PhotoShop 4.0 / Digimarc
Commercial stupidity - Digimarc downfall
by Frog's Prin+
(06 August 1997, slightly edited by Fravia)
Courtesy of Fravia's page of reverse engineering
Well, Frog'sPrint is right! Read this essay! "The last one of mine for this sommer"...Why?
PhotoShop 4.0 / Digimarc
Part 1 : Adding a FREE Copyright to your own creations
Part 2 : Stupid moneymakers protectionists
by Frog's Print
This essay comes in 2 parts because I first worked on it as an usual essay but,
when trying to work deeper on it (and trying to verify the authors' credibility about
their protection) it soon turned out to be another great exemple of the stupidity
of moneymakers protectionists (BTW: NEVER trust them!)
Part 1: Adding FREE Copyright to your own creations
You probably know PhotoShop 4.0 (or at least have heard about this tool) but may be DigiMarc
(or WaterMark, PictureMarc...) doesn't mean anything to you.
So, here is a little explaination of the Digimarc Technology from its authors:
Digimarc Technology:
Digimarc Corporation has introduced an exciting, groundbreaking technology that will affect
markets from Hollywood to the Web, from magazines to multimedia.
Digimarc's digital watermark technology today brings to still images - and soon to video,
film and audio - the ability to instantly, silently and imperceptibly convey persistent
information, such as copyright information and ownership.
Digimarc's technology embeds digital data within digital and analog content so that
photographic images, illustrations, graphics, video, movies, and audio can carry information
about themselves wherever they travel.
Digimarc digital watermarks can enable a wide variety of applications: communicating rights,
proving ownership, locating Web addresses, triggering digital cash meters, tracking illegal
distribution, or telling potential customers about the creator of a work.
Digimarc's patent-pending digital watermark technology differs from traditional watermarks
in that it is imperceptible.
A Digimarc watermark carries information such as copyright and owner
identification. Through
this information, anyone with a Digimarc "reader" can obtain details about an image creator.
Digimarc's PictureMarc product family allows you to embed a digital watermark in still images.
A Digimarc watermark is durable and survives across file formats (BMP, JPEG, Kodak Photo CD,
PhotoShop, PICT, PNG, TIFF) and most image transformations, such as copying and editing.
Although the watermark is embedded digitally within the image, it remains
part of the image
even when printed and can be read later simply by scanning the image into a computer.
Digimarc products work in concert with leading image editing and browsing tools.
Using such tools, an image owner can embed an imperceptible watermark within an image.
Each time a watermarked image is opened within these tools, the watermark is detected and
the user informed of the image copyright. Adobe and Corel are the first to bundle Digimarc
products within their tools, making our watermark technology available to hundreds of thousands
of the world's top photographers, designers, illustrators, and publishers.
There is a Frequently Asked Questions document, as well as other product and company
information available from Digimarc's Web site at http://www.digimarc.com.
Here are the informations carried inside Watermarked images:
Always present:
-Creator ID : number identifying the creator in the Digimarc (http://www.digimarc.com)
database (when checking there you'll get his/her name, e-mail, fax number....).
-Type of Use : display the intented use rights for the image (Restricted/Royalty Free).
-Adult Content: identify images designated as containing adult content.(this option does not
limit access to adult-only images yet, but it seems that future versions of
some applications may limit their display).
Sometimes present:
-Organization ID: link to another profile corresponding to the organization representing
the photo (agency, museum...).
-Image ID : number identifying the image (catalog number...).
-Transaction ID : used to track specific licensing transactions.
Those informations are stored inside the image using a digital code added as noise to
the images lightness channel : the watermark.
To READ the Digimarc you'll need either a specific tool like ReadMarc (FREE soft available
at the above mentioned URL) or image editors like PhotoShop 4.0 (available everywhere on
the Net if you know how to search...) or even some Corel tools (C.Draw 7, C.Photo-Paint 7).
To ADD a Digimark to a image, you'll need PictureMarc that is included in those tools , except
ReadMarc as it ONLY reads the Digimarks (as its name says).
Good Frog's Print, that sounds nice but what the hell are we supposed to crack??
Well, let's have a final look at the Digimarc info:
Within tools that include PictureMarc, run the "Embed watermark" component of PictureMarc.
Click the "Personalize" button to open the register dialog. If you are connected to
the Internet, click the "register" button to launch your browser and access the MarcCentre
registration page. You can also register over the phone by calling one of the numbers at
the bottom of the registration window, or by going to the Web address listed.
There is a nominal annual fee for subscribing to MarcCentre. For current pricing and special
offers, visit the registration page, or go to http://www.digimarc.com.
Got it?
As usual, in our $ociety, Creation is assimilated to Money... That means that if you stop
being a moron or a stupid slave and try to do or create something (without even thinking
about money) they will charge you for this, with the pretext of "protecting" or
"helping" you and your rights (if you still believe you may have any left).
What can we do?
Crack it so that you can to put your FREE copyright to any of your own creation (photo,
drawing, home page's logo, painting...) without having to pay for it.
What do we need?
PhotoShop 4.0 (Corel Draw 7 and Corel Photo-Paint 7 could be cracked too but as
I don't have them and don't use them I don't know if the files needed are the same
- See below about that).
If you actually do create (or edit) any image, you already have this tool as it is
the best one (and, again, this 28Mb tool is everywhere on the Net...).
What are the limitations?
The only one is about the "Creator ID". As said above, it is a number identifying
the creator in the Digimarc database that can provide you with more infos about the
image creator (name, e-mail, fax number....). Though you'll be able to choose your
own ID number (from 1 to 2147483647) you will NOT be registered in this Database at
Digicom's Web site (since we are going to crack their program you may probably not
be willing to give them your name and fax number!). However, you could verify if your
ID number is not used by anyone else just by checking at Digicom's URL. If it is, you
could change it at any time. Except that, your image will be Watermarked (copyrighted)
forever (we will include the "Type of Use" (Restricted/Royaltee Free) and the
"Adult Content" too as they must appear).
Let's go:
The file we need to crack is located in the PLUGINS/DIGIMARC directory of your Photoshop's
folder:
-Digisign.8bf (127.488Kb 30 October 1996)- This file writes the Digimarc inside the Image.
Though it has a 'strange' extension (.8BF) it is a .DLL.
There are 2 other files:
-Digiread.8bf (read the Digimarc)
-Digimarc.ini (it will contain your ID and password numbers)
(If you use Corel Draw or Photo-Paint 7, you should have a PLUGINS/DIGIMARC directory with
+/- similar files. If they are different, just follow this essay and you should be able
to crack them without any problem.-:)
Run Photoshop, open any image (JPG, TIF...) and select FILTER/DIGIMARC/EMBED WATERWARK.
It displays a dialog box. In the 'Copyright Info' section you can read:
Creator ID: PictureMarc Demo
It is followed by a 'Personalize' button. Press it and another dialog box will pop-out
asking you to enter your ID number.
With SoftIce, BPX the USER32!GetDlgItemTextA function. Back to PhotoShop, enter an ID
number (let's say '12345678') and press OK. SoftIce will pop here:
* Reference To: USER32.GetDlgItemTextA, Ord:00EDh
:1000179F FF1540330210 Call dword ptr [10023340] ; Get user's input (12345678)
:100017A5 8D442410 lea eax, dword ptr [esp + 10] ; Store in EAX
:100017A9 6A02 push 00000002
:100017AB 8D4C2412 lea ecx, dword ptr [esp + 12]
:100017AF 50 push eax
:100017B0 51 push ecx
* Reference To: MSVCRT40.strncpy, Ord:044Eh
:100017B1 E860D20000 Call 1000EA16
:100017B6 8D4C2418 lea ecx, dword ptr [esp + 18]
:100017BA 8D54241E lea edx, dword ptr [esp + 1E] ; store in EDX the user's
!
; ; input - the 2 firts digits
!
; ; > edx:= '345678'
:100017BE 83C40C add esp, 0000000C
:100017C1 51 push ecx
:100017C2 52 push edx
The following CALL will do some bytes manipulations :
-Checks the lenght of ID stored in EDX :
If ID's_length<6 or ID's_length>10 => XOR Eax
otherwise => Mov Eax, 1
-And a lot of un-interesting things
:100017C3 E858990000 call 1000B120
:100017C8 83C408 add esp, 00000008
:100017CB 85C0 test eax, eax
:100017CD 0F84C2000000 je 10001895 ; jump to Bad_Guy
:100017D3 8D44240C lea eax, dword ptr [esp + 0C] ; OK, Go_Ahead
:100017D7 6A02 push 00000002
:100017D9 8D4C2412 lea ecx, dword ptr [esp + 12]
:100017DD 50 push eax ; eax:='345678'
:100017DE 51 push ecx ; Correct ID number
* Reference To: MSVCRT40.strncmp, Ord:044Dh
:100017DF E82CD20000 Call 1000EA10 ; Compare Both ID's
:100017E4 83C40C add esp, 0000000C
:100017E7 85C0 test eax, eax ; Get the Result
:100017E9 0F85A6000000 jne 10001895 ; Jump to Bad_Guy
:100017EF 8D442412 lea eax, dword ptr [esp + 12] ; OK, Go_Ahead
:100017F3 50 push eax ; eax:='345678'
As you can see, nothing really amazing!
So, let's quickly crack it:
:100017C3 B801000000 mov eax, 1 ; *** HERE ***
:100017C8 83C408 add esp, 00000008
:100017CB 85C0 test eax, eax
:100017CD 0F84C2000000 je 10001895
:100017D3 8D44240C lea eax, dword ptr [esp + 0C]
:100017D7 6A02 push 00000002
:100017D9 8D4C2412 lea ecx, dword ptr [esp + 12]
:100017DD 50 push eax
:100017DE 51 push ecx
* Reference To: MSVCRT40.strncmp, Ord:044Dh
:100017DF E82CD20000 Call 1000EA10
:100017E4 83C40C add esp, 0000000C
:100017E7 33C0 xor eax, eax ; *** HERE ***
:100017E9 0F85A6000000 jne 10001895
:100017EF 8D442412 lea eax, dword ptr [esp + 12]
:100017F3 50 push eax
If you run Photoshop with those changes, and enter the code '12345678'
you'll see that your ID number will be '345678' and if you open Digimarc.ini
you'll get:
[Digisign]
CREATOR_ID=345678
PASSWORD=56932
As said above the program deletes the two first digits, so you must enter
at least 3 digits.
If you type less than 8 or more that 12 digits, you're ID number and password
will not be written to Digimarc.ini so you'll have to re-enter it each time
that's because a 'true' ID number's lenght should be within that range) though
your picture will be properly copyrighted with this ID (that's why I cracked
the first Test eax,eax).
That's all we have to crack if we want to add a FREE copyright to any image.
I hope this will help at least those who have spent a lot of money to buy
PhotoShop.
I still cannot understand why such a very expensive tool does not allow us
to copyright our own creations without having to pay again for it.
Strange world...
Part 2 : Stupid moneymakers protectionists
Right after I worked on the first part of this essay, I said to myself that,
strangely, Digimarc Corporation programmers exceled better in protecting images
than in protecting their own program...
At least that's what I was thinking BEFORE I decided to check if it was possible
to change the copyright of an already watermarked image in order to add my own
copyright inside it.
Though it is stupid (and useless) to steal a copyright and add our own instead,
my only concern was to study the level of protection of this tool.
The funny thing is that it is possible (and very easy unlike Digimarc Corporation's
comments about that)!
You can change the ID as well as the Type of Use and the Adult Content:
In Photoshop, open a watermarked image and select again FILTER/DIGIMARC/EMBED WATERWARK.
A dialog box with the following message will pop-out: "Image Already Contains a Watermark".
With SoftIce, BPX the DialogBoxParamA function and try again. SoftIce will break into this
function call. Trace back for a while and you'll land here (Digisign.8bf):
:10003C34 E8EFAD0000 Call 1000EA28 ;MSVCRT40.??3@YAXPAX@Z, Ord:0061h
:10003C39 83C404 add esp, 00000004
:10003C3C 8B45F0 mov eax, dword ptr [ebp-10]
:10003C3F 83F801 cmp eax, 1 ; "groundbreaking technology that will
affect markets from Hollywood to the Web" can be cracked so quickly (and
could have been easily cracked even even by an +HCU's newbye for that matter).
But I found the reason for that, on Digicom home page in their FAQs section:
"With Digimarc, Buyer Contacts Creator... Money Follows!"
Money turned those blind fools into stupid pretentious peoples who never even
try to test the reliability of such an important program.
Could you ever imagine asking (and paying) them for protecting your work/creations,
or worse, a Hollywood Movie copy protected with such a crap? Or even PlayBoy, who
proudly states that since they are using Digimarc they can track hundred of thousand
web site/home pages a week to detect if anyone is using their pics without giving
them any money? Scary world...
Money, money, money... and see here... no money no more now!
Frog's Print - 4 August 1997
(c) Frog's Print, 1997. All rights reserved.
You are deep inside fravia's page of reverse
engineering, choose your way out:
homepage links
anonymity
+ORC students' essays tools
cocktails
antismut search_forms mailFraVia
is reverse engineering legal?