S400 Scanner Modified For Finding Hidden Watermarks

Computer hardware is by and large compromised out of the box. Whether it’s sloppy factory code, or government-installed backdoors, it’s difficult to trust anything. A great example is that of color laser printers, the vast majority of which place hidden watermarks on printed pages. It’s a somewhat forgotten issue these days, but back in 2005, [bunnie] set out to modify a scanner to help better image and investigate these watermarks.

The watermarks in question have been investigated by the EFF, and often, but not always, consist of tiny yellow dots printed on the page. They can store data such as the name of the computer that printed the document, as well as the serial number and model of the printer used. With this functionality baked into the firmware, all prints made on such a printer are compromised.

The easiest way to see these watermarks is with blue light, which is reflected by the white paper, but causes yellow dots to show up as dark spots. To make scanning affected documents quick and easy, [bunnie] whipped up a linear LED light array, installing it in a spare slot in his scanner’s light assembly, next to the stock white CCFL. Usage is a little more complex, with the scanner’s automatic calibration getting confused if the blue LEDs are left on at the start of a scan. Instead, the LEDs must be turned off initially, and then powered up once the calibration is complete.

Results are good, with the tiny dots made much clearer in the test scans [bunnie] performed. Unfortunately, the watermarking technology has moved on, and it’s likely that modern printers use a variety of techniques that are even harder to detect. By and large, ransom notes are best made the old fashioned way – by cutting up some old magazines.

Removing DRM From Aaron Swartz’s EBook

After his death, Aaron Swartz became one of the Internet’s most famous defenders of the free exchange of information, one of the most polarizing figures on the topic of intellectual property, and the most famous person that still held on to the ideals the Internet was founded on. Aaron was against DRM, fought for the users, and encouraged¬†open access to information.

Early this year, Verso Books published the collected writings of Aaron Swartz. This eBook, according to Verso, contains ‘social DRM’, a watermarking technology that Verso estimates will, “contribute ¬£200,000 to the publisher’s revenue in its first year.” This watermarking technology embeds uniquely identifiable personal information into individual copies of eBooks.

With a heavy sigh, you realize you do not live in the best of all possible worlds.

The Institute for Biblio-Immunology had a similar reaction to Verso Books’ watermarking technology applied to the collected writings of Aaron Swartz. In a communique released late last weekend, they cracked this watermarking scheme and released the code to remove this ‘social DRM’ from ePub files.

The watermarking technology in Aaron Swartz’s eBook comes courtesy of BooXtream, a security solution where every eBook sold is unique using advanced watermarking and personalization features. “A publication that has been BooXtreamed can be traced back to the shop and even the individual customer,” the BooXtream website claims, and stands in complete opposition to all of Aaron Swartz’s beliefs.

After analyzing several digital copies of Aaron Swartz’s eBook, the Institute for Biblio-Immunology is confident they have a tool that removes BooXtrem’s watermarks in EPUB eBooks. Several watermarks were found, including the very visible – Ex Libris images, disclaimer page watermarks, and footer watermarks – and the very hidden,¬†including image metadata, filename watermarks, and timestamp fingerprints.

While the Institute believes this tool can be used to de-BooXtream all currently available ‘social DRM’ed’ eBooks, they do expect the watermarking techniques will be quickly modified. This communique from the Institute of Biblio-Immunology merely provides the background of what BooXtream does, not the prescription for the disease of ‘social DRM’. These techniques can be applied to further social DRM’ed eBooks, which, we think, is what Aaron would have done.