CanvasBlocker icon indicating copy to clipboard operation
CanvasBlocker copied to clipboard

Published 20 hours ago verified publisher icon kkapsner

CanvasBlocker triggers a generic anti tampering on ylilauta.org

Open JobcenterTycoon opened this issue 1 year ago • 0 comments

Description

When i visit https://ylilauta.org/ a big red box informs the user about the "tampering" even with the "hard to detect" mode enabled. The site self breaks after this. screenshot

Here a test code of the anti tampering

Code: 
function checktamper() {
{
        try {
            if ('get' in Object.getOwnPropertyDescriptors(console).error) {
                console.log("Tampering detected 1")
            }
        } catch {
            console.log("Tampering detected 2")
        }

        let i = document.createElement('iframe');
        i.style.display = 'none';
        document.body.append(i);
        EventTarget.prototype.addEventListener = i.contentWindow.EventTarget.prototype.addEventListener;
        Element.prototype.getBoundingClientRect = i.contentWindow.Element.prototype.getBoundingClientRect;
        i.remove();

        for (const p of [
            {o: window, f: 'setTimeout'},
            {o: window, f: 'setInterval'},
            {o: window, f: 'alert'},
            {o: window, f: 'confirm'},
            {o: window, f: 'getComputedStyle'},
            {o: window, f: 'parseInt'},
            {o: window, f: 'parseFloat'},
            {o: window, f: 'postMessage'},
            {o: window, f: 'addEventListener'},
            {o: document, f: 'createElement'},
            {o: Element.prototype, f: 'getBoundingClientRect'},
        ]) {
            try {
                p.o[p.f].caller;
                p.o[p.f].arguments;
            } catch (e) {
                if (
                    e.message.match(' incompatible ')
                    || e.stack.match('(<anonymous>)')
                ) {
                    console.log("Tampering detected 3")
                }
            }

            const regex = new RegExp('^function ' + p.f + '\\(\\)\\s*{\\s*\\[native code]\\s*}$');
            let da;
            let db;
            let v = p.o[p.f];
            try {
                da = delete p.o[p.f]['toString'];
                db = delete p.o[p.f];
            } catch {
                da = false;
                db = false;
            }

            if (
                !da || !db ||
                typeof Object.getPrototypeOf(v) !== 'function' ||
                typeof v !== 'function' ||
                v.name !== p.f ||
                v.toString().replaceAll('\n', '').match(regex) === null
            ) {
                console.error(p.f + ' does not match expected behavior.');
                console.log("Tampering detected 4")
            }

            Object.defineProperty(p.o, p.f, {value: v, configurable: false, writable: false});
        }

        return false;
    }
}
checktamper();

When i execute this in the browser console it always throw Tampering detected 3 with this addon enabled even when no specific API getting protected. It works fine when the addon is disabled.

Expected Behaviour

No tampering getting detected (i know it can’t be avoided completely but it even appears when no API getting protected)

Current Behaviour

It triggers a generic anti tampering (not specifed to anti fingerprinting)

Possible Solution

Your Environment

  • CanvasBlocker Version used: Version 1.9
  • Firefox version incl. 32- or 64-bit: Firefox 64 bit
  • Operating System and version (desktop or mobile): Windows 10
  • Installed addons: CanvasBlocker

Your Settings

{
	"logLevel": 1,
	"urlSettings": [],
	"hiddenSettings": {},
	"expandStatus": {},
	"displayHiddenSettings": false,
	"whiteList": "",
	"sessionWhiteList": "",
	"blackList": "",
	"blockMode": "fake",
	"protectedCanvasPart": "input",
	"minFakeSize": 10,
	"maxFakeSize": 0,
	"rng": "persistent",
	"protectedAPIFeatures": {},
	"useCanvasCache": true,
	"ignoreFrequentColors": 3,
	"minColors": 3,
	"fakeAlphaChannel": false,
	"webGLVendor": "",
	"webGLRenderer": "",
	"webGLUnmaskedVendor": "",
	"webGLUnmaskedRenderer": "",
	"persistentRndStorage": "{}",
	"persistentIncognitoRndStorage": "",
	"storePersistentRnd": true,
	"persistentRndClearIntervalValue": 0,
	"persistentRndClearIntervalUnit": "days",
	"lastPersistentRndClearing": 1707692714496,
	"sharePersistentRndBetweenDomains": false,
	"askOnlyOnce": "individual",
	"askDenyMode": "block",
	"showCanvasWhileAsking": true,
	"showNotifications": true,
	"highlightPageAction": "none",
	"highlightBrowserAction": "color",
	"displayBadge": true,
	"storeNotificationData": false,
	"storeImageForInspection": false,
	"ignoreList": "",
	"ignoredAPIs": {},
	"showCallingFile": false,
	"showCompleteCallingStack": false,
	"enableStackList": false,
	"stackList": "",
	"protectAudio": true,
	"audioFakeRate": "100",
	"audioNoiseLevel": "minimal",
	"useAudioCache": true,
	"audioUseFixedIndices": true,
	"audioFixedIndices": "12",
	"historyLengthThreshold": 2,
	"protectWindow": false,
	"allowWindowNameInFrames": false,
	"protectDOMRect": true,
	"domRectIntegerFactor": 4,
	"protectSVG": true,
	"protectTextMetrics": true,
	"blockDataURLs": true,
	"protectNavigator": false,
	"navigatorDetails": {},
	"protectScreen": true,
	"screenSize": "",
	"fakeMinimalScreenSize": false,
	"displayAdvancedSettings": true,
	"displayDescriptions": false,
	"theme": "auto",
	"dontShowOptionsOnUpdate": false,
	"disruptSessionOnUpdate": false,
	"updatePending": false,
	"isStillDefault": false,
	"storageVersion": 1
}

JobcenterTycoon avatar Feb 11 '24 23:02 JobcenterTycoon