In both cases it's a bash script one-liner to extract the data from the chain. Not really practically different.
Again, someone please correct me if I'm wrong, but this really makes the whole Knots CSAM argument just plain stupid scare tactics...
Discussion
I think two other commenters here corrected this
Yeah, from the other comment I learned that there is a sequence "4d" inserted every 520 bytes, but the ways to retrieve this data are the same for almost all intents and purposes.
So is the claim that there is a law that specifically defines that image has to be stored in continuous bytes (without any extra bytes inserted) to be considered CSAM?
(correction, the inserted sequence is "4d0208" in most cases, because it includes the length)
This has nothing to do with laws. It is a malware detection issue because of the contiguous state of the data.
The one topic that has been heavily discussed above was CSAM - there it's about laws.
About malware - continuous or not doesn't really have effect here, right? The way how malware is detected is via detecting fingerprints (short byte sequences) that are common to the malware or via heuristic analysis, or via some other tricks (like running the code in sandbox). So if there is malware stored in inscriptions or in op_returns would be detected the same way with probably the same results. But taking a step back - this isn't even a real concern, since node-to-node packets are now encrypted, right? (since BIP 324 is enabled by default in Core)
So what is exactly the argument about malware in this case?
The argument is validation. When validating those bytes are processed in the clear decrypted. (XOR doesn't change this) also, the finger prints for malware detection are more like heuristics. Does this have 1 fingerprint? Yes, check for 2. And so on. (This is obviosly so the antivirus ALSO isn't running those same contiguous bytes through its processor).
As far as CSAM goes I am fairly certain (though I don't dare try it) that if you run those bytes through something as basic as VLC you will get an image. No additional encoding necessary. Meaning you are storimg a raw data file of terrible shit in ram that you could conceivably render with simple image software NOT some inscription decoding taproot wizard shit.
The malware is an attack vector, the CSAM is more or less gross despicable shit. All enabled by 100kb OP_RETURNS easily propagated through the gossip network.