corrupt jpg headers

Discussion in 'Software' started by dlb, Sep 19, 2008.

  dlb

    dlb MajorGeek

    Long story, so bear with me....
    WinXP Home SP2. I guy brought me his PC because it was running slow. I scanned for and removed some minor adware (MyWeb/MySmilies and the like, nothing major). Performed general maintenance including CCleaner (HD & reg) and IObit defrag. He had some corrupt drivers (or they weren't installed correctly in the first place) so I fixed those, mainly the wifi driver and how it was configured. The PC now runs really fast. BUT- he claims that something I did somehow "broke some of his pictures". He has a BUNCH of photos on his PC. Wouldn't you know it: the most important pictures - wedding pics - have corrupt headers. There's maybe 15 different picture folders in My Pictures, and 4 or 5 of these folders have corrupt JPG headers, the other folders are fine. He's a bit PO'd at me, but I don't see how I could have possibly corrupted the headers by doing stuff I've done to hundreds of other PCs without any problems, ever. This is a first for me. I've had corrupt headers before on one PC, once, and that PC had all sorts of other problems and other corrupt files. The current PC is running perfectly except for the 4 or 5 folders where the pictures don't open. I've tried IrfanView and XnView with no luck; they both say something about the file type could not be determined or the JPG header is corrupt. I read that someone used XnView to repair the header. How? Is there any other tool out there that will repair the header? I'm at a loss with this. If I don't find a fix here at MG, I'm not sure how to proceed. I'm going to continue searching the web, but hopefully one of you fine MG members will help me out! ;)
  DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi dlb

    To be honest the JPEGs could have been corrupted by the malware.

    Not got a MAC handy have you as this may help http://www.tow.com/software/jpeg-jfif_repair/

    Not found any free apps to do this and some methods to repair corrupted headers end up with you having to use a Hex editor and edit the corrupted header with a legit jpeg header, but this is not easy to get the correct header data as the header data would need to be from same camera that took these pictures.

    I know that most start with the hex code of FF D8 FF but after that it depends on the method used to take the image.

    At times Photoshop is able to open and allow you to save the file which fixes it, if you dont have PS then drop me a PM and I will give you my email address to send a sample to and I will give it a go.
  plodr

    plodr Major Geek Super Extraordinaire

    Also remind him that he should be burning his pictures (if they are that important) to a CD because if his hd died, he wouldn't be able to recover any of his snapshots, in all probability! I always copy from my camera cards to my computer, burn to a CD then I start to edit them after I'm sure I have a hard copy archived.
  dlb

    dlb MajorGeek

    That was the first thing that I told him! ;) Now that I've had some time to think about it and remember (I first worked on the PC about 10 days ago) he brought in two PCs. The first one had the minor malware issues. The 2nd one, this one with the messed up JPG headers, had a worse malware issue. It wasn't crazy-bad, but it was more than just some MyWeb type of stuff.
    Yup. I have opened some of the working pics in a hex viewer, and compared the opening bytes to one of the messed up pics. The difference is obvious. What I'm trying to figure out is where the header stops, and the picture begins. If I can copy the opening string of bytes from the healthy pics and stick into the opening of the corrupt pics, therefore overwriting the corruption with a valid header, it should work, right? All the working pics I've opened in hex have the same info and were created by the same camera (a Sony; I don't have the exact model number handy).
    Just about every PC these days has at least a CD burner, if not a DVD burner. These PCs all have software for burning CDs and DVDs, and Windows XP and Vista have built-in burning capability. I would say 85% of the people that I do work for DO NOT back up their important data. Be it pictures, music, family movies, whatever. They NEVER back it up! :banghead :mad And they bring me these completely screwed up PCs and it's always "I can't lose any of the pictures!! :cry They're VERY important and I have to keep them!!! No, I didn't back them up. Burn a CD? How do you burn a CD? I have a CD burner?" or it's "... yeah, I should have backed it up, but it takes too long. I have like 150 full albums of music." They never think of backing it up as they go. It's amazing and it drives me :*** crazy!!!! :crybaby
    Enough of the rant! ;)
    So, I'm going to try to copy the valid header info from the healthy pics into the corrupt header on the corrupt pics. My question now is this:
    How can I tell where the header stops and the pictures begins?
  Cat_w_9_lives

    Cat_w_9_lives Major KittyCat

    This looks like it might help.


    Original post re above post:

    BTW, you're nice to take the time to do this. Your customer is an ingrate and most likely pics were corrupted long ago and he had not looked at them until now, or knew they were corrupt and getting you to fix for free.

    Other info if needed...


  dlb

    dlb MajorGeek

    I've thought about this, and I think they may have been corrupted before he brought me the PC. As I said earlier, there was 2 PCs; 2 brothers. One PC was a simple format/reload. The 2nd one (the PC with the JPG issue) "hadn't been used in a while 'cuz it was real slow". That's an exact quote from the brother with the first PC. So, I'm inclined to think the 2nd brother either has a bad memory, or is, indeed, not being totally truthful about the state of these pictures before the PC got to me. This is one of the pitfalls of PC repair: the lying customer. We always get these PCs that we de-virus, they get 'em home and everything is great for a month or two, they get it re-infected and then they call up and they say "it was like that the first time I turned it on and I was too busy to call you guys". So, they try to tell me that it was just as screwed up right when they got it home and they were too busy for 2 months to even pick up a phone and call us to tell us this. Yeah, right. But most customers don't realize that I can go in and retrieve a VERY detailed history of what's happened on the PC since it left the shop (I always clean all system histories before the customer picks it up. That way I know what's happened between it leaving the store, and it arrival back at the store, if it comes back). I have had to present the customer with this history on several occasions: I've seen faces go dead white and bright red. I've had people say "that's BS. You must have typed that up yourself. I never went on line at all. How do I know that's from my computer?". When that happens I usually (very nicely) ask the customer to take their business elsewhere as I don't particularly like being called a liar and a forger of PC histories. Like I don't have better things to do with my time than to sit down and type up fake very detailed history files that are 10+ pages in length and then print them out. (Yes- I have been accused of creating fake PC histories. I have been accused of sending viruses to people so I could "make money when I charge to clean the computer". Yup- it's true. People suck.)

    Anyway- the more I look at these pics, the more I realize that this header repair is going to be very time consuming, and at this point I'll have to talk to him and see if he want to pay for it. There's about 150 pictures with corrupt headers; and over 1000 pictures that are fine. Repairing headers manually on 150 pictures is going to take a LONG time.
    Last edited: Sep 21, 2008
  dlb

    dlb MajorGeek

    I found some very encouraging information at this link but the saving of the pictures relies upon the location of a header "divider" which is signified with the bytes FF DA. The corrupt pics are corrupt to the point where this divider byte is gone. Of the healthy pictures, most are Sony camera pictures, but some have been run through Adobe Photoshop so the header was changed. I'm just about ready to say "too bad... if these pics were that important they should have been backed up". We never guarantee data. EVER. We do our best to save all data, but s*** happens, especially when malware is involved. Unless someone comes along with a miracle fix, I think I'm going to call it a done deal.
  Cat_w_9_lives

    Cat_w_9_lives Major KittyCat

    Think fixable depending on the corruption but labor intensive. I'm sure the Photoshop is fixable too but 150 pics! Don't know how you would go about automating the fix or even if doable with free software. Most likely there is some photo repair software that can do this but would be expensive.

    Found this for Jpeg, see if you can find the start
    0xFFD8 means SOI(Start of image), 0xFFD9 means EOI(End of image).

    (I got to Quantization and my eyes glazed over and went to get a beer, sorry)

    My solution would be if doable repair one jpeg, figure out the time. If he wants more charge for them. Look at the bright side, if we ever corrupt one of our photos we're in good shape to go about fixing it *grins* interesting reading.

    Also TimW posted this long ago and has a trial http://www.hketech.com/JPEG-recovery/index.php might want to give it a shot and see if it works, watermark in trial but would give you an idea on how corrupt pics are?

