Pierre BourdonMar 18, 2023

CVE-2023-21036 / acropalypse is absolutely bonkers.

Apparently for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating.

All screenshots shared for the past 5+ years might have data recoverable from them. Demo available at https://acropalypse.app/

Google still hasn't communicated anything on this.

(h/t ItsSimonTime on Musk's site)

acropalypse screenshot recovery utility

Show threadPierre BourdonMar 18, 2023

I tried it on a screenshot from just a week ago. This is absolutely scary.

First image is the screenshot I saved after cropping. Second is what the demo app managed to recover.

Show threadchrismckeeMar 18, 2023
@delroth doesn't seem to work on ones that have been shared online though. I assume because nearly every site / app will re-encode as jpeg to save space
Show threadchrismckee
@delroth struggled to find one in my vastly (Jesus I need to clean that folder) overfilled screenshot folder. It's just saved the dead space
Mar 18, 2023 at 11:29amWeb