Extracting ICC Photoshop Profile from Binary File

[king javo]

Hi,

I'm trying to investigate how to extract images from an XBOX 360 save file (I know this may sound out of left field), but I found an "ICCPPhotoshop ICC profile" in the file and after some research stumbled upon this site.  Forgive my ignorance on the subject, but I was curious if someone might be able to explain what this actually does in games and if there's any possible way I could "extract" and eventually modify and re-insert images from this file?

Love to hear your thoughts!

Code Select Expand

iCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., +.......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2........`ZxZ,....eI..Z.Y...n.Z9Y.XUZ].F...%........N.N...g................m.}agb.g........}.}..=.......Z.~s.r.:V:.....?}..../gX....3....).i.S..Gg.g.s.....K....>........Jt.q].z............6.i.....4.).Y3s...C.Q..?...0k..~OCO.g..#/c/.W.....w..a..>.>r..>.<7.2.Y_.7.....O.o._..C.#.d.z.....%.g...A.[...z|!..?:.e....A...A.A.......!h....!......i..P~....a.a..~.'...W.?.p.X..1.5w..Cs.D.D.D..g1O9.-J5*>..j<.7.4.?..fY..X.XIlK.9.*.6nl...........{../.]py..........,:.@L.N8..A.*...%..w%..y...g"/.6...C\*.N.H*Mz....5y$.3.,...'...L.L..:...v m2=:.1....qB.!M..g.g.fv..e....n../....k....Y-..B..TZ(.*..geWf....9...+.......7.............KW-.X...j9.<qy.....+.V..<...*m.O..W..~.&zMk.^......k..U...}....]OX/Y..a....>...........(.x...o..........d.f.f...-.[.......n......V....E./..(....C...<..e....;?T.T.T.T6....a..n...{..4...[...>...U.UM.f.e.I...?.......m].Nmq.......#........=TR..+.G.......w-.6.U....#pDy........:.v.{.....v.g./jB...F.S..[b[.O.>....z.G....4<YyJ.T.i.....g......}~...`...{.c..j.o...t..E...;.;.\..t.....W.W..:_m.t.<...O.......\k..z..{f....7....y......9=...zo.......~r'.....w'...O._.@.A.C...?[......j.w....G..........C..........8>99.?r....C.d.&........./~..............m|..............x31^.V...w.w.....O.| .(.h...S.............c3-.....gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F....PLTE.?6r*)....@=........#.+(..........6<.......*)....F7>}..yg...*'(.......iX........$.......XE.8=......IHI..|..........o.....(%..........83....gT......645...yyz.ZX.KC..v......\[\.cW.wh.ul..........18.......+1.C@...~MH................'+.aN.[Q.zv.TL.....j...................je....UE.5<..s.............49...................04.TP...dcd.32.F<.cZx...k].........g...........y@<........w.............ec......N....../).SG..........6=..........GA...................;...l...t#!....t`.WH.96.zd.1/.QK. ........ts.LA.4:................l`.|r.A;.79....................#.....4..... .ex....Wl...." .......8>.......3:.+,......#  2/0B@A......................c]..........r.......ONO;9:._M.....}.NI........}.......%$ono.a^....................&.........................p_........................A;hF....IDATx............n.F..6a."K......a9U.........U.....).D..va..5f.........%U<.. .e.V.....^{...^^.o@3:s.i~Y...A.~.~........8..}.s...BW...s......:::::....=...9c......v.......{.K]....].{.!......t:...<.3.<o]u.}...B...5]......[^DM.O.lB....Ck...Zk.n...M...y..<......D.X....C.E.C.a......u$l..Q......W......m..".|.....9sF.!..Q....3s}T.M...a.E7.3..33.........ntO`#..ef^.f.Q._.1...y....K.E......O.y..\N&...._N<..(..._y.Mx....N.k"k..E..^M.....7.<.....Y........'Q....'..d....F.n....i.e.3......F..d.e. ...,[=9;;;;{24..l....(I.U.|.J.$I.......,..Q&..$Y=2U..a..]..f.....laO>..u.u|...N.|Z...._..O....+..(.!.....G..*.....+{:..W..5..k'....i...F ..fI....0f..I..W.*I......c..f1J....'0F...F........ht....h4.V..a.1.-&.Q...W....../=...6..a.....y....j..~....../0.E.3....c....hN.e.+....{.s.v....5.&...p).r8..M...k.0.....Yb..Z...V.M.U.eY.Za..j>.o.=U..If_.>.C..8...v..!|..8ta...-.q..... ...:.v.[..=.......e.h.........a...Va...;..=...8..........3.d.P.|;........"..E...T@... ../?..........D..T........,.........[.z.4}..@A.CA@...4.g@.@..9(P..eY6...-..8..........PPST.@..t... E..=.....e.......i..i:.HX..J...)RX...o..}...@...P...}....\......)R...........4...{..." $E.ji....Zk...)P.H.^A?..*$$DRj.h....HH...)D.j.7.Y.HHH.@..i.^.a.IH.\k..&BJ..!...$"!b...<.. .B.i.r.k.."D..|....p+..f.r..i..A..o.|+...g.<....).R$$,....H.(..~....~.O.Q".R..P...Z.....}OJ....).$QJ)q.M.(%J....c..r.....v.k..#M..^..q.1.7.M...M.q.~D....Q.s...].7...X....Y<...2K.u.k..g.x..q?.....4...i._6.|.3.I.r.'.'.y....N{........G..c...X~..o....~.6...Q>....IEND.B`

[Phil Harvey]

Did you try running exiftool -v3 on the file?  What does it show?

- Phil

[king javo]

Both the entire file and just pulling out that snippet ends up with a "File format error" when I try to open it in ExifTool.

[Phil Harvey]

OK.  So the file isn't a known format.

The ICC profile is just color management information.  The images will be somewhere else in the file.  Look for the byte sequence ff d8 ff to find the start of a JPEG image, and ff d9 for the end.

I don't think I can help much more than that.

Good luck.

- Phil

[king javo]

Thanks for your help!  I've been stuck on this for YEARS and really would love to get help from someone.  I know this might not mean much and not to offend, but I would pay dearly for help on this if you know someone or you can help yourself. 

Ok, so I checked for those HEX values in the save file and none were found.  Now I'm checking the actual game ISO files I've extracted, but I've finding MANY probably because the files are large, but I need to investigate further.

A few questions... do you know of any other image type values I can search for... (bitmap, png, etc)?  And if I happen to run across one, what would suggest I do to extract it?

Man, I REALLY appreciate the help on this... I know I sound desparate and I probably am, but this is something I've been looking at for over a decade!

[king javo]

I'm going to dig again online... just found what you said here... http://www.file-recovery.com/jpg-signature-format.htm

[StarGeek]

If you look two lines above the mark you'll see PNG followed by IHDR.  This appears to be the start of a PNG image, which has a header of "89 50 4E 47 0D 0A 1A 0A".  You might want to look into the PNG specs to see how to figure out the length of the image from that point.

That said, changing and re-embedding it might be more complicated.  I would think there might be a checksum someplace in the save file to check for corruption/tampering.

[king javo]

Unfortunately, no PNG headers were found in the ISO file.   Only 2 in this save file, but that's probably not what I'm searching for because the image count is more like a few 100 total.

Any other suggestions?  I'm wondering if the ISO file is encrypted as well??

[king javo]

Does the below mean anything to you all?

Code Select Expand

D.R.A.M...V.R.A.M...V.R.A.M

[Phil Harvey]

ExifTool should read basic metadata from the ISO format, so your save file doesn't look like this format.

I don't know why DRAM/VRAM should appear in the file.

- Phil