Left4Code

mat2 For Metadata Viewing and Removal

mat2 (Metadata Anonymization Toolkit) is a pretty nice simple tool written in python that supports the viewing and removal of metadata for various file formats like pdf, docx, jpg, png, zip, etc etc, you get it. It's purpose seems to be a quicker way to extract the juicy important information out of files without cracking open exiftool and going bananas. Simple command arguments, simple life.

What you need to know (To get the most out of this!)

Basic understanding of the Linux command line (bash) Basically, do you understand a basic command like ls -alh Some determination to read, mentally digest, practice, and learn for yourself. How to use the manpages (run "man man" without the double quotes in your terminal if you don't know) this is so you can always use the manpages if this course doesn't get completed or updated. I want to teach you to fish, not give you fish. Whenever I put carat symbols outside of something, don't add them to the command in your actual terminal, ex: <yourfile> should be typed in your terminal as yourfile, or whatever you want to name it, it's just a placeholder, you get it.

What this page covers (To Not Waste Your Time!)

Warnings about mat2 and potential data loss (only worry if wiping metadata) Installing mat2 using apt How to view metadata using mat2 quickly Running mat2 on folders & files for showing and wiping Figuring out what file-types mat2 supports metadata removal without backing up the file lessening the amount of data removed with mat2 Closing notes

Warnings when it comes to using mat2

Straight to the point, if you are running mat2 for wiping on a file which it's core hashed integrity is of utmost importance or if you want to make completely sure that the file you are removing the metadata from will still open afterwords, make a backup of the file first, mat2 does this by default so you should be fine, but if you want to make double sure, back one up for yourself too. Quick note, I've never had mat2 tweak out on me after my years of using it, so this is just a defcon 1 level precaution in case you have one really bad day. With that out of the way, let's get into it.

installing mat2

mat2 is available in most distribution repositories and can probably be installed using the command:

sudo apt install mat2

Viewing metadata with mat2 (files & folders)

To view metadata with mat2, we can use the command:

mat2 -s <yourfile>

or run it on a directory to recursively check everything inside of it!

mat2 -s yourdirectory/

You can specify the -V option (note the capital) to display verbose debug information about what mat2 is doing, this can be added as a flag regardless of wiping or viewing metadata, but it's really only been useful in my experience when removing metadata.

mat2 -Vs yourdirectory/

mat2 can also be run on zip files to get at least the creation date of the files inside it and maybe some more metadata, cool to know.

File-types mat2 supports for wiping & viewing

mat2 supports many files like flac, a bunch of mpeg family file-types, jpeg, png, html and a bunch of others. A full exhaustive list of the supported file-types for mat2 can be found by running:

mat2 -l

Metadata Removal with mat2

By default, if the -s parameter is not passed to mat2, it will remove all of the metadata it can from the file, this means that by learning how to show the metadata of a file with mat2, you also learned how to wipe the metadata of a file with mat2! Simply remove the -s from the previous commands you used above to wipe the metadata from the selected file or directory.

mat2 <yourfile>

Also by default, when wiping metadata with mat2 it will run the process on a separate instance of the file and upon success will load the cleaned file into the working directory the file is in with the new extension .cleaned appended to the end of the file name. Meaning NoMetadata4U.pdf would turn into NoMetadata4U.pdf.cleaned

You can additionally use the -l flag to lessen the amount of metadata that mat2 removes, and use the --inplace flag to not create a backup of the file before scrubbing the metadata from it.

mat2 -l <yourfile>
mat2 --inplace <yourfile>

Conclusion

This is about 90% of mat2's functionality and will get you through most metadata viewing and wiping tasks. luckily, if you installed mat2 through a package repository, it probably comes with a manpage, so read that if you would like information on the one or two flags I didn't include here.

[Challenge approaching!!!]

In the Exiftool lesson, there will be a fun challenge for you to do where you can use a combination of both mat2 and exiftool to complete a CTF which you can put on the certification document as proof of completion for this section.