Page 5 of 20 FirstFirst 123456789 15 ... LastLast
Results 61 to 75 of 300
  1. #61
    Member eldavo1's Avatar
    Reputation
    3
    Join Date
    May 2007
    Posts
    42
    Thanks G/R
    0/0
    CoreCoins
    26
    Trade Feedback
    0 (0%)
    Quote Originally Posted by _Mike View Post
    Btw, bonus +rep to whomever first posts my account name I've verified that it's in there.
    First two letters? Working on something...

  2. #62
    Member Desconocido's Avatar
    Reputation
    1
    Join Date
    Jun 2011
    Posts
    5
    Thanks G/R
    0/0
    CoreCoins
    9
    Trade Feedback
    0 (0%)
    Account name, realm, time and ip stored in digital watermark. When Blizzard added that stamp into screenshots?

  3. #63
    Member Desconocido's Avatar
    Reputation
    1
    Join Date
    Jun 2011
    Posts
    5
    Thanks G/R
    0/0
    CoreCoins
    9
    Trade Feedback
    0 (0%)
    Quote Originally Posted by _Mike View Post
    Btw, bonus +rep to whomever first posts my account name I've verified that it's in there.
    Being working on that, waiting while IDA burning my laptop :P

  4. #64
    Contributor Sendatsu's Avatar
    Reputation
    250
    Join Date
    Sep 2012
    Posts
    98
    Thanks G/R
    1/7
    CoreCoins
    58
    Trade Feedback
    0 (0%)
    Quote Originally Posted by Desconocido View Post
    Account name, realm, time and ip stored in digital watermark. When Blizzard added that stamp into screenshots?
    Around 2010 based on my screenshots, but I could be wrong because I just messed with the sharpening trick, not actual coding.

    I am now trying to find your username Mike, let's see who gets it first :P

  5. #65
    Contributor _Mike's Avatar
    Reputation
    309
    Join Date
    Apr 2008
    Posts
    531
    Thanks G/R
    0/1
    CoreCoins
    13
    Trade Feedback
    0 (0%)
    Quote Originally Posted by eldavo1 View Post
    First two letters? Working on something...
    10???????#? it's a trial account so no "real" (alphabetic) name.
    It's standard 8-bit ASCII encoding with a tiny twist.

  6. #66
    Contributor
    allesist's Avatar
    Reputation
    227
    Join Date
    Mar 2007
    Posts
    154
    Thanks G/R
    0/0
    CoreCoins
    3
    Trade Feedback
    0 (0%)
    Here is a pattern image: http://img521.imageshack.us/img521/7825/output2.png
    It fits for the upper part of the watermark but not for the lower part. You can check this by overlapping both images (the example image of mike and this image) in gimp. Now add some transparency to the pattern image. I will try to decode it somehow .

  7. #67
    Elite User CoreCoins User Iaccidentallytwink's Avatar
    Reputation
    583
    Join Date
    Aug 2007
    Posts
    1,017
    Thanks G/R
    1/14
    CoreCoins
    509
    Trade Feedback
    0 (0%)
    Don't know yet if this is tinfoil hat stuff for sure, but it looks like there might be some truth to this.

    Good thing I never upload my screenshots. I just PrnScn and then paste it.

  8. #68
    Contributor The Man Who Sold The WoW Ziggeh's Avatar
    Reputation
    87
    Join Date
    Mar 2012
    Posts
    211
    Thanks G/R
    0/2
    CoreCoins
    26
    Trade Feedback
    4 (100%)
    Quote Originally Posted by _Mike View Post
    10???????#? it's a trial account so no "real" (alphabetic) name.
    Just on side note, only pre-Battle.net accounts have alphabetic names. Since then it's just numbers.

  9. #69
    Master Sergeant Etherea's Avatar
    Reputation
    30
    Join Date
    Feb 2007
    Posts
    135
    Thanks G/R
    0/0
    CoreCoins
    0
    Trade Feedback
    0 (0%)
    Couple of things...

    First off I would like to apologize for being such an A-hole in my previous posts in this thread.

    After re-reading the posts and _Mikes detailed analysis I believe there is an 88 byte watermark including your account name/numbers.

    It is very sneaky of Blizzard to only add the watermark to JPEG screenshots that don't use the highest quality compression. This was probably done intentionally to make the watermark harder to discover and decipher. I'm sure the vast majority of users use default format and compression which includes the watermark.

    While I believe my assertion that you could not encode a high detail QR code into a lossy JPEG image is correct, its certainly possibly to encode a smaller chunk of data. A QR code can hold up to 3000 bytes whereas this watermark contains only 88 bytes.

    In short all of _Mikes analysis satisfies all the irregularities, such as confirming no watermark in lossless or quality 10, etc. This seemed so strange that without the detailed explanation and reversing of WoW process I would not believe it.

    I would also further venture that the watermark may be decoded / partially decoded even in resized/resaved images of reasonable quality. Given that each bit is 4x5 square and the pattern repeats.

    It would be awesome if someone could write a one-click program for decoding account names from screenshots, and I wonder how difficult it would be programmaticly to detect the watermark in a typical screenshot.

  10. #70
    Admin
    CoreCoins User Authenticator enabled KuRIoS's Avatar
    Reputation
    2845
    Join Date
    Apr 2006
    Posts
    10,585
    Thanks G/R
    237/243
    CoreCoins
    7148
    Trade Feedback
    7 (100%)
    I gave a couple of infractions in this thread... Some people are soon banned from OC if they continue to troll and act like morons.

  11. #71
    Moderator Harry
    CoreCoins User Authenticator enabled stoneharry's Avatar
    Reputation
    1478
    Join Date
    Sep 2007
    Posts
    4,287
    Thanks G/R
    62/62
    CoreCoins
    440655
    Trade Feedback
    0 (0%)
    Moved to WoW General as this is not a exploit.

    This is a very interesting thread. Thanks for the information. It makes you think.

  12. #72
    Elite User CoreCoins User Master674's Avatar
    Reputation
    475
    Join Date
    May 2008
    Posts
    569
    Thanks G/R
    2/18
    CoreCoins
    382
    Trade Feedback
    0 (0%)
    Code:
    int __cdecl ClientServices::GetClientStamp()
    {
      void *v0; // [email protected]
      const char *v1; // [email protected]
      int v2; // [email protected]
      int result; // [email protected]
      char v4; // [sp+14h] [bp-24h]@4
      char v5; // [sp+15h] [bp-23h]@8
      char v6; // [sp+16h] [bp-22h]@8
      char v7; // [sp+17h] [bp-21h]@8
      int v8; // [sp+18h] [bp-20h]@8
      int v9; // [sp+1Ch] [bp-1Ch]@8
      int v10; // [sp+20h] [bp-18h]@8
      int v11; // [sp+24h] [bp-14h]@8
      int v12; // [sp+28h] [bp-10h]@8
      int v13; // [sp+2Ch] [bp-Ch]@1
    
      v0 = __stack_chk_guard_ptr;
      v13 = *(_DWORD *)__stack_chk_guard_ptr;
      v1 = 0;
      if ( ClientServices::s_accountName )
        v1 = &ClientServices::s_accountName;
      if ( ClientServices::m_selectRealmInfoValid )
      {
        WowTime::WowEncodeTime(&v4, LODWORD(g_clientGameTime_ptr));
        memset(ClientServices::m_ClientStamp, 0, 0x58u);
        if ( v1 )
        {
          strcpy(ClientServices::m_ClientStamp, v1);
          byte_177FAA0 = v4;
          byte_177FAA1 = v5;
          byte_177FAA2 = v6;
          byte_177FAA3 = v7;
          v8 = dword_177FA08;
          v9 = dword_177FA0C;
          v10 = dword_177FA10;
          v11 = dword_177FA14;
          v12 = dword_177FA18;
          SockAddr::Normalize(&v8);
          dword_177FAA4 = v8;
          dword_177FAA8 = v9;
          dword_177FAAC = v10;
          dword_177FAB0 = v11;
          byte_177FAB4 = 0;
          byte_177FAB5 = -1;
          byte_177FAB6 = 63;
          byte_177FAB7 = 15;
          if ( v12 == 3 && v8 )
            SMemFree(v8);
          v8 = 0;
          v9 = 0;
          v10 = 0;
          v11 = 0;
          v12 = 0;
        }
      }
      else
      {
        WowTime::WowEncodeTime(&v4, LODWORD(g_clientGameTime_ptr));
        memset(ClientServices::m_ClientStamp, 0, 0x58u);
      }
      result = (int)ClientServices::m_ClientStamp;
      if ( *(_DWORD *)v0 != v13 )
        __stack_chk_fail(v2, *(_DWORD *)v0 ^ v13);
      return result;
    }

  13. #73
    Retired Noggit Developer
    schlumpf's Avatar
    Reputation
    755
    Join Date
    Nov 2006
    Posts
    2,759
    Thanks G/R
    0/3
    CoreCoins
    31
    Trade Feedback
    0 (0%)
    Quote Originally Posted by Master674 View Post
    Code:
    int __cdecl ClientServices::GetClientStamp()
    ....
    Rather:

    Code:
    ClientStamp* ClientServices::GetClientStamp()
    {
      memset(&m_ClientStamp, 0, sizeof(ClientStamp));
    
      if ( m_selectRealmInfoValid && s_accountName[0] )
      {
        strcpy(m_ClientStamp.accountName, s_accountName);
    
        WowTime::WowEncodeTime(&m_ClientStamp.gameTime, g_clientGameTime);
    
        m_ClientStamp.current_realm = m_CurrentRealmAddr;
        m_ClientStamp.current_realm.Normalize();
        m_ClientStamp.current_realm.addr = 0xF3FFF00u;
      }
    
      return &ClientServices::m_ClientStamp;
    }
    Last edited by schlumpf; 09-10-2012 at 03:00 PM.

  14. #74
    Contributor _Mike's Avatar
    Reputation
    309
    Join Date
    Apr 2008
    Posts
    531
    Thanks G/R
    0/1
    CoreCoins
    13
    Trade Feedback
    0 (0%)
    Quote Originally Posted by GeorgeRayVanHalen View Post
    Just on side note, only pre-Battle.net accounts have alphabetic names. Since then it's just numbers.
    I see, thanks. Thought only trial accounts were like that.

    Quote Originally Posted by Etherea View Post
    Couple of things...

    First off I would like to apologize for being such an A-hole in my previous posts in this thread.

    After re-reading the posts and _Mikes detailed analysis I believe there is an 88 byte watermark including your account name/numbers.

    It is very sneaky of Blizzard to only add the watermark to JPEG screenshots that don't use the highest quality compression. This was probably done intentionally to make the watermark harder to discover and decipher. I'm sure the vast majority of users use default format and compression which includes the watermark.

    While I believe my assertion that you could not encode a high detail QR code into a lossy JPEG image is correct, its certainly possibly to encode a smaller chunk of data. A QR code can hold up to 3000 bytes whereas this watermark contains only 88 bytes.

    In short all of _Mikes analysis satisfies all the irregularities, such as confirming no watermark in lossless or quality 10, etc. This seemed so strange that without the detailed explanation and reversing of WoW process I would not believe it.

    I would also further venture that the watermark may be decoded / partially decoded even in resized/resaved images of reasonable quality. Given that each bit is 4x5 square and the pattern repeats.

    It would be awesome if someone could write a one-click program for decoding account names from screenshots, and I wonder how difficult it would be programmaticly to detect the watermark in a typical screenshot.
    Technically the full watermark is 5808 bytes*, but because of the added checksum (or perhaps some kind of ECC) and the huge amount of repetitions the effective payload is only 88 bytes. A QR code has the advantage of being a single color pattern on a clear background. This is designed to both be stealthy and, as you mentioned, survive resizing and resaving. It is also quite possible that the payload is so small because they simply felt that they didn't need any more data.
    As for how hard it would be to extract the watermark from a real screenshot with the world and UI being rendered, I can't say. I'm no imaging expert. I have no idea (yet) how to do it though.

    *) At the resolution I used at least. I haven't tested but I believe from looking at the code that the position and size (and therefore recovery accuracy) is resolution dependent.

  15. #75
    Moderator Harry
    CoreCoins User Authenticator enabled stoneharry's Avatar
    Reputation
    1478
    Join Date
    Sep 2007
    Posts
    4,287
    Thanks G/R
    62/62
    CoreCoins
    440655
    Trade Feedback
    0 (0%)
    I've cleaned up the thread as best as I can. Please use the report function (found on the bottom left of a post next to +Rep) when you find a post not being constructive (also known as flaming/trolling).

 

 
Page 5 of 20 FirstFirst 12345678915 ... LastLast

Similar Threads

  1. [Buying] [Check your Wardobe] LF Icebane Leggings - paying good (Look inside)
    By kryx123 in forum WoW-EU Account Buy Sell Trade
    Replies: 0
    Last Post: 08-01-2016, 08:32 AM
  2. [Selling] GODLY level 24, valor, 2,4k Dragonite, 1,9k Gyarados! RULE YOUR CITY!!! LOOK INSIDE!
    By JuggerNuat in forum Pokemon GO Buy Sell Trade
    Replies: 0
    Last Post: 07-21-2016, 04:51 AM
  3. [Selling] wow accounts fresh - your name - look inside *** Cheap ***
    By ondastha in forum WoW-EU Account Buy Sell Trade
    Replies: 0
    Last Post: 01-13-2015, 06:45 PM
  4. GUIDE: HOW TO USE TORRENTS (Look inside)
    By Hounro in forum Community Chat
    Replies: 14
    Last Post: 01-22-2007, 08:04 PM
All times are GMT -5. The time now is 04:16 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2017 vBulletin Solutions, Inc. All rights reserved. Digital Point modules: Sphinx-based search