Click a html5-based Web Christmas game

There are many ways to celebrate on Christmas Eve. A student technical team in the school has a Christmas web game. The link is http://christmas.hustonline.net/game1. Below are the awards,

The main reason is that the prizes on the homepage are very attractive. Since yesterday, that is, the Christmas Eve day, the homepage has been launched. After reading this html5-based game, I personally think that the development trend of js should not be underestimated! Then I want to see if I can plug it in! The result was easily broken yesterday, because although the js front-end was well written, there was no judgment in the background and the processing was rough. So after talking to others, we improved a lot today's Christmas. Each time we submit a score, we first request an auth ciphertext, and then send it back to the server together with the score for determination, specifically, cookies are used to store user IDs and encrypted characters. Therefore, the curl library of php is used to start the process of scoring.

First, after playing it once manually, enable the network background and find that js asynchronously sends two requests, for example:

The first is to obtain the auth ciphertext first. view the details to find the sent content and returned content, as shown below:

(Ajax post data)

(Returned auth ciphertext)

The ciphertext will be sent to the backend for verification in the second request according to certain rules. The following describes the content of the second request:

After many experiments, we found that the first two pairs of data sent are the four ciphertext data returned from the first request, the distribution is based on the index Array returned by the first request, which removes the corresponding number of characters and then truncates 8 and 13 characters to send the request information. Then, add the name, score, and other information to send the message. After the above analysis, the final source code is as follows:

 

 Start sending the request end_auth ...; $ headers ['content-type'] = 'application/x-www-form-urlencoded'; $ headers ['content-length'] = 20; $ headers ['Accept-charset'] = 'utf-8, *; q = 000000'; $ headers ['host'] = 'Christmas .hustonline.net '; $ headers ['Accept-encoding'] = 'gzip, deflate, sdch'; $ headers ['origin'] =' http://christmas.hustonline.net '; $ Headers ['user-agent'] = 'mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/8080 '; // $ headers ['x-Requested-with'] = 'xmlhttprequest '; $ headers ['Referer'] =' http://christmas.hustonline.net /Game1 '; $ cookieStr = 'hm _ fill = 1385282383,1386344607; uid = 4007; PHPSESSID = done'; $ postStr1 = ARG1 = 0 & ARG2 = 1 & ARG3 = 2; $ ch = curl_init (); curl_setopt ($ ch, CURLOPT_URL, http://christmas.hustonline.net /Game1/end_auth); curl_setopt ($ ch, CURLOPT_HTTPHEADER, $ headers); curl_setopt ($ ch, CURLOPT_HEADER, 0); // The response header information curl_setopt ($ ch, response, 1); // keep the returned status information curl_setopt ($ ch, CURLOPT_COOKIE, $ cookieStr); curl_setopt ($ ch, CURLOPT_POST, true); curl_setopt ($ ch, CURLOPT_POSTFIELDS, $ postStr1); $ backInfo = curl_exec ($ ch); curl_close ($ ch); $ auth = json_decode ($ backInfo, true); // auth is a two-dimensional array, index contains four numbers and keys contain four encrypted strings echo

;var_dump($auth);echo 

; // Construct the eight and 13 character request strings starting with the corresponding index $ authIndex1 = substr ($ auth ['keys '] [0], $ auth ['index'] [0], 8); $ authKeys1 = substr ($ auth ['keys'] [1], $ auth ['index'] [1], 13); $ authIndex2 = substr ($ auth ['keys '] [2], $ auth ['index'] [2], 8); $ authKeys2 = substr ($ auth ['keys'] [3], $ auth ['index'] [3], 13); $ msg = json_encode (array ($ authIndex1 => $ authKeys1, $ authIndex2 => $ authKeys2, name => oshyn, score => 97900, tel => 13647215948, game => 1); $ postStr = msg =$ {msg}; // print $ postStr .; // Number of request credits $ scoreHeader = array (); $ scoreHeader ['Accept '] = '*/*'; $ scoreHeader ['Accept-charset'] = 'utf-8, *; q = 000000'; $ scoreHeader ['Accept-color'] = 'zh-CN, zh; q = 0.8 '; $ scoreHeader ['connection'] = 'keep-alive'; $ scoreHeader ['content-length'] = strlen ($ postStr ); $ scoreHeader ['content-type'] = 'application/x-www-form-urlencoded'; $ scoreHeader ['user-agent'] = 'mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) '; $ scoreHeader ['phpsessid'] = 'done'; $ scoreHeader ['host'] = 'Christmas .hustonline.net '; $ scoreHeader ['origin'] =' http://christmas.hustonline.net '; $ ScoreHeader ['Referer'] =' http://christmas.hustonline.net /Game1 '; $ scoreCh = curl_init (); curl_setopt ($ scoreCh, CURLOPT_URL, http://christmas.hustonline.net /Game1/upload_score); curl_setopt ($ scoreCh, expires, $ scoreHeader); curl_setopt ($ scoreCh, CURLOPT_HEADER, 0); // The response header information curl_setopt ($ scoreCh, response, 1); // keep returned status information curl_setopt ($ scoreCh, CURLOPT_COOKIE, $ cookieStr); curl_setopt ($ scoreCh, CURLOPT_POST, true); curl_setopt ($ scoreCh, CURLOPT_POSTFIELDS, $ postStr); $ back = curl_exec ($ scoreCh); curl_close ($ scoreCh); echo
Returned result: $ back; $ End = microtime (true); $ taketime = sprintf ('%. 5f', $ end-$ start); echo
Request complete! $ {Taketime} s.
;?> After the request is complete, the correct information is returned, as shown in:

 

After that, you can set a score to be sent. Of course, this is only a Christmas activity and only for entertainment. It does not support any vicious force cracking, it is also out of the use of the php curl function library and the understanding of the http protocol. When talking with others, some people say that using the TCP layer to transmit scores and other information will be safer. This game is based on html5, so it is only supported by modern browsers. Therefore, websocket can be used for transmission, however, the principles are similar. In fact, this is to construct a complete auth authentication mechanism to prevent the score.