Closed tetra-fox closed 7 years ago
:+1:
It looks like kahoot have added a challenge to make it harder for bots to join games. Fortunately the challenge is only simple maths so i will have it working soon.
Any update ?
Yes, Kahoot are trying to make it difficult by changing up their session cookie system. It is getting complicated but ill have it fixed soon
@msemple1111 my working implementation would probably serve as a useful reference. I had to read kahoot's obfuscated JavaScript to figure out what they were up to.
@unixpickle what exactly is line 57-59 doing?
Lets say i have the result of the challenge and the raw "x-kahoot-session-token", what is happening to get the resulting working session token?
So we base64 decode the x-kahoot-session-token, leaving us with a nasty string of bytes--for example, say {0x11, 0x22, 0x33, 0x44, 0x55}. We solve the challenge, giving us a string of bytes like "123" (written in ASCII as {0x31, 0x32, 0x33}).
We then compute the final session token by XOR-ing the challenge's bytes with the bytes of the base64-decoded token (challenge's bytes in italics):
{0x11 ^ 0x31, 0x22 ^ 0x32, 0x33 ^ 0x33, 0x44 ^ 0x31, 0x55 ^ 0x32, ...}
The session token is a lot longer than the result of the challenge, so we have to repeat the challenge's bytes multiple times—once we get to the end of it, we go back to the beginning, hence the %
(modulus).
Thanks @unixpickle for the reference, all working.
fixed 0e04539
i've tried both flood.py and play.py and each time i enter a pin they say a game with that pin doesn't exist
screenshot below