If providing more than one file, binwalk uses verbose mode only.
Baa14453 opened this issue · comments
Baa commented
Hi,
I am using binwalk to calculate the entropy of two files. When I do this, it acts as if I have passed the --verbose
switch.
It does this from command-line and the API,
In addition, using the API only the entropy of the last file is calculated.
Single file operations
binwalk -E file1.png --nplot
:
DECIMAL HEXADECIMAL ENTROPY
--------------------------------------------------------------------------------
1024 0x400 Rising entropy edge (0.959579)
7168 0x1C00 Rising entropy edge (0.958100)
9216 0x2400 Rising entropy edge (0.963688)
15360 0x3C00 Rising entropy edge (0.966344)
17408 0x4400 Falling entropy edge (0.743483)
20480 0x5000 Falling entropy edge (0.753434)
22528 0x5800 Rising entropy edge (0.953214)
25600 0x6400 Rising entropy edge (0.964227)
32768 0x8000 Rising entropy edge (0.964087)
43008 0xA800 Rising entropy edge (0.975895)
51200 0xC800 Rising entropy edge (0.951791)
53248 0xD000 Rising entropy edge (0.962434)
55296 0xD800 Falling entropy edge (0.294694)
57344 0xE000 Rising entropy edge (0.965712)
66560 0x10400 Falling entropy edge (0.378792)
binwalk -E file1.png --nplot --verbose
Scan Time: 2023-06-01 19:04:58
Target File: /home/baa/Downloads/temp/file1.png
MD5 Checksum: 12732d1bff9db47c11399ee435ea0215
DECIMAL HEXADECIMAL ENTROPY
--------------------------------------------------------------------------------
0 0x0 0.949861
1024 0x400 0.959579
2048 0x800 0.955817
3072 0xC00 0.971483
4096 0x1000 0.968247
5120 0x1400 0.969498
6144 0x1800 0.929251
7168 0x1C00 0.958100
8192 0x2000 0.914151
9216 0x2400 0.963688
10240 0x2800 0.969314
11264 0x2C00 0.971493
12288 0x3000 0.970677
13312 0x3400 0.926387
14336 0x3800 0.912220
15360 0x3C00 0.966344
16384 0x4000 0.961265
17408 0x4400 0.743483
18432 0x4800 0.928711
19456 0x4C00 0.924944
20480 0x5000 0.753434
21504 0x5400 0.878900
22528 0x5800 0.953214
23552 0x5C00 0.898333
24576 0x6000 0.931520
25600 0x6400 0.964227
26624 0x6800 0.954490
27648 0x6C00 0.959507
28672 0x7000 0.963246
29696 0x7400 0.971525
30720 0x7800 0.967919
31744 0x7C00 0.913375
32768 0x8000 0.964087
33792 0x8400 0.970660
34816 0x8800 0.971863
35840 0x8C00 0.964137
36864 0x9000 0.974050
37888 0x9400 0.966759
38912 0x9800 0.964000
39936 0x9C00 0.969037
40960 0xA000 0.947263
41984 0xA400 0.904252
43008 0xA800 0.975895
44032 0xAC00 0.972085
45056 0xB000 0.976440
46080 0xB400 0.972787
47104 0xB800 0.960667
48128 0xBC00 0.971557
49152 0xC000 0.963823
50176 0xC400 0.899801
51200 0xC800 0.951791
52224 0xCC00 0.903265
53248 0xD000 0.962434
54272 0xD400 0.921925
55296 0xD800 0.294694
56320 0xDC00 0.877480
57344 0xE000 0.965712
58368 0xE400 0.960424
59392 0xE800 0.960271
60416 0xEC00 0.964225
61440 0xF000 0.967849
62464 0xF400 0.952928
63488 0xF800 0.948450
64512 0xFC00 0.946729
65536 0x10000 0.891043
66560 0x10400 0.378792
Multiple file operation
binwalk -E file1.png file2.png --nplot
Scan Time: 2023-06-01 19:05:37
Target File: /home/baa/Downloads/temp/file1.png
MD5 Checksum: 12732d1bff9db47c11399ee435ea0215
DECIMAL HEXADECIMAL ENTROPY
--------------------------------------------------------------------------------
0 0x0 0.949861
1024 0x400 0.959579
2048 0x800 0.955817
3072 0xC00 0.971483
4096 0x1000 0.968247
5120 0x1400 0.969498
6144 0x1800 0.929251
7168 0x1C00 0.958100
8192 0x2000 0.914151
9216 0x2400 0.963688
10240 0x2800 0.969314
11264 0x2C00 0.971493
12288 0x3000 0.970677
13312 0x3400 0.926387
14336 0x3800 0.912220
15360 0x3C00 0.966344
16384 0x4000 0.961265
17408 0x4400 0.743483
18432 0x4800 0.928711
19456 0x4C00 0.924944
20480 0x5000 0.753434
21504 0x5400 0.878900
22528 0x5800 0.953214
23552 0x5C00 0.898333
24576 0x6000 0.931520
25600 0x6400 0.964227
26624 0x6800 0.954490
27648 0x6C00 0.959507
28672 0x7000 0.963246
29696 0x7400 0.971525
30720 0x7800 0.967919
31744 0x7C00 0.913375
32768 0x8000 0.964087
33792 0x8400 0.970660
34816 0x8800 0.971863
35840 0x8C00 0.964137
36864 0x9000 0.974050
37888 0x9400 0.966759
38912 0x9800 0.964000
39936 0x9C00 0.969037
40960 0xA000 0.947263
41984 0xA400 0.904252
43008 0xA800 0.975895
44032 0xAC00 0.972085
45056 0xB000 0.976440
46080 0xB400 0.972787
47104 0xB800 0.960667
48128 0xBC00 0.971557
49152 0xC000 0.963823
50176 0xC400 0.899801
51200 0xC800 0.951791
52224 0xCC00 0.903265
53248 0xD000 0.962434
54272 0xD400 0.921925
55296 0xD800 0.294694
56320 0xDC00 0.877480
57344 0xE000 0.965712
58368 0xE400 0.960424
59392 0xE800 0.960271
60416 0xEC00 0.964225
61440 0xF000 0.967849
62464 0xF400 0.952928
63488 0xF800 0.948450
64512 0xFC00 0.946729
65536 0x10000 0.891043
66560 0x10400 0.378792
Scan Time: 2023-06-01 19:05:37
Target File: /home/baa/Downloads/temp/file2.png
MD5 Checksum: 42f374df36849327f69c4d404ac1dcee
DECIMAL HEXADECIMAL ENTROPY
--------------------------------------------------------------------------------
0 0x0 0.949400
1024 0x400 0.959579
2048 0x800 0.955817
3072 0xC00 0.971483
4096 0x1000 0.968247
5120 0x1400 0.969498
6144 0x1800 0.929251
7168 0x1C00 0.958100
8192 0x2000 0.914151
9216 0x2400 0.963688
10240 0x2800 0.969314
11264 0x2C00 0.971493
12288 0x3000 0.970677
13312 0x3400 0.926387
14336 0x3800 0.912220
15360 0x3C00 0.966344
16384 0x4000 0.961265
17408 0x4400 0.743483
18432 0x4800 0.928711
19456 0x4C00 0.924944
20480 0x5000 0.753434
21504 0x5400 0.878900
22528 0x5800 0.953214
23552 0x5C00 0.898333
24576 0x6000 0.931520
25600 0x6400 0.964227
26624 0x6800 0.954490
27648 0x6C00 0.959507
28672 0x7000 0.963246
29696 0x7400 0.971525
30720 0x7800 0.967919
31744 0x7C00 0.913375
32768 0x8000 0.964087
33792 0x8400 0.970660
34816 0x8800 0.971863
35840 0x8C00 0.964137
36864 0x9000 0.974050
37888 0x9400 0.966759
38912 0x9800 0.964000
39936 0x9C00 0.969037
40960 0xA000 0.947263
41984 0xA400 0.904252
43008 0xA800 0.975895
44032 0xAC00 0.972085
45056 0xB000 0.976440
46080 0xB400 0.972787
47104 0xB800 0.960667
48128 0xBC00 0.971557
49152 0xC000 0.963823
50176 0xC400 0.899801
51200 0xC800 0.951791
52224 0xCC00 0.903265
53248 0xD000 0.962434
54272 0xD400 0.921925
55296 0xD800 0.294694
56320 0xDC00 0.877480
57344 0xE000 0.965712
58368 0xE400 0.960424
59392 0xE800 0.960271
60416 0xEC00 0.964225
61440 0xF000 0.967849
62464 0xF400 0.952928
63488 0xF800 0.948450
64512 0xFC00 0.946729
65536 0x10000 0.891043
66560 0x10400 0.378792
As you can see, no --verbose
switch has been passed, yet it produces significantly more entropy offsets.
Example using the API:
import binwalk, shutil
from glob import glob
scan_results = binwalk.scan(*["file1.png", "file2.png"], entropy=True, quiet=True, nplot=True)
for module in scan_results:
for result in module.results:
print(result.file.name, result.entropy)
Output:
file2.png 0.9493996944468599
file2.png 0.9595791722861261
file2.png 0.9558169198936609
file2.png 0.9714829585169217
file2.png 0.9682472263461492
file2.png 0.9694977535535277
file2.png 0.9292512540892645
file2.png 0.9580999844401131
file2.png 0.9141505571106932
file2.png 0.9636884269465352
file2.png 0.9693139162127572
file2.png 0.9714932953837963
file2.png 0.9706772584604624
file2.png 0.9263866605337727
file2.png 0.9122197382879317
file2.png 0.9663442022196504
file2.png 0.9612653482355105
file2.png 0.7434828096366249
file2.png 0.9287111086094179
file2.png 0.9249435757188217
file2.png 0.7534343064656258
file2.png 0.8789004250389856
file2.png 0.9532139952319626
file2.png 0.8983331044969495
file2.png 0.931519964496851
file2.png 0.9642267738844269
file2.png 0.9544897483995143
file2.png 0.9595069003382327
file2.png 0.9632455479828916
file2.png 0.9715250607039375
file2.png 0.9679185595220438
file2.png 0.9133748589014484
file2.png 0.9640868603466539
file2.png 0.9706602528059435
file2.png 0.9718626201452758
file2.png 0.9641368415572951
file2.png 0.9740504400144321
file2.png 0.966759038140978
file2.png 0.963999648597922
file2.png 0.9690371318079097
file2.png 0.947262934035993
file2.png 0.9042520203577415
file2.png 0.9758947528658587
file2.png 0.9720849236316688
file2.png 0.9764404671754977
file2.png 0.9727871693348875
file2.png 0.9606666032245503
file2.png 0.9715573585035273
file2.png 0.9638233059287353
file2.png 0.899800654170215
file2.png 0.9517905494901737
file2.png 0.9032648690623268
file2.png 0.9624338929205475
file2.png 0.9219248538891675
file2.png 0.29469376058274616
file2.png 0.877479852654148
file2.png 0.9657120237236935
file2.png 0.9604239168003949
file2.png 0.9602711210893344
file2.png 0.9642254623864204
file2.png 0.9678487908106863
file2.png 0.9529282983767369
file2.png 0.9484503965210455
file2.png 0.9467292820596948
file2.png 0.8910431181661602
file2.png 0.37879248741029753
The output is verbose and there are no results for file1.png.
I tried adding the verbose=False
but it makes no difference.
Thanks.