Not Solved [How To?] Hack to help figure out who's leaking screenshots from private forums
#1
Not Solved
What sometimes happens is that there will be a private forum and a member will leak screenshots to the Internet revealing what people are posting. Therefore, I came up with the following hack to inc/functions_post.php which causes the text of the timestamp to change to a different shade of gray depending on the user ID of the user who is browsing the page. Suppose a screenshot appears somewhere on the Internet, e.g.:

[Image: TyBGXke.png]

---
The center of that seemingly innocuous box-shaped Unicode symbol at the end of the timestamp can be examined using the GIMP color picker, and determined to be hex code #828282. That corresponds to a user ID ending in #51, which narrows down who the leaker might be. While we can't undo whatever damage the leak did, we can at least know who was responsible, and clear everyone else of suspicion.

Of course, this security feature will need to be kept secret from the users, lest someone implement a countermeasure, such as erasing the colored text from the screenshot. Anyway, here's the code for the hack to inc/functions_post.php:


// Format the post date and time using my_date
	$post['postdate'] = my_date('relative', $post['dateline']);
	$hexCodes = array(
		0 =>  '#000000',
		1 =>  '#030303',
		2 =>  '#050505',
		3 =>  '#080808',
		4 =>  '#0A0A0A',
		5 =>  '#0D0D0D',
		6 =>  '#0F0F0F',
		7 =>  '#121212',
		8 =>  '#141414',
		9 =>  '#171717',
		10 => '#1A1A1A',
		11 => '#1C1C1C',
		12 => '#1F1F1F',
		13 => '#212121',
		14 => '#242424',
		15 => '#262626',
		16 => '#292929',
		17 => '#2B2B2B',
		18 => '#2E2E2E',
		19 => '#303030',
		20 => '#333333',
		21 => '#363636',
		22 => '#383838',
		23 => '#3B3B3B',
		24 => '#3D3D3D',
		25 => '#404040',
		26 => '#424242',
		27 => '#454545',
		28 => '#474747',
		29 => '#4A4A4A',
		30 => '#4D4D4D',
		31 => '#4F4F4F',
		32 => '#525252',
		33 => '#555555',
		34 => '#575757',
		35 => '#595959',
		36 => '#5C5C5C',
		37 => '#5E5E5E',
		38 => '#616161',
		39 => '#636363',
		40 => '#666666',
		41 => '#696969',
		42 => '#6B6B6B',
		43 => '#6E6E6E',
		44 => '#707070',
		45 => '#737373',
		46 => '#757575',
		47 => '#787878',
		48 => '#7A7A7A',
		49 => '#7D7D7D',
		50 => '#7F7F7F',
		51 => '#828282',
		52 => '#858585',
		53 => '#878787',
		54 => '#8A8A8A',
		55 => '#8C8C8C',
		56 => '#8F8F8F',
		57 => '#919191',
		58 => '#949494',
		59 => '#969696',
		60 => '#999999',
		61 => '#9C9C9C',
		62 => '#9E9E9E',
		63 => '#A1A1A1',
		64 => '#A3A3A3',
		65 => '#A6A6A6',
		66 => '#A8A8A8',
		67 => '#ABABAB',
		68 => '#ADADAD',
		69 => '#B0B0B0',
		70 => '#B3B3B3',
		71 => '#B5B5B5',
		72 => '#B8B8B8',
		73 => '#BABABA',
		74 => '#BDBDBD',
		75 => '#BFBFBF',
		76 => '#C2C2C2',
		77 => '#C4C4C4',
		78 => '#C7C7C7',
		79 => '#C9C9C9',
		80 => '#CCCCCC',
		81 => '#CFCFCF',
		82 => '#D1D1D1',
		83 => '#D4D4D4',
		84 => '#D6D6D6',
		85 => '#D9D9D9',
		86 => '#DBDBDB',
		87 => '#DEDEDE',
		88 => '#E0E0E0',
		89 => '#E3E3E3',
		90 => '#E5E5E5',
		91 => '#E8E8E8',
		92 => '#EBEBEB',
		93 => '#EDEDED',
		94 => '#F0F0F0',
		95 => '#F2F2F2',
		96 => '#F5F5F5',
		97 => '#F7F7F7',
		98 => '#FAFAFA',
		99 => '#808080' # gray (16 SVG)
	);
	if ( isset ( $mybb->user['uid'] ) && $mybb->user['uid'] ) {	
		$hexCode = $hexCodes[$mybb->user['uid'] % 100];
		# Innocuous-looking box-shaped Unicode symbol
		$box_symbol = mb_convert_encoding('∎', 'UTF-8', 'HTML-ENTITIES');
		$post['postdate'] = '<span style="color: ' . $hexCode . ';">'
			. my_date('relative', $post['dateline']) . $box_symbol . "</span>";
	}
Reply
#2
Not Solved
So what exactly are you asking us to do? Review the code?
I mean the idea you have is golden but to add to the core code is pretty extensive.
The signature does not exisit.
Reply
#3
Not Solved
Works nice until the first one gets a hunch what that grey dot is there for and either masks it or changes its color in the screenshot before uploading it.
About that idea of keeping it secret: this thread here is googleable. ;-)
Reply
#4
Not Solved
(2018-07-05, 09:37 AM)Nasyr Wrote: So what exactly are you asking us to do? Review the code?
I mean the idea you have is golden but to add to the core code is pretty extensive.

Hmm, I wonder if there's a way to set it up as a plugin rather than doing a hack. E.g., is there a hook that could be used or something.

(2018-07-05, 10:15 AM)linguist Wrote: Works nice until the first one gets a hunch what that grey dot is there for and either masks it or changes its color in the screenshot before uploading it.
About that idea of keeping it secret: this thread here is googleable. ;-)

Yeah, I thought that to be even more subtle one could have, say, 100 different one-pixel JPG files and rotate them depending on user ID, but that seemed like it might be more complex to implement. There is, however, the green or gray circle next to the posting user's name, so I guess 100 different versions of that could be created, each with a slightly different color pixel in the middle.

Yeah, I thought about the googling, but figured most potential leakers probably don't hang out here because not too many forum users also administer their own MyBB sites. However, if there is any crossover, then I guess the cat's out of the bag.
Reply
#5
Not Solved
Well, we caught an infiltrator using the technique but of course the site owner had to go around posting

Quote:Weve made it folks.
Weve caught the infiltrator.
This site is an imprenetable fortress.
Were an unstopable force to be reckoned with.

I was like, "Don't let him know that we're actually 100% sure he was the culprit. He's gonna suspect we have some tool that lets us identify the leaker. We should try to make him think that we just made an educated guess and got lucky."
Reply
#6
Not Solved
Bad move. Your infiltrator will think "challenge accepted" and enter the arms race.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)