Beruflich Dokumente
Kultur Dokumente
{6} "Verso ebooks are free of Digital Rights Management (DRM-free), but are
subject to the terms of this license. You own the file once you've downloaded
it, and you can use it on any of your devices in perpetuity. It has visible and
invisible watermarks, applied by Booxtream, which contain your name and email
address. You are prohibited from uploading Verso ebooks to any website or filesharing network, or in any other way making them available for distribution,
sharing, copying, downloading, or reselling"
<https://www.versobooks.com/pg/terms-and-conditions>.
There are, at least, seven different varieties of watermarks injected into a
given ebook EPUB payload by BooXtream to be found in Verso ebooks:
WM0-2 are overt (readily visible) watermarks and are optional (meaning they
may not necessarily be present):
[WM0] -- Ex Libris Image Watermark
[WM1] -- Disclaimer Page Watermark
[WM2] -- Footer Watermarks
WM3-6 are covert (not readily visible) watermarks and are always present:
[WM3]
[WM4]
[WM5]
[WM6]
-----
Filename Watermarks
Timestamp Fingerprinting
CSS Watermark
Image Metadata Watermarks
Let's now go through each one to expose it and see how it works and, in turn,
how it may be prevented from working.
OK! :)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[WM0] -- Ex Libris Image Watermark
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The ex libris image watermark is optional {7}; however, Verso ebooks appear to
employ it.
{7} "With every order fulfilment, BooXtream(R) needs the customer name,
customer email address and an order-id (supplied by the shop). BooXtream(R)
encodes this as a series of redundant digital watermarks and also adds visible,
personalised information for the end user into the ePub file. All visible and
personalised information is optional and can be customised:
"- Page 2 contains an Ex Libris (image with customer name), that can be
customised per publisher and per customer" <https://www.booxtream.com>.
~~~~~~~~~~~~~~~~~
Paigey the Book Pirate says: Keeping in mind that the tiers of overt
watermarks (WM0-2) are all optional, even if a given ebook doesn't appear to
have them, it would of course still nonetheless be a sign of utmost prudence
for one to check for the presence of the covert watermark tiers (WM3-6). In
other words, just because an ebook may not have the initial set of overt
watermarks, this should not be taken to mean it does not necessarily have any
of the subsequent covert watermarks.
~~~~~~~~~~~~~~~~~
The ex libris watermark is an image file, albeit one found not in ../Images/,
The footer watermarks are optional {9}; however, Verso ebooks appear to employ
them.
{9} "With every order fulfilment, BooXtream(R) needs the customer name,
customer email address and an order-id (supplied by the shop). BooXtream(R)
encodes this as a series of redundant digital watermarks and also adds visible,
personalised information for the end user into the ePub file. All visible and
personalised information is optional and can be customised:
"[...]
"- Every chapter ends with a personalised footer text"
<https://www.booxtream.com>.
The textual footer page watermarks appear at the end of every XHTMLl file in
the EPUB (therefore chiefly in ../Text/##_*.xhtml).
The main Verso footer boilerplate is as follows:
--This eBook is licensed to $BuyerName, $BuyerEmail on $SaleDate1
--Note that the code formatting surrounding the footer watermark may vary
slightly, taking on the form of either something along the lines of:
--<p style="font-size: 11px; text-align: center; color: #333; border-top: 1px
solid #7b7b7b; padding: 10px 0 0; margin: 20px 0 0;" class="EPubfirstparagraph
epubpagerstart">This eBook is licensed to $BuyerName, $BuyerEmail on
$SaleDate1</p>
--or:
--<p style="font-size: 11px; text-align: center; color: #333; border-top: 1px
solid #7b7b7b; padding: 10px 0 0; margin: 20px 0 0;">This eBook is licensed to
$BuyerName, $BuyerEmail on $SaleDate1</p>
--The takeaway here being the observation that the class attribute is not always
specified.
A footer watermark additionally appears within the aforementioned WM1, namely
in ../disclaimer*.xhtml, albeit matching one of the formatting variants of
../Text/##_*.xhtml:
--<p style="font-size: 11px; text-align: center; color: #333; border-top: 1px
solid #7b7b7b; padding: 10px 0 0; margin: 20px 0 0;">This eBook is licensed to
$BuyerName, $BuyerEmail on $SaleDate1</p>
--Finally, a footer watermark further appears in ../toc.ncx, alongside the
aforementioned presence of WM1:
---
turn, would also need to be renamed, as would references to that CSS file in
the rest of the EPUB).
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[WM4] -- Timestamp Fingerprinting
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
A prudent watermark analyst may have observed that while $BuyerNameCombined
and $BuyerEmailCombined are present in WM3, an accompanying $SaleDate1Combined
variable is missing, despite $SalesDate1's presence in WM1-2, wherein it
accompanied $BuyerName and $BuyerEmail.
This is of course owing to the fact that, seeing as how the customised
watermarked EPUB is generated upon the date and time of purchase (recall
BooXtream's earlier revelatory bragging of utilising 'realtime' watermarking
algorithms), each file's modification and creation timestamp data will thus
correspond to the time that particular copy of the EPUB was purchased. Thus,
the timestamp itself effectively here functions as a covert watermark, serving
to facilitate the potential fingerprinting of the content buyer (or the
'traitor', to use forensic parlance).
For example, say the timestamp information for the files within a given EPUB
is listed as 13/10/2016 07:00:05. If the vendor checks the corresponding sale
records for that ebook and notes that there was a single purchase on 13/10/2016
07:00:02, then that buyer may potentially be implicated, particularly if a
pattern emerges identifying the same buyer across multiple ebook leaks.
If the aim is to avoid being fingerprinted, it thus of the utmost importance
to modify the timestamps of both the EPUB and all of the contents within
(including both files and directories).
If one had mind to eliminate WM4, one could then simply modify one's system
clock to a time/date of one's choice--either earlier or later than the
time/date of purchase--and then open and subsequently save the EPUB anew using
the ever-handy aforementioned Sigil utility.
While using Sigil in tandem with system clock modification is the simplest way
to modify timestamps, since one is likely to be using Sigil for other related
tasks anyhow, one could nonetheless alternatively use the timestomp utility
found within the Metasploit framework
<https://www.rapid7.com/products/metasploit/download.jsp> to alter timestamps
without having to modify the system clock.
~~~~~~~~~~~~~~~~~
Paigey the Book Pirate says: If one were keen to decrease the chances of
forensic analysis being able to detect that counter-forensic timestamp
tampering had occurred, one would be sure to select both reasonable dates--say,
neither years before the book was even published, nor those 30 years in the
future--and realistic timelines--the file modification timestamps should not be
any earlier than the file creation timestamps, for instance.
~~~~~~~~~~~~~~~~~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[WM5] -- CSS Watermark
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Aside from filename watermarking and timestamp fingerprinting, there is
another potential tier of covert watermarking present in Verso BooXtream
called anywhere in the EPUB, its deletion does not adversely affect the layout
of any of the ebook pages).
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[WM6] -- Image Metadata Watermarks
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Aside from filename watermarking, timestamp fingerprinting, and CSS
watermarking, our cellar scientists observed yet another tier of covert
watermarking present in Verso BooXtream ebooks: that of image metadata
watermarks.
All PNG and JPG images examined within contaminated ebooks in our sample set
were found to contain metadata watermarks (other image formats were not
available for analysis in our sample set). The watermarked images therefore
appear predominantly in ../Images/*, though even WM0 (../Text/exlibris*.png) is
watermarked.
To view JPG and PNG metadata watermarks, the images may be opened with either
a dedicated metadata viewer and editing program such as ExifTool
<https://www.sno.phy.queensu.ca/~phil/exiftool/>, or a hex editor application
such as wxHexEditor <https://sourceforge.net/projects/wxhexeditor/>.
In JPG images, the watermark appears in the ImageDescription tag of the
image's EXIF (Exchangeable Image File Format) metadata, and looks something
like this:
--Image Description: [18 characters]=[20-24 characters]
--For example, a sample ImageDescription value may appear as follows:
--Image Description: 626F6F78747265616D=6E6F77617465726D61726B73
--As previously mentioned, PNG images also possess a metadata watermark, albeit
in a different form than that of JPG images. Specifically, in PNG images the
watermark appears as TextualData in the tEXt text chunk field.
For example, a sample tEXt chunk value may appear as follows:
--tEXt: 626F6F78747265616D:6675636B73766572736F
--~~~~~~~~~~~~~~~~~
Paigey the Book Pirate says: '626F6F78747265616D' is a string which just so
happens to appear at the start of all image metadata watermarks in all
Verso/BooXtream ebooks that were analysed as part of our sample set. Thus,
this value appears to be constant--with the second value (that following the
'=' or ':') being the variable one which changes for each copy of an ebook.
When '626F6F78747265616D' is converted from hexadecimal to ASCII characters, it
reads 'booxtream'.
~~~~~~~~~~~~~~~~~
If one had mind to eliminate WM6, one could then simply delete the contaminant
(the image metadata watermark) from the infected *.jpg files by running the
following ExifTool command, which will delete all JPG image metadata and
replace the original infected files with healthy versions, like so:
--exiftool *.jpg -all= -overwrite_original
--As ExifTool does not readily deal with the manipulation of the here pertinent
PNG metadata, our cellar scientists instead prescribe the following command
line remedy to delete the corresponding contaminant from infected *.png files:
--cat infected.png | sng | sed '/[a-z] {/,/}/d' | sng > healed.png
--Alternatively, one could simply delete the watermark from the PNG images (as
well as from the JPGs) by using a hex editor. Yet another alternate would
entail opening the PNG in an image editing application and saving it anew (this
procedure should, however, not be utilised for JPG images as they are not
lossless like PNGs, and as such the new JPG image would result in not just
desirable metadata loss, but also in undesirable quality loss).
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
PARTING SHOTS
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
It's a safe bet that when the Verso and BooXtream bioterrorists, read over
this communique, they--mad as a cut snake--will then attempt to obfuscate and
otherwise modify their watermarking schema in vain attempts to develop tamperresistant watermarking strains. It then follows that the specifics outlined
herein (e.g. exact file locations and directory paths, watermark code samples,
and so on) will become obsolete fairly quickly. But that's okay, because that
is precisely why this communique should not be approached as a set of discrete
tactics, but instead as a particular manifestation of continuously adaptive
strategies of subversion.
Each individual ebook should be thoroughly scrutinised, not only for the
various tiers of overt (ex libris image, disclaimer, footer) and covert
(filename, timestamp, CSS, image metadata) watermarking outlined and examined
herein, but for other potentially even more pernicious watermarking stratagems
that may be deployed by an adversary (such as line, word, and character
shifting, as well as other spacing-based watermarking; F5, Least Significant
Bit (LSB) and other forms of image steganography; natural language
watermarking; and so on...).
In other words, even if it will lead to Verso/BooXtream changing their modi
operandi, the communique will remain advantageous both due to the fact that it
may still be utilised to remove watermarks from Verso/BooXtream ebooks that
have already been released under these old watermarking schemas, and further
that it may inspire future remedies by helping to foster transferable
dissective skills which may be applied to combat any newly-deployed methods of
textual oppression--effectively serving to white-ant Verso/BooXtream content
distribution tyranny, irrespective of their particular future watermarking
permutationss.
In closing, when dealing with watermark identification and removal, there
always a lingering fear that something may have been missed. Adversaries
as publishing conglomerates and peddlers of watermarking snake oil thrive
and seek to financially benefit from this fear, and thus we would like to
is
such
on
here