[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[YouTube] Beyond official channel “Biyomaru Channel”

Playing with binary data using JPEG Exif information as a starting point

Hello.
I'm Mandai, in charge of Wild on the development team.

The other day, a strange phenomenon in which the images on my smartphone were facing in the direction of tomorrow , I did a lot of research on Exif information, and in the process I was able to read the binary Exif information, so I will explain the structure of Exif information. I would like to.

hope that

  through this process, people will learn that binary data is trivial

What to use for Exif analysis

The tools used for Exif analysis are available on the Internet.
If you have the following three things, it is possible to read Exif information.

First, information on the standards.
the materials provided by the Japan Electronics and Information Technology Industries Association , I would be fine, but since the book was rather difficult to understand, I used Excel to go over each one one by one.

I used a software called
Stirling to reference the binary data It seems that maintenance has already ended, but it is so well made that I have yet to see a better tool in this field.

In the Linux environment, there is a command called od to display binary data, so you can see something similar with od -x [path].
In this case, the dump list will flow slowly, so use the head command, tail command, and grep command as appropriate to display only the parts you want to see.

Image formats that use Exif are JPEG, TIFF, and JPEG XR.
These files often have Exif registered, so samples can be found everywhere.
Let's import a random photo taken with a smartphone.

 

Try to decipher binary information

Binary data is not text information, but a collection of data that conforms to the format indicated by the extension, so from the beginning, the data is arranged in accordance with the JPEG data format.

I tried extracting the beginning part of the JPEG file I had.

FF D8 FF E1 6C 0F 45 78 69 66 00 00 49 49


 JPEG files always start with the 2-byte data "FF D8".
In the JPEG industry, this is a special area called SOI, which will continue to be an area for storing image metadata for some time.

Metadata is data held in addition to image data, and includes Exif information.
This data is divided into required items and other data that can be added independently by the device that took the image or the application that edited it.

The following data is "FF E1", which represents the start of a segment of metadata called the APP1 application segment.
Since this is variable length data, the following 2 bytes contain the data length of the APP1 application segment.
Since the data length is "6C0F" bytes, the data of the APP1 application segment will be up to the 6C13 address.

The continuation data is "45 78 69 66 00 00", which indicates the presence or absence of Exif information.
It seems that this data exists.

The information up to this point is related to the entire APP1 segment.

The information from here on is optional and is not required.

Let's extract the following data.

49 49 2A 00 08 00 00 00


 It starts with the TIFF header, which contains the byte order, TIFF version, and offset to the start of the 0th IFD.
The byte order is "49 49" this time, indicating that the data is arranged in little endian.
In the case of big endian, it is "4D 4D".
From now on, the order of each information will be reversed due to the difference between little endian and big endian, so if you have a photo taken with an Apple product, please be careful because it is big endian.
I think
Wikipedia explanation of the word byte order becomes the reference position for the offset of the data address that will appear after this

Next is the TIFF version, which is "2A 00".

Next, something called 0th IFD comes out. IFD is an abbreviation for Image File Directory and represents a collection of attached information.
The image is that several tags are grouped together in one IFD.
IFD is divided according to the type of data.

The data in the IFD is divided into tags, and each tag is 12 bytes long.
The IFD data structure is as follows.

Structure of IFD
0th IFD Number of tags 2 bytes
tag 1 12 bytes
tag 2 12 bytes
tag 3 12 bytes
・・・
Tag N 12 bytes
Offset value to 1st IFD 4 bytes
0th Value in IFD variable
  • "Number of tags" represents how many tags are in the 0th IFD.
  • "Offset value to 1st IFD" is the offset value to the address where the following IFD (1st IFD in case of 0th IFD, 2nd IFD in case of 1st IFD) starts. (If this is 0, it means there is no next IFD)
  • "Value in 0th IFD" contains data that does not fit in the number of bytes allocated to each tag. (More on the structure later)

The structure of each tag is as follows.

Tag structure
0th IFD tag 1 tag number 2 bytes
type 2 bytes
count 4 bytes
offset value to value 4 bytes
tag 2 tag number 2 bytes
type 2 bytes
count 4 bytes
offset value to value 4 bytes
  • There are so many types of "tag numbers" that it is impossible to list them all. this part of the specifications , but I feel like it's not very easy to do, so I'll introduce things that are related to Exif acquisition each time.
  • "Type" is the data type. This is something that anyone who has experience programming in a typed language will understand. There are only 8 types, so I will introduce them later.
  • "Count" indicates how many pieces of data are contained within the tag.
  • "Offset value to value" does not fit in the case of data larger than 4 bytes, so a variable area is allocated separately and the value is stored, so the offset value to the location of the data is value. There is an exception, and data of less than 4 bytes will be stored in this offset value section.

I made a list of types.
The counting method differs depending on the type, so I have listed them together.

List of types
type value mold explanation How to count
1 BYTE 8-bit unsigned integer
2 ASCII string. The number of characters also includes the final NULL that marks the end of the string. For "BEYOND", "B", "E", "Y", "O", "N", "D", "\0" → 7 counts
3 SHORT 16-bit (2-byte) unsigned integer 1 count for 5
4 LONG 32-bit (4-byte) unsigned integer 1 count for 5
5 RATIONAL For 2 LONGs, the first LONG is the numerator and the second LONG is the denominator. 1 for 5/4
7 UNDEFINED 8-bit data that can take any value depending on the field definition 0xFF, 0x01, 0x45, 0x11, 0xDD, 5 counts (for 1 count in 8 bits)
9 SLONG 32-bit (4-byte) signed integer 1 count at 5
10 SRATIONAL SLONG2 In ancient Japanese, the first SLONG is the numerator and the second SLONG is the denominator. 1 count at 5/4

I don't think you can get a good idea just by looking at the table, so let's look at the data one by one.

 

Read the IFD

I extracted the 0th IFD part from the actual photo data.

0B 00 0F 01 02 00 05 00 00 00 92 00 00 00 10 01 02 00 07 00 00 00 98 00 00 00 12 01 03 00 01 00 00 00 01 00 00 00 1A 01 05 00 01 00 00 00 A0 00 00 00 1B 01 05 00 01 00 00 00 A8 00 00 00 28 01 03 00 01 00 00 00 02 00 00 00 31 01 02 00 14 00 00 00 B0 00 00 00 32 01 02 00 14 0 0 00 00 C4 00 00 00 13 02 03 00 01 00 00 00 01 00 00 00 69 87 04 00 01 00 00 00 D8 00 00 00 25 88 04 00 01 00 00 00 2C 52 32 52 00 00


 this table , first extract the first two bytes.
The "0B 00" part indicates how many tags are included in the 0th IFD.
The byte order of this data is little endian, so when read by a human it will be 0x000B.
In other words, it's 11.
Therefore, 0th IFD contains 11 tags.

One tag is a 12-byte block, so 12*11=132 bytes is tag data.

Let's extract the tags in chunks.

0F 01 02 00 05 00 00 00 92 00 00 00 10 01 02 00 07 00 00 00 98 00 00 00 12 01 03 00 01 00 00 00 01 00 00 00 1A 01 05 00 01 00 00 00 A0 00 00 00 1B 01 05 00 01 00 00 00 A8 00 00 00 28 01 03 00 01 00 00 00 02 00 00 00 31 01 02 00 14 00 00 00 B0 00 00 00 32 01 02 00 14 00 00 0 0 C4 00 00 00 13 02 03 00 01 00 00 00 01 00 00 00 69 87 04 00 01 00 00 00 D8 00 00 00 25 88 04 00 01 00 00 00 2C 52 00 00


 Let's cut out the tags into elements and create a table.
I also looked into the specifications to find out what the tag number represents and added it

Tag number/tag name type count offset value to value
0F
01Manufacturer
02 00
ASCII
05 00 00 00
count 5
92 00 00 00
10 01
model
02 00
ASCII
07 00 00 00
count 7
98 00 00 00
12 01
image direction
03 00
SHORT
01 00 00 00
count 1
01 00 00 00
1A 01
Image width resolution
05 00
RATIONAL
01 00 00 00
count 1
A0 00 00 00
1B 01
Image height resolution
05 00
RATIONAL
01 00 00 00
count 1
A8 00 00 00
28 01
Image width and height resolution units
03 00
SHORT
01 00 00 00
count 1
02 00 00 00
31 01
software
02 00
ASCII
14 00 00 00
count 20
B0 00 00 00
32 01
File modification date and time
02 00
ASCII
14 00 00 00
count 20
C4 00 00 00
13 02
YCC pixel configuration (Y and C positions)
03 00
SHORT
01 00 00 00
count 1
01 00 00 00
69 87
Pointer to Exif IFD
04 00
LONG
01 00 00 00
count 1
D8 00 00 00
25 88
Pointer to GPS IFD
04 00
LONG
01 00 00 00
count 1
2C 52 00 00

As for how to actually get the value, there is a pattern: if the type is BYTE, SHORT, LONG, or SLONG, and the count is 1, the value is stored in the offset part.
Even in the case of ASCII and UNDEFINED, if the count is 4 or less, the value is stored in the offset part.

Otherwise, this , calculate the data address and retrieve the data for the type and count.
The obtained result will be as shown below.

tag name value
Manufacturer 53 6F 6E 79 00
Sony
model 53 4F 2D 30 34 48 00
SO-04H
image direction 1
image width resolution 48 00 00 00 01 00 00 00
72/1
image height resolution 48 00 00 00 01 00 00 00
72/1
Image width and height resolution units 2
software 33 35 2E 30 2E 42 2E 32 2E 32 37 32 5F 30 5F 66 36 30 30 00
35.0.B.2.272_0_f600
File modification date and time 32 30 31 36 3A 31 30 3A 32 31 20 31 35 3A 32 30 3A 35 34 00
2016:10:21 15:20:54
YCC pixel configuration (Y and C positions) 1
Pointer to Exif IFD D8 00 00 00
Pointer to GPS IFD 2C 52 00 00
Offset value to 1st IFD 32 52 00 00

It becomes. The model of my cell phone was discovered, but even if it's just a jpeg image, this amount of information can be easily retrieved.

Now that we know where the Exif IFD is, let's take a look at the main topic, the Exif information.

 

Read the Exif information

The procedure is exactly the same as 0th IFD. Let's extract the binary of the Exif information part.

1C 00 9A 82 05 00 01 00 00 00 2E 02 00 00 9D 82 05 00 01 00 00 00 36 02 00 00 27 88 03 00 01 00 00 00 A0 00 00 00 00 90 07 00 04 00 00 00 30 32 32 30 03 90 02 00 14 00 00 00 3E 02 00 00 04 90 02 00 14 00 00 00 52 02 00 00 01 91 07 00 04 00 00 00 01 02 03 00 01 92 0A 00 01 00 00 00 66 02 00 00 04 92 0A 00 01 00 00 00 6E 02 00 00 07 92 03 00 01 00 00 00 05 00 00 00 08 92 03 00 01 00 00 00 00 00 00 00 09 92 03 00 01 00 00 00 10 00 00 00 0A 92 05 00 01 00 00 00 76 02 00 00 7C 92 07 00 70 4F 00 00 7E 02 00 00 90 92 02 00 07 00 00 00 EE 51 00 00 91 92 02 00 07 00 00 00 F6 5 1 00 00 92 92 02 00 07 00 00 00 FE 51 00 00 00 A0 07 00 04 00 00 00 30 31 30 30 01 A0 03 00 01 00 00 00 01 00 00 00 02 A0 04 00 01 00 00 00 60 17 00 00 03 A0 04 00 01 00 00 00 26 0D 00 00 05 A0 04 00 01 00 00 00 0E 52 00 00 01 A4 03 00 01 00 00 00 00 00 00 00 02 A4 03 00 01 00 00 00 00 00 00 00 03 A4 03 00 01 00 00 00 00 00 00 00 00 04 A4 05 00 00 00 00 00 00 006 52 00 006 A4 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

 

tag number type count Offset value to value/actual data
9A 82
exposure time
05 00
RATIONAL
01 00 00 00
count 1
2E 02 00 00
0A 00 00 00 40 01 00 00 (10/320)
9D 82
F number
05 00
RATIONAL
01 00 00 00
count 1
36 02 00 00
14 00 00 00 0A 00 00 00 (20/10)
27 88
Shooting sensitivity
03 00
SHORT
01 00 00 00
count 1
A0 00 00 00
10
00 90
Exif version
07 00
UNDEFINED
04 00 00 00
count 4
30 32 32 30
0220
03 90
Generation date and time of original image data
02 00
ASCII
14 00 00 00
count 20
3E 02 00 00
32 30 31 36 3A 31 30 3A 32 31 20 31 35 3A 32 30 3A 35 34 (2016:10:21 15:20:54)
04 90
Creation date and time of digital data
02 00
ASCII
14 00 00 00
count 20
52 02 00 00
32 30 31 36 3A 31 30 3A 32 31 20 31 35 3A 32 30 3A 35 34 (2016:10:21 15:20:54)
01 91
Meaning of each component
07 00
UNDEFINED
04 00 00 00
count 4
01 02 03 00
Others (Y, Cb, Cr)
01 92
shutter speed
0A 00
SRATIONAL
01 00 00 00
count 1
66 02 00 00
F4 01 00 00 64 00 00 00 (500/100)
04 92
Exposure correction value
0A 00
SRATIONAL
01 00 00 00
count 1
6E 02 00 00
00 00 00 00 03 00 00 00(0/3)
07 92
Photometry method
03 00
SHORT
01 00 00 00
count 1
05 00 00 00
5 (split metering)
08 92
light source
03 00
SHORT
01 00 00 00
count 1
00 00 00 00
0 (unknown)
09 92
flash
03 00
SHORT
01 00 00 00
count 1
10 00 00 00
strobe lighting
0A 92
lens focal length
05 00
RATIONAL
01 00 00 00
count 1
76 02 00 00
A7 01 00 00 64 00 00 00 (423/100)
7C 92
Manufacturer Notes
07 00
UNDEFINED
70 4F 00 00
count 20336
7E 02 00 00
Omitted due to large amount of data
90 92
DateTime subsec
02 00
ASCII
07 00 00 00
count 7
EE 51 00 00
36 38 34 37 37 32(684772)
91 92
Subsec of DateTimeOriginal
02 00
ASCII
07 00 00 00
count 7
F6 51 00 00
36 38 34 37 37 32(684772)
92 92
Subsec of DateTimeDegitized
02 00
ASCII
07 00 00 00
count 7
FE51 00 00
36 38 34 37 37 32(684772)
00 A0
compatible flash pix version
07 00
UNDEFINED
04 00 00 00
count 4
30 31 30 30
0100 (Flashpix Format Version 1.0)
01 A0
color space information
03 00
SHORT
01 00 00 00
count 1
01 00 00 00
sRGB
02 A0
effective image width
04 00
LONG
01 00 00 00
count 1
60 17 00 00
5984
03 A0
effective image height
04 00
LONG
01 00 00 00
count 1
26 0D 00 00
3366
05
Pointer to A0 compatible IFD
04 00
LONG
01 00 00 00
count 1
0E 52 00 00
0E 52 00 00
01 A4
individual image processing
03 00
SHORT
01 00 00 00
count 1
00 00 00 00
0
02 A4
exposure mode
03 00
SHORT
01 00 00 00
count 1
00 00 00 00
0 (auto exposure)
03 A4
white balance
03 00
SHORT
01 00 00 00
count 1
00 00 00 00
0 (white balance automatic)
04 A4
digital zoom magnification
05 00
RATIONAL
01 00 00 00
count 1
06 52 00 00
64 00 00 00 64 00 00 00(100/100)
06 A4
shooting scene type
03 00
SHORT
01 00 00 00
count 1
00 00 00 00
0 (standard)
0C A4
subject distance range
03 00
SHORT
01 00 00 00
count 1
00 00 00 00
0 (unknown)

This is followed by GPS information, which allows you to immediately know where the photo was taken.
It would be interesting to display photos taken on a map when taking photos from a travel destination, but it would be a problem if the photos were taken at home.

I am filled with a sense of accomplishment that I was able to successfully read the Exif information, but in PHP, the above data can be easily obtained using the read_exif_data function.
I hope this article will be helpful if you only have a binary editor and Exif materials at hand.

 
That's it.

If you found this article helpful , please give it a like!
13
Loading...
13 votes, average: 1.00 / 113
27,729
X facebook Hatena Bookmark pocket
[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

The person who wrote this article

About the author

Yoichi Bandai

My main job is developing web APIs for social games, but I'm also fortunate to be able to do a lot of other work, including marketing.
Furthermore, my portrait rights in Beyond are treated as CC0 by him.