Beforehand: This information goes for wow client 3.3.5a.
I have done some more reversing work now and got some more information out of it. Just want to let you know of it. Maybe some things may already known or not, sorry if so. I was more into work instead of reading all single lines of this thread, forgive me please And sorry for bad English and explaining I am very tired of today as it's late .
Just wrote an app in c which decodes that watermark data. Btw: Yep, there is no encryption stage for the watermark, so the data is directly encoded / written from wow's memory. In other words, you can find the same information in wow's memory when taking a screenshot... However, I do not 100% know what exactly (kind of data) is stored there.
Here is an example:
Code:
00000000 41 44 4D 49 4E 10 00 00 00 00 00 98 88 48 4E 17 ADMIN......˜ˆHN.
00000010 D0 06 5E F0 68 75 00 00 00 00 00 00 00 00 00 00 **.^ðhu..........
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000070 00 00 00 00 00 00 00 62 00 D7 4A 8C FB 21 09 82 .......b.×JŒû!.‚
00000080 8C 57 29 C2 84 0C 31 32 37 30 30 30 30 30 30 D4 ŒW)„.127000000Ô
00000090 4A BE 3E 09 58 C7 DF 78 F2 07 30 30 31 30 38 31 J**>.XÇßxò.001081
000000A0 32 39 FF 3F 0F 32 99 95 FA 09 A2 1C 91 9E D4 EF 29ÿ?.2™•ú.¢.‘žÔï
000000B0 41 44 4D 49 4E 00 00 00 00 00 00 98 88 48 4E 17 ADMIN......˜ˆHN.
000000C0 D0 06 5E F0 68 75 00 00 00 00 00 00 00 00 00 00 **.^ðhu..........
000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000120 00 00 00 00 00 00 00 62 00 D7 4A 8C FB 21 09 82 .......b.×JŒû!.‚
00000130 8C 57 29 C2 84 0C 31 32 37 30 30 30 30 30 30 D4 ŒW)„.127000000Ô
00000140 4A BE 3E 09 58 C7 DF 78 F2 07 30 30 31 30 38 31 J**>.XÇßxò.001081
00000150 32 39 FF 3F 0F 32 99 95 FA 09 A2 1C 91 9E D4 EF 29ÿ?.2™•ú.¢.‘žÔï
00000160 41 44 4D 49 4E 00 00 00 00 00 00 98 88 48 4E 17 ADMIN......˜ˆHN.
00000170 D0 06 5E F0 68 75 00 00 00 00 00 00 00 00 00 00 **.^ðhu..........
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001D0 00 00 00 00 00 00 00 62 00 D7 4A 8C FB 21 09 82 .......b.×JŒû!.‚
000001E0 8C 57 29 C2 84 0C 31 32 37 30 30 30 30 30 30 D4 ŒW)„.127000000Ô
000001F0 4A BE 3E 09 58 C7 DF 78 F2 07 30 30 31 30 38 31 J**>.XÇßxò.001081
00000200 32 39 FF 3F 0F 32 99 95 FA 09 A2 1E 91 9E D4 EF 29ÿ?.2™•ú.¢.‘žÔï
Yep, the same data block also repeats for 3 times. Note: There may only a difference when doing "dirty" work on the bitmap, while editing, cropping stretching or when the picture is just bad etc. So independent from that, it is bit-equal in wow's memory anyway .
Ok the first info "ADMIN" is my test server login name, "127000000" and "00108129" (Idk why they used to split this string ) is my test server address (127.0.0.1) and the port 8129.
If you look at this image https://i.imgur.com/RD0uh.jpg , the above decoded example is extracted from the white block. The other 10 ones (In blue) are just the same as the white block. I think they are repeated for redundancy and robustness. Conclusion: together with the redundancy inside a single block, you have literally 3 * 11 = 33 times the same data distributed inside one screenshot!!!
Ok here is the decoder thingy:
Code:
// wow bitpattern tool
// Reads a 32-bit bitmap into a binary raw data file.
// written from scratch, sorry for readability
//bitmap >MUST be 32-Bit per pixel, windows bitmap!
#include <Windows.h>
#include <stdio.h>
FILE* open_bitmap(char *filename);
int getfilesize(FILE *thefile);
struct rgb
{
BYTE r;
BYTE g;
BYTE b;
BYTE a;
};
rgb *colordata;
BYTE *bitmap;
BYTE *bits = new BYTE[500000]();
int main(int argc, void* argv[])
{
tagBITMAPFILEHEADER bm_file_header;
tagBITMAPINFOHEADER bm_info_header;
FILE *bitmapF = open_bitmap("V:\\Games\\World of Warcraft\\Screenshots\\example_0001.bmp"); //enter your bitmap here <<
fread((void*)&bm_file_header,1,sizeof(tagBITMAPFILEHEADER),bitmapF);
fread((void*)&bm_info_header,1,sizeof(tagBITMAPINFOHEADER),bitmapF);
int bwi = bm_info_header.biWidth; // ((bm_info_header.biWidth % 4));
int bhi = bm_info_header.biHeight;
int csize = abs(bwi * bhi);
colordata = (rgb*)calloc(1,csize * 4);
fread((void*)colordata,csize * 4,1,bitmapF);
fclose(bitmapF);
SetCursorPos(0,0);
//note: bitmaps are read upside-down
//note: bits gets scanned "mirrored" on the x axis, i.e right to left.
int thrsh = 255; //threshold value (below = 0) (higher/eqal = 1)
int pos=0;
for(int c=(bhi-1);c>=0;c--)
{
for(int i=(bwi-1);i>=0;i--)
{
if(colordata[i+(c*45)].r >= thrsh)
{
bits[pos] = 1;
printf("#");
}
else
{
bits[pos] = 0;
printf(" ");
}
pos++;
}
printf("\n");
}
int byte_count = csize / 8;
BYTE *data_array = new BYTE[byte_count]();
BYTE data=0;
for(int pos_byte=0;pos_byte<byte_count;pos_byte++)
{
for(int pos_bit=0;pos_bit<8;pos_bit++)
{
if(bits[(pos_byte * 8)+pos_bit]==1)
{
data_array[pos_byte] = data_array[pos_byte] | (1 << pos_bit);
}
}
}
FILE *data_out = fopen("V:\\raw_data.out","wb"); //<< and your raw output data file here <<
fwrite(data_array,1,byte_count,data_out);
fclose(data_out);
return 0;
}
FILE* open_bitmap(char *filename)
{
FILE *mybmp = fopen((const char*)filename,"rb");
return mybmp;
}
int getfilesize(FILE *thefile)
{
fseek(thefile,0,SEEK_END);
int size = ftell(thefile);
fseek(thefile,0,SEEK_SET);
return size;
}
Just view the output file with a hex viewer (like HxD or so).
Also a side-note: I am using photoshop for the crop, scaling and color conversion process. I will post a tutorial / info for that tomorrow.
If you want a finished bitmap I made for the above example for testing, get it here: mediafire.com/view/?7wdtud3j7i1ve13 (use the download button in top-left corner there to get the BMP) Sorry I could not load the bmp to imgur as it converts it to jpg
Laria