As of today, Discord's CDN now strips trailing data from PNGs in-flight, meaning that even old uploads are now safe from the aCropalypse vulnerability. As such, this bot is no longer necessary, but it will remain online to allow users to download their archived images.
The aCropalypse vulnerability (CVE-2023-21036 & CVE-2023-28303) has lit the internet ablaze with fear over the mounds of screenshots uploaded to social media websites over the past several years that could potentially contain private information like phone numbers, addresses, and even banking information. While many social media platforms reprocess images after uploading (and thus accidentally mitigate the vulnerability), Discord did not do so until January 2023, leaving potentially millions of vulnerable screenshots on the platform open for anyone to grab.
Enter AntiCropalypse, an open-source Discord bot that mitigates the aCropalypse vulnerability by retroactively deleting vulnerable images. In only a few minutes, server admins can install and set up the bot to have it off on its merry way happily deleting and archiving vulnerable images. Once it's complete, the bot will report on the tally of vulnerable images and give every affected user instructions on how to download their archived (and fixed!) images.
Add to ServerThe aCropalypse vulnerability is a result of how cropped screenshots are saved to a device. The issue was first discovered on Google Pixel devices (CVE-2023-21036) where a regression in Android 10 meant that, when overwriting an existing file (say, the original uncropped screenshot), the original file would not get fully overwritten. This meant that every time you cropped or edited a screenshot on a Google Pixel, it would only partially overwrite the original file, leaving a ton of the original image's data in the final file. This data could then be recovered by a malicious actor, allowing them to access whatever part of the image you tried to crop or edit out: names, phone numbers, addresses, et cetera.
This vulnerability has also been found to affect screenshots taken on the Windows 10+ Snip & Sketch and the Windows 11 Snipping Tool (CVE-2023-28303), although to a much lesser extent. Since the issue arises from saving files, one would need to have snipped and saved a screenshot, then decided they wanted to crop it further and saved it again.
With thanks to retr0id who wrote up an excellent article for developers to learn more about the vulnerability.
To tell if an image is vulnerable, AntiCropalypse starts by parsing the image like any other PNG parser would by iterating through all its chunks and stopping once it reaches the "IEND" of the file. Unlike a normal PNG parser, it then checks to see if there is any excess data at the end of the file. If so, it tries to continue parsing and decoding these PNG chunks. If this proceeds without any errors, then the bot can safely determine that a recoverable part of another image (the original screenshot) is buried at the end of this other image file (the "cropped" screenshot) and flags the message for archival and deletion.
The bot performs this check on every attachment and image link in every message in every channel in a server. When it finds a vulnerable image, it safely archives the message and its (fixed!) image attachments to a private cloud server and then deletes the message. Once it's finished scanning the whole server, it reports back to the user who started the scan with the tally of vulnerable messages and then informs every affected user of the vulnerability and how to download their archived images.
Command | Description |
---|---|
User Commands | |
/download |
Fetches a download link for all of your vulnerable images that were deleted |
/forget-me |
Removes your archives of deleted images |
/opt-out archiving |
Opts-out of having your deleted screenshots backed up for you to download |
/opt-out everything |
Opts-out of having your vulnerable screenshots scanned, deleted, or archived |
Admin Commands | |
/count |
Searches for and counts potentially vulnerable images |
/confidence |
Configures how confident the bot should be before deleting an image |
/purge |
Searches for and deletes vulnerable images according to the configured confidence |
AntiCropalypse is open-source and can be self-hosted if you wish to archive images to your own cloud server or omit archiving entirely. See the repository's README for more information on how to run the bot.
If you need help using the bot, feel free to reach out on its Discord.
Otherwise, if this bot has helped you and you're looking for support it, then you can help contribute to its server costs by sponsoring me on GitHub ❤️