Cheat in Candy Crush Saga: Easier than you think
by Cheater on Feb.28, 2013, under club penguin
Well the other day I took a little peek at Candy Crush Saga’s security mechanisms and I found them somewhat lacking. It is trivial to skip levels and input arbitrary scores and their servers will accept it without too much trouble.
First you need to get your session id. In Chrome you can do it by opening Facebook, right clicking on a blank bit of the page and in the Developer Tools menu clicking ‘Network’. Then open the game.
You will see a lot of different hits that your browser is making, but you want to scroll down until you find the gameInit request. Copy and paste that url in to a new tab to load it and scroll right down to the bottom. There will be a chunk of text at the bottom like “currentUser”:{“userId”:10169xxxxx. 10169xxxxx is your user id so keep that for later. In the url you also see gameInit?_session=M-RzT9CNQfjM6xxxxxxx and the part after the = is your session id. You also need this.
Behind the scenes Candy Crush Saga uses a different naming scheme for the levels. You have an episode id and a level id. Episode id seems to be after every ‘break’ in the track in game and level id is the number of levels after the break starting from 1. For example level 39 is episode 4 level 4.
So you now have the following information:
Episode id: 4
Level id: 4
Session: M-RzT9CNQfjM6xxxxxxx
Facebook id: 10169xxxxx
Score: 123456 (Make something roughly plausible up for this)
You now need to make the security checksum. They simply hash a specific string and use the first 6 hex characters. Open a online MD5 tool such as this one which has a text box and a button and it outputs a string of gibberish when you press the button.
In the text box write this, filling in the values inside the square brackets as you go:
[episodeId]:[levelId]:[score]:-1:[userId]:1361826675157:BuFu6gBFv79BH9hk
The bit on the end is their ‘top secret’ verification string. You end up with something like this:
4:4:123456:-1:10169xxxxx:1361826675157:BuFu6gBFv79BH9hk
Pop that in to the MD5 box and hit hash. Make sure there are no spaces before or after your text as that changes the outcome. You should get 72a872f0399990657b6dd5fd2012691d for this example. You are only interested in the first 6 characters so keep 72a872 and ignore the rest.
Then you create the magical submit score request and load it in your browser. Fill in the blanks then open it. 
https://candycrush.king.com/api/gameEnd?arg0={“score”:[score],”seed”:1361826675157,”cs”:”[6 character hash]“,”timeLeftPercent”:-1,”episodeId”:[episodeId],”reason”:0,”levelId”:[levelId]}&_session=[sessionId]
Remember the bits in [] brackets are the sections you replace. Don’t alter the rest.
Happy cheating.
Strip all but certain characters from a string in PHP (such as alphanumeric, numeric, etc…)
by Cheater on May.09, 2012, under internet
The #1 result in Google for stripping characters out of strings in PHP is awful and uses the deprecated ereg_replace function so lets make a new search result using preg_replace which is much better, faster and it is fully supported in PHP 5.3 and 5.4.
Allow only alphanumeric:
$out = preg_replace('|[^A-Za-z0-9]|', '', $in);
Only numeric:
$out = preg_replace('|[^0-9]|', '', $in);
Alphanumeric with whitespace:
$out = preg_replace('|[^A-Za-z0-9\s]|', '', $in);
The ^ means match everything that is not listed, so you just list anything you need like symbols, numbers and letters and it will match everything else and replace it with nothing leaving you with a nice clean string. You can use this to filter stuff like hexadecimal, base64, postcodes, or just to force plain text.
Australian Aerial Photography
by Cheater on Mar.20, 2012, under internet, realsauce
We’ve recently been provided with some really high aerial photography of various places such as Armidale, Batemans Bay, Broulee, Forster and Narooma.
It goes down from 10 to 6 cm resolution on the ground which is 8x better than Google’s satellite imagery in those areas.
It chews up over 100gig at the moment and more areas are being flown. Had to drive a portable hard drive of data to the data center to move it all. When you can very clearly see individual wires on a power line you know its good footage.
Apartments Australia is now Live!
by Cheater on Dec.02, 2011, under club penguin
Apartments Australia is a new real estate portal we have created to focus on Apartments, Townhouses and Units. We’ve given it a modern design, quite unlike most real estates on the net today. It also features some new features such as SMSing a property to yourself.
Google Crawl Rate – Wow!
by Cheater on Oct.16, 2010, under google, internet
Well usually Google’s maximum crawl rate in Google Webmaster Tools is limited to 0.5 requests/second as the fastest rate possible with the slider.
The growth of PropertyNow however has caused that speed to increase – first to 0.8 requests/second then to 1.5 requests/second then even faster still to 2.5 requests/second.
That is the fastest I’ve ever heard of. There has been a increase in quality content, and also the server can handle the speed, so naturally Google wants to crawl it all as soon as possible and refresh it as often as possible. The logs show that they do actually push that limit but in bursts rather than constantly.
This change has also coincided with alterations of the search results. All keywords dropped temporarily during the speedy crawl period.
Very interesting stuff indeed.
PropertyNow and Google Crawl Stats
by Cheater on Oct.08, 2010, under google, internet, realsauce, website
PropertyNow Real Estate has just recently opened its doors to agents and its done so in a big way. A very large number of agents have already signed up and more are coming.
So much so, Google has taken a interest. Googlebot has been frantically crawling the past couple of days, and the Crawl Rate settings have changed as well. Usually you cant ask Googlebot to go any faster than 0.5 requests/s but it is now letting me select up to 1.25 requests/sec or 0.8 seconds between requests! I’ve never seen that behaviour before.
We’ll have to see if that is reflected by a improvement in the search results. Fingers crossed.
4chan and AFACT
by Cheater on Sep.29, 2010, under internet, vps, website
4chan has been on a rampage against any anti-piracy groups who annoy them and the list of casualties is pretty long.
Yesterday they attacked AFACT (Australian Federation Against Copyright Theft) and managed not only to take their site out, but they completely flattened NetRegistry who was their host.
On Whirlpool, NetRegistry is now being slammed for hosting them. It sounds like they will lose a bit of credibility after this one. Not only because some people are sympathetic towards 4chan’s cause, but also because NetRegistry willingly hosted a high risk site right next to everyone else’s website.
You really see a host’s true colours after a incident after this. A NetRegistry rep, Angelina Potapova, isnt handling the criticism very well. She’s basically said that anyone who criticises them must be one of the attackers which isnt a smart move when they are your customers or potential customers. She also incorrectly credited the attack to The Pirate Bay when it was 4chan who is completely unrelated.
As someone who pays for hosting through a provider, if they were hosting a high value target such as AFACT anywhere near my hosting, I’d be looking very closely at my SLA and I’d also look for a new host. Keeping them on the same infrastructure as everyone else is horribly stupid. Not that it would have mattered if NetRegistry separated the site because the DDoS flattened their routers as well from the sound of it. They completely went offline for a good hour or two and everything was sluggish for quite awhile later.
I sure hope they are making AFACT pay for breaking everyone’s SLA…..thats if they have one. I couldnt find theirs which isn’t a good sign for their customers.
By the way, yes AFACT is the group that has been suing iiNet for not breaking the law and giving AFACT personal details on subscribers so my sympathy is limited.
Bizarre and quirky things
by Cheater on Sep.28, 2010, under internet, update
Well I’ve finally gotten the Luxury Homes Australia Blog going which has got some pretty cool things. We send them out as a newsletter every week or so.
I’ve also managed to finally find a very tall lava lamp. I’ve been looking for one for ages but its almost as if they dont exist. Its nice and tall with a metal stand which supports it. Only come in blue and red with clear liquid but beggars cant be choosers. $40 made it a quick sell.
Cornelia Funke’s new book ‘Reckless’
by Cheater on Sep.15, 2010, under internet
Well here I am at 1:50am doing server watching duty.
Why? It is the release of Cornelia Funke’s new book called Reckless, and the server I’m watching is the official website. If anything goes wrong then I need to scramble around and fix it. I didnt create the website, but I’ve been tasked with making sure it can scale to stand up to the barrage of visitors from the Official New York premier of the book. Every single book has the URL in it so its not a small feat.
It should go well.
Few more hours and then the worst will be over and I can get a little bit of sleep before real work tomorrow.
Why global warming should be taken with a pinch of salt
by Cheater on Sep.10, 2010, under environment, global warming
Just the other day, a prime example of why you need to take global warming stuff with a pinch of salt. The problem? Not enough data.
NASA’s Gravity Recovery and Climate Experiment (GRACE) satellite data has been used to make an estimate of ice melt from Greenland and Western Antarctica. Why Western Antartica? Cause the rest of Antarctica is actually gaining ice. No one has the faintest idea why. That satellite data has now been shown to estimate 3x more melting than there actually is.
Just like in 2008 when the Arctic was predicted to melt completely. No ice at all during the summer. All the data was saying that it would be a bad year to be a polar bear.
But none of the predictions came true. The data was completely off.
It would be nice if the politicians made us stop wasting resources sure, but we dont have the faintest idea how the environment works, as shown by Antarctica growing and dozens of other examples. Do we know enough to create policy that has severe impacts everywhere especially the economy?
