Logo

MonoCalc

/

Binary Pattern Analyzer

Encode/Decode
Enter data as space-separated hex bytes

About This Tool

🔬 Binary Pattern Analyzer – Deep Structural Analysis of Raw Binary Data

The Binary Pattern Analyzer is a browser-based tool for reverse engineers, embedded-systems developers, cryptographers, and security researchers who need to understand the internal structure of binary blobs without a full hex editor. Paste a hex string, binary string, Base64 blob, or ASCII text, click Analyze, and instantly get six layers of insight into your data — all computed locally with no data ever leaving your browser.

📥 Supported Input Formats

The tool accepts four common representations of raw binary data:

  • Hex String — space, colon, or hyphen-separated pairs such as 4D 5A 90 00 or 4D:5A:90:00. Leading zeros and mixed case are accepted.
  • Binary String — sequences of 0 and 1 characters grouped into 8-bit bytes, e.g. 01001101 01011010.
  • Base64 — standard or URL-safe Base64 strings (with or without padding).
  • ASCII / Text — plain readable text, automatically encoded as UTF-8 bytes.

📊 Analysis Modes

1 — Byte Frequency Analysis

Every unique byte value (0x00–0xFF) present in the input is counted and ranked by frequency. A bar chart shows the top 32 most-common bytes as percentages, while the table below extends to the top 50. This histogram is invaluable for spotting high-entropy ciphertext (all bars roughly equal), ASCII text (bars clustered in 0x20–0x7E range), or null-padded firmware (a dominant spike at 0x00 or 0xFF).

freq% = (occurrences / total_bytes) × 100

2 — Shannon Entropy Heatmap

Shannon entropy measures randomness on a scale of 0 to 8 bits per byte:

H = −Σ p(x) × log₂(p(x))   [for each byte value x with p(x) > 0]
RangeLabelTypical cause
0 – 1sparse / nullPadding regions, null-filled buffers
1 – 3structuredBinary headers, simple protocol frames
3 – 6plaintextNatural language text, source code
6 – 7mixed / compressedDEFLATE, LZ4, partially compressed payloads
7 – 8encrypted / randomAES ciphertext, PRNG output, strong hashes

The Entropy Map tab slides a configurable window (default 64 bytes) across the input and plots entropy at each offset, letting you visually locate transitions between structured headers and encrypted payloads in the same binary.

3 — Repeating Pattern Detection

The analyzer scans every byte sub-sequence of the configured length range (default 2–8 bytes) across the first 4 KB of input, building a hash map of occurrences. Any sequence appearing two or more times is reported with its pattern bytes, length, occurrence count, and first match offsets. This makes it easy to identify repeating delimiters, magic numbers, padding sequences, or weak cipher block boundaries.

4 — Magic Byte / File Signature Detection

The tool checks the leading bytes of your input against a built-in database of 30+ file-format signatures including JPEG, PNG, PDF, ELF, PE/EXE, ZIP, GZIP, SQLite, and many more. Matches are shown immediately in the Overview tab with their MIME type and exact signature bytes, allowing fast identification of binary blobs that have had their extensions stripped or been misidentified.

Short signatures (2 bytes, e.g., BMP 42 4D or GZIP 1F 8B) may generate false positives when the bytes appear by coincidence. Longer signatures (8+ bytes) are unambiguous.

5 — Bit-Balance Analysis

For each of the 8 bit positions (bit 0 = LSB through bit 7 = MSB), the tool counts how many bytes have that bit set to 1. In a cryptographically random source, every bit position should hover near 50 % ones. The deviation column highlights positions straying more than 10 % from ideal (flagged red), which can expose structural encoding, register formats, or non-random generation in embedded firmware.

ones_ratio_p = (Σ ((byte >> p) & 1) for all bytes) / total_bytes deviation_p  = |ones_ratio_p − 0.5|

6 — Custom Pattern Search

Enter any hex byte sequence in the Search tab to find every occurrence in the data. Results show the decimal and hex offset alongside 4 bytes of context before and after each match — equivalent to a simple grep -b for binary patterns. This is useful for locating specific protocol frames, error codes, or known function prologs in firmware dumps.

💡 Practical Use Cases

  • Firmware analysis — separate compressed payloads from structured headers by comparing entropy regions
  • Network capture inspection — identify protocol boundaries and repeating frame patterns in raw packet bytes
  • Cryptographic validation — confirm AES output quality by checking bit balance and entropy ≥ 7.9 bits/byte
  • File format identification — recover the original format of files that have been renamed or have their headers stripped
  • Steganography detection — unusually low entropy in image file noise regions may indicate hidden data

⚡ Performance & Limits

All analysis runs in-browser with no server round-trips. Pattern detection is capped at the first 4 KB to ensure sub-second response. Entropy sliding windows and all other analyses run on the full input. Input is decoded to a Uint8Array before processing, giving efficient byte-level operations without additional dependencies.

Frequently Asked Questions

Is the Binary Pattern Analyzer free?

Yes, Binary Pattern Analyzer is totally free :)

Can I use the Binary Pattern Analyzer offline?

Yes, you can install the webapp as PWA.

Is it safe to use Binary Pattern Analyzer?

Yes, any data related to Binary Pattern Analyzer only stored in your browser (if storage required). You can simply clear browser cache to clear all the stored data. We do not store any data on server.

How does the Binary Pattern Analyzer work?

Paste any hex string, binary string, Base64 blob, or ASCII text into the input area, select the appropriate format, and click Analyze. The tool decodes the input into raw bytes entirely in your browser and then runs six analyses in parallel: byte frequency counting, Shannon entropy calculation, repeating pattern detection, magic byte matching, null-region scanning, and bit-balance profiling.

What does the Shannon entropy score tell me?

Shannon entropy measures the randomness of the data on a scale of 0 to 8 bits per byte. Values below 2 typically indicate sparse or null-padded data; 2–5 suggests structured plaintext or simple encoding; 6–7 points to compressed data; and values above 7.5 are characteristic of encrypted or truly random data.

How are repeating patterns detected?

The tool slides a window of every configured pattern length (2–16 bytes) across the input and records every byte sequence that appears more than once. The results are sorted by occurrence count, so the most prevalent patterns surface first. Detection is capped at the first 4 KB to keep analysis instant.

What is magic byte detection and how accurate is it?

Magic bytes are fixed header sequences that identify a file format — for example, PNG files always start with 89 50 4E 47. The tool checks the first bytes of your input against a database of 30+ common format signatures and reports every match with its offset and MIME type. Confidence is high for formats with long, unique signatures (PNG, ELF) and slightly lower for short signatures like BMP (42 4D) that could appear by coincidence.

What is bit-balance analysis used for?

Bit-balance analysis measures the ratio of 1-bits to 0-bits for each of the 8 bit positions across all bytes. In a high-quality random source or AES-encrypted block, every bit position should hover near 50 % ones. Significant deviations indicate structured or biased encoding — useful when evaluating PRNGs, cipher outputs, or custom binary protocols.

Is my data sent to a server when I analyze it?

No. All analysis runs entirely in your browser using JavaScript. Your input is never transmitted to any server, logged, or stored beyond your current browser session. For sensitive firmware dumps or proprietary binary blobs, the tool is completely safe to use offline or in air-gapped environments.