Extracting binary data

Started by largowinch, July 10, 2020, 07:42:54 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

largowinch

July 10, 2020, 07:42:54 AM
Hi!

I have started a steganography challenge and I when I try to extract metadata, on the RedTRC, GreenTRC and BlueTRC tags i get this message:

Red Tone Reproduction Curve     : (Binary data 64 bytes, use -b option to extract)
Green Tone Reproduction Curve   : (Binary data 64 bytes, use -b option to extract)
Blue Tone Reproduction Curve    : (Binary data 64 bytes, use -b option to extract)

If I use the command  exiftool -b -RedTRC nameOfThePicture.jpeg , i get the following:

curv          ck ?Q!)2;FQw]kpz|i}0

I don't know which kind of file it is that and I don't know if that means something. How can I extract it to a file so I can see the info? Maybe am I missing something?

If you need more info please don't hesitate to ask.

Thank you

Phil Harvey

#1
July 10, 2020, 10:30:56 AM
To extract it to a file, do this:

exiftool -b -redtrc FILE > redtrc.dat

But this won't help you see the curve unless you have something that will read the binary file.  Currently ExifTool doesn't attempt to decode this binary data.

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

StarGeek

#2
July 10, 2020, 10:34:42 AM
Phil beat me to it, but here's what I found digging around.

Binary data isn't necessarily an embedded file and is quite often simply binary data.  I believe that is the case for all Tone Reproduction Curve (TRC) data.

This previous post indicates you would have to check the ICC specs.  I did some digging around Color.org (International Color Consortium a.k.a. ICC) and one of their PDFs (NPES-ICC_Indonesia_B02_EKhoury.pdf) indicate the possible ISO standards you would have to look up.
"It didn't work" isn't helpful. What was the exact command used and the output.
Read FAQ #3 and use that cmd
Please use the Code button for exiftool output

Please include your OS/Exiftool version/filetype

StarGeek

#3
July 10, 2020, 11:57:43 AM
Here's sample code to read/write the Blue TCR data.  I assume the others would be similar.  If you were looking at the curv string as an indicator of something to check on, then you can see a few pages later that it is simply an ID string (tagbase.sig = swap((long)0x63757276L); /*'curv'*/) as 63757276 is hex value of curv.
"It didn't work" isn't helpful. What was the exact command used and the output.
Read FAQ #3 and use that cmd
Please use the Code button for exiftool output

Please include your OS/Exiftool version/filetype

largowinch

#4
July 11, 2020, 07:17:46 AM
Thank you for the help. So, I think i will have to keep discovering the flag.

-Largo

blue-j

#5
December 03, 2020, 05:08:06 PM
I also want to render this data visually.  I thought I would offer the attachment from ColorSync Utility to show what is desired output.  TRCs apparently have 1024 points.  I'm going to keep trying to find some open source means of rendering the data, and will share it here if I find it.  - J

JimM

#6
December 04, 2020, 01:58:13 AM
The TRC's aren't always of type 'curv' with 1024 points, they can also be represented in the form of a parametric equation, type 'para'. In this case, the whole tag will only be something like 32-bytes or even shorter depending on how many parameters there are. See the ICC spec section 10.16 (attached).

blue-j

#7
December 05, 2020, 02:31:56 PM
Thanks, Jim!  Yes, it didn't take me long to find counterexamples.  I'll keep seeking ways to render it visually - maybe Argyll or Little CMS can do it?  - J
Print
Go Up Pages1
User actions