capsrv is responsible for validating the MACs for screenshots stored on the SD card, if the setting capsrv!enable_album_screenshot_filedata_verification is non-zero.
Screenshots are validated as follows: The JPEG's MAC is extracted from the EXIF maker note, and stored. A timestamp string is generated by calling snprintf(&str, 20, "%04d:%02d:%02d %02d:%02d:%02d", ...); with stored timestamp values. If this doesn't match the timestamp string stored in EXIF, then an error 0xA34CE is returned. Otherwise, the entire JPEG is loaded into memory, and the stored EXIF maker note is cleared to zeroes. Then, an HMAC-SHA256 is computed over the entire JPEG using a hardcoded secret key. if (memcmp(calculated_hmac, stored_hmac) == 0), the screenshot is valid, else 0xA3ACE is returned.