+ Reply to Thread
Results 1 to 9 of 9

Thread: Don't believe everything you (don't) see: fingerprinting text with zero-width chars

  1. #1
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386

    Don't believe everything you (don't) see: fingerprinting text with zero-width chars

    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  2. Who Said Thanks:

    Renk (09.09.18) , slikrapid (04.09.18) , H265 (04.09.18)

  3. #2
    Moderator
    Instab's Avatar
    Join Date
    18.09.09
    Posts
    6,660
    Activity Longevity
    5/20 17/20
    Today Posts
    0/5 sssss6660
    a good text editor can clean that. for delicate content, copy the text in a good text editor of your choice and use whatever it has to offer. also use features like "show invisibles" for control.
    Your account has been disabled.
    Reply With QuoteReply With Quote
    Thanks

  4. Who Said Thanks:

    H265 (04.09.18)

  5. #3


    Join Date
    22.06.08
    Location
    astral planes
    P2P Client
    sbi finest
    Posts
    3,125
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 sssss3125
    Quote Originally Posted by blog
    After discovering these techniques I shared them with some friends to try to help track down a cyber criminal which they thought might be an insider threat (it wasn’t, it was just a normal blackhat hacker). Then the White House started leaking like an old hose, so I continued to keep quiet. The reason I’m writing about this now is that it appears both homoglyph substitution and zero-width fingerprinting have been discovered by others, so journalists should be informed of the existence of these techniques.
    his own story makes him look dishonest (reason for writing), unpatriotic (kept quiet), suspicious for both being involved in questionable activity (finding that blackhat) and possibly in an intelligence operation (white house didn't pay him a visit)

    Avoid releasing excerpts and raw documents.
    Get the same documents from multiple leakers to ensure they have the exact same content on a byte-by-byte level.
    Manually retype excerpts to avoid invisible characters and homoglyphs.
    Keep excerpts short to limit the amount of information shared.
    Use a tool that strips non-whitelisted characters from text before sharing it with others.
    and some of his advice makes little sense: no raw documents=no proof, multiple leakers as if its a crowded marketplace, manual retyping may add criminal charges, short excerpts means little leakage
    Reply With QuoteReply With Quote
    Thanks

  6. #4
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Quote Originally Posted by Instab View Post
    a good text editor can clean that. for delicate content, copy the text in a good text editor of your choice and use whatever it has to offer. also use features like "show invisibles" for control.
    True, but non technically-inclined people don't know this and the common wisdom is that "if you paste stuff in Notepad, it loses all formatting and is 'safe' to handle", when this issue doesn't even rely on text formatting.

    A cheap workaround I found is to paste the text, but save the file as ANSI and say yes when told that you will lose all Unicode characters. After reopening, the zero-width characters will have transformed into question marks. The problems are that 1. you won't be able to clean text using any characters outside your system locale's code page (which is what "ANSI" actually stands for in Notepad); 2. you have to delete those question marks manually.

    Quote Originally Posted by slikrapid View Post
    his own story makes him look dishonest (reason for writing), unpatriotic (kept quiet), suspicious for both being involved in questionable activity (finding that blackhat) and possibly in an intelligence operation (white house didn't pay him a visit)
    I think the author is/was a cybersecurity consultant, so it makes sense that he'd be hired to find a hacker. I didn't really understand the part about the White House, though.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  7. #5


    Join Date
    22.06.08
    Location
    astral planes
    P2P Client
    sbi finest
    Posts
    3,125
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 sssss3125
    Quote Originally Posted by anon
    I think the author is/was a cybersecurity consultant, so it makes sense that he'd be hired to find a hacker.
    just like in the movies, eh?

    I didn't really understand the part about the White House, though.
    you'd expect them to question everyone who openly admits having relevant information about their leaks, unless he is already working for their team, which would also explain the kind of advice mentioned above
    Reply With QuoteReply With Quote
    Thanks

  8. Who Said Thanks:

    anon (05.09.18)

  9. #6
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Quote Originally Posted by anon View Post

    Here are 2 interesting extensions concerning Zero Width Characters:

    FF addon to detect it:
    ZeroWidth Detection
    Checks websites that you visit for invisible zero-width characters and replaces them with a specified character. Has the ability to copy all the characters found.
    This addon detect static zero width characters as on the site you provide, and (if the appropriate option is selected) dynamically inserted ZWC too, as in umpox.com/zero-width-detection.


    FF addon to use it:
    inØsight — Zero Width Obfuscation
    Stay protected from Canary Traps while having the capability to hide in plain sight whether that's for hiding personal information or talking to a friend.

    Completely open source, advertisement, and log free.

    By default all sites support version 1, however rarely some sites such as twitter restrict *some* characters and in that case you can click on the scroll bar inside the ui and use version 2.0 instead.

    Version 2.1 supports Protonmail.
    More in-depth list to come out in the future.


    This page may be useful too:
    Python3 code to encode/decode text into zero-width characters
    Last edited by Renk; 09.09.18 at 18:31.
    Reply With QuoteReply With Quote
    Thanks

  10. Who Said Thanks:

    anon (09.09.18) , H265 (09.09.18)

  11. #7
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Nice finds. Here is an article which elaborates even more on this matter and will let you test those addons.

    https://blog.fastforwardlabs.com/201...anography.html

    For a similar concept, see https://www.xn--e1awd7f.com/
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  12. #8
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Quote Originally Posted by anon View Post
    Nice finds. Here is an article which elaborates even more on this matter and will let you test those addons.
    Alas, the second addon doesn't seem to work here. Tried to insert "anon is a pr0n addict!!!" in my message, but it failed miserabilly



    For a similar concept, see https://www.xn--e1awd7f.com/
    Yes, similar concept although a little less subtle. But dangerous nevertheless. In FF/about:config you have to set network.IDN_show_punycode to true in order to never be fooled by this homoglyph attack.
    Last edited by Renk; 09.09.18 at 21:23.
    Reply With QuoteReply With Quote
    Thanks

  13. #9
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Quote Originally Posted by Renk View Post
    Alas, the second addon doesn't seem to work here. Tried to insert "anon is a pr0n addict!!!" in my message, but it failed miserabilly
    That's because it's smart, I'm only a casual watcher
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

+ Reply to Thread

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •