParty
3rdParty
 
 
CMakeLists.txt
CMakeLists.txt
 
 
CMakeSettings.json
CMakeSettings.json
 
 
README.md
README.md
 
 
entropy.cpp
entropy.cpp
 
 

Repository files navigation

entropy

entropy is a simple command-line tool to calculate the entropy of files.

Why

The entropy of a file tells us how random this file is. The closer to 8.00, the more random is an input file.

As compression and encryption algorithms output usually consists of high entropy data, one can say any file with entropy greater than 7.0 is likely compressed, encrypted, or packed (in case of executables).

I needed a fast way to calculate the entropy for a couple of files at once in Windows, so I ended up coding this tool, which also supports Linux and macOS.

Download

Windows releases are available here. In order to run them, you need the latest Microsoft Visual C++ Redistributable installed.

For Linux and macOS see the Building section.

Usage

Calculating the entropy of a single file:

$ ./entropy /bin/ls
5.85 /bin/ls

Shell expansion is supported too:

PS C:\> .\entropy.exe C:\Users\User\Downloads\*
7.92 C:\Users\User\Downloads\1.jpeg
8.00 C:\Users\User\Downloads\setup.exe
7.58 C:\Users\User\Downloads\nov.pptx
4.66 C:\Users\User\Downloads\data.bin
7.99 C:\Users\User\Downloads\pic.png
4.07 C:\Users\User\Downloads\budget.xls

From the above output one could say /bin/ls is not packed, 1.jpeg uses compression, setup.exe is compressed, nov.pptx is compressed (yup, these modern MS Office files are all ZIP files indeed), data.bin is not compressed, etc. Is that garuanteed? No, it's just math. 🤓

Building

Linux/macOS

Clone the repo:

$ git clone https://github.com/merces/entropy.git
$ cd entropy

If you have CMake installed, build with:
$ mkdir build
$ cd build
$ cmake ..
$ make

Or if you don't, just use g++:

$ g++ -std=c++20 -o entropy entropy.cpp

Windows

If you use a recent Visual Studio version, you can clone this repository and open the CMakeLists.txt here with File -> Open -> CMake.... Then, select a configuration that suits your needs and build.

Similar Work

I am aware of the following tools that achieve similar results:

Name Comments
DensityScout Uses a different algorithm the author called density.
Detect It Easy Shows a nice graph. Do many other great things. CLI version included.
entropy From Fluffy Suite. Fast. Supports one file at time.
Ent Different algorithm, one file at a time. Windows only. Creates a graph.
ent Gives more information. Process one file at a time.
rahash2 From radare2 framework. rahash2 -a entropy does the job.
rz-hash From Rizin framework. rz-hash -a entropy does the job.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages