Closed mensah-j closed 7 years ago
Hi jeff,
Yes your correct, you start by 'reserving' (testing the pin exists), then you start to communicate via POST requests (formatted as JSON) with the kahoot server. After the reserve, kahoot checks if the client can upgrade from http to websockets (because this uses less connections, but most school networks are firewalled to not allow websockets). If websockets are not supported, the kahoot client falls back to 'call-back polling'. This is where the client sends a HTTP request, the server then keeps the connection open until it needs to send something back or 30 seconds is up where it just sends a connection back. If you use callback polling or websockets, the payload itself it the same. Each payload has a 'channel' to describe what it is doing. It then has the data associated with that channel.
This project uses the callback polling so that it can be ran from any network. It is up to you if you want to use callback polling or websockets, callback polling uses more network connections but is supported almost everywhere.
Chrome's dev tools will not show Websockets connections, so perhaps this is why your quite confused. I would use a piece of software called 'mitm proxy', if you want to use web socket, make sure this is enabled.
The two factor authentication can be ignored. The challenges are quite easy to do, but i would just add the 'http://safeval.pw' service used here is quite bad on 150+ connections within a few seconds.
Overall this is a reasonably complex, you will need to use concurrency, encode/decode JSON and Base64, communicate with kahoot using its protocol and a load of other stuff.
@msemple1111 Chrome's dev tools can show you WebSocket connections. I made my entire tool without needing anything like MITM proxy.
Also, as an aside, you should probably only be using safeval.pw as a fallback. Since the challenges have not changed for a while, it's fairly safe to implement them in code (which is what my tool does). Looking at the traffic for safeval.pw, I see that 99% of the traffic comes from Python scripts :P.
@unixpickle I didn't even know that, thanks! When ever I tried to do it, it would get anything. I do agree safeval.pw should be used as a fallback, I just assumed kahoot would keep changing their challenges so I never bothered to implement that - ill get onto that.
Oh wow, thanks a ton! You all helped me so much.
@jeffx99 if you have any more questions just pop them in here. I do hope to write some documentation someday but that day never seems to come.
Can a documentation / overview be provided for the understanding of the code? I'm trying to build my own kahoot flood in C++. Here is what I am thinking should be happening so far
I've gotten this from analyzing the requests sent through Chrome's Developer Tools Network Tab. I don't know what is happening in step two however. Is this stuff knowledge to kahoot programmers or something? I'm only 15 but I'm hoping it should be simple enough right?
EDIT: I've figured that you take the JS code given to you, evaluate it, and XOR that with the "session-token." (How in the world did you figure that out?)
Also what are the payloads and why are they used?So payloads are the body of a POST request I guess. I may not be reading into it right, but the data you are sending is not what I'm reading from the Dev Tools in Chrome.