HexLasso CLI

Posted | Modified
Author

Introduction

HexLasso CLI is a binary data analysis utility with command line interface that allows for static exploration of binary data.

HexLasso CLI takes input files and produces an interactive HTML file that can be viewed from a web browser.


The HexLasso plot of a high entropy sample showing increased matches in the second half of the data in green.

When the HTML file is loaded in the web browser, you can choose out of a list of analysis plots to be drawn. Such plots include entropy, match coverage, and byte frequency plots among others.

Plots you choose are combined into one overall graph which comes with the advantage to see the correlation between them.

The horizontal axis is the position in the data, and the vertical axis is the score between 0 and 100.

You can mark positions in the plot to display the data offset of important location.

Plots

You can choose out of a list of analysis plots to be drawn.

ENTROPY
ENTROPY_IN_ORDER_1
BYTE_PREDICTION_IN_ORDER_1
COMPRESSED_SIZE_DEFLATE_OR_DATA_SIZE
UNIQUE_DWORD_CNT
UNIQUE_WORD_CNT
UNIQUE_BYTE_CNT
MATCH_COVERAGE_WORD
MATCH_COVERAGE_DWORD
MATCH_COVERAGE_QWORD
BYTE_FREQ_ASCII_CONTROL
BYTE_FREQ_ASCII_PRINTABLE
BYTE_FREQ_EXTENDED_ASCII
BYTE_FREQ_00
BYTE_FREQ_FF
BYTE_FREQ_8B
BYTE_FREQ_E8_E9
BYTE_FREQ_MULTIPLE_OF_4
BYTE_FREQ_MULTIPLE_OF_8
WORD_FREQ_FF15
WORD_FREQ_FF25
MOST_FREQ_BYTE_VALUE
MOST_FREQ_BYTE_COVERAGE
STRING_COVERAGE_ASCII_PRINTABLE_MINLEN_4
STRING_COVERAGE_ASCII_PRINTABLE_MINLEN_8
STRING_COVERAGE_UNICODE_PRINTABLE_MINLEN_4
STRING_COVERAGE_UNICODE_PRINTABLE_MINLEN_8
RUNS_OF_BYTES_MINLEN_4
RUNS_OF_BYTES_MINLEN_8
RELATIVE_REFERENCE
DELTA_CH

System Requirements

The minimum required OS to run HexLasso CLI is Windows XP. A web browser with SVG and JavaScript support is required to run the interactive HTML file.

Development Details

HexLasso CLI is being developed in Visual C# 2010 and .NET Framework 4. It is entirely implemented in managed code.

HexLasso CLI is a spin-off project of BinCovery.