Blizzard watermarking WoW screenshots with account, character and realm information

Originally posted on Ownedcore

Updated 11/09:

Dear everyone

This post may have been moved to WoW General, but it still remains an exploit – one which is used against us…

1) Go somewhere where there aren’t any (or a lot) of textures. I used the druid blink bug to go to the north end of the world but you should go below Dalaran in Crystalsong Forest, as bluesius suggested, because you will get a better screenshot if you stick your face in the pure white trees.

2) Type:

/console SET screenshotQuality “9”

Make sure you use 9, not 10.

3) Take a few screenshots of the clear, no textures, white area by zooming into a tree and hitting ALT Z, so that your entire screen is white.

4) Open this image in an image editing program like IrfanView (it’s freeware), click CTRL+E, select the Sharpening filter, use the highest possible sharpening value (99) and click OK. Now do this two more times, again: CTRL+E, Sharpen 99, OK.

5) You are now looking at your character’s WoW watermark / custom bar-code / qr code look-a-like / call it what you will:

Apparently, each character has a different set of these repeatable patterns, which contain account and realm information, and it looks like if they are scanned by software that recognizes them, they can reveal our character’s account name/id, the time of the screenshot and the the full information of the realm, including its IP address (think “private servers”).

The pattern, which consists of approximately 88 bytes of data, repeats itself many times depending on the resolution of your screen. See below for a colored representation: the account id and realm information are depicted in red and the current time (seconds not included) is depicted in blue:

IMPORTANT NOTE: IF YOU CAN’T BOTHER READING ANYTHING ELSE, READ THIS:

The secret watermark which is being intentionally embedded inside WoW generated screenshots below top quality,DOES NOT CONTAIN the account password, the IP address of the user or any personal information like name/surname etc. It does contain the account ID, a timestamp and the IP address of the current realm. It can be used by hackers to link alt. characters to accounts and target specific spam or scam attacks, and it can be used by Blizzard to track down private WoW servers.

Based on Blizzard’s ToS (http://us.blizzard.com/en-us/company/legal/wow_tou.html), Blizzard is allowed tocommunicate information about our hard drive, CPU, operating systems, IP addresses, running tasks, account name and current time and date. It never mentions anything though about embedding some of these data into every screenshot we capture using the WoW printscreen tool. The users assume that Blizzard will use a safe channel via battle.netnot our public screenshots that we share with the world, unaware of their secret contents. This unencrypted watermarking mechanism fails to protect our privacy, not from Activision employees (they already know everything about our computer systems), but from malicious hackers looking for something or someone to take advantage of.

The contained information can be easily recovered and decrypted by hackers (if we did it, so can they). For example,someone could use this to identify which account holds which characters and perhaps stalk and annoy its user, or help perpetrators choose their phishing victims with a more targeted approach. They could unleash Web spider bots scanning for WoW screenshots, decode their hidden watermark data and quickly create a comprehensive database of which account has which alts in it, that they can then sell to anyone interested (information is power). Perhaps someone is already using this since the watermark has been around for at least two to four years already.

It looks like Activision Blizzard has teamed up with Digimarc (http://www.digimarc.com) to provide us this wonderfulservice of secretly tagging our in-game screenshots with our account and realm information. Although it has not yet been verified, it is possible that Blizzard is using an automated monitoring service which downloads image files from various Internet sites and checks them for the presence of their embedded digital watermark data, kindly provided by Digimarc: http://www.google.co.uk/patents/US7653210

_Mike, schlumpf and Master674 have managed to disassemble the watermark data and help us verify which pieces of information are contained inside. Do note that this covert watermarking has been confirmed, by multiple sources, to have started some time between 2008 (Patch 3+) and 2010 (Patch 4+), which is after Blizzard was acquired by Activision, so you may want to delete/remove from the public domain all your post-WotLK screenshots captured by WoW.

Also note that if your screen resolution is too high, the pattern will look something like this:

 (larger footprint)

I must repeat, once more, that these patterns are not “random artifacts”, because random artifacts don’t produce account IDs: http://www.ownedcore.com/forums/worl…ml#post2493377 (Looking inside your screenshots)

Thanks to _Mike, we also verified that there is no pattern included in high quality screenshots like TGA and JPG/10. So, in order to avoid any further watermarking, type: /console SET screenshotQuality “10” which will set the quality of your screenshots to the maximum and create screenshots that do not include the watermark.

l0l1dk has developed a tool to disable the addition of watermarks in the lower quality screenshots but use it at your own risk/responsibility because it could corrupt the WoW client, which could then require a clean re-installation of the game (it’s also against the ToS). It is much simpler to just set the JPG quality to max.

Update: A lot of people are asking how we managed to decode the watermark pattern. Well it took a lot of teamwork, which you can find in the next pages here, and we came up with two source codes which successfully read the pattern data:

Java: http://www.ownedcore.com/forums/worl…ml#post2492716

C#: http://www.ownedcore.com/forums/worl…ml#post2493450

Try it yourselves. Read the rest of the thread for more information. If you have any comments, ideas or suggestions please share. Politeness is appreciated.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s