3D Data Visualizations

I’ve been playing around with 3-dimensional binary data visualization, inspired by ..cantor.dust.. The results have been interesting, fun, and in some cases even useful. :)

My implementation is fairly rudimentary: every three bytes in a file is treated as an x, y, z coordinate for a data point in a 3D plane where each axis extends from 0 through 255. This means that if the file has data that contains a certain range of byte values (e.g., printable ASCII characters), those bytes will generate coordinates in the same general area of the 3D plot.

Since non-random data types (executable code, strings, etc) will have an uneven distribution of bytes, different data types will generate different visual patterns. Here is one of my favorites, which was created from a file containing AVR32 executable code:

Visualizing AVR32 code

Visualizing AVR32 code

Different file types have different byte distributions, and thus create different patterns in the 3D plot. We can even start to identify file types based on their corresponding visualizations:

A PDF file

A PDF file

A 32-bit Windows executable

A 32-bit Windows executable

A 32-bit Windows installer (MSI)

A 32-bit Windows installer (MSI)

More importantly, we begin to see patterns associated with certain types of data.

Printable ASCII characters, for example, are represented by the bytes 32 – 126, so they are usually grouped in a small box that is above 0 on each axis, but also at or below the midpoint of each axis.

We can see a grouping of ASCII characters clearly in this otherwise random (compressed) firmware image:

Printable ASCII visualized inside a firmware image

Printable ASCII visualized inside a firmware image

Likewise, executable code tends to produce thin horizontal and vertical lines.

This file contains unknown data, but its byte patterns suggest that it is primarily composed of executable code:

Unknown executable data

Unknown executable data

We can also see in the above visualization that there is little or no printable ASCII characters. This gives us a good idea of what to look for – and what not to look for – when performing a deeper analysis of this data.

I’ve integrated the 3D visualization into binwalk; just use the –3D option:

$ binwalk --3D file.bin

It’s still pretty experimental, but if you want to play with it, grab the latest binwalk code from the git repository.

Posted in New Features
7 comments on “3D Data Visualizations
  1. axet says:

    love it!

  2. randomuser says:

    Very nice work. How did you generate gif files?

  3. These are beautiful!

  4. user says:

    Is there some way via Binwalk or otherwise to save the 3D visualization (single frame) as an image file? Thanks.

  5. Hi colleagues, good post and fastidious arguments commented at this place,
    I am really enjoying by these.

  6. Basil says:

    Do you have a spam problem on this website; I also am a blogger, and I was wondering your situation; we have developed some nice methods and we are looking to exchange strategies with others, be sure to shoot me an email if interested.

3 Pings/Trackbacks for "3D Data Visualizations"
  1. […] Just added some fun 3D binary visualization features to binwalk. Read more about it here. […]

  2. […] Implementation is fairly rudamentary: every three bytes in a file is treated as an x, y, z coordinate for a data point in a 3D plane where each axis extends from 0 through 255.  […]

  3. […] I've been playing around with 3-dimensional binary data visualization, inspired by ..cantor.dust.. The results have been interesting, fun, and in some cases even useful. :). My implementation is fairly rudamentary: every three …  […]

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>