Manipulations of JPEG Quantization Tables (1)
Blog reader Mark Cox pointed out that it is easy to forge a quantization table. That's true! In this article I provide a first example on how the tables can be manipulated in order to conceal the origin of an image.
The following shot shows the famous Semper Opera House in Dresden, Germany, in a warm sunlight. Please examine the picture carefully. Does it look credible to you? Do you spot any signs of a forgery?
dqtmd5: 4132a12d02f6931e6969691c238b7b5b
Sure the image has been tampered with! At the border between pediment and the sky there are some large rectangular discolorations. When compared with the original photo the increased color saturations is clearly visible:
dqtmd5: 71377799fea3469984b1a3fb2f0943c6
In an attempt to change the hash value of the quantization tables I had edited byte 0 of the chroma table. Of course a manipulation of byte 63 also results in a different hash value; but now it's bit more difficult to spot any difference.
dqtmd5: c283e3bf30ed02482715289bdf71cf29
The exact comparision of quantization tables is of a limited use when the origin of an image has to be certified. A fault-tolerant method would be better suited. As shown by the example the visible effect of the manipulation depends on the position in the quantization table. This should be taken into account by introducing a positional factor when calculating the difference between the photo's table and reference data.
