-
Contributor
(ノಠ益ಠ)ノ彡ɹǝɥɔʇɐM
Originally Posted by
drm420
sooooooooo blizzard goes through literally MILLLIONS OF SCREENSHOTS to find out ZOMG little tiny fell down a well and is exploiting it. pretty much this theory is so dumb that it should be moved out of the exploit section to infowars right now lol.
What? Why would they be going through millions of screenshots? Are you retarded?
This could be a way for them to be able to know from what character/account the screenshot was taken, it wouldn't be that hard to implement..
I do agree that it does seem a bit far fetched, but with teams like RAoV posting insane exploits (dupes, server crashes) it wouldn't surprise me if they did something like this.
Even if the marks have nothing to do with tracking characters, i would love to know why they are there.
-
Contributor
Originally Posted by
drm420
sooooooooo blizzard goes through literally MILLLIONS OF SCREENSHOTS to find out ZOMG little tiny fell down a well and is exploiting it. pretty much this theory is so dumb that it should be moved out of the exploit section to infowars right now lol. also this seems fitting
Actually, this remains to be seen. But still, most people are stupid enough to brag about exploiting bugs in public, well known, forums using screenshots to prove it. I'll name one such forum: it starts with owned. And don't tell me that you do it because you love the game (http://www.ownedcore.com/forums/gene...75301-why.html). If you indeed cared for it, you wouldn't be reporting the bugs in here for everyone to see and exploit, but straight to Blizzard's private bugtraq.
As I mentioned above, it's a bit fishy that Blizzard covers/embeds HALF the screenshot with padded data that we don't know what they store. The pattern repeats itself 5 times, as if it's trying to prevail among your graphics, making sure the person at the other end - who knows about its existence - gets the message. Notice that the middle, where you character usually stands, is empty. The sides the bottom and the top, where your bars usually are, are also empty. I am truly amazed that no one has ever noticed this before now (or have they?).
Feel free to laugh and make fun of what you don't understand. But don't dismiss it until you make sure it's really nothing.
Last edited by Sendatsu; 07-25-2016 at 01:39 PM.
-
Contributor
Originally Posted by
bluesius
Idea: Can anyone go to Crystalsong forrest, close to dalaran, and grab a few screens from there? They have some trees there that has a overwhelming white color, if you disable the display of your character (console), you could theoretically get a totally white image. It would be cool to see the patterns on that image.
That was a smart idea bluesius, I didn't remember those trees. With JPG 10 there's nothing, as expected. With JPG 9 though, well here you go:
https://i.imgur.com/ZK5l1.jpg
Edit: Woah I can now see the full actual code!! We can use this as basis! Go for the trees if you are going to try to decode this!
https://i.imgur.com/IKMrX.jpg
Last edited by Sendatsu; 09-09-2012 at 12:07 AM.
-
Member
Screenshot by Lightshot would you just drop this already ?
Theory is Theory
-
Contributor
Originally Posted by
nishila
Please type:
/console SET screenshotFormat "jpg"
/console SET screenshotQuality "9"
BEFORE you take the screenshots.
If quality is at 10, the patterns don't appear.
-
Contributor
Code:
__text:00B3C980 ; =============== S U B R O U T I N E =======================================
__text:00B3C980
__text:00B3C980 ; Attributes: bp-based frame
__text:00B3C980
__text:00B3C980 ; ScrnScreenshot(void (*)(int), unsigned char *, unsigned int, char const*, char const*, char const*)
__text:00B3C980 __Z14ScrnScreenshotPFviEPhjPKcS3_S3_ proc near
__text:00B3C980 ; CODE XREF: Script_Screenshot(lua_State *)+37
__text:00B3C980 ; sub_76C3C0+36
__text:00B3C980
__text:00B3C980 arg_0 = dword ptr 8
__text:00B3C980 arg_4 = dword ptr 0Ch
__text:00B3C980 arg_8 = dword ptr 10h
__text:00B3C980 arg_C = dword ptr 14h
__text:00B3C980 arg_10 = dword ptr 18h
__text:00B3C980 arg_14 = dword ptr 1Ch
__text:00B3C980
__text:00B3C980 55 push ebp
__text:00B3C981 89 E5 mov ebp, esp
__text:00B3C983 8B 45 08 mov eax, [ebp+arg_0]
__text:00B3C986 A3 C4 7F 98 01 mov ds:__ZL15s_captureScreen, eax ; s_captureScreen
__text:00B3C98B 8B 45 0C mov eax, [ebp+arg_4]
__text:00B3C98E A3 C8 7F 98 01 mov ds:__ZL16s_pWatermarkData, eax ; s_pWatermarkData
__text:00B3C993 8B 45 10 mov eax, [ebp+arg_8]
__text:00B3C996 A3 CC 7F 98 01 mov ds:__ZL21s_uWatermarkDataBytes, eax ; s_uWatermarkDataBytes
__text:00B3C99B 8B 45 14 mov eax, [ebp+arg_C]
__text:00B3C99E A3 D0 7F 98 01 mov ds:__ZL18s_screenshotFolder, eax ; s_screenshotFolder
__text:00B3C9A3 8B 45 18 mov eax, [ebp+arg_10]
__text:00B3C9A6 A3 D4 7F 98 01 mov ds:__ZL24s_screenshotNameOverride, eax ; s_screenshotNameOverride
__text:00B3C9AB 8B 45 1C mov eax, [ebp+arg_14]
__text:00B3C9AE A3 D8 7F 98 01 mov ds:__ZL19s_depthNameOverride, eax ; s_depthNameOverride
__text:00B3C9B3 C9 leave
__text:00B3C9B4 C3 retn
__text:00B3C9B4 __Z14ScrnScreenshotPFviEPhjPKcS3_S3_ endp
__text:00B3C9B4
__text:00B3C9B4 ; ---------------------------------------------------------------------------
source: osX build 15662
The watermark contains your account name, a timestamp and some other data that I haven't bothered looking at.
-
Post Thanks / Like - 1 Thanks
Sendatsu (1 members gave Thanks to _Mike for this useful post)
-
Contributor
Originally Posted by
_Mike
The watermark contains your account name, a timestamp and some other data that I haven't bothered looking at.
Nice find! It is possible that the information is encoded based on the image dimensions, but I have no way of confirming this (only the theory on QR codes).
For those of us who don't "speak" Assembly, can you explain what we are looking at please? What is contained in s_pWatermarkData?
Last edited by Sendatsu; 09-09-2012 at 02:11 AM.
-
Contributor
Originally Posted by
_Mike
Code:
__text:00B3C980 ; =============== S U B R O U T I N E =======================================
__text:00B3C980
__text:00B3C980 ; Attributes: bp-based frame
__text:00B3C980
__text:00B3C980 ; ScrnScreenshot(void (*)(int), unsigned char *, unsigned int, char const*, char const*, char const*)
__text:00B3C980 __Z14ScrnScreenshotPFviEPhjPKcS3_S3_ proc near
__text:00B3C980 ; CODE XREF: Script_Screenshot(lua_State *)+37
__text:00B3C980 ; sub_76C3C0+36
__text:00B3C980
__text:00B3C980 arg_0 = dword ptr 8
__text:00B3C980 arg_4 = dword ptr 0Ch
__text:00B3C980 arg_8 = dword ptr 10h
__text:00B3C980 arg_C = dword ptr 14h
__text:00B3C980 arg_10 = dword ptr 18h
__text:00B3C980 arg_14 = dword ptr 1Ch
__text:00B3C980
__text:00B3C980 55 push ebp
__text:00B3C981 89 E5 mov ebp, esp
__text:00B3C983 8B 45 08 mov eax, [ebp+arg_0]
__text:00B3C986 A3 C4 7F 98 01 mov ds:__ZL15s_captureScreen, eax ; s_captureScreen
__text:00B3C98B 8B 45 0C mov eax, [ebp+arg_4]
__text:00B3C98E A3 C8 7F 98 01 mov ds:__ZL16s_pWatermarkData, eax ; s_pWatermarkData
__text:00B3C993 8B 45 10 mov eax, [ebp+arg_8]
__text:00B3C996 A3 CC 7F 98 01 mov ds:__ZL21s_uWatermarkDataBytes, eax ; s_uWatermarkDataBytes
__text:00B3C99B 8B 45 14 mov eax, [ebp+arg_C]
__text:00B3C99E A3 D0 7F 98 01 mov ds:__ZL18s_screenshotFolder, eax ; s_screenshotFolder
__text:00B3C9A3 8B 45 18 mov eax, [ebp+arg_10]
__text:00B3C9A6 A3 D4 7F 98 01 mov ds:__ZL24s_screenshotNameOverride, eax ; s_screenshotNameOverride
__text:00B3C9AB 8B 45 1C mov eax, [ebp+arg_14]
__text:00B3C9AE A3 D8 7F 98 01 mov ds:__ZL19s_depthNameOverride, eax ; s_depthNameOverride
__text:00B3C9B3 C9 leave
__text:00B3C9B4 C3 retn
__text:00B3C9B4 __Z14ScrnScreenshotPFviEPhjPKcS3_S3_ endp
__text:00B3C9B4
__text:00B3C9B4 ; ---------------------------------------------------------------------------
source: osX build 15662
The watermark contains your account name, a timestamp and some other data that I haven't bothered looking at.
no where in any of what you posted is there a time stamp or a character name nor is there any proof of where you got that from Im calling trolling if you want to prove this 100% let us put up our own screenshot to test you.
-
Contributor
Originally Posted by
drm420
no where in any of what you posted is there a time stamp or a character name nor is there any proof of where you got that from Im calling trolling if you want to prove this 100% let us put up our own screenshot to test you.
I gave you the client build number and the offsets. Look it up yourself.
-
Contributor
It's a disassembly listing from IDA Pro of the beta mac binary (because it has function names which the windows version doesn't).
58D9F0 is the address of the same function in the current live windows 32 bit exe.
Put a breakpoint on it and look at what the 2nd argument contains when you press print screen.
58DA60 is the function which takes the actual screenshot, and BB6990 is where the watermark data is encoded.
I'm working on a decoder but the functions are a bitch to reverse
And I'm sorry for the harsh tone earlier. I had 2 tabs open and I mistook this for the mem editing section so I assumed people would know how to verify it themselves.
Last edited by _Mike; 09-09-2012 at 02:39 AM.
-
Contributor
As far as I understand up until now, based on the new data I acquired thanks to the white tree idea of bluesius, the repeating pattern has some static parts and some dynamic parts.
1) The static parts remained the same on ALL characters who took the screenshot while being in the same account_id+location+guild+realm and having the same screen resolution (I don't know which of these factors are stored so I mentioned them all).
2) The dynamic parts keep changing every time you take a new screenshot regardless of the character, so it probably has something to do with current time/date.
If we change the screen resolution, the entire representation changes but the new screenshots still follow the above two rules.
In order to see this visually, I singled out the unique element which comprises the pattern (by repeating itself 5 times on my resolution) and I used red for the static parts and blue for the dynamic parts:
https://i.imgur.com/I4hnr.jpg
(red dots intentionally blurred out for obvious reasons)
Thanks to _Mike's disassembly (thanks Mike!), we now know that these extra data are not added for decompression reasons but as an extra watermark on top of the image.
Can someone please analyze the Assembly code further and find what is stored in s_pWatermarkData and in s_uWatermarkDataBytes?
Last edited by Sendatsu; 09-10-2012 at 12:43 AM.
-
Contributor
Until you are finished with the programming part, I had a look at Blizzard's Terms of Use.
The first part that I assume almost everyone knows is that we don't own anything, even though we pay for it every month:
No Ownership Rights in Account.
NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN, YOU ACKNOWLEDGE AND AGREE THAT YOU SHALL HAVE
NO OWNERSHIP OR OTHER PROPERTY INTEREST IN ANY ACCOUNT STORED OR HOSTED ON A BLIZZARD SYSTEM, INCLUDING WITHOUT LIMITATION ANY BNET ACCOUNT OR WORLD OF WARCRAFT ACCOUNT, AND YOU FURTHER ACKNOWLEDGE AND AGREE THAT ALL RIGHTS IN AND TO SUCH ACCOUNTS ARE AND SHALL FOREVER BE OWNED BY AND INURE TO THE BENEFIT OF BLIZZARD.
The second part that not all may know is that, when the game is running, apart from checking our RAM and CPU processes for possible "unauthorized tasks", they also:
B. WHEN THE GAME IS RUNNING, BLIZZARD MAY OBTAIN CERTAIN IDENTIFICATION INFORMATION ABOUT YOUR COMPUTER, INCLUDING WITHOUT LIMITATION YOUR
HARD DRIVES,
CENTRAL PROCESSING UNIT,
IP ADDRESS(ES) AND
OPERATING SYSTEM(S), FOR PURPOSES OF IMPROVING THE GAME AND/OR THE SERVICE, AND TO POLICE AND ENFORCE THE PROVISIONS OF ANY BLIZZARD AGREEMENT.
Yes, Blizzard may obtain information about your hard drives, your CPU, your IP address (obviously) and your operating system, to police and enforce provisions. And apart from that, they can also:
IN THE EVENT THAT THE GAME DETECTS AN UNAUTHORIZED THIRD PARTY PROGRAM, BLIZZARD MAY (a)
COMMUNICATE INFORMATION BACK TO BLIZZARD, INCLUDING WITHOUT LIMITATION THE
ACCOUNT NAME,
DETAILS ABOUT THE UNAUTHORIZED THIRD PARTY PROGRAM DETECTED, AND THE
TIME AND DATE THE UNAUTHORIZED THIRD PARTY PROGRAM WAS DETECTED;
So, basically, every time a new patch comes along and we rush through the ToS screens to quickly check out the new content, Blizzard asks us, in full-caps rage, to allow them to communicate our account name, details about the running task(s) and the time and date of the detections.
With the above in mind, it starts to become clearer why this information is included in each screenshot, and that we should be thankful they omitted also adding it on top of the full quality images like JPG10 or TGA (possibly to avoid deteriorating the quality).
As certain laws point out though, like the newly voted Cookie law (which may apply mainly for websites but has already set a general standard), we must be specifically informed for every piece of information we are sharing with them.
I understand from the ToS that they are scanning my hard disk and I have to agree with it, hoping that they won't access my personal files. But it was never explained that every time we share a screenshot, we also share our account name with it and possibly our IP address. If hackers find a way to read these data, it could endanger the security of our account and/or system. As I said a few posts back, security by obscurity never works, and you have been uncovered.
Last edited by Sendatsu; 09-09-2012 at 03:16 AM.
-
Contributor
Introductory post updated with all the information we know up until now.
-
Active Member
Clearly JPEG artifacts as pointed out by Frito and Arai. Anyone who continues to think this is a conspiracy is a complete moron. Given the nature of JPEG compression it wouldn't even be possible to code in high-detail QR codes, and if they were really doing this it would appear in lossless format as well.
-
Corporal
so i skipped pages 2 and 3 to say this. Is there seriously an argument that blizz might be tracking us through our print screens when we readily allow them all of our information via our internet connection to their servers? Any and everything that exists on a screen shot, hidden or not, they already have access to on their servers.
What would be the point of finding you through a screen shot when they have people who already go through their server information to gather much more accurate and relevant information?