|
|
|
|
|
|
by hoosieree
661 days ago
|
|
|
I love these kinds of tools! For part of my PhD research I made a bunch of digraph heatmaps of (differently-obfuscated variations of) stdlib binary files (raw byte sequences and asm mnemonics shown side-by-side): https://alexshroyer.com/misc/digraphs.mp4 There are often bright spots in these kinds of visuals that you end up seeing over and over again (e.g. clusters of ASCII). |
|
|
Indeed, this is specially true in the "bigrams" mode, where each point (X,Y) is set if the bytes X and Y (00..FF) appear in that order in the input. If you look at the bigrams example in the README, you can see that there is a bright zone where the lowercase ASCII characters are, since that graph is plotting the .rodata section of the binary (using the bin-graph-section.sh script). These patterns appear with other kinds of data, not just text (e.g. x86 instructions).