Screenshots edited in Pixel Markup Tool might not be edited with aCropalypse exploit

Pixel owners have suffered from editing their screenshots using the default markup tool. The paint inputs aren’t great for drafting anything, even if you rub a spot really hard, and the crop tool hilariously lacks preset aspect ratios. But there’s another reason why you shouldn’t use markup, and that’s why you might want to take a look at where and who you sent your images to.


Researchers Simon Aarons and David Buchanan have released an exploit they dub “aCropalypse” which, in essence, allows anyone to take a cropped PNG screenshot in Android’s default markup tool and undo at least some of the edits to produce parts of the image that were not meant to be viewed. Although the exploit was reported to Google and patched in the March security update for Pixels (see CVE-2023-21036), redacted images sent to some platforms – including, but not limit, Discord before mid-January – over the past few years are likely to be exposed.

You can see the exploit in action with your own images using this demo tool provided by the researchers at aCropalypse. We also received further information about the discovery and patching of this exploit by researchers prior to its publication on this webpage.

What’s wrong, the human version

The technical aspects of the exploit appear to stem from an API change in Android 10 (see this IssueTracker thread from 2021 and a general explanation from Redditor OatmealDome). Before the change, an application responsible for writing new data to an existing file would truncate said file by default if the amount of this new data was less than that contained in the original file. With the change, this truncation behavior was no longer the default.

Thus, if the amount of new data was less than that contained in the existing file, since the writing of data occurs sequentially, the background of the existing file would remain intact, as part of the new file. This change had negative results: if the old data was not needed for the new file, it would at least take up valuable storage space; if the data was sensitive in nature, those with the right tools could read and extract it on their own for malicious purposes.

Although the issue was eventually deemed “resolved” – as far as we know the guidance changed on which write mode applications should use – the markup tool still used this non-truncated write mode.

Courtesy: aCropalypse

Aarons consulted Buchanan about this vulnerability regarding PNG (not JPEG) screenshots on January 2 and Buchanan was able to quickly develop a proof of concept for the current exploit. The two notified Google of the bug on the same day. The company acknowledged the bug on January 3. A patch was finalized internally on January 24, but it only started rolling out to Pixel devices on March 13 with the month’s security patch.

The engineer posted on his personal blog about the actual events, but from a general point of view, here’s what’s going on: PNG as a file format compresses data through certain processes on a series of blocks. Any given block of compressed data can contain references to the previous data block, theoretically opening the way to decompressing previous data blocks one by one. Thus, Buchanan was able to develop a decompression method that combines this retrospective aspect with cryptographic detective work focused on intact and carried forward file data to gain context about what should be revealed.


As you now know, the result is that an image edited in the markup tool can have parts of the original image unmodified after the fact with some skill. In addition to Pixels, some non-Pixel Android devices and custom ROMs also use markup.

While most online platforms will perform their own processing (such as additional compression or removal of metadata) on images uploaded by users, Discord had not adequately handled image uploads to prevent this. feat to operate. aCropalypse researchers say the instant chat app began deleting file tracking data on January 17. But that means markup-altered footage from as far back as late 2019 could be unzipped to reveal information not intended for the public.

Although Discord has rich search tools to help users find image files they may have shared, you may have a lot of non-screenshot content to sift through and all the screenshots you have submitted are not actionable – we tested a screenshot on a Pixel 6a against the demo tool and were unable to get a result, but noted other users who reported actionable results online .

Buchanan said in his blog post that he wrote a script to scrape his Discord uploads for any vulnerable images and found “many”. While most were generally harmless, he had a screenshot of an eBay order and was able to extract his full mailing address from it.

Leave a Reply

Your email address will not be published. Required fields are marked *