Potential jpg exploit in chinese gopro knock-off

Question

Does this look like potential jpg exploit attemp to you?

I picked up one of these GoPro knock-off action cameras. I tried recording some videos which seemed to work fine. I later went out with a buddy to shoot some pool and thought I wanted a cool timelapse of it.

Coming home I had hundreds of pictures, all of which seemed corrupt and couldn't be opened. I tried to peek with a hex editor why it might be and stumbled upon this stuff at the top of the file.

Does my camera try to hack me?

Sample File

(mandatory warning, open at own risk of course)

Answer 1

That file doesn't contain the correct codes to make it recognizable as a JPEG image. It does contain all the correct information, but there are two bytes which are incorrect at the beginning. The file should start with "FF D8 FF E1...". If you edit those two first bytes (they're 00 00 in your example), the resulting image is:

(I had to scale the image to get it to upload - it's 4 times larger on each side. The quality is quite nice)

Why this happens is a mystery to me, but very probably there's a bug in the recording software. It shouldn't be difficult to make a small program which reinstates the first two bytes. I suspect that the supplied software would concatenate the separate jpegs into a movie.

So no, your jpegs are not invading your computer.

This is Friistyler's script to correct the files (from the comment below):

for file in os.listdir("<dir>"):
    if os.path.isfile("<dir>%s" % file):
        with open("<dir>%s" % file, 'r+b') as f:
            f.seek(0)
            f.write('\xff\xd8')