Compression vs. encryption?

Wobble · Post by **Wobble** » Sat Jul 24, 2010 10:59 pm

[out]

Post by **Rheini** » Sat Jul 24, 2010 11:35 pm

Compressed files can't be compressed considerably again.
Also the histogram should be quite uniformly distributed.

Wobble · Post by **Wobble** » Sun Jul 25, 2010 12:04 am

[out]

Post by **Rheini** » Sun Jul 25, 2010 12:39 am

If you take the simplest case of a XOR encryption with only 1 byte the distribution stays uniform of course.
That's why these ones are easy to come by without any disassembling. Series of zeros become series of the xor byte.

In general if you see runs of data in the file you can bet it (or at least that part) isn't compressed.

More sophisticated encryptions use a function to modify the xor key after each round similar to a pseudo-random number generator. Thus it depends on the function that is used how random the output is.

It would be really interesting to investigate if there is a way to detect encryption and compression with static mathematical analysis.

Wobble · Post by **Wobble** » Sun Jul 25, 2010 2:34 am

[out]

Post by **Rheini** » Sun Jul 25, 2010 1:35 pm

Well that's pretty hard. You might try scanning the exe with http://www.peid.info/ and it's Krypto plugin.

XeNTaX

XeNTaX

Compression vs. encryption?

Compression vs. encryption?

Re: Compression vs. encryption?

Re: Compression vs. encryption?

Re: Compression vs. encryption?

Re: Compression vs. encryption?

Re: Compression vs. encryption?