Heloooo everyone! today I got some new looks hehe!
With the the new update new of ChatGPT-4o image generator, everyone out there is ghiblizing everything. Memes, old images, Sam Altman himself, ghiblizing ghibli movies, it’s like a party out there.
However, Omnia read that while ago, Ghibli co-founder, Hayao Miyazaki, wasn’t happy with the AI gen technology, and that it is an insult to life itself!
“I am utterly disgusted. I would never wish to incorporate this technology into my work at all. I strongly feel this is an insult to life itself.”
So clearly he isn’t happy with the current party.
Omnia isn’t really into politics and copyright laws and she doesn’t understand if there will be a public hunt for everyone who used this (I hope not I liked my new style:), but she questioned whether images can be tracked and if someone can tell if an image is AI generated and which AI generation tool is used.
Searching around, she found that there is a standard already in use a while ago, which is The Coalition for Content Provenance and Authenticity (C2PA).
But What is it?
The C2PA standard isn’t explicitly designed for AI, it is designed so that any image generation tool (even if you made a website that crops images or something) or C2PA-enabled cameras can track the origin of the images created by them.
The way this works is that a manifest containing some assertions including information about the AI tool/camera itself, a thumbnail of the image and some cryptographic hashes that bind the photograph to the manifest. These assertions would then be listed in the Claim, which would be digitally signed and then the entire C2PA Manifest would be embedded into the output JPEG.
Then, a C2PA Validator, could help users to establish the trustworthiness of the image by first validating the digital signature and its associated credential. It can also check each of the assertions for validity and present the information contained in them, and the signature, to the user in a way that they can then make an informed decision about the trustworthiness of the digital content. It also tracks changes in the images and previous iterations it has gone through
tl;dr: An image generator uses a signature schemes like ECDSA and RSA with SHA-256/512 to sign an asset with their private keys and proof that this
The playground! Let’s break C2PA!
The way they embed these signatures is just merely attaching it to the metadata of the file, for example, here is the metadata for the image above
$ exiftool Omnia_ghibli.png
ExifTool Version Number : 13.00
File Name : Omnia ghibli.png
Directory : /tmp
File Size : 1802 kB
File Modification Date/Time : 2025:03:28 19:14:30-04:00
File Access Date/Time : 2025:03:28 19:15:43-04:00
File Inode Change Date/Time : 2025:03:28 19:14:30-04:00
File Permissions : -rwxrwxrwx
File Type : PNG
File Type Extension : png
MIME Type : image/png
Image Width : 1024
Image Height : 1024
Bit Depth : 8
Color Type : RGB
Compression : Deflate/Inflate
Filter : Adaptive
Interlace : Noninterlaced
JUMD Type : (c2pa)-0011-0010-800000aa00389b71
JUMD Label : c2pa
Actions Action : c2pa.created, c2pa.converted
Actions Software Agent Name : GPT-4o, OpenAI API
Actions Digital Source Type : http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia
Exclusions Start : 33
Exclusions Length : 14151
Name : jumbf manifest
Alg : sha256
Hash : (Binary data 32 bytes, use -b option to extract)
Pad : (Binary data 8 bytes, use -b option to extract)
Instance ID : xmp:iid:8316b03c-8344-4cef-8de5-733616fcf4e3
Claim Generator Info Name : ChatGPT
Claim Generator Info Org Cai C2 Pa Rs: 0.48.1
Signature : self#jumbf=/c2pa/urn:c2pa::c04ba21a-f2d1-496f-aec6-ae969b277bb5/c2pa.signature
Created Assertions Url : self#jumbf=c2pa.assertions/c2pa.actions.v2, self#jumbf=c2pa.assertions/c2pa.hash.data
Created Assertions Hash : (Binary data 32 bytes, use -b option to extract), (Binary data 32 bytes, use -b option to extract)
Title : Omnia_ghibli.png
Item 0 : (Binary data 1985 bytes, use -b option to extract)
Item 1 Pad : (Binary data 10932 bytes, use -b option to extract)
Item 2 : null
Item 3 : (Binary data 64 bytes, use -b option to extract)
C2PA Thumbnail Ingredient Jpeg Type: image/jpeg
C2PA Thumbnail Ingredient Jpeg Data: (Binary data 52709 bytes, use -b option to extract)
Relationship : componentOf
Format : png
Validation Results Active Manifest Success Code: claimSignature.insideValidity, claimSignature.validated, assertion.hashedURI.match, assertion.hashedURI.match, assertion.dataHash.match
Validation Results Active Manifest Success Url: self#jumbf=/c2pa/urn:c2pa::c04ba21a-f2d1-496f-aec6-ae969b277bb5/c2pa.signature, self#jumbf=/c2pa/urn:c2pa::c04ba21a-f2d1-496f-aec6-ae969b277bb5/c2pa.signature, self#jumbf=/c2pa/urn:c2pa::c04ba21a-f2d1-496f-aec6-ae969b277bb5/c2pa.assertions/c2pa.actions.v2, self#jumbf=/c2pa/urn:c2pa::c04ba21a-f2d1-496f-aec6-ae969b277bb5/c2pa.assertions/c2pa.hash.data, self#jumbf=/c2pa/urn:c2pa::c04ba21a-f2d1-496f-aec6-ae969b277bb5/c2pa.assertions/c2pa.hash.data
Validation Results Active Manifest Success Explanation: claim signature valid, claim signature valid, hashed uri matched: self#jumbf=c2pa.assertions/c2pa.actions.v2, hashed uri matched: self#jumbf=c2pa.assertions/c2pa.hash.data, data hash valid
Active Manifest Url : self#jumbf=/c2pa/urn:c2pa::c04ba21a-f2d1-496f-aec6-ae969b277bb5
Active Manifest Alg : sha256
Active Manifest Hash : (Binary data 32 bytes, use -b option to extract)
Thumbnail URL : self#jumbf=c2pa.assertions/c2pa.thumbnail.ingredient.jpeg
Thumbnail Hash : (Binary data 32 bytes, use -b option to extract)
Image Size : 1024x1024
Megapixels : 1.0as you can see, this image was generated by openAI GPT-4o
There is also this website , which acts as a C2PA Validator to validate the authenticity of the signature
It time to play !
Let’s remove it all together!
We can remove this metadata all together with a simple command (I will restore coloration and orientation so that it works on media players)
$ exiftool -All= -tagsfromfile @ -colorspacetags -orientation Omnia_removed.png
$ exiftool Omnia_removed.png
ExifTool Version Number : 13.00
File Name : Omnia_removed.png
Directory : .
File Size : 1720 kB
File Modification Date/Time : 2025:03:28 20:53:50-04:00
File Access Date/Time : 2025:03:28 20:53:50-04:00
File Inode Change Date/Time : 2025:03:28 20:53:50-04:00
File Permissions : -rwxrwxr-x
File Type : PNG
File Type Extension : png
MIME Type : image/png
Image Width : 1024
Image Height : 1024
Bit Depth : 8
Color Type : RGB
Compression : Deflate/Inflate
Filter : Adaptive
Interlace : Noninterlaced
Image Size : 1024x1024
Megapixels : 1.0if we gave it to the C2PA validator, it just says:
As you can see, it won’t show all that traces to open AI
Let’s tamper it!
We can tamper with the metadata, we can edit any image related content (like its title in exiftool). that will cause the hash to be recalculated
With another copy of the original image, I will show you how to change it
$ exiftool Omnia_tampermetadata.png | grep -i title
Title : image.png
$ exiftool Omnia_tampermetadata.png -Title=OmniaGPT.png
1 image files updated
and it is no good!
Let’s fake it!
Using the official c2patool, we can also change C2PA specific attributes, however, we will also get the same invalidation
One interesting thing we can do is to remove metadata, and MAKE our own signature!! (plz don’t spread misinformation, this is for educational purposes only)
Download the tool, and let’s make some content!
First let’s this sample manifest.json file
{
"ta_url": "http://timestamp.digicert.com",
"claim_generator": "awkwardhacker.com",
"assertions": [
{
"label": "stds.schema-org.CreativeWork",
"data": {
"@context": "https://schema.org",
"@type": "CreativeWork",
"author": [
{
"@type": "Person",
"name": "Omnia"
}
]
}
}
]
}This file defines our authority details, now it is using the default test certificate from C2PA
Now, let’s sign a copy with stripped metadata!
./c2patool ../Omnia_stripped.png -o signed_by_Omnia.png -m manifest.jsonand if we checked it out
yaay, we made our image signed by us!
We can also give our own certificate to c2patool so that we can control everything in signature!
All in all I think it is nice technology, the only thing Omnia is afraid of is if they started linking AI generated thingys back to the user id, then many people who don’t know this trick would have lost their privacy!
Omnia out!
