This is going to be a big shot in the dark.

A client has an application that is incredibly outdated. It’s running at one of their client’s offices. The app contains a lot (hundreds of thousands) of images viewable from a proprietary interface.

So, those images are in some odd “proprietary” format. The whole goal of this is to be able to pull and convert all of the images so the data stored within the app can be transferred to their updated system. Now, quotation marks were placed around proprietary because we know that it isn’t proprietary, rather, it’s in some other format that we can’t identify. The application does make use of an old version of ImageGear (GEAR32SD.DLL is bundled with the app).

This is a hex dump of an image file containing only one white pixel:

50 50 03 00 01 00 00 00 01 00 00 00 52 00 00 00 01 00 00 00 96 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 53 00 00 00 01 00 00 00 00 01 00 01 f0 00 00 00 e5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 35

This is a hex dump of an image file containing only one black pixel:

50 50 03 00 01 00 00 00 01 00 00 00 52 00 00 00 02 00 00 00 96 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 54 00 00 00 01 00 00 00 00 01 00 01 f0 00 00 00 e5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 35 40 35

The leading 50 50 03 is present in every file.

If this looks even remotely familiar, please pipe up. At this point we haven’t got a lot left to try. We just want our images.