I've come across some files which are used in a car's satellite navigation system. Looking at the files in a hex editor shows the ‰PNG signature, but the chunks do not follow the format spec - for example:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000000 05 00 10 00 43 50 52 4E 41 56 5F 32 36 02 00 00 ....CPRNAV_26... 00000010 03 00 01 00 1C 00 00 00 08 01 00 00 4B 00 CA 3D ............K.Ê= 00000020 FC 06 35 54 38 25 56 C8 1F 50 E9 06 04 58 85 5E ü.5T8%VÈ.Pé..X…^ 00000030 8C 91 E1 AD 84 DF 60 49 FC 01 61 FF 47 A9 D5 6A Œ‘á.„ß`Iü.aÿG©Õj 00000040 B5 B2 06 48 65 0D D0 FA BE C3 D3 0E A1 EF 3B BC µ².He.Ðú¾ÃÓ.¡ï;¼ 00000050 EF F0 BE C3 73 0E A1 EF 3B BC EF F0 BE C3 73 0E ïð¾Ãs.¡ï;¼ïð¾Ãs. 00000060 A1 DB E1 0F 58 E4 3E 89 50 4E 47 0D 0A 1A 0A 00 ¡Ûá.Xä>‰PNG..... // PNG begins here 00000070 00 00 0D 49 48 44 52 F0 E0 08 02 B2 E1 7C 5E 00 ...IHDRðà..²á|^. // IHDR chunk indicated as 13 (0x0D) bytes, yet this is clearly not the case 00000080 01 73 52 47 42 00 AE CE 1C E9 06 62 4B 47 44 00 .sRGB.®Î.é.bKGD. 00000090 FF A0 BD A7 93 09 70 48 59 73 0B 11 01 7F 64 5F ÿ ½§“.pHYs....d_ 000000A0 91 07 74 49 4D 45 07 E0 02 18 07 12 13 CC F8 BA ‘.tIME.à.....Ìøº 000000B0 BA B6 49 44 41 54 78 DA ED D2 C1 0D 04 00 31 C4 º¶IDATxÚíÒÁ...1Ä 000000C0 FE 2B 33 83 AF B4 23 5C 2E A7 27 E0 8B 92 00 43 þ+3ƒ¯´#\.§'à‹’.C 000000D0 83 A1 C1 D0 60 68 0C 0D 86 06 43 83 A1 C1 D0 18 ƒ¡ÁÐ`h..†.Cƒ¡ÁÐ. 000000E0 1A 0C 0D 86 06 31 34 18 1A 63 68 30 34 C6 30 8D ...†.14..ch04Æ0. 000000F0 60 86 AB 05 8F 4F 03 C2 58 19 85 B6 00 49 45 4E `†«..O.ÂX.…¶.IEN 00000100 44 AE 42 60 82 00 00 00 D®B`‚...
As you can see, several standard PNG chunk names are present (sRGB, bKGD, IDAT, etc.) however the data between them appears to be scrambled.
Some other observations:
- bytes
0x14-17seem to be a DWORD indicating the custom header size (0x1Cor 28 bytes) - bytes
0x1C-1Dseem to be a WORD indicating the size of the data between themselves and where the actual PNG header begins (0x4B00or 75 bytes, including the 2 size bytes) - this unknown data could well be the chunk data in some scrambled form
Has anyone encountered this kind of PNG before?