Page 1 of 20 1234511 ... LastLast
Results 1 to 15 of 297
  1. #1
    Contributor
    Reputation
    217
    Join Date
    Sep 2012
    Posts
    95
    CoreCoins
    1

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)

    Looking inside your screenshots



    Donate to Remove Ads, Get ShoutBawx - Elite Forum Access
    Updated 12/09 (the watermarking apparently started in 2007):

    DISCLAIMER: This thread post contains detailed information on how to view a hidden watermark which has been verified to exist embeded in JPG screenshots produced by the WoW client. The watermark itself includes, encoded in unencrypted bytes, the user's account name (\World of Warcraft\WTF\Account\), an HH:MM timestamp and the IP address of the server. If you do not care about Blizzard secretly watermarking your screenshots without any specific prior notification in the ToS or EULA, then this post probably isn't for you Thank you for your attention.

    Dear everyone

    This post may have been moved to WoW General, but it still remains an exploit - one which is used against us...

    1) Go somewhere where there aren't any (or a lot) of textures. I used the druid blink bug to go to the north end of the world but you should go below Dalaran in Crystalsong Forest, as bluesius suggested, because you will get a better screenshot if you stick your face in the pure white trees.

    2) Type:

    /console SET screenshotQuality "9"

    Make sure you use 9, not 10.

    3) Take a few screenshots of the clear, no textures, white area by zooming into a tree and hitting ALT Z, so that your entire screen is white.



    4) Open this image in an image editing program like IrfanView (it's freeware), click CTRL+E, select the Sharpening filter, use the highest possible sharpening value (99) and click OK. Now do this two more times, again: CTRL+E, Sharpen 99, OK.

    5) You are now looking at your character's WoW watermark / custom bar-code / qr code look-a-like / call it what you will:



    Apparently, each user has a different set of these repeatable patterns, which contain account and realm information, and it looks like if they are scanned by software that recognizes them, they can reveal our character's account name/id, the time of the screenshot and the the full information of the realm, including its IP address (think "private servers").

    Note that if your screen resolution is too high, the pattern will look something like this:

    (larger footprint)

    The pattern, which consists of approximately 88 bytes of data, repeats itself many times depending on the resolution of your screen. See below for a colored representation: the account id and realm information are depicted in red and the current time (seconds not included) is depicted in blue:




    IMPORTANT NOTE: IF YOU CAN'T BOTHER READING ANYTHING ELSE, READ THIS:

    The secret watermark which is being intentionally embedded inside WoW generated screenshots below top quality, DOES NOT CONTAIN the account password, the IP address of the user or any personal information like name/surname etc. It does contain the account ID, a timestamp and the IP address of the current realm. It can be used by malicious hackers to link alt. characters to accounts and target specific spam or scam attacks, and it can be used by Blizzard to track down private WoW servers.

    Based on Blizzard's ToS (http://us.blizzard.com/en-us/company/legal/wow_tou.html), Blizzard is allowed to communicate information about our hard drive, CPU, operating systems, IP addresses, running tasks, account name and current time and date. It never mentions anything though about embedding some of these data into every screenshot we capture using the WoW printscreen tool. The users [mistakenly] assume that Blizzard will use a safe channel via battle.net, not our public screenshots that we share with the world, unaware of their secret contents. This unencrypted watermarking mechanism fails to protect our privacy, not from Blizzard employees (they already know everything about our computer systems), but from malicious hackers looking for something or someone to take advantage of.

    If they only wanted it for screenshot-authenticity reasons, as some argued, they could have just watermarked a unique version of their logo or perhaps an encrypted key. But we found account and realm information which means that its aim is to secretly track the users, in addition to the known tracking methods that we agree to in the ToS.

    _Mike, schlumpf and Master674 have managed to disassemble the watermark data and help us verify which pieces of information are contained inside. Do note that this covert watermarking has been confirmed, by multiple sources, to have started immediately or soon after Patch 2.1.0 in 2007 (before the Activision deal), which introduced JPG screenshots for the first time (http://us.battle.net/wow/en/game/patch-notes/2-1-0), so you may want to delete/remove from the public domain all your JPG screenshots captured by WoW. Sorry Activision haters, looks like this one was on Blizzard

    The contained information can be easily recovered and decrypted by malicious hackers (if we did it, so can they). For example, someone could use this to identify which account holds which characters and perhaps stalk and annoy its user, or help perpetrators choose their phishing victims with a more targeted approach. They could unleash Web spider bots scanning for WoW screenshots, decode their hidden watermark data and quickly create a comprehensive database of which account has which alts in it, that they can then sell to anyone interested. Perhaps someone is already using this since the watermark has been around for five years already.

    Bear in mind that when this started, back in 2007, we were still using our account name to login so, before the battle.net conversion in 2009, the watermarks actually had really sensitive information... Between May 22, 2007 and November 11, 2009, any malicious hacker who knew about this could have used a screenshot of a lucrative character to find their actual username & active realm and then either try to scam them out of their password, or just brute-force it.

    It looks like when Blizzard decided to add JPG screenshots into the WoW client, they also teamed up with Digimarc (http://www.digimarc.com) to provide us this wonderful service of secretly tagging our in-game screenshots with our account and realm information. Although it has not yet been verified, it is possible that Blizzard is using an automated monitoring service which downloads image files from various Internet sites and checks them for the presence of their embedded digital watermark data, kindly provided by Digimarc: http://www.google.co.uk/patents/US7653210

    I must repeat, once more, that these patterns are not "random artifacts", because random artifacts don't produce account IDs: http://www.ownedcore.com/forums/worl...ml#post2493377 (Looking inside your screenshots)

    Thanks to _Mike, we also verified that there is no pattern included in high quality screenshots like TGA and JPG/10. So, in order to avoid any further watermarking, type: /console SET screenshotQuality "10" which will set the quality of your screenshots to the maximum and create screenshots that do not include the watermark.

    l0l1dk has developed a tool to disable the addition of watermarks in the lower quality screenshots but use it at your own risk/responsibility because it could corrupt the WoW client, which could then require a clean re-installation of the game (it's also against the ToS). It is much simpler to just set the JPG quality to max.

    Finally, a lot of people are asking how we managed to decode the watermark pattern. Well it took a lot of teamwork, which you can find in the next pages here, and we came up with two source codes which successfully read the pattern data:

    Java: http://www.ownedcore.com/forums/worl...ml#post2492716

    C#: http://www.ownedcore.com/forums/worl...ml#post2493450

    Try it yourselves. Read the rest of the thread for more information. If you have any comments, ideas or suggestions please share. Politeness is appreciated.
    Attached Images Attached Images
    Last edited by Sendatsu; 09-13-2012 at 02:35 PM.

  2. #2
    Legendary N Word

    CoreCoins User

    SniffingPickles's Avatar
    Reputation
    902
    Join Date
    Jul 2012
    Posts
    1,370
    CoreCoins
    68251

    Trade Feedbacks

    Status
    Superior trader
    Positive
    7 (100%)
    Negative
    0 (0%)
    upload your images on an external image hosting site: imgur.com


    No one responded because they couldn't see them

  3. #3
    Contributor
    Reputation
    217
    Join Date
    Sep 2012
    Posts
    95
    CoreCoins
    1

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Quote Originally Posted by Snicklesworth View Post
    upload your images on an external image hosting site: imgur.com


    No one responded because they couldn't see them
    Thank you.

    *UPDATED*
    Last edited by Sendatsu; 09-11-2012 at 01:56 PM.

  4. #4
    Contributor
    Reputation
    201
    Join Date
    Dec 2007
    Posts
    405
    CoreCoins
    21

    Trade Feedbacks

    Status
    Superior trader
    Positive
    1 (100%)
    Negative
    0 (0%)
    For quite a while i suspected this kind of tracking was possible. thank you for researching & proving it to be true!
    +cookies your way

    Edit: To people who do not understand the importance, this shows how Blizzard has possible ways of tracking screenshots to the related accounts even with name/character model / etc censored out. It also provides knowledgeable people with more ways to censor the image to prevent the above from happening.

  5. #5
    Contributor
    Reputation
    217
    Join Date
    Sep 2012
    Posts
    95
    CoreCoins
    1

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Quote Originally Posted by 403Forbidden View Post
    For quite a while i suspected this kind of tracking was possible. thank you for researching & proving it to be true!
    +cookies your way

    Edit: To people who do not understand the importance, this shows how Blizzard has possible ways of tracking screenshots to the related accounts even with name/character model / etc censored out. It also provides knowledgeable people with more ways to censor the image to prevent the above from happening.
    Thank you! If you actually want to censor your screenshot, apart from the character name and chat, you also have to blur out the shape of the pattern in the last image (http://i.imgur.com/3FDgG.jpg). It's like a capital T merged with an inverted capital T (dots added for centering), so it basically looks like an Ξ with a smaller middle line for small resolutions and a larger middle line for large resolutions:


    ___
    ..|..
    --!--


    It's always in the middle of your screen, and always the same pattern per character. That is why my screenshots are so low-res, I couldn't afford them being recognized.
    Last edited by Sendatsu; 09-11-2012 at 01:58 PM.

  6. #6
    Contributor
    Reputation
    281
    Join Date
    Jun 2012
    Location
    FR
    Posts
    201
    CoreCoins
    143

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    For me it looks like JPG compression artifacts, remember thath JPG is a highly destructive algorithm.
    Try entering this :

    /console SET screenshotFormat "tga"
    /console SET screenshotQuality "12"
    Redo your method and we'll see.

  7. #7
    Contributor
    Reputation
    227
    Join Date
    Mar 2007
    Posts
    153
    CoreCoins
    2

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Maybe this is just a watermark to prove it's from WoW itself and not a manipulated image (even the pattern changes).
    But i will try to reproduce this and then I will try to decode it somehow.

    // Edit

    Got those patterns too. But i think - like others in this thread told already - this is just because the jpeg compression. Can't see any difference on two different accounts on the same place.
    Last edited by allesist; 09-08-2012 at 02:06 PM.

  8. #8
    Contributor
    Reputation
    217
    Join Date
    Sep 2012
    Posts
    95
    CoreCoins
    1

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Quote Originally Posted by AraiXplorer View Post
    For me it looks like JPG compression artifacts, remember thath JPG is a highly destructive algorithm.
    Try entering this :



    Redo your method and we'll see.
    Thank you for the suggestion. I just experimented with all the qualities of JPG and the patterns disappear only at quality 10 (there is no higher quality than 10). Qualities 1-9 include these patterns. The lossless TGA format has no patterns in any of the qualities.

    If this indeed was JPG artifacts I would expect them to spread throughout the image. If an image format expert can give some insight on this it would be great.

    For now I am switching to JPG quality 10 until I know more. Thanks for the tip.

  9. #9
    Contributor
    Reputation
    281
    Join Date
    Jun 2012
    Location
    FR
    Posts
    201
    CoreCoins
    143

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Long story short : JPG is bad, go PNG people.

    @Frito : Tinfoil hats off to you

  10. #10
    Contributor
    Reputation
    217
    Join Date
    Sep 2012
    Posts
    95
    CoreCoins
    1

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Quote Originally Posted by Fritomaster View Post
    Since the human eye is much more sensitive to luminance than chrominance, you can afford to discard much more information about an image’s chrominance, especially the higher frequencies.
    We agree that JPG removes a lot of information from the image to make it smaller, but from all over the image, not always just the middle Ξ section.

    The number used to calculate the quantization constants is stored in the JPEG image file’s header, making decoding of the coefficients possible.
    The file header is not visible in the image, so it's not that.

    Since the output file contains Huffman codes, the original encoding information (like the Huffman tree or the data table generated from the Huffman tree) must also be stored in the output file in order for decompression to be possible. (...) One drawback is that the actual output file is larger than it needs to be. This is because information about the compressed data’s frequencies must also be stored in order to make data decompression possible.
    Ok so let's say that what I'm looking at is the storage of a Huffman tree embedded into the graphics. How can two different images (http://i.imgur.com/nClSc.jpg & http://i.imgur.com/0PWKW.jpg) have the same hidden pattern inside? They are different images so a different Huffman tree must have been created for each. I merged the top part of the first image with the bottom part of the second and I found the same pattern repeated 5 times in 3 different rows (2-1-2).

    Any suggestions? Politeness is appreciated

  11. #11
    Master Sergeant pac7's Avatar
    Reputation
    21
    Join Date
    Oct 2008
    Posts
    79
    CoreCoins
    97

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Interesting find, rep+
    Blizz has alot of cash to develop such complex algorythms to track you.

    I always knew they were monitoring me.
    Last edited by pac7; 09-08-2012 at 05:59 PM.

  12. #12
    Contributor
    Reputation
    217
    Join Date
    Sep 2012
    Posts
    95
    CoreCoins
    1

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Quote Originally Posted by Fritomaster View Post
    But here you go I took the "Secret Barcode" and I went ahead and converted every color in the pattern to a more noticeable one.
    Feel free to decode my account information and I'll be waiting on my ban from blizzard.
    http://img12.imageshack.us/img12/8409/secretsa.png
    The screenshot you just posted is from a high resolution monitor. Can you confirm?
    Last edited by Sendatsu; 09-10-2012 at 12:31 AM.

  13. #13
    Contributor
    Reputation
    217
    Join Date
    Sep 2012
    Posts
    95
    CoreCoins
    1

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    You see, I was going through my old screenshots and I found one from early 2011 where I print-screened a buggy field that was all light brown:

    http://i.imgur.com/QFugi.jpg

    I then sharpened the image and found this pattern:

    http://i.imgur.com/auofc.jpg

    This pattern is completely different from the current pattern that I found on my screenshots from yesterday and today (http://i.imgur.com/3FDgG.jpg).

    Update: this happens when the screen resolution is too high because the pattern tries to make sure it will be visible enough so that at least one complete piece of it survives after any image modifications.

    You asked me why I sharpen the image. Well if you zoom into my sharpened image above, you will see this:

    ===> http://i.imgur.com/Qc5ME.jpg <===

    Does this remind you of something? Maybe this:

    http://i.imgur.com/Okxgz.jpg

    QR codes are basically visual representations of binary digits which, when translated into ASCII, form text. So, these patterns that I found in the images are not just random artifacts or removal of colors that the human eye can't see: they are actually machine readable data.

    You are claiming that this extra padding has been added by the JPG compression algorithm Blizzard is using to assist with the decompression of the screenshots, and I respect that. I just don't see the reason why this extra "padding" has to be added in such a visible place in all images regardless of their compression needs. I captured a black screen with JPG quality 9 and it created a larger file than a JPG quality 10, because JPGs 1-9 also contain this extra padding inside, whereas 10s don't.

    This could just be a method Blizzard is using to decrease the size of really colorful files, thinking that adding this padding (which might only contain decompression information) is worth it, because who ever captures monochrome screens, right? :P

    I was a bit worried to discover a machine readable data pattern (custom bar-code, as I called it :P) hidden within every screenshot I shot since 2010.
    1) I still don't understand why the new pattern is comprised of the same 3 elements repeating again and again (wasn't one time enough?).
    2) I also don't understand why two different images produced the same patterns (if it were just decompression information, shouldn't it be different?).
    3) And finally, if Blizzard indeed came up with their own proprietary JPG compression algorithm that uses padded pattern-data to assist with the decompression, how will all the image software applications of the world know how to understand this custom system if Blizzard never advertised it? Because I have never before seen so much intentional "noise" (ehem) inside a jpg file I sharpened.

    Anyhow, I don't know how you translate these codes into binary digits and text but I would be really interested to ask a Blizzard developer what information is stored inside.
    Last edited by Sendatsu; 09-10-2012 at 12:37 AM.

  14. #14
    Contributor
    Reputation
    217
    Join Date
    Sep 2012
    Posts
    95
    CoreCoins
    1

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Quote Originally Posted by wowsc4p3 View Post
    Seriously, if it was some kind of tracking system, they'd use EXIF fields which JPGs can contain. Screenshots don't look malformed, and such, the data you're viewing has been generated using the input as an image, and anything not visible on the screenshot; isn't on the screenshot. Simple as.
    I couldn't find any patterns by sharpening your image which either means a) you used JPG quality 10 or b) it was too colorful for a human to notice.

    If they used EXIF/IPTC comments, anyone would be able to read their extra data in plain text format. By embedding the data inside the screenshot (by padding it among its bytes while at the same time keeping it as invisible a possible), they manage to create a mechanism where only their programmers are able to extract the hidden information contained inside (like steganography does). Still, this is "security by obscurity". If a hacker is dedicated enough, they can easily reserve-engineer it and figure out what it says.

    Screenshots don't look malformed when you are viewing a lot of colors, but when it's monochrome it can be easily spotted. By using sharpening techniques you can "single out" the hidden data and can easily see that they create a standardized pattern that resembles a machine readable code.

    Just because you can't see IR light, doesn't mean your remote control magically changes the channels of your TV every time you press a button. The hidden data are there; I just wonder what they hold.
    Last edited by Sendatsu; 09-08-2012 at 09:22 PM.

  15. #15
    Private
    Reputation
    72
    Join Date
    Jun 2012
    Posts
    13
    CoreCoins
    8

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    For those of you who want to check it out... You don't have to take several screenshots and merge together. Just fly up to the world ceiling and take a screenshot just below the horizon.

    Also, if you turn down the screenshot quality in-game you can see the effect without using any other image editing software. (Just remember to set it back to 10 after.)
    /console set screenshotQuality 1
    Last edited by McYawgi; 09-11-2012 at 03:10 PM.

 

 
Page 1 of 20 1234511 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -4. The time now is 03:46 AM. Powered by vBulletin® Version 4.2.0
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved. vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2014 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search