EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-01-2017, 00:22
dila dila is offline
Friend
 
Join Date: Jan 2010
Location: United Kingdom
Posts: 42
Rept. Given: 12
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 23
Thanks Rcvd at 66 Times in 15 Posts
dila Reputation: 31
Post Encryption vs compression detection

I've been investigating ways to distinguish between data that is compressed and data that is encrypted. Entropy is a good way of finding scrambled data but it cannot tell the difference between compressed and encrypted blocks.

With this code, instead of looking at the frequency of occurrence of bytes in the file, we treat the file as if it is the output of a Boolean function and we look at the type of equations that must give rise to this output sequence. This method is used to test the quality of random number generators.

You can find my C++ implementation of the Walsh-Hadamard transform attached. The idea was eventually to build this measurement into some kind of GUI tool for people to use, but I'm not sure that I'm getting good results with it.

You will have to compile it yourself if you want to try it out, but you might just be interested in the code.
Attached Files
File Type: zip file_encryption_test_using_fwht.zip (1.84 MB, 23 views)
Reply With Quote
The Following 7 Users Gave Reputation+1 to dila For This Useful Post:
chessgod101 (10-01-2017), MarcElBichon (10-01-2017), mr.exodia (10-01-2017), Storm Shadow (10-01-2017), tonyweb (10-01-2017), yoza (10-04-2017), zeuscane (10-01-2017)
The Following 13 Users Say Thank You to dila For This Useful Post:
aldente (10-02-2017), an0rma1 (10-01-2017), besoeso (10-01-2017), chessgod101 (10-01-2017), leader (10-07-2017), NoneForce (10-01-2017), ontryit (10-01-2017), sendersu (10-01-2017), Storm Shadow (10-01-2017), tonyweb (10-01-2017), uel888 (10-02-2017), yoza (10-04-2017), zeuscane (10-01-2017)
  #2  
Old 10-01-2017, 20:49
ontryit ontryit is offline
Friend
 
Join Date: Nov 2011
Posts: 135
Rept. Given: 128
Rept. Rcvd 17 Times in 14 Posts
Thanks Given: 230
Thanks Rcvd at 17 Times in 13 Posts
ontryit Reputation: 17
@dila, can you share the src out of this board, since i can't downloaded from the attachment. Thank you
Reply With Quote
  #3  
Old 10-01-2017, 23:31
dila dila is offline
Friend
 
Join Date: Jan 2010
Location: United Kingdom
Posts: 42
Rept. Given: 12
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 23
Thanks Rcvd at 66 Times in 15 Posts
dila Reputation: 31
I pasted the code here https://pastebin.com/q2Ppk51Q. The ZIP attachment is large because it contains a PDF describing a method of testing random sequences using the WHT.

If you want to know more about the transform, you can read about it in The Design of Rijndael book (PDF available here). Here they give some identities of the function, such as how bitwise XOR of two functions in the Boolean domain corresponds to convolution of their coefficients in the spectral domain.
Reply With Quote
The Following 3 Users Say Thank You to dila For This Useful Post:
foosaa (10-09-2017), tonyweb (10-02-2017), zeuscane (10-02-2017)
Reply

Tags
entropy

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On



All times are GMT +8. The time now is 03:50.


ICP05004977
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX