Open AntonUden opened 5 years ago
output from https://helixgame.liseberg.se/checkgamecode looks like this { "status": 200, "data": { "status": "invalid" } }
if i change if js['data'] != "invalid": to if js['data']['status'] != "invalid":
but now it says
py .\helix.py -c Bruteforcing game code... The current code is: 0
they added udid to checkCode
` checkCode: function(func, code) { console.log("DATAMANAGER: " + this.SERVICE_VALIDATE_GAME_CODE);
// Build data to send
var data = "";
data += "code=" + code;
data += "&udid=" + this.fingerprint;
// udid, score, session
var request = new PIXI.AjaxRequest();
request.open("POST", this.SERVICE_VALIDATE_GAME_CODE, true);
request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
var scope = this;
request.onload = function() {
// do something to response
var result;
try {
result = JSON.parse(this.responseText);
} catch (error) {}
if (result && result.status && result.status == 200) {
var response = result.data;
var isValid = response.status == "invalid" ? false : true;
if (isValid) {
// Save for later use
scope.latestCode = code;
scope.sessionToken = response.token;
scope.codeTimestamp = new Date().getTime();
// Unlock bonus game and schedule notification
// and set badge number.
// First, get current unlock time for the bonus game, if any
var unlockTimestamp = Helix.Storage.getValue("bonusGameUnlockTimestamp");
console.log("UNLOCK TIME STAMP: " + unlockTimestamp);
// We don't want to set it again if already set, so find out if it is
if (unlockTimestamp == undefined) {
// The bonus game unlock time stamp isn't set, so we'll do that
// now.
var timestamp = new Date().getTime() / 1000;
// Add 24 hours because we want it unlocked tomorrow
timestamp += 60 * 60 * 24;
// Save unlock time stamp to storage, to be able to retrieve it later
Helix.Storage.setValue("bonusGameUnlockTimestamp", timestamp, true);
// Schedule notification and badge number
var notifications = new Helix.NotificationManager();
notifications.scheduleNotification("Bonusspel", "Grattis! Bonusspelet är upplåst.", timestamp, undefined);
notifications.scheduleBadgeNumber(1, timestamp);
}
}
func(isValid);
} else {
func(false);
}
};
//
request.send(data);
},`
Hi, thanks for the flag! There are actually other changes in addition to this, because right now every tested code will get the same response even with a udid. Although I suppose it's also possible that the udid I'm currently using is invalid...
PS C:\Users\Desktop\Helix-master> py .\helix.py -c Bruteforcing game code... The current code is: 5200 PS C:\Users\Desktop\Helix-master> py .\helix.py -c Bruteforcing game code... The current code is: 5300 PS C:\Users\Desktop\Helix-master> py .\helix.py -c Bruteforcing game code... The current code is: 3400 PS C:\Users\Desktop\Helix-master> py .\helix.py -c Bruteforcing game code... The current code is: 4400 PS C:\Users\Desktop\Helix-master> py .\helix.py -c Bruteforcing game code... The current code is: 1000