this post was submitted on 16 Jun 2024
26 points (93.3% liked)

Ask Lemmy

27036 readers
1048 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about US Politics. If you need to do this, try [email protected]

Rules: (interactive)

1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either [email protected] or [email protected]. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email [email protected]. For other questions check our partnered communities list, or use the search function.

Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija

Logo design credit goes to: tubbadu

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
26
Solved: View images with JPEG extensions which are not JPEG files from DCIM folder of phone (self.asklemmy)
submitted 5 months ago* (last edited 5 months ago) by wolf to c/[email protected]
8 comments fedilink hide all child comments
 

Solution: Indeed it was EncFs file level encryption.

Thanks a lot for everyone helping!

Original post below:

Hope it is ok to ask technical questions in this channel!

I found a folder of files on one of my back drives which was copied from a very old cell phone or a SAMSUNG Galaxy S2.

The folder is called DCIM and in a sub folder called Camera there are files with a .jpg extension.

This files are not standard JPG files. They start with the following header:

0000000 0000 0000 3900 c0d8 ac5f d196 2d63 2421
0000010 0003 0200 0000 0010 0200 2d8c 0904 0103
0000020 0000 0000 0000 0000 e960 2861 7025 ba0e
0000030 2424 dcfa 3e3b ee64 0800 c87b a43a a90d
0000040 7287 b815 7ca4 9680 ed65 6216 5f08 4f43
0000050 534e 4c4f 0045 0000 9000 b3e9 1333 92b9
0000060 0002 0000 0000 0000 0000 0000 0000 0000
0000070 0000 0000 0000 0000 0000 0000 0000 0000

(obtained via hexdump -n 1024 filename.jpg).

The file command just returns 'data'. The jpgrecovery command simply does not process this files. If I open the file in a file viewer (shotwell), I get the error that the file starts with 0 0, which is correct, as seen in the above hexdump.

All this commands were executed on Debian 12.

I have hundreds of files with this JPG extension and for each file the header isstarting with 0 0 in this folder, so I assume the problem is not corruption of one file.

My questions:

  1. What kind of file format is this?
  2. How can I convert the files to JPGs?
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 5 months ago* (last edited 5 months ago) (1 children)

So the header for a JPEG should start with FF D8 and end in FF D9

So maybe check if the files at least end correctly, if they do you could try adding the magic bytes back.

I'd secondly try opening the file in as many applications as possible, one might be a bit more lenient/smarter in pulling the image out of a not-quite-right file.

Finally you suggest they're all the same header, is everything else on the drive fine? Is there a chance some cryptolocker malware has had a chance to run over the drive? I'm suggesting as the files could have been encrypted in some way and this is what's preventing you from reading them

Edit: worth noting I used an S2 years ago and had no problems getting the images off back then

[–] wolf 1 points 5 months ago (1 children)

Thanks for your suggestions: Can confirm start/end bytes are wrong. Tried to open in Shotwell, GIMP, Firefox, Google Chrome w/o results.

I assume the hard drive is ok: I also have some git repositories on the drive and the checksums for git are correct. Every other file on the drive is ok, so cryptolocker malware could have only been on my phone at that time.

[–] [email protected] 2 points 5 months ago (1 children)

That's unfortunate to hear, I'm afraid that's me out of ideas then really. Very strange that they're all corrupted in the same way, I'll let you know if any other ideas pop into my head as to how this could have happened.

[–] wolf 1 points 5 months ago

No worries and thanks a lot for your suggestions/answers!