Giters

Crane-Mocker / aCropalypse-JPEG-PoC

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

aCropalypse-JPEG-PoC

so basically the pixel 7 pro, when you crop and save a screenshot, overwrites the image with the new version, but leaves the rest of the original file in its place

For JPEG, just to detect whether the cropped image is affected by aCropalypse is simple: if there are 2 EOI markers

To sanitize the cropped image is also simple: delete everything after the first EOI marker

To restore the missing part of the image, let's get more information about JPEG compression and format!

  • JPEG uses YCbCr color space, Y is for brightness, Cb and Cr are for color information.
  • A JFIF marker consists of two bytes: FF not followed by 00 or FF
  • Compressed image data are between SOS and EOI

So, if there is the compressed image data (of the rest part of the cropped image), the missing part of the image can be restored.

Use

python3 acropalypse_JPEG_detection.py path/to/file.jpg

ref

Exploiting aCropalypse: Recovering Truncated PNGs

JPEG File Interchange Format

JPEG format

acropalypse_detection.py

acropalypse_matching_sha256.py

About

License:MIT License

Languages

Language:Python 100.0%