Dear everyone
This post may have been moved to WoW General, but it still remains an exploit - one which is used against us...
1) Go somewhere where there aren't any (or a lot) of textures. I used the druid blink bug to go to the north end of the world but you should go below Dalaran in Crystalsong Forest, as bluesius suggested, because you will get a better screenshot if you stick your face in the pure white trees.
2) Type:
/console SET screenshotQuality "9"
Make sure you use 9, not 10.
3) Take a few screenshots of the clear, no textures, white area by zooming into a tree and hitting ALT Z, so that your entire screen is white.
4) Open this image in an image editing program like IrfanView (it's freeware), click CTRL+E, select the Sharpening filter, use the highest possible sharpening value (99) and click OK. Now do this two more times, again: CTRL+E, Sharpen 99, OK.
5) You are now looking at your character's WoW watermark / custom bar-code / qr code look-a-like / call it what you will:
Apparently, each character has a different set of these repeatable patterns, which contain account and realm information, and it looks like if they are scanned by software that recognizes them, they can reveal our character's account name/id, the time of the screenshot and the the full information of the realm, including its IP address (think "private servers").
The pattern, which consists of approximately 88 bytes of data, repeats itself many times depending on the resolution of your screen. See below for a colored representation: the account id and realm information are depicted in red and the current time (seconds not included) is depicted in blue:
The secret watermark which is being intentionally embedded inside WoW generated screenshots below top quality, DOES NOT CONTAIN the account password, the IP address of the user or any personal information like name/surname etc. It does contain the account ID, a timestamp and the IP address of the current realm. It can be used by hackers to link alt. characters to accounts and target specific spam or scam attacks, and it can be used by Blizzard to track down private WoW servers.
Based on Blizzard's ToS (http://us.blizzard.com/en-us/company/legal/wow_tou.html), Blizzard is allowed to communicate information about our hard drive, CPU, operating systems, IP addresses, running tasks, account name and current time and date. It never mentions anything though about embedding some of these data into every screenshot we capture using the WoW printscreen tool. The users assume that Blizzard will use a safe channel via battle.net, not our public screenshots that we share with the world, unaware of their secret contents. This unencrypted watermarking mechanism fails to protect our privacy, not from Activision employees (they already know everything about our computer systems), but from malicious hackers looking for something or someone to take advantage of.
Read more: OwnedCore
QR: 
Posts
0 comments:
Post a Comment