Account name, realm, time and ip stored in digital watermark. When Blizzard added that stamp into screenshots?
Here is a pattern image: http://img521.imageshack.us/img521/7825/output2.png
It fits for the upper part of the watermark but not for the lower part. You can check this by overlapping both images (the example image of mike and this image) in gimp. Now add some transparency to the pattern image. I will try to decode it somehow .
Don't know yet if this is tinfoil hat stuff for sure, but it looks like there might be some truth to this.
Good thing I never upload my screenshots. I just PrnScn and then paste it.
Couple of things...
First off I would like to apologize for being such an A-hole in my previous posts in this thread.
After re-reading the posts and _Mikes detailed analysis I believe there is an 88 byte watermark including your account name/numbers.
It is very sneaky of Blizzard to only add the watermark to JPEG screenshots that don't use the highest quality compression. This was probably done intentionally to make the watermark harder to discover and decipher. I'm sure the vast majority of users use default format and compression which includes the watermark.
While I believe my assertion that you could not encode a high detail QR code into a lossy JPEG image is correct, its certainly possibly to encode a smaller chunk of data. A QR code can hold up to 3000 bytes whereas this watermark contains only 88 bytes.
In short all of _Mikes analysis satisfies all the irregularities, such as confirming no watermark in lossless or quality 10, etc. This seemed so strange that without the detailed explanation and reversing of WoW process I would not believe it.
I would also further venture that the watermark may be decoded / partially decoded even in resized/resaved images of reasonable quality. Given that each bit is 4x5 square and the pattern repeats.
It would be awesome if someone could write a one-click program for decoding account names from screenshots, and I wonder how difficult it would be programmaticly to detect the watermark in a typical screenshot.
I gave a couple of infractions in this thread... Some people are soon banned from OC if they continue to troll and act like morons.
Moved to WoW General as this is not a exploit.
This is a very interesting thread. Thanks for the information. It makes you think.
Code:int __cdecl ClientServices::GetClientStamp() { void *v0; // esi@1 const char *v1; // ebx@1 int v2; // ecx@4 int result; // eax@5 char v4; // [sp+14h] [bp-24h]@4 char v5; // [sp+15h] [bp-23h]@8 char v6; // [sp+16h] [bp-22h]@8 char v7; // [sp+17h] [bp-21h]@8 int v8; // [sp+18h] [bp-20h]@8 int v9; // [sp+1Ch] [bp-1Ch]@8 int v10; // [sp+20h] [bp-18h]@8 int v11; // [sp+24h] [bp-14h]@8 int v12; // [sp+28h] [bp-10h]@8 int v13; // [sp+2Ch] [bp-Ch]@1 v0 = __stack_chk_guard_ptr; v13 = *(_DWORD *)__stack_chk_guard_ptr; v1 = 0; if ( ClientServices::s_accountName ) v1 = &ClientServices::s_accountName; if ( ClientServices::m_selectRealmInfoValid ) { WowTime::WowEncodeTime(&v4, LODWORD(g_clientGameTime_ptr)); memset(ClientServices::m_ClientStamp, 0, 0x58u); if ( v1 ) { strcpy(ClientServices::m_ClientStamp, v1); byte_177FAA0 = v4; byte_177FAA1 = v5; byte_177FAA2 = v6; byte_177FAA3 = v7; v8 = dword_177FA08; v9 = dword_177FA0C; v10 = dword_177FA10; v11 = dword_177FA14; v12 = dword_177FA18; SockAddr::Normalize(&v8); dword_177FAA4 = v8; dword_177FAA8 = v9; dword_177FAAC = v10; dword_177FAB0 = v11; byte_177FAB4 = 0; byte_177FAB5 = -1; byte_177FAB6 = 63; byte_177FAB7 = 15; if ( v12 == 3 && v8 ) SMemFree(v8); v8 = 0; v9 = 0; v10 = 0; v11 = 0; v12 = 0; } } else { WowTime::WowEncodeTime(&v4, LODWORD(g_clientGameTime_ptr)); memset(ClientServices::m_ClientStamp, 0, 0x58u); } result = (int)ClientServices::m_ClientStamp; if ( *(_DWORD *)v0 != v13 ) __stack_chk_fail(v2, *(_DWORD *)v0 ^ v13); return result; }
Rather:
Code:ClientStamp* ClientServices::GetClientStamp() { memset(&m_ClientStamp, 0, sizeof(ClientStamp)); if ( m_selectRealmInfoValid && s_accountName[0] ) { strcpy(m_ClientStamp.accountName, s_accountName); WowTime::WowEncodeTime(&m_ClientStamp.gameTime, g_clientGameTime); m_ClientStamp.current_realm = m_CurrentRealmAddr; m_ClientStamp.current_realm.Normalize(); m_ClientStamp.current_realm.addr = 0xF3FFF00u; } return &ClientServices::m_ClientStamp; }
Last edited by schlumpf; 09-10-2012 at 03:00 PM.
I see, thanks. Thought only trial accounts were like that.
Technically the full watermark is 5808 bytes*, but because of the added checksum (or perhaps some kind of ECC) and the huge amount of repetitions the effective payload is only 88 bytes. A QR code has the advantage of being a single color pattern on a clear background. This is designed to both be stealthy and, as you mentioned, survive resizing and resaving. It is also quite possible that the payload is so small because they simply felt that they didn't need any more data.
As for how hard it would be to extract the watermark from a real screenshot with the world and UI being rendered, I can't say. I'm no imaging expert. I have no idea (yet) how to do it though.
*) At the resolution I used at least. I haven't tested but I believe from looking at the code that the position and size (and therefore recovery accuracy) is resolution dependent.
I've cleaned up the thread as best as I can. Please use the report function (found on the bottom left of a post next to +Rep) when you find a post not being constructive (also known as flaming/trolling).