Arkose FP Docs

This document contains some of my research on ArkoseLabs' FunCaptcha fingerprinting. This is missing a bunch of signals that I haven't got around to documenting since they're boring or self-explanatory. For example, hashes.

Hover over text with ⋯ below it to see more details.

View the DevTools console for more details (Ctrl+Shift+I). Including logs and source code.

See also:

This page was lasted updated [loading...].

Table of Contents

    is_keyless

    This field is true if no public key is provided in the "[...]/v2/api.js" script url. Instead, the public key is provided with "setConfig". More information can be found here.

    cfp

    Canvas fingerprint that's hashed using Java's hashCode method.

    WebGL

    Collects supported operations by your GPU via the WebGL API. This could, in theory, be used to correlate your canvas fingerprint as described in this paper by Google.

    audio_fingerprint

    See:

    1. How the Web Audio API is used for audio fingerprinting
    2. How We Bypassed Safari 17's Advanced Audio Fingerprinting Protection

    wh

    Window hash:

    1. Gets all the objects on the current window and sorts them.
    2. TODO: Prototype stuff.
    3. murmurHash3 both with a seed of 420.
    4. Join with "|".

    n

    Base64 encoded timestamp.

    window__tree_index

    These don't work in this environment.

    window__tree_structure

    TODO

    window__ancestor_origins

    TODO

    browser_object_checks

    • Checks for global objects belonging to different browsers.
    • Sorts them.
    • Joins them with ",".
    • md5 hashes them.

    See the console for more details.

    browser_detection_brave

    Detects the Brave browser via the brave global object.

    browser_detection_firefox

    Checks the User-Agent for "Firefox".

    navigator_pdf_viewer_enabled

    NOTICE: Removed as of 2.16.0.

    Checks: navigator.pdfViewerEnabled;

    user_agent_data_brands

    Checks: navigator.userAgentData.brands;

    user_agent_data_mobile

    Checks: navigator.userAgentData.mobile;

    screen_orientation (3f76dd27)

    Gets the current device screen orientation.

    fake_browser

    Checks for inconsistencies between the User-Agent and the behavior of the browser state.

    headless_browser_generic (862f2c1)

    Checks the various objects on the document and window related to browser automation frameworks. Including:

    hasFakeOS

    Checks for inconsistencies with userAgent and platform.

    browser_api_checks (f58835f)

    NOTICE: "f58835f" is now md5 hashed as of 2.16.0.

    Supported browser features

    navigator_permissions_hash (replaced by 1f220c9)

    NOTICE: Removed as of 2.15.0 and 3.5.0

    • Checks which permissions the current page has.
    • Joins them with "|".
    • md5 hashes them.

    navigator_permissions_hash (1f220c9)

    NOTICE: Not currently part of 4.x.x

    • Checks which permissions the current page has (including accelerometer, gamepad, nfc, etc).
    • JSON stringifies them
    • md5 hashes them

    This hasn't been "reverted" in 4.x.x, as some have claimed. ArkoseLabs maintains multiple branches and active deployments. The 4.x.x branch was created from an older revision that predates the 3.5.0 release. Both versions are being developed in parallel and will eventually be merged. Development has been very slow and could take a while to merge all the different active versions (2.x, 3.x, & 4.x).

    In addition, ArkoseLabs performs A/B testing on new versions with a limited user base before broader rollout. Clients will eventually have to migrate to the new versions.

    getPlugins

    Browser plugins.

    speech_default

    Text to speach information.

    For the hash:

    • Checks voices you have installed.
    • Joins them with ",".
    • md5 hashes them.

    navigator_battery_charging

    Checks: (await navigator.getBattery()).charging;

    media_devices (7541c2s)

    NOTICE: "media_device_kinds" is no longer included in the payload.

    Checks which media devices are available.

    getAudio

    NOTICE: "audio_codecs_extended" is no longer included in the payload to reduce payload size.

    Checks which audio codecs are available. This can be used to detect browser environments that don't support DRM.

    getVideo

    Checks which video codecs are available. This can be used to detect browser environments that don't support DRM.

    NOTICE: "video_codecs_extended" is no longer included in the payload to reduce payload size.

    supported_math_functions

    Checks what Math functions are supported in the current browser.

    math_fingerprint

    Runs a bunch of math calculations.

    This can be used to detect if the enforcement script is being run in a different environment than is claimed by the client. For example, calculating the math like V8 (Chrome) but claiming to be JavaScriptCore (Safari).

    1l2l5234ar2

    Checks if you have DevTools open or are using Puppeteer.

    29s83ih9

    Checks for different sandbox environments such as JSDom.

    media_query_dark_mode

    Queries for dark mode.

    matchMedia("(prefers-color-scheme: dark)").matches;

    f9bf2db

    Checks various CSS media queries shown below:

    • "pc" = "prefers-contrast"
    • "ah" = "any-hover"
    • "ap" = "any-pointer"
    • "p" = "pointer"
    • "h" = "hover"
    • "u" = "update"
    • "ic" = "inverted-colors"
    • "prm" = "prefers-reduced-motion"
    • "prt" = "prefers-reduced-transparency"
    • "s" = "scripting"
    • "fc" = "forced-colors"

    This succeeds css_media_queries.

    css_media_queries (replaced by f9bf2db)

    NOTICE: Removed as of 3.4.0

    • matchMedia("(prefers-color-scheme:light)");
    • matchMedia("(prefers-color-scheme:dark)");

    css_color_gamut

    NOTICE: Removed as of 3.4.0

    Checks what color gamuts are supported.

    • matchMedia("(color-gamut:rec2020)");
    • matchMedia("(color-gamut:p3)");
    • matchMedia("(color-gamut:srgb)");

    css_contrast

    NOTICE: Removed as of 3.4.0

    Checks user's contrast preference.

    • matchMedia("(prefers-contrast:low)");
    • matchMedia("(prefers-contrast:less)");
    • matchMedia("(prefers-contrast:no-preference)");
    • matchMedia("(prefers-contrast:more)");
    • matchMedia("(prefers-contrast:high)");
    • matchMedia("(prefers-contrast:forced)");

    css_monochrome

    NOTICE: Removed as of 3.4.0

    Checks user's monochrome preference.

    css_pointer

    NOTICE: Removed as of 3.4.0

    • matchMedia("(any-pointer:1)");
    • matchMedia("(any-pointer:coarse)");
    • matchMedia("(any-pointer:none"); ")
    • matchMedia("(any-pointer:fine)");

    css_grid_support

    NOTICE: Removed as of 3.4.0

    • matchMedia("(grid:1)");
    • matchMedia("(grid:0)");

    getFonts

    Checks for the presence of 65 different fonts from a predetermined list. This could be used to detect your platform. For example, Wingdings is only on Windows.

    Can can be empty on some sites including R****x due to display: none on their dialog.

    Search for "fade modal-modern modal-modern-challenge-captcha in modal"

    Source: { className: "modal-modern modal-modern-challenge-captcha", show: (p || !T) && !L.current, style: { display: T ? "block" : "none" }, onHide: P, backdrop: !!T && "static" } Source: .modal-dialog .modal-content .modal-body .modal-processing { display: none }

    TO

    Checks your timezone. This can be correlated with the approximate location of your IP address.

    rtc_peer_connection (5dd48ca0)

    Checks the existence of:

    • window.RTCPeerConnection;
    • window.mozRTCPeerConnection;
    • window.webkitRTCPeerConnection;

    And then stores the result in a number using bit shifting.

    jsbd

    • HL: window.history.length;
    • NCE: navigator.cookieEnabled;
    • DT: document.title;
    • NWD: JSON.stringify(navigator.webdriver);

    6a62b2a558

    Script version hash:

    "enforcement.6c9d6e9be9aa044cc5ce9548b4abe1b0.js";

    4b4b269e68

    Random UUID:

    crypto.randomUUID();

    c8480e29a

    MD5 hashed surl.

    md5(surl) + (surl ? "\u2062" : "\u2063");

    4ca87df3d1

    mbio mouse events. See the events page for more details.

    function insertEvent() { const n = { timestamp: Date.now() - Qt.timestamp, type: e, x: m.pageX, y: m.pageY, }; Qt["4ca87df3d1"].push(n); _lastMouseMove = n; } if(Qt["4ca87df3d1"].length < 75) { if(e === 0) { if(_lastMouseMove) { if(Math.sqrt((m.pageX - _lastMouseMove.x) * (m.pageX - _lastMouseMove.x) + (m.pageY - _lastMouseMove.y) * (m.pageY - _lastMouseMove.y)) > 5) { insertEvent(); } return; } else { insertEvent(); return; } } Qt["4ca87df3d1"].push({ timestamp: Date.now() - Qt.timestamp, type: e, x: m.pageX, y: m.pageY, }); }

    867e25e5d4

    mbio touch events. See the events page for more details.

    for(let i = 0; i < v.touches.length; i += 1) { if(Qt["867e25e5d4"].length < 75) { Qt["867e25e5d4"].push({ timestamp: Date.now() - Qt.timestamp, type: e, x: Math.floor(v.touches[i].pageX), y: Math.floor(v.touches[i].pageY), }); } }

    d4a306884c

    mbio key events. See the events page for more details.

    const keyboardEventTypes = { Tab: 0, Enter: 1, Space: 3, ShiftLeft: 4, ShiftRight: 5, ControlLeft: 6, ControlRight: 7, MetaLeft: 8, MetaRight: 9, AltLeft: 10, AltRight: 11, Backspace: 12, Escape: 13, }; if(Qt.d4a306884c.length < 75) { Qt.d4a306884c.push({ timestamp: Date.now() - Qt.timestamp, type: e, code: keyboardEventTypes[A.code] ?? 14, }); }

    43f2d94

    Collects web3 data such as if MetaMask is available.

    4f59ca8

    Checks if Apple Pay is available and what version is supported.

    20c15922

    Checks if Bluetooth is available.

    c2d2015

    Collects sensor data (see source) and MD5 hashes it.

    3ea7194

    Checks if "HDR10", "HLG", "DolbyVision" codecs are supported. Checks if HDR is supported.

    05d3d24

    Checks the following CSS properties, sorts, stringify "key=value;key=value", md5 hash:

    • "(prefers-color-scheme: dark)"
    • "(prefers-reduced-motion: reduce)"
    • "(forced-colors: active)"
    • "(color-gamut: p3)"
    • "(color-gamut: srgb)"
    • "(prefers-contrast: more)"
    • "(inverted-colors: inverted)"
    • "(any-hover: hover)"
    • "(prefers-reduced-data: reduce)"
    • "(prefers-reduced-transparency: reduce)"
    • "(dynamic-range: high)"
    • "(hover: hover)"
    • "(pointer: fine)"
    • "(pointer: coarse)"
    • "(orientation: landscape)"
    • "(display-mode: fullscreen)"
    • "(display-mode: standalone)"
    • "(display-mode: minimal-ui)"
    • "(video-color-gamut: p3)"
    • "(video-color-gamut: srgb)"
    • "(video-color-gamut: rec2020)"
    • "(video-contrast: high)"
    • "(video-dynamic-range: high)"

    83eb055

    Gets the keyboard layout. Returns false in 2.13.0 because of "SecurityError: getLayoutMap() must be called from a top-level browsing context or allowed by the permission policy." since 3.x.x is architected differently.

    vsadsa

    basfas

    window.performance.memory.jsHeapSizeLimit

    lfasdgs

    Arkose Build ID (header: "ark-build-id"). "cbid" likely stands for Client Build ID.

    window.arkl.cbid

    network_info_rtt_type

    This value has been repurposed for use inside the virtual machine. It takes the first 3 characters of webgl_extensions_hash and webgl_hash_webgl then merges them.

    screen_pixel_depth

    This value has been repurposed for use inside the virtual machine. It takes the pixel depth and multiplies by 3.