PDA

View Full Version : [Tutorial] Encrypting image URL's to prevent removal of images.

BiGFiST
05-05-08, 11:49
Tutorial written by BiGFiST for Proving-Grounds.

A small idea I initially worked on and was live on the Proving-Grounds early 2007 was an automated system that encrypted all outgoing image links with a proxified version of the image link. It removed all html code and only showed the image. I ceased it due to massive bandwidth usage of my "uber" proxy. However, the real image link could not be found out ever due to to blowfish URL encryption and the removal of all scripts on proxified URL's. Below is a basic example. It encrypts the URL using publicly available webbased proxies. Written for educational purposes.



Do the following and read carefully:
1) Go to proxy.org (http://proxy.org), find a working webbased proxy (freeking.info (http://www.freeking.info))
2) Insert proving-grounds.net, check all boxes except: Remove Scripts, Remove Images, Remove Flash, Encode Page
3) Login to the forum and start a new thread in a random section
4) Insert your bbcode, looks like this:

http://img149.imagevenue.com/loc907/th_79913_LUH_21_200804_123_907lo.jpg (http://img149.imagevenue.com/img.php?image=79913_LUH_21_200804_123_907lo.jpg)ht tp://img192.imagevenue.com/loc249/th_79921_LUH_22_200804_123_249lo.jpg (http://img192.imagevenue.com/img.php?image=79921_LUH_22_200804_123_249lo.jpg)ht tp://img162.imagevenue.com/loc1188/th_79943_sg_100_200804_123_1188lo.jpg (http://img162.imagevenue.com/img.php?image=79943_sg_100_200804_123_1188lo.jpg)h ttp://img179.imagevenue.com/loc123/th_79953_sg_101_200804_123_123lo.jpg (http://img179.imagevenue.com/img.php?image=79953_sg_101_200804_123_123lo.jpg)

Which translates to:


http://img149.imagevenue.com/loc907/th_79913_LUH_21_200804_123_907lo.jpg (http://img149.imagevenue.com/img.php?image=79913_LUH_21_200804_123_907lo.jpg) http://img192.imagevenue.com/loc249/th_79921_LUH_22_200804_123_249lo.jpg (http://img192.imagevenue.com/img.php?image=79921_LUH_22_200804_123_249lo.jpg) http://img162.imagevenue.com/loc1188/th_79943_sg_100_200804_123_1188lo.jpg (http://img162.imagevenue.com/img.php?image=79943_sg_100_200804_123_1188lo.jpg) http://img179.imagevenue.com/loc123/th_79953_sg_101_200804_123_123lo.jpg (http://img179.imagevenue.com/img.php?image=79953_sg_101_200804_123_123lo.jpg)

6) Once bbcode is inserted, hit "preview post"
7) Copy the URL of the first image link and find that URL in the source of that page.
8) Copy the entire bit of the four images. It starts with <a href= and ends with </a>. It looks like this (encoded HTML code of images):
<a href="http://www.freeking.info/browse.php?u=Oi8vaW1nMTQ5LmltYWdldmVudWUuY29tL2ltZ y5waHA%2FaW1hZ2U9Nzk5MTNfTFVIXzIxXzIwMDgwNF8xMjNfO TA3bG8uanBn&b=15" target="_blank"><img src="http://www.freeking.info/browse.php?u=Oi8vaW1nMTQ5LmltYWdldmVudWUuY29tL2xvY zkwNy90aF83OTkxM19MVUhfMjFfMjAwODA0XzEyM185MDdsby5 qcGc%3D&b=15" border="0" alt="" id="vBCodeIMG" /></a><a href="http://www.freeking.info/browse.php?u=Oi8vaW1nMTkyLmltYWdldmVudWUuY29tL2ltZ y5waHA%2FaW1hZ2U9Nzk5MjFfTFVIXzIyXzIwMDgwNF8xMjNfM jQ5bG8uanBn&b=15" target="_blank"><img src="http://www.freeking.info/browse.php?u=Oi8vaW1nMTkyLmltYWdldmVudWUuY29tL2xvY zI0OS90aF83OTkyMV9MVUhfMjJfMjAwODA0XzEyM18yNDlsby5 qcGc%3D&b=15" border="0" alt="" id="vBCodeIMG" /></a><a href="http://www.freeking.info/browse.php?u=Oi8vaW1nMTYyLmltYWdldmVudWUuY29tL2ltZ y5waHA%2FaW1hZ2U9Nzk5NDNfc2dfMTAwXzIwMDgwNF8xMjNfM TE4OGxvLmpwZw%3D%3D&b=15" target="_blank"><img src="http://www.freeking.info/browse.php?u=Oi8vaW1nMTYyLmltYWdldmVudWUuY29tL2xvY zExODgvdGhfNzk5NDNfc2dfMTAwXzIwMDgwNF8xMjNfMTE4OGx vLmpwZw%3D%3D&b=15" border="0" alt="" id="vBCodeIMG" /></a><a href="http://www.freeking.info/browse.php?u=Oi8vaW1nMTc5LmltYWdldmVudWUuY29tL2ltZ y5waHA%2FaW1hZ2U9Nzk5NTNfc2dfMTAxXzIwMDgwNF8xMjNfM TIzbG8uanBn&b=15" target="_blank"><img src="http://www.freeking.info/browse.php?u=Oi8vaW1nMTc5LmltYWdldmVudWUuY29tL2xvY zEyMy90aF83OTk1M19zZ18xMDFfMjAwODA0XzEyM18xMjNsby5 qcGc%3D&b=15" border="0" alt="" id="vBCodeIMG" /></a>
9) Now we want to create BBCODE of that encoded html image code.
10) Open a text editor, and copy/paste the encoded html image code in it.
- replace all <a href=" with
- replace all " border="0" alt="" id="vBCodeIMG" /></a> with
- replace [/URL] with [/URL]x (change x to a space, to add a space between images)
10) *: Example proxy doesn't allow hotlinking, so we add http://anonym.to/? which sets referrer to proxy URL.
12) The result is encoded image bbcode: (thumbs do not work due to example proxy using anti-hotlink, a hotlink disabled proxy would suffice)


http://www.freeking.info/browse.php?u=Oi8vaW1nMTQ5LmltYWdldmVudWUuY29tL2xvY zkwNy90aF83OTkxM19MVUhfMjFfMjAwODA0XzEyM185MDdsby5 qcGc%3D&b=15 (http://anonym.to/?http://www.freeking.info/browse.php?u=Oi8vaW1nMTQ5LmltYWdldmVudWUuY29tL2ltZ y5waHA%2FaW1hZ2U9Nzk5MTNfTFVIXzIxXzIwMDgwNF8xMjNfO TA3bG8uanBn&b=15) http://www.freeking.info/browse.php?u=Oi8vaW1nMTkyLmltYWdldmVudWUuY29tL2xvY zI0OS90aF83OTkyMV9MVUhfMjJfMjAwODA0XzEyM18yNDlsby5 qcGc%3D&b=15 (http://anonym.to/?http://www.freeking.info/browse.php?u=Oi8vaW1nMTkyLmltYWdldmVudWUuY29tL2ltZ y5waHA%2FaW1hZ2U9Nzk5MjFfTFVIXzIyXzIwMDgwNF8xMjNfM jQ5bG8uanBn&b=15) http://www.freeking.info/browse.php?u=Oi8vaW1nMTYyLmltYWdldmVudWUuY29tL2xvY zExODgvdGhfNzk5NDNfc2dfMTAwXzIwMDgwNF8xMjNfMTE4OGx vLmpwZw%3D%3D&b=15 (http://anonym.to/?http://www.freeking.info/browse.php?u=Oi8vaW1nMTYyLmltYWdldmVudWUuY29tL2ltZ y5waHA%2FaW1hZ2U9Nzk5NDNfc2dfMTAwXzIwMDgwNF8xMjNfM TE4OGxvLmpwZw%3D%3D&b=15) http://www.freeking.info/browse.php?u=Oi8vaW1nMTc5LmltYWdldmVudWUuY29tL2xvY zEyMy90aF83OTk1M19zZ18xMDFfMjAwODA0XzEyM18xMjNsby5 qcGc%3D&b=15 (http://anonym.to/?http://www.freeking.info/browse.php?u=Oi8vaW1nMTc5LmltYWdldmVudWUuY29tL2ltZ y5waHA%2FaW1hZ2U9Nzk5NTNfc2dfMTAxXzIwMDgwNF8xMjNfM TIzbG8uanBn&b=15)

13) If you can find an imagehost without a dirct report URL and one that allows disabling the URL form, you may have found an ultimate winner.
madman71
05-05-08, 14:12
Tutorial written by BiGFiST for Proving-Grounds.

A small idea I initially worked on and was live on the Proving-Grounds early 2007 was an automated system that encrypted all outgoing image links with a proxified version of the image link. It removed all html code and only showed the image. I ceased it due to massive bandwidth usage of my "uber" proxy. However, the real image link could not be found out ever due to to blowfish URL encryption and the removal of all scripts on proxified URL's. Below is a basic example. It encrypts the URL using publicly available webbased proxies. Written for educational purposes.



Do the following and read carefully:
1) Go to [/noparse][/CODE]

Which translates to:




6) Once bbcode is inserted, hit "preview post"
7) Copy the URL of the first image link and find that URL in the source of that page.
8) Copy the entire bit of the four images. It starts with <a href= and ends with </a>. It looks like this (encoded HTML code of images):
<a href="http://www.freeking.info/browse.php?u=Oi8vaW1nMTQ5LmltYWdldmVudWUuY29tL2ltZ y5waHA%2FaW1hZ2U9Nzk5MTNfTFVIXzIxXzIwMDgwNF8xMjNfO TA3bG8uanBn&b=15" target="_blank"><img src="http://www.freeking.info/browse.php?u=Oi8vaW1nMTQ5LmltYWdldmVudWUuY29tL2xvY zkwNy90aF83OTkxM19MVUhfMjFfMjAwODA0XzEyM185MDdsby5 qcGc%3D&b=15" border="0" alt="" id="vBCodeIMG" /></a><a href="http://www.freeking.info/browse.php?u=Oi8vaW1nMTkyLmltYWdldmVudWUuY29tL2ltZ y5waHA%2FaW1hZ2U9Nzk5MjFfTFVIXzIyXzIwMDgwNF8xMjNfM jQ5bG8uanBn&b=15" target="_blank"><img src="http://www.freeking.info/browse.php?u=Oi8vaW1nMTkyLmltYWdldmVudWUuY29tL2xvY zI0OS90aF83OTkyMV9MVUhfMjJfMjAwODA0XzEyM18yNDlsby5 qcGc%3D&b=15" border="0" alt="" id="vBCodeIMG" /></a><a href="http://www.freeking.info/browse.php?u=Oi8vaW1nMTYyLmltYWdldmVudWUuY29tL2ltZ y5waHA%2FaW1hZ2U9Nzk5NDNfc2dfMTAwXzIwMDgwNF8xMjNfM TE4OGxvLmpwZw%3D%3D&b=15" target="_blank"><img src="http://www.freeking.info/browse.php?u=Oi8vaW1nMTYyLmltYWdldmVudWUuY29tL2xvY zExODgvdGhfNzk5NDNfc2dfMTAwXzIwMDgwNF8xMjNfMTE4OGx vLmpwZw%3D%3D&b=15" border="0" alt="" id="vBCodeIMG" /></a><a href="http://www.freeking.info/browse.php?u=Oi8vaW1nMTc5LmltYWdldmVudWUuY29tL2ltZ y5waHA%2FaW1hZ2U9Nzk5NTNfc2dfMTAxXzIwMDgwNF8xMjNfM TIzbG8uanBn&b=15" target="_blank"><img src="http://www.freeking.info/browse.php?u=Oi8vaW1nMTc5LmltYWdldmVudWUuY29tL2xvY zEyMy90aF83OTk1M19zZ18xMDFfMjAwODA0XzEyM18xMjNsby5 qcGc%3D&b=15" border="0" alt="" id="vBCodeIMG" /></a>
9) Now we want to create BBCODE of that encoded html image code.
10) Open a text editor, and copy/paste the encoded html image code in it.
- replace all <a href=" with
- replace all " border="0" alt="" id="vBCodeIMG" /></a> with
- replace [/URL] with [/URL]x (change x to a space, to add a space between images)
10) *: Example proxy doesn't allow hotlinking, so we add http://anonym.to/? which sets referrer to proxy URL.
12) The result is encoded image bbcode:




13) If you can find an imagehost without a dirct report URL and one that allows disabling the URL form, you may have found an ultimate winner.


This would be very, very nice. I hope it comes through.
fauxpas1900
05-05-08, 15:08
hey bigfist

Hosts often search and delete files on the basis of MD5 signatures.

This would mean that all reported files will be deleted from the hosting service each time they are uploaded. They will be spotted on the basis of the MD5.

In case of RAR files that keep getting deleted, the MD5 can be changed by adding a small text file to the RAR.

The MD5 of an image file can be changed by resizing it.

But resizing an image, if not done properly and carefully, could mess up the quality of the image.

What are your view on this?
v1ru5
05-05-08, 16:48
That's a nice idea mate... Theoretically speaking, would that remove the direct accountability for PG users posting certain content?

My only issue with your method is the dependancy on an external provider... But I guess an internal proxy (based on PHPproxy perhaps) could be created.

Hosts often search and delete files on the basis of MD5 signatures.

This would mean that all reported files will be deleted from the hosting service each time they are uploaded. They will be spotted on the basis of the MD5.

In case of RAR files that keep getting deleted, the MD5 can be changed by adding a small text file to the RAR.

You're information is correct, but unfortunately forums the size of PG also get teams of people looking for content that they don't want shared - meaning that simply changing the MD5 isn't enough.

The MD5 of an image file can be changed by resizing it. But resizing an image, if not done properly and carefully, could mess up the quality of the image.

It's much simpler than resizing... All that would be needed to change the checksum is an alteration to the image metadata. Adding an author for example would do the job nicely!
BiGFiST
05-05-08, 18:43
I was hoping for someone to bring up the MD5 bit to advance conversation. Like Jazzi suggested, adding a small bit of EXIF/IPTC data will modify the checksum. This takes about 1sec per 1000 images with a program. Should not be a problem. Your only worry is content stealers, but then again, with a proper proxy you can whitelist domains and a skilled coder could even disable services like anonym.to by tunneling.

The proxy would be ran by PG owners on a tertiary server. I don't think you would be accountable Jazzi. Basicly, the image is just served via a 3th server. However, Mr. Imagevenue asked me nicely if I could stop with my "uber" proxy back then. I complied as I was having bandwidth issues too and I accomplished what I intended, total protection. In short: this method is GODLIKE with the above tips and uploaders responsibility of modifying EXIF/IPTC info.

What you need?
- server with at least 3TB of bw/month (you get same bandwidth usage as imagehost)
- server with processing power, limit it to proving-grounds URL's to maximize power
- a skilled coder that can implement a 256bit+ encryption into a proxy script who can also modify it in such a way it only works for the PG.

The coolest thing is, if you have that coder, you can automate all my steps with simple scripts!


Possible problems:
- imagehosts may not be happy with these undeleteable URL's
- not sure, but since images through your proxy are served via your server you could be held accountable for hosting copyrighted content like imagehosts.
fauxpas1900
29-05-08, 10:24
Am looking for a Free EXIF/IPTC editor to modify the checksum of my images that keep getting deleted from imagevenue...

Any suggestions, gentlemen? A free, fast, easy to use EXIF editor?