Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Radare2: rahash2 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Radare2: rahash2

Published: 2016-10-10
Last Updated: 2016-10-10 10:51:14 UTC
by Didier Stevens (Version: 1)
1 comment(s)

Radare2 is an open-source reverse-engineering framework.

Some time ago I wrote about recovering ransomed pictures. By calculating the entropy of the ransomed files with my byte-stats tool, I could see that the file was not completely encrypted.

rahash2 is one of the tools in the Radare2 framework. As it names implies, it calculates (cryptographic) hashes, but it is quite versatile. For example, it will also calculate entropy:

And like my byte-stats.py tool, it can also split the file in blocks and calculate the entropy for each block. You do this with option -b blocksize, and it will also produce a nice ASCII-art graph:

If you have interesting tips for rahash2 (or other Radare2 tools), please post a comment.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

1 comment(s)
Diary Archives