Arkose FP Docs

This document contains some of my research on ArkoseLabs' FunCaptcha fingerprinting. This is missing a bunch of signals that I haven't got around to documenting since they're boring or self-explanatory. For example, hashes.

Hover over text with ⋯ below it to see more details.

View the DevTools console for more details (Ctrl+Shift+I).

See also:

This page was lasted updated 5/19/2024, 2:08:21 PM.

Table of Contents

cfp

Canvas fingerprint that's hashed using Java's hashCode method.

1942455060

WebGL

Collects supported operations by your GPU via the WebGL API. This could, in theory, be used to correlate your canvas fingerprint as seen in this Google paper.

{ "webgl_extensions": "ANGLE_instanced_arrays;EXT_blend_minmax;EXT_clip_control;EXT_color_buffer_half_float;EXT_depth_clamp;EXT_float_blend;EXT_frag_depth;EXT_polygon_offset_clamp;EXT_shader_texture_lod;EXT_texture_compression_bptc;EXT_texture_compression_rgtc;EXT_texture_filter_anisotropic;EXT_texture_mirror_clamp_to_edge;EXT_sRGB;OES_element_index_uint;OES_fbo_render_mipmap;OES_standard_derivatives;OES_texture_float;OES_texture_float_linear;OES_texture_half_float;OES_texture_half_float_linear;OES_vertex_array_object;WEBGL_color_buffer_float;WEBGL_compressed_texture_astc;WEBGL_compressed_texture_etc;WEBGL_compressed_texture_etc1;WEBGL_compressed_texture_s3tc;WEBGL_compressed_texture_s3tc_srgb;WEBGL_debug_renderer_info;WEBGL_debug_shaders;WEBGL_depth_texture;WEBGL_draw_buffers;WEBGL_lose_context;WEBGL_multi_draw;WEBGL_polygon_mode", "webgl_extensions_hash": "a0b3b7ac4cbca4984e183045148a91f4", "webgl_renderer": "WebKit WebGL", "webgl_vendor": "WebKit", "webgl_version": "WebGL 1.0 (OpenGL ES 2.0 Chromium)", "webgl_shading_language_version": "WebGL GLSL ES 1.0 (OpenGL ES GLSL ES 1.0 Chromium)", "webgl_aliased_line_width_range": "[1, 1]", "webgl_aliased_point_size_range": "[1, 1023]", "webgl_antialiasing": "yes", "webgl_bits": "8,8,24,8,8,0", "webgl_max_params": "16,64,16384,4096,8192,32,8192,31,16,32,4096", "webgl_max_viewport_dims": "[8192, 8192]", "webgl_unmasked_vendor": "Google Inc. (Google)", "webgl_unmasked_renderer": "ANGLE (Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver)", "webgl_vsf_params": "23,127,127,10,15,15,10,15,15", "webgl_vsi_params": "0,31,30,0,15,14,0,15,14", "webgl_fsf_params": "23,127,127,10,15,15,10,15,15", "webgl_fsi_params": "0,31,30,0,15,14,0,15,14", "webgl_hash_webgl": "d8082c44ba1ec02f12caa20f340e14c6" }

audio_fingerprint

See:

  1. How the Web Audio API is used for audio fingerprinting
  2. How We Bypassed Safari 17's Advanced Audio Fingerprinting Protection
{ "key": "audio_fingerprint", "value": "124.04347527516074" }

wh

Window hash:

  1. Gets all the objects on the current window and sorts them.
  2. TODO: Prototype stuff.
  3. murmurHash3 both with a seed of 420.
  4. Join with "|".
"814b65c165dd838fa39357ca5f8f889d|72627afbfd19a741c7da1732218301ac"

n

Base64 encoded timestamp.

"MTcxNjYxMjMwMQ=="

window__tree_index

These don't work in this environment.

[]

window__tree_structure

TODO

"[]"

window__ancestor_origins

TODO

[]

browser_object_checks

  • Checks for global objects belonging to different browsers.
  • Sorts them.
  • Joins them with ",".
  • md5 hashes them.

See the console for more details.

"554838a8451ac36cb977e719e9d6623c"

browser_detection_brave

Detects the Brave browser via the brave global object.

false

browser_detection_firefox

Checks the User-Agent for "Firefox".

false

navigator_pdf_viewer_enabled

Checks: 
navigator.pdfViewerEnabled
true

user_agent_data_brands

Checks: 
navigator.userAgentData.brands
"Not-A.Brand,Chromium"

user_agent_data_mobile

Checks: 
navigator.userAgentData.mobile
false

screen_orientation

Gets the current device screen orientation.

"portrait-primary"

fake_browser

Checks for inconsistencies between the User-Agent and the behavior of the browser state.

false

headless_browser_generic

Checks the various objects on the document and window related to browser automation frameworks. Including:

4

hasFakeOS

Checks for inconsistencies with userAgent and platform.

false

browser_api_checks

Supported browser features

[ "permission_status: true", "eye_dropper: true", "audio_data: true", "writable_stream: true", "css_style_rule: true", "navigator_ua: true", "barcode_detector: false", "display_names: true", "contacts_manager: false", "svg_discard_element: false", "usb: defined", "media_device: defined", "playback_quality: true" ]

navigator_permissions_hash

  • Checks which permissions the current page has.
  • Joins them with "|".
  • md5 hashes them.
{ "key": "navigator_permissions_hash", "value": "67419471976a14a1430378465782c62d" }

getPlugins

Browser plugins.

[ "Chrome PDF Viewer", "Chromium PDF Viewer", "Microsoft Edge PDF Viewer", "PDF Viewer", "WebKit built-in PDF" ]

speech_default

Text to speach information.

For the hash:

  • Checks voices you have installed.
  • Joins them with ",".
  • md5 hashes them.
[ { "key": "speech_default_voice", "value": null }, { "key": "speech_voices_hash", "value": null } ]

navigator_battery_charging

Checks: 
(await navigator.getBattery()).charging
{ "key": "navigator_battery_charging", "value": true }

media_devices

Checks which media devices are available.

[ { "key": "media_device_kinds", "value": [] }, { "key": "media_devices_hash", "value": "d751713988987e9331980363e24189ce" } ]

getAudio

Checks which audio codecs are available. This can be used to detect browser environments that don't support DRM.

{ "audio_codecs": "{\"ogg\":\"probably\",\"mp3\":\"probably\",\"wav\":\"probably\",\"m4a\":\"maybe\",\"aac\":\"probably\"}", "audio_codecs_extended": "{\"audio/mp4; codecs=\\\"mp4a.40\\\"\":{\"canPlay\":\"maybe\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.1\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.2\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"audio/mp4; codecs=\\\"mp4a.40.3\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.4\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.5\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"audio/mp4; codecs=\\\"mp4a.40.6\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.7\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.8\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.9\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.12\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.13\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.14\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.15\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.16\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.17\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.19\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.20\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.21\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.22\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.23\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.24\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.25\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.26\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.27\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.28\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.29\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"audio/mp4; codecs=\\\"mp4a.40.32\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.33\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.34\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.35\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.40.36\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.66\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.67\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"audio/mp4; codecs=\\\"mp4a.68\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.69\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp4a.6B\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"mp3\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"flac\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"audio/mp4; codecs=\\\"bogus\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"aac\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"ac3\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mp4; codecs=\\\"A52\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/mpeg; codecs=\\\"mp3\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":false},\"audio/wav; codecs=\\\"0\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/wav; codecs=\\\"2\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/wave; codecs=\\\"0\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/wave; codecs=\\\"1\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/wave; codecs=\\\"2\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/x-wav; codecs=\\\"0\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/x-wav; codecs=\\\"1\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":false},\"audio/x-wav; codecs=\\\"2\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/x-pn-wav; codecs=\\\"0\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/x-pn-wav; codecs=\\\"1\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"audio/x-pn-wav; codecs=\\\"2\\\"\":{\"canPlay\":\"\",\"mediaSource\":false}}", "audio_codecs_extended_hash": "805036349642e2569ec299baed02315b" }

getVideo

Checks which video codecs are available. This can be used to detect browser environments that don't support DRM.

{ "video_codecs": "{\"ogg\":\"\",\"h264\":\"probably\",\"webm\":\"probably\",\"mpeg4v\":\"\",\"mpeg4a\":\"\",\"theora\":\"\"}", "video_codecs_extended": "{\"video/mp4; codecs=\\\"hev1.1.6.L93.90\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"video/mp4; codecs=\\\"hvc1.1.6.L93.90\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"video/mp4; codecs=\\\"hev1.1.6.L93.B0\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"video/mp4; codecs=\\\"hvc1.1.6.L93.B0\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"video/mp4; codecs=\\\"vp09.00.10.08\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"video/mp4; codecs=\\\"vp09.00.50.08\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"video/mp4; codecs=\\\"vp09.01.20.08.01\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"video/mp4; codecs=\\\"vp09.01.20.08.01.01.01.01.00\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"video/mp4; codecs=\\\"vp09.02.10.10.01.09.16.09.01\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"video/mp4; codecs=\\\"av01.0.08M.08\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"video/webm; codecs=\\\"vorbis\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"video/webm; codecs=\\\"vp8\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"video/webm; codecs=\\\"vp8.0\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":false},\"video/webm; codecs=\\\"vp8.0, vorbis\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":false},\"video/webm; codecs=\\\"vp8, opus\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"video/webm; codecs=\\\"vp9\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"video/webm; codecs=\\\"vp9, vorbis\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"video/webm; codecs=\\\"vp9, opus\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":true},\"video/x-matroska; codecs=\\\"theora\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"application/x-mpegURL; codecs=\\\"avc1.42E01E\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"video/ogg; codecs=\\\"dirac, vorbis\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"video/ogg; codecs=\\\"theora, speex\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"video/ogg; codecs=\\\"theora, vorbis\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"video/ogg; codecs=\\\"theora, flac\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"video/ogg; codecs=\\\"dirac, flac\\\"\":{\"canPlay\":\"\",\"mediaSource\":false},\"video/ogg; codecs=\\\"flac\\\"\":{\"canPlay\":\"probably\",\"mediaSource\":false},\"video/3gpp; codecs=\\\"mp4v.20.8, samr\\\"\":{\"canPlay\":\"\",\"mediaSource\":false}}", "video_codecs_extended_hash": "cb2c967d0cd625019556b39c63f7d435" }

supported_math_functions

Checks what Math functions are supported in the current browser.

"e9dd4fafb44ee489f48f7c93d0f48163"

math_fingerprint

  • Runs a bunch of math calculations.

This can be used to detect if the enforcement script is being run in a different environment than is claimed by the client. For example, calculating the math like V8 (Chrome) but claiming to be JavaScriptCore (Safari).

"3b2ff195f341257a6a2abbc122f4ae67"

CDP Check

Checks if you have DevTools open or are using Puppeteer.

"1716612301898\\u2062"

Sandbox Checks

Checks for different sandbox environments such as JSDom.

"68934a3e9455fa72420237eb05902327\\u2063"

media_query_dark_mode

Queries for dark mode.

window.matchMedia("(prefers-color-scheme: dark)").matches
false

css_media_queries

  • matchMedia("(prefers-color-scheme:light)")
  • matchMedia("(prefers-color-scheme:dark)")
0

css_color_gamut

Checks what color gamuts are supported.

  • matchMedia("(color-gamut:rec2020)")
  • matchMedia("(color-gamut:p3)")
  • matchMedia("(color-gamut:srgb)")
"srgb"

css_contrast

Checks user's contrast preference.

  • matchMedia("(prefers-contrast:low)")
  • matchMedia("(prefers-contrast:less)")
  • matchMedia("(prefers-contrast:no-preference)")
  • matchMedia("(prefers-contrast:more)")
  • matchMedia("(prefers-contrast:high)")
  • matchMedia("(prefers-contrast:forced)")
"no-preference"

css_monochrome

Checks user's monochrome preference.

"0"

css_pointer

  • matchMedia("(any-pointer:1)")
  • matchMedia("(any-pointer:coarse)")
  • matchMedia("(any-pointer:none")")
  • matchMedia("(any-pointer:fine)")
"none"

css_grid_support

  • matchMedia("(grid:1)")
  • matchMedia("(grid:0)")
false

getFonts

Checks for the presence of 65 different fonts from a predetermined list. This could be used to detect your platform. For example, Wingdings is only on Windows.

[ "Arial", "Courier", "Courier New", "Helvetica", "Times", "Times New Roman" ]

TO

Checks your timezone. This can be correlated with the approximate location of your IP address.

-540

rtc_peer_connection

Checks the existence of:

  • window.RTCPeerConnection
  • window.mozRTCPeerConnection
  • window.webkitRTCPeerConnection

And then stores the result in a number using bit shifting.

5

jsbd

  • HL: 
    window.history.length
  • NCE: 
    navigator.cookieEnabled
  • DT: 
    document.title
  • NWD: 
    JSON.stringify(navigator.webdriver)
{ "HL": 2, "NCE": true, "DT": "Arkose FP Docs", "NWD": "true", "DMTO": 1, "DOTO": 1 }

6a62b2a558

Script version hash:

enforcement.6c9d6e9be9aa044cc5ce9548b4abe1b0.js

4b4b269e68

Random UUID

crypto.randomUUID();