Extracting scantables from binary video codecs
Whats a scantable? A thing that tells you where to put the coefficients which you got from vlc/rle decoding, so for example with the famous zigzag table
0, 1, 8, 16, 9, 2, 3, 10,
17, 24, 32, 25, 18, 11, 4, 5,
12, 19, 26, 33, 40, 48, 41, 34,
27, 20, 13, 6, 7, 14, 21, 28,
35, 42, 49, 56, 57, 50, 43, 36,
29, 22, 15, 23, 30, 37, 44, 51,
58, 59, 52, 45, 38, 31, 39, 46,
53, 60, 61, 54, 47, 55, 62, 63
the first Coefficient would be written at position 0, the second one at 1, third at 8 and so on. As the destination array is a 8×8 matrix here this produces a nice zigzag from the top left corner to the bottom right corner, ordering the dct coefficients approximately from low frequency to high, and as the high ones are almost always zero the vlc-rle coding before ends up being quite effective, but back to the topic, what if we for whatever odd reason want to know if a binary contains such a table?
its quite easy to find such tables by brute force, their size is something like 16 or 64 entries with no duplicates and the first entry most often being 0 and none of their entries should be larger then the number of entries in the table, heres some (old) code which i wrote quite some time ago to implement this and a few other things
And now the interresting part, what do we find with this?
0 1 4 8 5 2 3 6 9 12 13 10 7 11 14 15 o-->o o-->o / / / o o o o | / / / | o o o o / / / o-->o o-->o
and
0 1 2 6
10 3 7 11
4 8 5 9
12 13 14 15
o-->o-->o o
| /|
o o o / o
| / | |/ |
o o o o
/
o-->o-->o-->o
(dual scan table ascii art stolen from libavcodec/svq3.c)
in drv3.so.6.0
note these tables are the 4×4 zigzag and dualscan tables from an old H.264 draft, so RV30 seems to be a H.264 variant like SVQ3
Once I tried our h264 decoder on RV30 data, but it found no usable packet (the packet types were way too off), but had not investigated further :)
I hope you’ll get this working soon.
Comment by Alex — 2006-01-03 @ 19:53
well iam not working on it currently at all, i just wrote that blog post as melanson wanted me to write something about vlc-leech.c :)
my guess about RV30 would be that its a early H.264 draft probably closer to SVQ3 then H.264 but that is just a guess based on very little actual info, to find out more there are many things which could be tried, encoding test images with the binary codec and looking at the bitstream might be interresting comparing this to various versions of th reference h.264 encoder might with some luck be enough, dissassembling the binary is the obvious other choice …
the h.264 reference sw can be found at http://iphome.hhi.de/suehring/tml/download/ if you are interrested in REing RV30
Comment by Michael — 2006-01-03 @ 22:39
You know I’m interested in everything related multimedia, it’s just about having enough free time, which I’m obviously missing.
Comment by Alex — 2006-01-04 @ 11:36