Verifying whether this image has been doctored

This is a RAW File, can someone explain why we are seeing the artifacts on the mountain and the clouds?

In all transparency, Canon considers the files manipulated, but I’m interested in knowing what was done to the image to turn out like this?

Original file 1839 from the RAW files, zoomed in on the mountain: RAWS aerial skies - Google Drive

The owner of these images Jonas De ro, a VFX artist, continues to claim these are real camera dump and has made these files public on Youtube for verification.

If there is an argument that these may be real, please present your evidence by comparing it to a publicly available image. Present your case with details, steps to repro, and few images to compare against.

Disclaimer: The goal of this ask is to accurately verify the images found in public domain. The outcome of this verification must not be linked to any person alive/dead. Besides, it’s common knowledge that online names/aliases do not always map to the actual identify of the person.

Here is a close up.

I also performed PCA, Noise and other analysis to corroborate.

Screenshot 2024-01-31 082439

Hi, welcome to the community.

I’m not quite sure what you’re asking or trying to accomplish.

The screenshots makes the files look damaged or manipulated indeed.

I don’t know the history to this ‘fake’ or not incident, but on the face of it the file looks fine. Opens in dt and responds more or less as expected.

Yet on close examination it does look rather like there are (edit: could be - not sure now after fiddling with demosaic methods.) compression artifacts in there (or something) , which I wouldn’t expect from a raw… but I’m no expert. Far from it. :smile:

1 Like

When you compare with a regular RAW, you will start seeing the strangeness. This image is apparently taken at 3.50Pm logically or 5 PM as per the owner. The luminosity gradient is totally missing,
Let’s dissect this image and few others. I promise anyone seeking truth will not be disappointed.

I’ll produce a comparative pics with some RAW images, if you want to select a RAW off this forum, i can use that to compare this RAW (synthetic RAW) against natural genuine RAW.
This behaves like a photoshopped, fabricated RAW> Any fabrication will have a different noise profile, wavelength, luminosity gradient among others.
1837 and 1839 ( this image) have the exact mean vector values to the 5th decimal point. We actually calculate mean vector to identify uniqueness of the images, it’s like 2 people having same fingerprint or hash. Only possible if synthetically developed. ( this is the help im looking for)

Investigating these images is like a gold mine of information on constructing fakes!

Thank you! i follow proper scientific standards, i write down the repro steps and tools used.
If you suspect my screenshots, please show us your own and let’s validate. I gain nothing by manipulating the images, there is no academic value in doing that.
i’m looking for ways such an image can be reconstructed.
This image ( to me and few trained eyes in image fabrications) looks like fully made from scratch, like taking objects, clouds, background from other sources and put together, and passed off as a RAW. That’s some skill.
Fortunately, we have tools and understanding of typical gaussian noise profiles. This image deviates enough to quality for further analysis and that’s what i did, and encouraging others to do :slight_smile:

Here is the original flicker image the RAW file fuji was taken from: Flicker image is from Feb 18th 2012.

Raw image EXIF shows Jan 25th 2012

Here is the comparison/ overlay,

Looks like the owner of the raw file added/removed snow to make it look like it’s taken on Jan 25th 2012, areas he touched to add/remove snow shows up on analysis.
like this, because they dont have same color/luminosity ranges, so they stand out as they are missing the gradient required to blend in.

1 Like

You can tell where the fabrications were applied around the crater. comparing the original

This is from irfanview, see how the clouds pop out

1 Like

Notice the jarred edges on RAW as you remove the haze using Darktable, and zoom in. Real RAW images dont do this.

Playing with Darktable and zooming in on clouds. Looks like no clouds I have seen against the same settings on any RAW file i tested. That’s from a sample pool of over 700 raw cloud images.


Maybe you can share the YouTube video and that’d help establish some context around what you’re talking about.

1 Like

That might be a distraction from actual unbiased image analysis IMO.
It’s not difficult to find the video if you type the person name on youtube, but i hope you understand my attempt to keep us focused on just the image analysis and not any specific person.
Deconstruct the image, analyze it, reconstruct, compare against other RAWs and share your thoughts and repro steps.

Soon, I can share a script on how to detect image fakes. But for now seeking reproable insights from other experts as they deconstruct/reconstruct this image.

It’s all a bit beyond me at this point, especially as I have no real technical knowledge of this stuff. But I’ll be following the thread with interest. :slight_smile:

1 Like

Thank you! If you dont mind, you can help validate :), if you see repro steps i would really appreciate if you can try them out yourself and provide your feedback. Any genuine unbiased feedback is gold!


Here are some RAW control images i found on this site ( genuine raw image)

I’ll run few comparative tests showing how these images stack up against Jonas Raw using various parameters.


Curious by the subject I decided to quickly give it a go on my side.

My theory is that if the file is edited, by retrivieving the undebayered camera data from the RAW file, you would notice an offset in the camera sensor array.

So I made a quick python script that allow me to retrieve that information and save it to disk for previewing.
The dependencies used as listed at the top of the script.
OpenImageIO is a hard to get dependency, but you could use anything like OpenCV, Pillow as I’m just writing a numpy array to disk.

python = ">=3.10,<3.12"
numpy = "1.26.*"
rawpy = "0.19.0"
openimageio = { path = "./vendor/OpenImageIO/OpenImageIO-", markers = "sys_platform == 'win32'" }
from pathlib import Path

import numpy
import rawpy._rawpy as rawpy
import OpenImageIO as oiio

def oiioconvert_array_to_image(array: numpy.ndarray) -> oiio.ImageBuf:
    Convert a numpy array to an OIIO ImageBuf.
    typedesc = oiio.UINT16  # XXX: hardcoded
    image_spec = oiio.ImageSpec(
    image_buf = oiio.ImageBuf(image_spec)
    image_buf.set_pixels(oiio.ROI(), array)
    return image_buf

def main():
    INPUT_PATH = Path(r"G:\temp\RAWS aerial skies japan\dng\IMG_1840.dng")
    OUTPUT_PATH = INPUT_PATH.parent / (INPUT_PATH.parent.stem + "_raw.exr")

    # // READ raw unbayered pixels
    processor = rawpy.RawPy()
    raw_image_array: numpy.ndarray = processor.raw_image.copy()


    # // CONVERT single channel to 3 channels
    raw_image_array_rgb = numpy.dstack([raw_image_array] * 3)
    print(raw_image_array_rgb.shape, raw_image_array_rgb.dtype)

    # // CONVERT to OIIO object
    raw_imagebuf = oiioconvert_array_to_image(raw_image_array_rgb)

    # // WRITE image to disk
    if raw_imagebuf.has_error:
        raise RuntimeError(f"Provided ImageBuf has errors: {raw_imagebuf.geterror()}")
    print(f"Writing {OUTPUT_PATH}")
    raw_imagebuf.write(str(OUTPUT_PATH), oiio.FLOAT)

if __name__ == "__main__":

Using that script my workflow was as follow:

  • download .CR2 files from the Gdrive link provided
  • convert the .CR2 file to .DNG for maximum compatibility using Adobe DNG converter
  • read the IMG_1840.dng using the script, and write to a file named IMG_1840_raw.exr (the OpenEXR format is VFX industry format to store floating point data, using here a lossless compression method)
  • inspect the content of IMG_1840_raw.exr file

The sensor pattern is uniform across all the picture which implies that if there was any malicious edit the person also took time to reverse-engineer the debayer pattern from the input image he used for image-manipulation which I’m not sure is even possible.

Here is the .exr converted to .jpg (100% quality export) with a contrast boost to make it more easy to see the sensor pattern :

(EDIT: even though the jpg is super sharp on my computer, it seems to receive extra compression or filtering once uploaded, so download the exr below)

My conclusion is that those are 100% legit RAW files.

An advice is that it is good to doubt about everything, but then perhaps also start doubting about the image-processing software you use. There is no guarantee those will perform the operation you expect them to do without doing a few trick implemented internally, for various reason like optimisations, etc. Which might make it hard to imply that something that looks “off” is not just the fault of your software, or your utilisation of the software which was not expecting this.

You can find attached the .exr produced from my script:

dng_raw.exr (39.4 MB)


We are talking slightly different things here.
The validity of an image consists of 3 aspects.

  1. Image File/data integrity. Which Cr2 is supposed to provide based on its proprietary format, and how its rendered once read. This is what you are referring to. This is compromised as per Canon. This is also what Canon checks for, and canon determined that even when an image passes the original data verification tests, the images are fabricated. You are looking at these images that Canon found to be in the same category.

  2. Image scene integrity. A fabricated image will behave inconsistently in its evaluation of the scenery, noise, mean vector, Bit plane, Error analysis, cut/copy signs and multitudes of tests that check for consistency.
    Example: Take an image of a mountain with snow, and brush the exact white color either on the snow or areas without snow cover to appear like snow. Visually they will look same, but they will stand out differently as the luminosity gradient is hits anomaly at the pixels where brush is applied. Or the error values, or the noise values stand out against the backdrop of an uniform image.
    You can see what happened here.

  3. Is Photographer sworn statement that the image in question was indeed captured by the photographer and he/she was actually present to take the image. AFAIK by US law for evaluating images.
    This is a good link to dive into Admissibility of digital imaging in court. Including a “Chain of custody” that a photographer needs to prove. None of that happened with these images, and we should not be discussing this here.
    Image Integrity and the Admissibility of Digital Imaging in Court - Doug Gooden.pdf (
    Photographs as evidence and chain of custody - LLRMI - Police Training and Expert Services for Law Enforcement, Jails & Corrections, Insurance Pools, Risk Managers, and Attorneys

Coming back to Cr2, and data format checks
Cr2 original data compromise that Canon has posted was referring to the entire CR2 being reverse engineered. One of the compromised camera models is Canon EOS 5D mark II.
Forging_Canon_Original_Decision_Data.pdf (

Cr2 hack discussion: forum/index.php?topic=15689.0 Notice the fake Cr2 files.

github /lclevy/libcraw2/blob/54caceb6aa3ec8aff1ae3102a498cb5438a75d74/user_manual md

You seem uninformed regarding the nature of Cr2 hack. I had a lengthy conversation with Canon support, short of telling me how to hack Cr2 they basically said the Cr2 fake file will pass all their Cr2 file checks, a fake file will behave just like one. Fabricated images within the Cr2 will be unlikely to pass the test for image integrity or discrepancy between what is captured, what is expected in the RAW data of such a file, and how the pixels behave against various settings.

You can fake a CR2, but once you manipulate the object it will leave telltale signs. And this is the scope of our discussion, to understand the fabrication signs and not claim something authentic without through evaluation.
These images
Fail tests for image integrity ( What we are focusing in this thread)
Pass file integrity ( as warned by Canon)

Liam, as a new user I cant post too many messages and will have to wait sometime.
I’ll address your “blame the software” narrative, by

  1. Letting various genuine people verify ( which is the purpose of this thread)
  2. Let some independent evaluations from some image verification labs, Adobe, etc perform their own tests against these images.
  3. Mathematical values that stand out as anomalies.

1 can be spammed as it’s been happening on various forums. People post their assurance without fully understanding the ask. And have the thread closed. Scammer takes a screenshot of a random off topic response with “100% Real” in their message ( which isnt even the ask), and uses that as a verification proof. I request you to evaluate and reserve judgement. I also noticed how the original file owner’s group of users blamed the software for artifacts. Very uncanny!
Those seeking truth must wary of such tactics.

2. I will post the outcome of these labs everywhere i can. Stay tuned. Timing not in my control
3. This is in my control, i will share this as soon as i can create new posts.

You seem uninformed regarding the nature of Cr2 hack

Indeed, I would assume that anything digital can be compromised anyway. But thanks for letting me know that we can “compromise” camera raw files.

My next question is what is the point of all of this ?

I had a quick look at Jonas De Ro profile. And what I see is just a poor artist living an already hard enough life (context: entertainment industry take big hits nowadays) that seems to have been caught in a UFO debunking investigation. He seems to have kindly accepted to take part in the investigation by providing some file which seems to be what we are looking at right now.
(understanding from my brief look at the subject)

So first why would he fake those RAW files ? Then why would one spent more “debunking” those RAW files than debunking the original UFO video ? (except for pleasure which I would have nothing against, but in that case I would perhaps have take a more complex case than picture from a random artist that doesn’t seems to be part of the initial problem)

Lastly if you are trying to be so suspicious about every image component, which I guess is necessary for such investigation, why aren’t you that suspicious for the software you are using ?
In the signal separation screenshot you sent, what am I looking at ? How much algorithm between the original camera data and the colored image preview was executed to produce it ?

My point is that unless you wrote the software yourself (which I don’t know), or had a look at the full code base of the software available, how do you know if what you “see” is what you actually expect to see.

Perhaps the software you are using has a compression algorithm that compress the raw data from the camera file, which is then exaggerated when applying intensive image processing like your signal separation. Perhaps there is a bug in the all the processing chain that produces a few bits off that one could interpret as defect …

Yes it is easy to blame the software but who wrote software ? Humans, and no human is perfect, so all our software have flaws. And unless you are extensively aware of the software logic you cannot assume it is doing what you expect it to do. (this include my little script I posted above, I am using rawpy an external library for raw file reading which I have no extensive knowledge off, hence I cannot affirm that my script is an irrefutable proof)

I wish you luck in your investigation as long as the author of those pictures is respected.

@ liam_collod wouldn’t it be easier to just export as exr in darktable with everything turned off? Input colour profile, borders, white balance etc…

Video from Jonas De Ro talking about his raw file that has been used to create an UFO hoax.

Harassment from OP


You had to buy the tool to use that feature.
“The kit consists of a dedicated SM (secure mobile) card reader/writer and verification software. When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original.”

Never heard anyone using it. I wanted OSK-E3. Not due to the verification feature but because of encryption. What I know the encryption was never cracked.

You had a short conversation with me and some other forum users at Community Canon USA before your thread was removed.

For anyone who wants something more interesting I recommend this synthetic CR2 instead

Check the read noise and the amount of masked pixels. And darktable will not accept it.

wouldn’t it be easier to just export as exr in darktable with everything turned off?

probably ! I am not very familiar with darktable so python was just my initial go-to (which also give more control over how the file is read).

thanks for also sharing a bit more context, that is indeed not what I would call “respecting the picture author” which is sad to see.

1 Like

Thanks for providing some context @liam_collod

We can not aid in harassment here, that isn’t right.

Also aliens are real, that is not in doubt.

I’m going to lock this thread and maybe we should just leave this poor person, Jonas, alone.