• Looking inside your screenshots

    Updated 12/09 (the watermarking apparently started in 2007):

    DISCLAIMER: This thread post contains detailed information on how to view a hidden watermark which has been verified to exist embeded in JPG screenshots produced by the WoW client. The watermark itself includes, encoded in unencrypted bytes, the user's account name (\World of Warcraft\WTF\Account\), an HH:MM timestamp and the IP address of the server. If you do not care about Blizzard secretly watermarking your screenshots without any specific prior notification in the ToS or EULA, then this post probably isn't for you Thank you for your attention.

    Dear everyone

    This post may have been moved to WoW General, but it still remains an exploit - one which is used against us...

    1) Go somewhere where there aren't any (or a lot) of textures. I used the druid blink bug to go to the north end of the world but you should go below Dalaran in Crystalsong Forest, as bluesius suggested, because you will get a better screenshot if you stick your face in the pure white trees.

    2) Type:

    /console SET screenshotQuality "9"

    Make sure you use 9, not 10.

    3) Take a few screenshots of the clear, no textures, white area by zooming into a tree and hitting ALT Z, so that your entire screen is white.

    4) Open this image in an image editing program like IrfanView (it's freeware), click CTRL+E, select the Sharpening filter, use the highest possible sharpening value (99) and click OK. Now do this two more times, again: CTRL+E, Sharpen 99, OK.

    5) You are now looking at your character's WoW watermark / custom bar-code / qr code look-a-like / call it what you will:

    Apparently, each user has a different set of these repeatable patterns, which contain account and realm information, and it looks like if they are scanned by software that recognizes them, they can reveal our character's account name/id, the time of the screenshot and the the full information of the realm, including its IP address (think "private servers").

    Note that if your screen resolution is too high, the pattern will look something like this:

    (larger footprint)

    The pattern, which consists of approximately 88 bytes of data, repeats itself many times depending on the resolution of your screen. See below for a colored representation: the account id and realm information are depicted in red and the current time (seconds not included) is depicted in blue:


    The secret watermark which is being intentionally embedded inside WoW generated screenshots below top quality, DOES NOT CONTAIN the account password, the IP address of the user or any personal information like name/surname etc. It does contain the account ID, a timestamp and the IP address of the current realm. It can be used by malicious hackers to link alt. characters to accounts and target specific spam or scam attacks, and it can be used by Blizzard to track down private WoW servers.

    Based on Blizzard's ToS (http://us.blizzard.com/en-us/company/legal/wow_tou.html), Blizzard is allowed to communicate information about our hard drive, CPU, operating systems, IP addresses, running tasks, account name and current time and date. It never mentions anything though about embedding some of these data into every screenshot we capture using the WoW printscreen tool. The users [mistakenly] assume that Blizzard will use a safe channel via battle.net, not our public screenshots that we share with the world, unaware of their secret contents. This unencrypted watermarking mechanism fails to protect our privacy, not from Blizzard employees (they already know everything about our computer systems), but from malicious hackers looking for something or someone to take advantage of.

    If they only wanted it for screenshot-authenticity reasons, as some argued, they could have just watermarked a unique version of their logo or perhaps an encrypted key. But we found account and realm information which means that its aim is to secretly track the users, in addition to the known tracking methods that we agree to in the ToS.

    _Mike, schlumpf and Master674 have managed to disassemble the watermark data and help us verify which pieces of information are contained inside. Do note that this covert watermarking has been confirmed, by multiple sources, to have started immediately or soon after Patch 2.1.0 in 2007 (before the Activision deal), which introduced JPG screenshots for the first time (http://us.battle.net/wow/en/game/patch-notes/2-1-0), so you may want to delete/remove from the public domain all your JPG screenshots captured by WoW. Sorry Activision haters, looks like this one was on Blizzard

    The contained information can be easily recovered and decrypted by malicious hackers (if we did it, so can they). For example, someone could use this to identify which account holds which characters and perhaps stalk and annoy its user, or help perpetrators choose their phishing victims with a more targeted approach. They could unleash Web spider bots scanning for WoW screenshots, decode their hidden watermark data and quickly create a comprehensive database of which account has which alts in it, that they can then sell to anyone interested. Perhaps someone is already using this since the watermark has been around for five years already.

    Bear in mind that when this started, back in 2007, we were still using our account name to login so, before the battle.net conversion in 2009, the watermarks actually had really sensitive information... Between May 22, 2007 and November 11, 2009, any malicious hacker who knew about this could have used a screenshot of a lucrative character to find their actual username & active realm and then either try to scam them out of their password, or just brute-force it.

    It looks like when Blizzard decided to add JPG screenshots into the WoW client, they also teamed up with Digimarc (http://www.digimarc.com) to provide us this wonderful service of secretly tagging our in-game screenshots with our account and realm information. Although it has not yet been verified, it is possible that Blizzard is using an automated monitoring service which downloads image files from various Internet sites and checks them for the presence of their embedded digital watermark data, kindly provided by Digimarc: http://www.google.co.uk/patents/US7653210

    I must repeat, once more, that these patterns are not "random artifacts", because random artifacts don't produce account IDs: http://www.ownedcore.com/forums/worl...ml#post2493377

    Thanks to _Mike, we also verified that there is no pattern included in high quality screenshots like TGA and JPG/10. So, in order to avoid any further watermarking, type: /console SET screenshotQuality "10" which will set the quality of your screenshots to the maximum and create screenshots that do not include the watermark.

    l0l1dk has developed a tool to disable the addition of watermarks in the lower quality screenshots but use it at your own risk/responsibility because it could corrupt the WoW client, which could then require a clean re-installation of the game (it's also against the ToS). It is much simpler to just set the JPG quality to max.

    Finally, a lot of people are asking how we managed to decode the watermark pattern. Well it took a lot of teamwork, which you can find in the next pages here, and we came up with two source codes which successfully read the pattern data:

    Java: http://www.ownedcore.com/forums/worl...ml#post2492716

    C#: http://www.ownedcore.com/forums/worl...ml#post2493450

    Try it yourselves. Read the rest of the thread for more information. If you have any comments, ideas or suggestions please share. Politeness is appreciated.

    Continue reading: http://www.ownedcore.com/forums/worl...reenshots.html
    Attached Files Attached Files
    This article was originally published in forum thread: Looking inside your screenshots started by Sendatsu View original post
    Comments 5 Comments
    1. Xel's Avatar
      Xel -
      Amazing work. Truly.
    1. CreativeXtent's Avatar
      CreativeXtent -
      this is stupid.... it contains nothing
    1. makaveli10a's Avatar
      makaveli10a -
      Did not expect something like this from a company like blizzard, it seems its time to put the tinfoil hat on.
    1. Zizuirl's Avatar
      Zizuirl -
      Okay so they have our account name, oh man i never though blizzard could find that information!
All times are GMT -5. The time now is 01:33 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2017 vBulletin Solutions, Inc. All rights reserved. Digital Point modules: Sphinx-based search