ecc521 / gimkit-bot

An answer bot for gimkit
GNU General Public License v2.0
45 stars 73 forks source link

Support for GimKit 4 #1

Closed ecc521 closed 4 years ago

ecc521 commented 5 years ago

GimKit 4 has changed the way that the answer choices work, causing the bot to fail.

MoonBarc commented 5 years ago

aw snap. :( i'll try to fix but it might take a little

ecc521 commented 5 years ago

Thats fine. Using .click() on answer choices doesnt work anymore. You probably want to go through devtools and delete listeners until it doesnt work - see what it is doing.

It could also be detecting the mouse pointer position or something - so examining the minified file (yuck) could help.

MoonBarc commented 5 years ago

Unfortunately I don't think you can move the mouse with javascript :/ What might be happening is they might've moved around some divs, causing the css selectors to try to click on something else (like the header), which does nothing.

MoonBarc commented 5 years ago

Nevermind, I think you're right. That's tricky. It has several listeners for things like mousein, mouseout, etc. Maybe you could modify the source code with code from a previous version of gimkit using the web archive, and then inject it and remove the new one. I'll see if that works.

MoonBarc commented 5 years ago

Alright, sorry for the 3rd comment in a row i promise this'll be the last one. I found the wayback link. But it does seem to be pretty hard to do as you'd have to run bot.js before any of the scripts load, and quickly inject the old one and remove the new one that's causing problems. idk how to do this but it's probably possible with an extension that blocks the new script from loading and uses the old script instead, maybe like an adblock that does weird things with proxies.

ecc521 commented 5 years ago

You cant move the mouse with javascript... but you can create mouseevents and dispatch them, faking out the page.

ecc521 commented 5 years ago

I'm quite busy right now, but Ill look at it some more once I have time.

On Sun, Oct 6, 2019, 11:30 AM Tucker Willenborg tuckerwillenborg@gmail.com wrote:

You cant move the mouse with javascript... but you can create mouseevents and dispatch them, faking out the page.

On Sun, Oct 6, 2019, 8:58 AM MoonBarc notifications@github.com wrote:

Nevermind, I think you're right. That's tricky. It has several listeners for things like mousein, mouseout, etc. Maybe you could modify the source code with code from a previous version of gimkit using the web archive, and then inject it and remove the new one. I'll see if that works.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ecc521/gimkit-bot/issues/1?email_source=notifications&email_token=AKDVOGZMIJ2KZMVS23CB2BDQNHOI5A5CNFSM4I5OSL7KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAOJQBQ#issuecomment-538744838, or mute the thread https://github.com/notifications/unsubscribe-auth/AKDVOGYGGIXU4YP5524SAXDQNHOI5ANCNFSM4I5OSL7A .

ecc521 commented 5 years ago

The best way to this would be to avoid messing with gimkits code - it may change such that the old site is incompatible with the new server side code

On Sun, Oct 6, 2019, 11:31 AM Tucker Willenborg tuckerwillenborg@gmail.com wrote:

I'm quite busy right now, but Ill look at it some more once I have time.

On Sun, Oct 6, 2019, 11:30 AM Tucker Willenborg < tuckerwillenborg@gmail.com> wrote:

You cant move the mouse with javascript... but you can create mouseevents and dispatch them, faking out the page.

On Sun, Oct 6, 2019, 8:58 AM MoonBarc notifications@github.com wrote:

Nevermind, I think you're right. That's tricky. It has several listeners for things like mousein, mouseout, etc. Maybe you could modify the source code with code from a previous version of gimkit using the web archive, and then inject it and remove the new one. I'll see if that works.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ecc521/gimkit-bot/issues/1?email_source=notifications&email_token=AKDVOGZMIJ2KZMVS23CB2BDQNHOI5A5CNFSM4I5OSL7KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAOJQBQ#issuecomment-538744838, or mute the thread https://github.com/notifications/unsubscribe-auth/AKDVOGYGGIXU4YP5524SAXDQNHOI5ANCNFSM4I5OSL7A .

MoonBarc commented 5 years ago

But what if it is indeed checking for a mouse position... how can we avoid that?

ecc521 commented 5 years ago

~~We pretend the mouse is somewhere else... Just create the MouseEvent - then dispatch it.~~

If it is checking for mouse hovers, etc, we can also fake those.

UPDATED: See comment below.

ecc521 commented 5 years ago

Ok. It's worse than I thought. Dispatching all the correct events does NOT work (I tried that out, see my js-click repo). It looks like GimKit is checked the isTrusted property - a property that can't be modified from client side JS (this is sad - in my opinion, javascript should be able to do anything that is not a security risk or heavy on the system). It looks like the only way to make this work is to play hardball and go with a chrome extension... Won't give us Firefox or Safari support, but oh well. https://developer.chrome.com/extensions/debugger

ecc521 commented 5 years ago

The other option would be the native app based on puppeteer, electron, or something else. https://www.npmjs.com/package/puppeteer/v/1.10.0-next.1542771500097 https://electronjs.org/ I would say we should probably go with puppeteer or an extension for now.

ghost commented 4 years ago

Hows it going guys? Any progress on this? I'd like to help out once I understand what's going on.

ecc521 commented 4 years ago

I'm quite busy, and haven't really had any time to work on this. Basically, GimKit has started checking the isTrusted property, which allows it to detect when clicks are created through JavaScript.

The only way to fake the isTrusted property is through a modified browser, or an extension. We could also consider replacing all instances of isTrusted with true in GimKit's code, although that could cause a bit of an arms race.

ecc521 commented 4 years ago

Something like Tampermonkey may work, however I suggest we use Puppeteer

kaijchang commented 4 years ago

Has anyone checked this out for Chrome? https://chromedevtools.github.io/devtools-protocol/1-2/Input

ecc521 commented 4 years ago

That appears to be part of the DevTools API - which we can access (I believe) from either a Chrome extension or from puppeteer or another similar tool.

ecc521 commented 4 years ago

EDIT: The commenter that I was replying to subsequently deleted all their comments. At the moment, I am not quite sure why.

What you are doing is reverse-engineering GimKit's network communication - essentially building a new bot client. That design has far more potential than this design, but is harder to implement and inherently different.

We can fake isTrusted, but only with an extension or app.

Replacing isTrusted with true in GimKit's code has potential to cause an arms race. I would rather not do that.

ecc521 commented 4 years ago

If you can get the entire kits data, then GimKit is clearly holding important data client side - a bad design. They should expect to be horribly burned by bots then.

ecc521 commented 4 years ago

I'm suprised that worked for you. I'd tried that, and pretty much everything else with dispatchevent and event when GimKit 4 came out. Either I somehow missed that, or they changed their design.

If it works now, you can submit a PR. While your at it, you may want to confirm that the prices are still correct.

If you do make a PR, please make a function to do the clicking. I intend to add the mouseup mousedown events etc so they can't detect the fake clicks that way.

ecc521 commented 4 years ago

UPDATE: Upon further testing, using bubbles: true, and composed: true results in an error "Can't read property pageX of undefined". I'm not quite sure what is causing this issue, although adding fake click coordinates may fix it. (default value is 0, which is falsy. This would be a common code bug)

floppian commented 4 years ago

What element did you try it on?

ecc521 commented 4 years ago

Attempting to click one of the answer choices. I tried click, mousedown, etc, with bubbles and composed like normal events

floppian commented 4 years ago

Without any reverse engineering I can state that the error has nothing to do with it. When researching I didn't even see that error so it might just be you. I believe it is just the .isTrusted property. Might be a dead end I might be able to help you past this point but as my deadline approaches, Ill have to wish you luck on your project

ecc521 commented 4 years ago

The getEventListeners devtools API should allow us to fake isTrusted. It's far from ideal, but I believe this issue can be definitively fixed.

ecc521 commented 4 years ago

As of now, the bot is functional.

ecc521 commented 4 years ago

Just switched tabs after closing this issue... Now sitting at a measly ~$120,000,000,000+~ $1,400,000,000 and rapidly rising.

floppian commented 4 years ago

Im gonna estimate what the next thing thats going to happen is. Gimkit is going to update - checking for the constructor of the event data so that it is always MouseEvent. This will prevent the bot from working. I would think ahead or just not do anything. I don't know, its just my estimate from a spectator's perspective.

ecc521 commented 4 years ago

We should be able to overwrite the MouseEvent constructor if they do that, correct? I think defeating isTrusted effectively turns this into a game of cat and mouse again. (time to send my slightly scolding email to GimKit)

floppian commented 4 years ago

Don't mention me.. Ive talked to Josh a little bit, he is a really cool guy, I told him my thoughts on the stuff, but I had to appreciate that it was his business, and he should feel proud to continue with it.

Also, rewriting the MouseEvent constructor is harder than you think. Back in the good o'l days ( ha ha ) when I attempted to reverse, I tried mouseevents but I found them annoying, so I resorted to a better method.

floppian commented 4 years ago

How fast is this bot ecc521? Like 1,000,000,000 in 10 minutes?

ecc521 commented 4 years ago

Easily. It takes about 2 minutes to max out all upgrades (excluding initial time guessing at answers), then answers about 1 question a second constantly. Improvements should bring this down to about 500 milliseconds a question (2 per second).

1 question per second works out to around $320,000,000,000 (hundreds of times more than your stated billion) in ten minutes. Add in the snowstorm powerups 10% balance compounding (says 5, looks like it is actually 10), and you should be well over a trillion. (Though that gold theme breaks the bot when applied)

On Mon, Jan 6, 2020, 9:31 PM FloppyT notifications@github.com wrote:

How fast is this bot ecc521? Like 1,000,000,000 in 10 minutes?

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/ecc521/gimkit-bot/issues/1?email_source=notifications&email_token=AKDVOGYX6BIDWUJKTDDOFCTQ4PSRDA5CNFSM4I5OSL7KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIHPHLI#issuecomment-571405229, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKDVOGYBMUFJ5QQ2BYTY5FLQ4PSRDANCNFSM4I5OSL7A .

floppian commented 4 years ago

Thats okay. The snowstorm probably won't come back for a while sadly ( that was my favorite one ). All the themes are (re)defined by the client

MoonBarc commented 4 years ago

Gimkit seems to be at it again. Sorry I didn't snatch a screenshot, but it managed to detect the bot, and kick me from the game. It said something along the lines of, "Injected client script detected. Please join a different game", or something like that. I'm wondering what the causes are, and if we might be able to fix it.

floppian commented 4 years ago

Its server side, I wouldn't recommend trying to avoid or "fix" it. Also, I believe Gimkit is tracking people using scripts.. so it is a sort of warning

ecc521 commented 4 years ago

Probably detecting the global variable. That can be encapsulated.

On Wed, Jan 8, 2020, 5:33 PM MoonBarc notifications@github.com wrote:

Gimkit seems to be at it again. Sorry I didn't snatch a screenshot, but it managed to detect the bot, and kick me from the game. It said something along the lines of, "Injected client script detected. Please join a different game", or something like that. I'm wondering what the causes are, and if we might be able to fix it.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/ecc521/gimkit-bot/issues/1?email_source=notifications&email_token=AKDVOG2CQHGZRCU2NK5EDCTQ4ZIEPA5CNFSM4I5OSL7KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIOHLTI#issuecomment-572290509, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKDVOG55YZE4T6EWLNCT4PLQ4ZIEPANCNFSM4I5OSL7A .

ecc521 commented 4 years ago

Acts targeted though. Makes me consider obfuscating the code and not providing the source.

On Wed, Jan 8, 2020, 7:01 PM Tucker Willenborg tuckerwillenborg@gmail.com wrote:

Probably detecting the global variable. That can be encapsulated.

On Wed, Jan 8, 2020, 5:33 PM MoonBarc notifications@github.com wrote:

Gimkit seems to be at it again. Sorry I didn't snatch a screenshot, but it managed to detect the bot, and kick me from the game. It said something along the lines of, "Injected client script detected. Please join a different game", or something like that. I'm wondering what the causes are, and if we might be able to fix it.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/ecc521/gimkit-bot/issues/1?email_source=notifications&email_token=AKDVOG2CQHGZRCU2NK5EDCTQ4ZIEPA5CNFSM4I5OSL7KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIOHLTI#issuecomment-572290509, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKDVOG55YZE4T6EWLNCT4PLQ4ZIEPANCNFSM4I5OSL7A .

floppian commented 4 years ago

No, it is checking how fast you are answering. Make this bot less op, its unfair.

ecc521 commented 4 years ago

I told them that they would have to do that.... so they finally put an actual blocker in. May catch some people too though.

Try increasing the milliseconds in calls to sleep. Does that work?

On Wed, Jan 8, 2020, 7:09 PM FloppyT notifications@github.com wrote:

No, it is checking how fast you are answering. Make this bot less op, its unfair.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/ecc521/gimkit-bot/issues/1?email_source=notifications&email_token=AKDVOG3W2DZKDUE5UE427FTQ4ZTNJA5CNFSM4I5OSL7KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIOOIRY#issuecomment-572318791, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKDVOG3RWY3KXLEUICUCGGTQ4ZTNJANCNFSM4I5OSL7A .

floppian commented 4 years ago

I have a ranking of all Gimkit hacks made, this kind of bot is #6 ( middle ). What we all know is that this bot will have to get slower... #7. You'll probably have to make it slow enough so that it is just as fast as the fastest player, making it more fair.

ecc521 commented 4 years ago

The fastest players fastest answers - and the fastest player can miss questions, plus is effectively guaranteed to answer slower than their fastest speed. Longer questions increase the bots advantage too.

It should still be over twice as fast as the fastest player after that is all factored in.

On Wed, Jan 8, 2020, 7:14 PM FloppyT notifications@github.com wrote:

I have a ranking of all Gimkit hacks made, this kind of bot is #6 ( middle ). What we all know is that this bot will have to get slower... #7. You'll probably have to make it slow enough so that it is just as fast as the fastest player, making it more fair.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/ecc521/gimkit-bot/issues/1?email_source=notifications&email_token=AKDVOG7FMUCVOYMNEWMQ7U3Q4ZT7NA5CNFSM4I5OSL7KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIOOSPI#issuecomment-572320061, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKDVOGZLTDQUENY7GRIJGATQ4ZT7NANCNFSM4I5OSL7A .