Update on Overleaf.

Chapters/Evaluation.tex

@@ -126,7 +126,45 @@ Among all evaluated \glspl{esim}, \texttt{estk.me} stands out due to its publicl
 
 The firmware image accompanying the update utility appears to be encrypted or obfuscated. An entropy analysis conducted using the Shannon entropy metric indicates a consistently high entropy across all tested firmware files, suggesting the presence of encryption or compression. For instance, the entropy of the T001V06 firmware image was measured at approximately \texttt{7.998}, which is close to the theoretical maximum of \texttt{8.0} for purely random data.
 
-\todo{Entropy graph, shannon entropy for all firmwares}
+\begin{figure}[htbp]
+\centering
+\begin{tikzpicture}
+  \begin{axis}[
+    title={Shannon Entropy},
+    xlabel={Block},
+    ylabel={Entropy},
+    legend pos=south west,
+    width=12cm,
+    height=6cm,
+    enlargelimits=true,
+    mark size=2pt,
+    xmin=0,
+    ymin=0,
+    grid,
+  ]
+
+    \addplot[
+      color=blue,
+      mark=*,
+    ] table [x expr=\coordindex, y index=0] {Graphics/data/shannon_entropy_estk_me_t000v06_3_4_3.dat};
+    \addlegendentry{T000V06}
+
+    \addplot[
+      color=red,
+      mark=square*,
+    ] table [x expr=\coordindex, y index=0] {Graphics/data/shannon_entropy_estk_me_t001v06_3_4_3.dat};
+    \addlegendentry{T001V06}
+
+    \addplot[
+      color=green!60!black,
+      mark=triangle*,
+    ] table [x expr=\coordindex, y index=0] {Graphics/data/shannon_entropy_estk_me_t002v06_3_4_3.dat};
+    \addlegendentry{T002V06}
+
+  \end{axis}
+\end{tikzpicture}
+\caption{Shannon entropy values across blocks for three different firmware versions.}
+\end{figure}
 
 A deeper static analysis using Ghidra did not reveal any recognizable structure or file headers, further supporting the assumption of encryption. Similarly, tools like Binwalk\footnote{https://github.com/ReFirmLabs/binwalk} did not detect known compression schemes, embedded file systems, or file signatures. Consequently, firmware payload analysis could not be meaningfully performed beyond block-level transmission.
 
@@ -220,7 +258,7 @@ We catalogued the \gls{isdr} \glspl{aid} observed during tracing across multiple
     \item \textbf{standard}: \texttt{a0000005591010ffffffff8900000100}
 \end{itemize}
 
-This variation in \gls{aid} usage may be driven by internal vendor policy, branding, or the need to segment access to multiple security domains or services. In the case of \texttt{eSIM.me}, the coexistence of both the standard and custom \glspl{aid} suggests a fallback mechanism for compatibility with generic \gls{lpa} implementations. \todo{Check which applications are allowed by the ara-m}
+This variation in \gls{aid} usage may be driven by internal vendor policy, branding, or the need to segment access to multiple security domains or services. In the case of \texttt{eSIM.me}, the coexistence of both the standard and custom \glspl{aid} suggests a fallback mechanism for compatibility with generic \gls{lpa} implementations.
 
 While tracing provides valuable insights into command sequencing and \gls{aid} selection behaviors, its utility is restricted when it comes to exercising full profile management flows or cross-device compatibility testing without access to valid cryptographic credentials.