paris-ci
commented
7 years ago :+1:
Closed tetra-fox closed 7 years ago
paris-ci
commented
7 years ago :+1:
msemple1111
commented
7 years ago It looks like kahoot have added a challenge to make it harder for bots to join games. Fortunately the challenge is only simple maths so i will have it working soon.
paris-ci
commented
7 years ago Any update ?
msemple1111
commented
7 years ago Yes, Kahoot are trying to make it difficult by changing up their session cookie system. It is getting complicated but ill have it fixed soon
unixpickle
commented
7 years ago @msemple1111 my working implementation would probably serve as a useful reference. I had to read kahoot's obfuscated JavaScript to figure out what they were up to.
msemple1111
commented
7 years ago @unixpickle what exactly is line 57-59 doing?
Lets say i have the result of the challenge and the raw "x-kahoot-session-token", what is happening to get the resulting working session token?
unixpickle
commented
7 years ago So we base64 decode the x-kahoot-session-token, leaving us with a nasty string of bytes--for example, say {0x11, 0x22, 0x33, 0x44, 0x55}. We solve the challenge, giving us a string of bytes like "123" (written in ASCII as {0x31, 0x32, 0x33}).
We then compute the final session token by XOR-ing the challenge's bytes with the bytes of the base64-decoded token (challenge's bytes in italics):
{0x11 ^ 0x31, 0x22 ^ 0x32, 0x33 ^ 0x33, 0x44 ^ 0x31, 0x55 ^ 0x32, ...}
The session token is a lot longer than the result of the challenge, so we have to repeat the challenge's bytes multiple times—once we get to the end of it, we go back to the beginning, hence the % (modulus).
msemple1111
commented
7 years ago Thanks @unixpickle for the reference, all working.
msemple1111
commented
7 years ago fixed 0e04539
i've tried both flood.py and play.py and each time i enter a pin they say a game with that pin doesn't exist
screenshot below