Emerald caught for another TVP violation - SLUniverse Forums
Navigation » SLUniverse Forums > Virtual World Discussion > General SL Discussion » Emerald caught for another TVP violation


General SL Discussion Discuss topics related to Second Life

 
Sponsor:
Steampunk Victorian Caledon
Reply
 
LinkBack Thread Tools Display Modes
Old 07-20-2010, 04:27 PM   #1 (permalink)
Senior Member
On my period, leave me alone.
 
Join Date: May 2010
Posts: 132
Emerald caught for another TVP violation



From the ones who took down the onyx project had this to say:
There was an even bigger issue with those versions, though. Apparently Zwagoth did not know the X11 protocol (for Linux) or Carbon (for Mac) very well, and didn't know how to get the window's handle or title. Instead, he embedded the current working directory for the process into the J2C's comment section. When using a custom-built version of the Mac version of Emerald, or any build of the Linux version, it is also likely that the viewer resides in the user's home directory. An example decoded comment would be "/home/tomsheldon/EmeraldViewer-i686-1.4.0.2270" (this is an actual decoded comment that I saw when looking around the grid for people on Emerald.) There is the possibility for using this information to determine other accounts that people have created outside of SL, or their RL name.


All of this was brought to my attention (and that of several others) by a former Onyx developer who took issue with what they were doing. Apparently, only the Onyx team knew that this sort of "feature" was in the Emerald Kakadu library, not even other core Emerald developers were informed. It is likely that this leak was leveraged by the ModularSystems bots that were crawling the grid just a month ago.


Someone who wishes to remain anonymous made a program that was capable of reading the encoded messages in the baked textures produced by Emerald, and gave it to me and a couple of others. Phr0z3n (an Inertia developer) then made a C++ version of the program and added it to Inertia's radar.

After seeing that even people with their tags hidden (A lot of Lindens that shouldn't have been running Emerald actually) could be identified as running Emerald, I mentioned the issue to a few Emerald developers. They were shocked, to say the least, but the feedback I'm getting is that JCool doesn't intend to remove it and is just going to change the encoding. As such, I am writing this article to warn people and will be providing patches to remove this "feature" from the binary builds of the Emerald Kakadu library in the near future.


Inertia is a copybot viewer made by Hazim, Cryogenic, SimmanFederal,phr0z3nt04st


Soft Linden's reply:
from Brian McGroarty <soft@lindenlab.com>
to * <*@gmail.com>
date Sun, Jul 18, 2010 at 4:03 PM
subject Re: Security and Privacy Breach
hide details 4:03 PM (10 minutes ago)
Yep. At the very least, the paths with names included are completely
unacceptable.

I appreciate the source pointer and the image example. Both are going
to help a lot with this. I've asked for half an hour on Monday in
order to make sure the decision makers understand exactly what's
happening here.

I think I should provide some background for people who aren't familiar with the emkdu library. Up until several versions ago, Emerald was using the slower openjpeg decoder to decode all images in SL as they did not have distribution rights for LL's proprietaru LLKDU library. JCool (Fractured Crystal) Purchased a single-developer license for a newer version of the Kakadu library and asked Zwagoth Klaar to make a version of it in the same style as the LLKDU library.

With this library, they added an encoded comment to an avatar's baked clothing.

Source code to detect this is located here:
indra/llimage/llimagemetadatareader.cpp at master from HazimGazov's Inertia - GitHub
indra/newview/llviewerimage.cpp at master from HazimGazov's Inertia - GitHub
indra/newview/llvoavatar.cpp at master from HazimGazov's Inertia - GitHub

Full Source recompile is location here: http://github.com/HazimGazov/Inertia/tree/master/indra


Quote from their site
Why open source? Won't the lindens fix anything interesting that's added in?

I code for the sport, and it wouldn't be any fun to play against an open net, would it? The lindens are welcome to (actually, I'd expect them to) fix any bugs or exploits exposed in the Inertia source. The open-ness of the project also allows maintainers of similar projects (such as OpenSim) to fix any issues that may affect them as well. The end result is that Inertia is quite similar to the Onyx project, but we value transparency and invite anyone to join.

Last edited by Spitfire Clay; 07-20-2010 at 06:12 PM.
Spitfire Clay is offline   Reply With Quote
2 Users Said Thanks :
Old 07-20-2010, 04:35 PM   #2 (permalink)
is a pussy.
 
Hypatia Callisto's Avatar
Laughs and sneers in LOLCat
 
Join Date: Jun 2007
Posts: 8,120
My Mood:
SL Join Date: February 8, 2006
moar emerald dramaz, huzzah!

__________________
"To begin with," said the Cat, "a dog's not mad. You grant that?"

"I suppose so," said Alice.

"Well, then," the Cat went on, "you see, a dog growls when it's angry, and wags its tail when it's pleased. Now I growl when I'm pleased, and wag my tail when I'm angry. Therefore I'm mad."

"I call it purring, not growling," said Alice.

"Call it what you like," said the Cat.
Hypatia Callisto is offline   Reply With Quote
1 User Said Yay!:
Old 07-20-2010, 04:39 PM   #3 (permalink)
Senior Member
 
Ann Otoole's Avatar
 
Join Date: Oct 2008
Posts: 16,374
seventy percent seventy percent we can't be having no seventy percent seventy percent
Ann Otoole is offline   Reply With Quote
Old 07-20-2010, 04:42 PM   #4 (permalink)
SUPER BANNED

*SLU Supporter*
 
Free Xue's Avatar
#UndercoverGamerGate
 
Join Date: May 2009
Posts: 37,586
My Mood:
SL Join Date: May, 2008
Blog Entries: 10

Awards: 1
Special Achievement in Thread Titling 


That's all I got.
__________________
Quote:
Originally Posted by Cristiano View Post
you are all trolls (and super gay too!)
[confused cats against feminism]
la lucha sigue...
Free Xue is offline   Reply With Quote
1 User Said Thanks:
Old 07-20-2010, 04:49 PM   #5 (permalink)
Now with 40% more Awesome

*SLU Supporter*
 
Siggy's Avatar
We can't stop here. This is bat country
 
Join Date: Aug 2007
Posts: 8,672
My Mood:
Client: Tenacious - V
Interesting post - thanks for the heads up.
__________________
And as it was in the beginning, so too shall it be in the end. That bullshit is bullshit, it just goes by different names.
Siggy is offline   Reply With Quote
1 User Groaned:
Old 07-20-2010, 04:55 PM   #6 (permalink)
Blinded with SCIENCE!
 
Liona Clio's Avatar
www.girlgeniusonline.com
 
Join Date: Aug 2007
Posts: 2,882
My Mood:
/AnnoyedEmeraldUser on

So, when hackers find a security hole in a 3rd party viewer, Linden Lab bans the viewer, am I interpreting this correctly?

If so...what happens when the hackers find a security hole in the official viewer?
__________________


"Well, my days of not taking you seriously have certainly come to a middle."

I will go to the animal shelter and get you a kitty cat. I will let you fall in love with that kitty cat. And then on some dark, cold night I will steal away into your home and punch you in the face! - Sue Sylvester, "Glee"
Liona Clio is offline   Reply With Quote
Old 07-20-2010, 05:01 PM   #7 (permalink)
Senior Member
 
Ann Otoole's Avatar
 
Join Date: Oct 2008
Posts: 16,374
Quote:
Originally Posted by Liona Clio View Post
/AnnoyedEmeraldUser on

So, when hackers find a security hole in a 3rd party viewer, Linden Lab bans the viewer, am I interpreting this correctly?

If so...what happens when the hackers find a security hole in the official viewer?
other than LL looking for any excuse to stop the emerald takeover, which is likely all that matters, the main thing is modsys needs to deal with their coding and deal with the who is coding and get this kind of crap cut out.

assuming, of course, there is not more bullshit here than meets the eye.

If all the emerald users say fuck LL and quit we can call it a day even faster and LL can close up shop and then see if they can get them a new job in the second hand rentals biz like T did.
Ann Otoole is offline   Reply With Quote
Old 07-20-2010, 05:08 PM   #8 (permalink)
Lies down wif Bunnies
 
Dickie Swansong's Avatar
Lurve ta eat them bunnies, bunnies what I lurve ta eat. Bite they little heads off, nibble on they tiny feet.
 
Join Date: Jan 2009
Location: Useta live inna swamp
Posts: 3,698
My Mood:
SL Join Date: July 5, 2006
Client: Dun' compromise mai privacies!
Quote:
Originally Posted by Spitfire Clay View Post

All logins from the Emerald Viewer or Emerald Viewer Beta channel will be disabled because of this and there will be a public blog post warning all users that Emerald Dev Team violates the users privacy using a "infected library"
Logins have not been disabled. Explain yaself.
Dickie Swansong is offline   Reply With Quote
Old 07-20-2010, 05:11 PM   #9 (permalink)
Senior Member
 
Join Date: Nov 2007
Posts: 2,531
SL Join Date: September 2006
Quote:
Originally Posted by Spitfire Clay View Post
All logins from the Emerald Viewer or Emerald Viewer Beta channel will be disabled because of this and there will be a public blog post warning all users that Emerald Dev Team violates the users privacy using a "infected library"
1) Note that this does not appear to be part of Soft's email.

2) While I love drama as much as anyone, I'll believe this when it happens.
Anya Ristow is offline   Reply With Quote
Old 07-20-2010, 05:13 PM   #10 (permalink)
ADOLF HEIGHTLER
 
Imnotgoing Sideways's Avatar
Louder than god's revolver and twice as shiny!
 
Join Date: Jun 2008
Location: Darkly Cute :: Ferguson
Posts: 8,398
My Mood:
SL Join Date: November, 2007
Business: Darkly Cute
Client: NOT the same one I used yesterday... (<.<)
Send a message via Yahoo to Imnotgoing Sideways Send a message via Skype™ to Imnotgoing Sideways
So, wait... Are these screenshots of Emerald displaying the information or the Enertia client you were using to extract more data? (O.o)

Why do I smell another much ado about nothing? (o.O)
__________________
Quote:
Immy is made of wine, Metal, and neon. With a dash of flamethrowers.
Imnotgoing Sideways is offline   Reply With Quote
1 User Agreed:
Old 07-20-2010, 05:15 PM   #11 (permalink)
Baby Baroness
 
Wildefire Walcott's Avatar
OMG ICONS
 
Join Date: Jun 2007
Posts: 5,552
My Mood:
SL Join Date: 2005.10.28
Client: 1.23
Send a message via Yahoo to Wildefire Walcott
Quote:
Originally Posted by Spitfire Clay View Post
Apparently Zwagoth did not know the X11 protocol (for Linux) or Carbon (for Mac) very well, and didn't know how to get the window's handle or title. Instead, he embedded the current working directory for the process into the J2C's comment section.
I am completely oblivious to all the TPV drama but this right here is laughably ridiculous. There's such a thing as Google, folks.
__________________
Desperation Isle Estates: Homesteads and full-prim sims for rent.

Desperation Isle Productions: Scripted skyboxes for lots (and budgets) of all sizes!
Wildefire Walcott is offline   Reply With Quote
1 User Agreed:
Old 07-20-2010, 05:18 PM   #12 (permalink)
Senior Member
 
Ann Otoole's Avatar
 
Join Date: Oct 2008
Posts: 16,374
what it reads like is ripper viewers are allowed by Soft Linden because LL wants to kill emerald because it makes LL look stupid. So they need the ripper viewers logging in to make bad pictures.
Ann Otoole is offline   Reply With Quote
Old 07-20-2010, 05:23 PM   #13 (permalink)
is a pussy.
 
Hypatia Callisto's Avatar
Laughs and sneers in LOLCat
 
Join Date: Jun 2007
Posts: 8,120
My Mood:
SL Join Date: February 8, 2006
Quote:
Originally Posted by Ann Otoole View Post
what it reads like is ripper viewers are allowed by Soft Linden because LL wants to kill emerald because it makes LL look stupid. So they need the ripper viewers logging in to make bad pictures.
I think it looks even more stupid when you believe everything you read written by some idiot with an axe to grind. I'm no Emerald lover but I'm not exactly going to believe anything Spitfire Clay says. It's probably all mashed together out of context.
Hypatia Callisto is offline   Reply With Quote
Old 07-20-2010, 05:25 PM   #14 (permalink)
Senior Member
 
Kate M.'s Avatar
o_o
 
Join Date: Oct 2009
Posts: 443
Immy,

See the original posting here for more details: I ♥ Anime - Griffblog - I told you so.

Basically, the developers of inertia figured out a way to read the data Emerald was already broadcasting to the entire grid.

I should emphasize that windows users do not have this problem; only users running emerald on Linux or Mac have to worry about this.

Quote:
So, when hackers find a security hole in a 3rd party viewer, Linden Lab bans the viewer, am I interpreting this correctly?
If LL does disable emerald logins, they will be responding to a TPV that is intentionally broadcasting user RL data. This problem may have started as a bug, but when the developers declined to fix it, it became an intentional violation of the TPV policy.
Kate M. is offline   Reply With Quote
1 User Said Thanks:
1 User Agreed:
Old 07-20-2010, 05:27 PM   #15 (permalink)
Senior Member
 
Serendipity's Avatar
Frisky...
 
Join Date: Jan 2010
Posts: 351
SL Join Date: 2/28/2008
since we are on it how do I download stuff from Sl for me? I saw this cute little dress and I don't wanna pay for it so I got Emerald to download it to my Computer... I have a grey Computer if that helps...
Serendipity is online now   Reply With Quote
Old 07-20-2010, 05:30 PM   #16 (permalink)
Senior Member
 
Ann Otoole's Avatar
 
Join Date: Oct 2008
Posts: 16,374
so they can allow windows versions and block the others. In the meantime the devs can fix it. or stop being devs.

assuming it is not all bullshit.

well one way or another it is bullshit of some sort lol

and LL will take any straw for a reason to ban emerald because emerald usage numbers make SLv2 look like what it is.
Ann Otoole is offline   Reply With Quote
Old 07-20-2010, 05:34 PM   #17 (permalink)
Senior Member
 
Ann Otoole's Avatar
 
Join Date: Oct 2008
Posts: 16,374
Quote:
Originally Posted by Kate M. View Post
Immy,

See the original posting here for more details: I ♥ Anime - Griffblog - I told you so.

Basically, the developers of inertia figured out a way to read the data Emerald was already broadcasting to the entire grid.

I should emphasize that windows users do not have this problem; only users running emerald on Linux or Mac have to worry about this.



If LL does disable emerald logins, they will be responding to a TPV that is intentionally broadcasting user RL data. This problem may have started as a bug, but when the developers declined to fix it, it became an intentional violation of the TPV policy.
Too bad we can't set the settings directory to somewhere other than a structure that has the user name in it eh? Maybe LL needs to ban all viewers.
Ann Otoole is offline   Reply With Quote
Old 07-20-2010, 05:35 PM   #18 (permalink)
Senior Member
 
Kate M.'s Avatar
o_o
 
Join Date: Oct 2009
Posts: 443
Quote:
Originally Posted by Ann Otoole View Post
Too bad we can't set the settings directory to somewhere other than a structure that has the user name in it eh? Maybe LL needs to ban all viewers.
Users who didn't install it in a directory tree don't have their user name exposed. All it does is broadcast the directory in which the viewer executable is running. For some people, that happens to inclide their user name or RL name
Kate M. is offline   Reply With Quote
Old 07-20-2010, 05:37 PM   #19 (permalink)
ADOLF HEIGHTLER
 
Imnotgoing Sideways's Avatar
Louder than god's revolver and twice as shiny!
 
Join Date: Jun 2008
Location: Darkly Cute :: Ferguson
Posts: 8,398
My Mood:
SL Join Date: November, 2007
Business: Darkly Cute
Client: NOT the same one I used yesterday... (<.<)
Send a message via Yahoo to Imnotgoing Sideways Send a message via Skype™ to Imnotgoing Sideways
I'm just going to say, right here and right now, that I believe that Hazim and his internet piss war BS is what cost us Woodbury University. I don't know and I don't care what he wants to accomplish with his actions, but I do hope he finds a way to utilize his abilities in a way that will land him a six-figure salary and not a starring role as Bruno's butt buddy in prison.
Imnotgoing Sideways is offline   Reply With Quote
2 Users Laughed:
Old 07-20-2010, 05:38 PM   #20 (permalink)
Senior Member
On my period, leave me alone.
 
Join Date: May 2010
Posts: 132
This has nothing to do with hackers.
Imnotgoing Sideways, This is Hazim's quote on how it works:

I think I should provide some background for people who aren't familiar with the emkdu library. Up until several versions ago, Emerald was using the slower openjpeg decoder to decode all images in SL as they did not have distribution rights for LL's proprietaru LLKDU library. JCool (Fractured Crystal) Purchased a single-developer license for a newer version of the Kakadu library and asked Zwagoth Klaar to make a version of it in the same style as the LLKDU library.

With this library, they added an encoded comment to an avatar's baked clothing.

Last edited by Spitfire Clay; 07-20-2010 at 05:58 PM.
Spitfire Clay is offline   Reply With Quote
Old 07-20-2010, 05:38 PM   #21 (permalink)
Curiouser and Curiouser

*SLU Supporter*
 
Trasee Darkwatch's Avatar
Following the White Rabbit
 
Join Date: Oct 2009
Location: The Mad Hatter's Tea Party
Posts: 12,352
My Mood:
SL Join Date: 7/3/2006 (rejoin 7/16/2009)
Client: Firestorm
__________________
(\__/)
(='.'=) This is Bunny. Copy and paste Bunny into your
(")_(") signature to help him gain world domination
______________________________________________
| Trasee's DeviantART | Trasee's Furventures |
Trasee Darkwatch is online now   Reply With Quote
Old 07-20-2010, 05:49 PM   #22 (permalink)
Senior Member
On my period, leave me alone.
 
Join Date: May 2010
Posts: 132
Imnotgoing Sideways, if I recall, your name was listed in the modular datamining list.

Anyways , I have reproduced this bug by recompiling indra at master from HazimGazov's Inertia - GitHub .

This bug even affects the current version of emerald 2270 and a few other versions.

Last edited by Spitfire Clay; 07-20-2010 at 06:04 PM.
Spitfire Clay is offline   Reply With Quote
Old 07-20-2010, 06:04 PM   #23 (permalink)
Stallmanite
 
hazimgazov's Avatar
Eating computers
 
Join Date: Apr 2010
Location: Canada, I'll beat you up
Posts: 423
My Mood:
SL Join Date: Feb 2007
Quote:
Originally Posted by Spitfire Clay View Post
Imnotgoing Sideways, if I recall, your name was listed in the modular datamining list.

Anyways , I have reproduced this bug by recompiling indra at master from HazimGazov's Inertia - GitHub .

This bug even affects the current version of emerald 2270.
Not necessarily. All new installations of Emerald (regardless of the version) will now use a newer version of emkdu. It uses the reference implementation of AES instead of of the janky encryption used before. As far as I know, nobody's really looked at the new library in-depth yet; However, it shouldn't be terribly difficult, since the library was compiled in debug mode (thanks for that,) and the debug symbols for vanilla kakadu and the compiled reference AES implementation should be more than sufficient. All wassert() calls are left intact, which should provide needed context.

Aside from the new encryption (which will require a key to decode, presumably only held by the developers of the emkdu library,) It's been mentioned that if the library isn't able to determine the window's title, it will use the last part of the full path instead. I have confirmed that under circumstances that it will embed the path into the image as it did under mac and linux, but I haven't confirmed that only the last part of the path will be used. I will try to keep people up to date as to the behaviour of the new library as soon as I'm able to pin it down.

TL;DR: New emkdu library, uses different encryption, may embed path even under Windows now.

If an Emerald dev would care to correct me, this would be a good time.

Quote:
Originally Posted by Spitfire Clary
Inertia is a copybot viewer made by Hazim, Cryogenic, SimmanFederal,phr0z3nt04st
__________________
KING OF DOUBLE PROAST AND NINJA EDIT.
hazimgazov is offline   Reply With Quote
3 Users Said Thanks :
Old 07-20-2010, 06:07 PM   #24 (permalink)
Senior Member
On my period, leave me alone.
 
Join Date: May 2010
Posts: 132
Quote:
Originally Posted by Liona Clio View Post
/AnnoyedEmeraldUser on

So, when hackers find a security hole in a 3rd party viewer, Linden Lab bans the viewer, am I interpreting this correctly?

If so...what happens when the hackers find a security hole in the official viewer?

Its not a security hole. It was hard coded by the Modular Dev.

Credit goes to ex-Onyx/Emerald/Cryolife dev Cryogenic and Hazim for sniffing ModularSystems out.
Spitfire Clay is offline   Reply With Quote
Old 07-20-2010, 06:08 PM   #25 (permalink)
SUPER BANNED

*SLU Supporter*
 
Free Xue's Avatar
#UndercoverGamerGate
 
Join Date: May 2009
Posts: 37,586
My Mood:
SL Join Date: May, 2008
Blog Entries: 10

Awards: 1
Special Achievement in Thread Titling 
Quote:
Originally Posted by Spitfire Clay View Post
Its not a security hole. It was hard coded by the Modular Dev.
Free Xue is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are On