ebemunk / phoenix Goto Github PK

phoenix is a small command line image forensics tool

C++ 87.68% Shell 8.05% Makefile 4.26%

image-forensics image-analysis image-processing

phoenix's Introduction

phoenix - Image Forensics

phoenix is a small image forensics tool that can run some common analyses on images. It was inspired by the image analyses at the Hackerfactor Blog, and implements some of the algorithms used there. It is named phoenix because it has resurrected many times before taking its current form in C++.

Features:

Error Level Analysis
Luminance Gradient
Average Distance
HSV and Lab colorspace histograms
JPEG resave quality estimate (ImageMagick-style and Hackerfactor jpegquality estimates)
Extract JPEG Quantization Tables
Copy-Move (Clone Stamp) Detection

Usage

-h | -help display help text.
-f | -file <path> Required, the path to the source image.
-o | -output [path=./] Save results in files (as PNG)
-d | -display Display results
-ela [quality=70] Error Level Analysis
-lg Luminance Gradient
-avgdist Average Distance
-hsv [whitebg=0] HSV Colorspace Histogram
-lab [whitebg=0] Lab Colorspace Histogram
-labfast [whitebg=0] Lab Colorspace Histogram, faster but less accurate version (256x256 instead of 1024x1024 output)
-copymove [retain=4] [qcoeff=1.0] Copy-Move Detection
-a | -autolevels Flag to enable histogram equalization (auto-levels) on output images

Compiling

phoenix depends on OpenCV (2.4.9) and Boost (1.55.0) Libraries. Exact versions are probably not required. Try make to compile. The defaults should work if you didn't do anything fancy while compiling OpenCV or Boost, i.e. change default install path. You can use the shell scripts in install_scripts to compile Boost, OpenCV and then phoenix. The scripts are intended for provisioning Vagrant machines, but you can also use it to automatically compile phoenix. Don't clone the repository if you will use the scripts, it will do it for you.

Outputs

Here are some examples of phoenix output with the image used in the legendary Body By Victoria analysis by Neal Krawetz.

ELA (Error Level Analysis)

./phoenix -f bbv.jpg -o -d -ela

LG (Luminance Gradient)

./phoenix -f bbv.jpg -o -d -lg

AVGDIST (Average-Distance of Neighbor Pixels)

./phoenix -f bbv.jpg -o -d -avgdist

Copy-Move Detection

./phoenix -f bbv.jpg -o -d -copymove 4 5

HSV Colorspace Histogram

./phoenix -f bbv.jpg -o -d -hsv

Lab Colorspace Histogram

./phoenix -f bbv.jpg -o -d -labfast

Resources

Some resources I used while developing many of the algorithms here.

phoenix's People

Contributors

Stargazers

Watchers

Forkers

vicgc queer1 victorious119 henke443 dfc peterzs hotelzululima miguelps msukuma sirrushoo theodory nsidere https-github-com-hijadelufo ohsevin jackzhousz tonuonu

phoenix's Issues

Installation on OSX with Ubuntu 19.10

Hi @ebemunk ,

I'm trying (for 3 days now) to install phoenix on OSX with VirtualBox and Ubuntu 19.10 but without any success 😞
I'm not a linux professional so I get quickly confused when errors arise. I can see it's been almost two years without any new commit so maybe the latest version of Ubuntu can't handle it ...

Below are the steps I have followed:

Modified the Makefile to comment out WIN=1
I have converted the script ubuntu.sh with dos2unix package to avoid errors with DOS line ending ^M
then when I did sudo bash ubuntu.sh I had issue with the command lines mkdir release cd release which was creating, for some reason, the release folder outside the opencv-2.4.9 folder.
so I manually created the release folder and ran the next cmake ... lines

Then errors arised. Saying that some files were missing like sys/videoio.h , linux/videodev.h , etc...
It looks like they are Ubuntu files but I'm not sure and I don't know how to fix that !

I found some forums talking about installing the last libjasper-dev build but I tried, and still no success.

Could you please give me a hand on this. Thanks in advance. Cheers
Cédric

Compilation error on OS X

Hello,
Compiling with make on OS X gives the following error:

$ make OCV_INC=/usr/local/Cellar/opencv/2.4.12/include BOOST_INC=/usr/local/Cellar/boost/1.59.0/include BIN_DIR=/usr/local/Cellar/phoenix/1.1/bin
g++ -g -std=c++0x -O3 -isystem/usr/local/Cellar/opencv/2.4.12/include -isystem/usr/local/Cellar/boost/1.59.0/include -c debugger.cpp -o build/obj/debugger.o
g++ -g -std=c++0x -O3 -isystem/usr/local/Cellar/opencv/2.4.12/include -isystem/usr/local/Cellar/boost/1.59.0/include -c functions.cpp -o build/obj/functions.o
g++ -g -std=c++0x -O3 -isystem/usr/local/Cellar/opencv/2.4.12/include -isystem/usr/local/Cellar/boost/1.59.0/include -c phoenix.cpp -o build/obj/phoenix.o
debugger.cpp:24:10: error: no viable overloaded '='
        t_start = chrono::high_resolution_clock::now();
        ~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../include/c++/v1/chrono:750:29: note: candidate function (the implicit copy assignment operator) not viable: no known conversion from 'time_point<std::__1::chrono::steady_clock, duration<[...], ratio<[...], 1000000000>>>' to 'const time_point<std::__1::chrono::system_clock, duration<[...], ratio<[...], 1000000>>>' for 1st argument
class _LIBCPP_TYPE_VIS_ONLY time_point
                            ^
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../include/c++/v1/chrono:750:29: note: candidate function (the implicit move assignment operator) not viable: no known conversion from 'time_point<std::__1::chrono::steady_clock, duration<[...], ratio<[...], 1000000000>>>' to 'time_point<std::__1::chrono::system_clock, duration<[...], ratio<[...], 1000000>>>' for 1st argument
class _LIBCPP_TYPE_VIS_ONLY time_point
                            ^
debugger.cpp:32:8: error: no viable overloaded '='
        t_end = chrono::high_resolution_clock::now();
        ~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../include/c++/v1/chrono:750:29: note: candidate function (the implicit copy assignment operator) not viable: no known conversion from 'time_point<std::__1::chrono::steady_clock, duration<[...], ratio<[...], 1000000000>>>' to 'const time_point<std::__1::chrono::system_clock, duration<[...], ratio<[...], 1000000>>>' for 1st argument
class _LIBCPP_TYPE_VIS_ONLY time_point
                            ^
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../include/c++/v1/chrono:750:29: note: candidate function (the implicit move assignment operator) not viable: no known conversion from 'time_point<std::__1::chrono::steady_clock, duration<[...], ratio<[...], 1000000000>>>' to 'time_point<std::__1::chrono::system_clock, duration<[...], ratio<[...], 1000000>>>' for 1st argument
class _LIBCPP_TYPE_VIS_ONLY time_point
                            ^
2 errors generated.
make: *** [build/obj/debugger.o] Error 1
make: *** Waiting for unfinished jobs....

The following patch fixes it but I’m not sure it doesn’t break any feature:

diff --git a/debugger.cpp b/debugger.cpp
index 13dd689..c504762 100644
--- a/debugger.cpp
+++ b/debugger.cpp
@@ -21,7 +21,7 @@ debugger& debugger::instance() {
 void debugger::start(string msg) {
    if(!active) return;

-   t_start = chrono::high_resolution_clock::now();
+   t_start = chrono::system_clock::now();
    print(msg + " starting");
 }

@@ -29,7 +29,7 @@ void debugger::start(string msg) {
 void debugger::end(string msg) {
    if(!active) return;

-   t_end = chrono::high_resolution_clock::now();
+   t_end = chrono::system_clock::now();

    int secs = chrono::duration_cast<chrono::seconds>(t_end - t_start).count();
    int millisecs = chrono::duration_cast<chrono::milliseconds>(t_end - t_start).count();
@@ -46,4 +46,4 @@ void debugger::print(string msg) {
    if(!active) return;

    cout << "DEBUG: " << msg << endl;
-}
\ No newline at end of file
+}

Config info:

$ gcc --version
Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/usr/include/c++/4.2.1
Apple LLVM version 7.0.0 (clang-700.1.76)
Target: x86_64-apple-darwin15.0.0
Thread model: posix
$ uname -a
Darwin mbf.local 15.0.0 Darwin Kernel Version 15.0.0: Sat Sep 19 15:53:46 PDT 2015; root:xnu-3247.10.11~1/RELEASE_X86_64 x86_64