In response to "Your camera phone has a unique fingerprint" by /u/Lucid_Enemy, which brings up a very good point, have I written a small proof-of-concept pixel randomizer, intended to obfuscate the fingerprint in question.
The problem is real, but as mentioned in the thread not something the average Joe will have problems about. However, vendors should probably at least consider the possibility of this being problematic.
From the other thread were there two solutions outlined:
- Get a dedicated camera for the purpose of images, and ditch all tools after job's done.
- Manipulate the images some.
Either works, but I can't stand having to buy extra equipment when the problem can be solved with code. So, here's a POC pixel randomizer:
Code
#!/usr/bin/env python
from argparse import ArgumentParser
from io import BytesIO
from PIL import Image
from random import randint
# set up argument parsing
parser = ArgumentParser(description="Obscures camera sensor fingerprint of an image by randomizing each pixel with a small variation.")
parser.add_argument("image", metavar="IMAGE", type=str, nargs=1, help="Path to image.")
parser.add_argument("-v", "--variation", metavar="N", type=int, nargs=1, default=2, help="Maximum number of variation for each color channel per pixel. (default = 2)")
args = parser.parse_args()
# open image and get size
im = Image.open(args.image[0])
(width, height) = im.size
# function for randomizing colors
def randomize(value):
variation = args.variation[0]
value = value + randint(variation*-1, variation)
if value < 0:
value = 0
if value > 255:
value = 255
return value
# iterate rows and cols
for y in xrange(0, height):
for x in xrange(0, width):
# get rgb
(r, g, b) = im.getpixel((x,y))
# randomize each color channel
r = randomize(r)
g = randomize(g)
b = randomize(b)
# update pixel
im.putpixel((x,y), (r,g,b))
# print image data
io = BytesIO()
im.save(io, format="jpeg")
print io.getvalue()
It's written in Python, and it depends on Pillow (PIL).
Usage
Since all vendors should be using Tails anyway am I going to assume Python to be installed and a terminal to be available.
- You'll have to start Tails with an admin password set
- Save the code above in a file named
randomize-pixels.py
somewhere - Open a terminal
- Install PIP (Python package manager)
wget https://bootstrap.pypa.io/get-pip.py
sudo python get-pip.py
(enter password)
- Install Pillow
sudo pip install Pillow
(enter password)
- Navigate to the directory with the script
cd /home/Amnesia/Dekstop
if you saved it to dekstopcd /home/Amnesia/Persistent
if you saved it to the persistent folder
- Run script
python randomize-pixels.py /path/to/image.jpg > /path/to/new/image.jpg
Options
--variation N
- changes the randomness variation per color channel per pixel- e.g.
python randomize-pixels.py --variation 30 /path/to/image.jpg > /path/to/new/image.jpg
- e.g.
Result
See here: https://imgur.com/a/HWbgw
Caveats
- No scientific proof this is enough to sufficiently obfuscate sensor fingerprint
- Only supports JPEG
- Obviously reduces quality of image
- Not very fast - have some patience as process is running
Todo
- Multiple format support
- Batch processing
- Additional obfuscation
- Rotate and crop strategy
- Blend/merge mode strategy
- Smudge nearest neighbors strategy
I see multiple possible ways of attacking this.
TL;DR don't use this for security. It does nothing.
A different approach I propose: (please try to break it!)