Important Exploit Notification! Screenshotters beware?!

[Albain]

http://www.ownedcore.com/forums/world-o ... shots.html

http://games.slashdot.org/story/12/09/1 ... raft-users

Ownedcore is a /hacking and botting site/, use ANYTHING THERE at your own risk. (Don't be stupid and actually use their programs!) However it does display a very important problem and flaw with our screenshots, and what hackers can get out of it. Ownedcore posts it as a warning to people who use bootleg servers, but it could be important for the rest of us as well who take, and post, screenshots.

I have not been home to investigate whether this is actually happening or not, but I figure getting the information out given a lot of us DO take, and post, screenshots, is more important.

Edit: So people do not have to go to a red-flagged site:

Dear everyone

This post may have been moved to WoW General, but it still remains an exploit - one which is used against us...

1) Go somewhere where there aren't any (or a lot) of textures. I used the druid blink bug to go to the north end of the world but you should go below Dalaran in Crystalsong Forest, as bluesius suggested, because you will get a better screenshot if you stick your face in the pure white trees.

2) Type:

/console SET screenshotQuality "9"

Make sure you use 9, not 10.

3) Take a few screenshots of the clear, no textures, white area by zooming into a tree and hitting ALT Z, so that your entire screen is white.
4) Open this image in an image editing program like IrfanView (it's freeware), click CTRL+E, select the Sharpening filter, use the highest possible sharpening value (99) and click OK. Now do this two more times, again: CTRL+E, Sharpen 99, OK.

5) You are now looking at your character's WoW watermark / custom bar-code / qr code look-a-like / call it what you will:
Apparently, each character has a different set of these repeatable patterns, which contain account and realm information, and it looks like if they are scanned by software that recognizes them, they can reveal our character's account name/id, the time of the screenshot and the the full information of the realm, including its IP address (think "private servers").

The pattern, which consists of approximately 88 bytes of data, repeats itself many times depending on the resolution of your screen. See below for a colored representation: the account id and realm information are depicted in red and the current time (seconds not included) is depicted in blue:
IMPORTANT NOTE: IF YOU CAN'T BOTHER READING ANYTHING ELSE, READ THIS:

The secret watermark which is being intentionally embedded inside WoW generated screenshots below top quality, DOES NOT CONTAIN the account password, the IP address of the user or any personal information like name/surname etc. It does contain the account ID, a timestamp and the IP address of the current realm. It can be used by hackers to link alt. characters to accounts and target specific spam or scam attacks, and it can be used by Blizzard to track down private WoW servers.

Based on Blizzard's ToS (http://us.blizzard.com/en-us/company/legal/wow_tou.html), Blizzard is allowed to communicate information about our hard drive, CPU, operating systems, IP addresses, running tasks, account name and current time and date. It never mentions anything though about embedding some of these data into every screenshot we capture using the WoW printscreen tool. The users assume that Blizzard will use a safe channel via battle.net, not our public screenshots that we share with the world, unaware of their secret contents. This unencrypted watermarking mechanism fails to protect our privacy, not from Activision employees (they already know everything about our computer systems), but from malicious hackers looking for something or someone to take advantage of.

The contained information can be easily recovered and decrypted by hackers, which compromises the privacy and security of our accounts! For example, someone could use this to identify which account holds which characters and perhaps stalk and annoy its user, or help perpetrators choose their phishing victims with a more targeted approach. Perhaps someone is already using this since the watermark has been around for at least two to four years already.

It looks like Activision Blizzard has teamed up with Digimarc (http://www.digimarc.com) to provide us this wonderful service of secretly tagging our in-game screenshots with our account and realm information. Although it has not yet been verified, it is possible that Blizzard is using an automated monitoring service which downloads image files from various Internet sites and checks them for the presence of their embedded digital watermark data, kindly provided by Digimarc: http://www.google.co.uk/patents/US7653210
_Mike, schlumpf and Master674 have managed to disassemble the watermark data and help us verify which pieces of information are contained inside. Do note that this covert watermarking has been confirmed, by multiple sources, to have started some time between 2008 (Patch 3+) and 2010 (Patch 4+), which is after Blizzard was acquired by Activision, so you may want to delete/remove from the public domain all your post-WotLK screenshots captured by WoW.

Also note that if your screen resolution is too high, the pattern will look something like this:

(larger footprint)

Thanks to _Mike, we also verified that there is no pattern included in high quality screenshots like TGA and JPG/10. So, in order to avoid any further watermarking, type: /console SET screenshotQuality "10" which will set the quality of your screenshots to the maximum and create screenshots that do not include the watermark.

l0l1dk has developed a tool to disable the addition of watermarks in the lower quality screenshots but use it at your own risk/responsibility because it could corrupt the WoW client, which could then require a clean re-installation of the game (it's also against the ToS). It is much simpler to just set the JPG quality to max.

Try it yourselves. Read the rest of the thread for more information. If you have any comments, ideas or suggestions please share. Politeness is appreciated.
there.

[Ziarre]

Just one more reason to have an authenticator, IMO.

[Shade]

I don't think I get this.

You had to go through all that trouble to find the watermark and screenshot it.

Its not visible in a normal JPG screenshot right? If and when I screenshot my toons, I use my computers screen capture ability-not something embedded in WOW itself. Is that still something that would show these watermarks?

[Albain]

I don't know who found it or what they were doing to find it, really. I'm just passing it on. As far as I can tell from the original post, if you're not making your screenshots at the best quality it -does- show up visibly on your screenshots as a distortion.

[Shade]

Hmm interesting, would like to see what others think.

I would suggest editing out the links in your post-or make them inactive so someone does not accidentally click on them.

[Kalliope]

This turned up on /r/WoW as well - http://www.reddit.com/r/wow/comments/zp ... rough_wow/. There's a general sense of "this is a minor issue" over there.

Definitely worth checking out the top comments: http://www.reddit.com/r/wow/comments/zp ... w/#c66k5sc

[Wain]

By "account ID", do they just mean BattleNet ID? It sounds to me like this is of more concern to people who play private servers, who will be worried about being found out.

[Lisaara]

Seems to be a lot of work to get one toons barcode.

But yet again, Authenticator fixes this methinks.

[Kalliope]

By "account ID", do they just mean BattleNet ID? It sounds to me like this is of more concern to people who play private servers, who will be worried about being found out.

They didn't seem exactly sure; pre-battlenet, it was the account name. Now, unsure.

[Eternallylostx]

Seems to be a lot of work to get one toons barcode.

But yet again, Authenticator fixes this methinks.