NickStallman.net

Well the other day I took a little peek at Candy Crush Saga’s security mechanisms and I found them somewhat lacking. It is trivial to skip levels and input arbitrary scores and their servers will accept it without too much trouble.

First you need to get your session id. In Chrome you can do it by opening Facebook, right clicking on a blank bit of the page and in the Developer Tools menu clicking ‘Network’. Then open the game.

You will see a lot of different hits that your browser is making, but you want to scroll down until you find the gameInit request. Copy and paste that url in to a new tab to load it and scroll right down to the bottom. There will be a chunk of text at the bottom like “currentUser”:{“userId”:10169xxxxx. 10169xxxxx is your user id so keep that for later. In the url you also see gameInit?_session=M-RzT9CNQfjM6xxxxxxx and the part after the = is your session id. You also need this.

Behind the scenes Candy Crush Saga uses a different naming scheme for the levels. You have an episode id and a level id. Episode id seems to be after every ‘break’ in the track in game and level id is the number of levels after the break starting from 1. For example level 39 is episode 4 level 4.

So you now have the following information:

Episode id: 4
Level id: 4
Session: M-RzT9CNQfjM6xxxxxxx
Facebook id: 10169xxxxx
Score: 123456 (Make something roughly plausible up for this)

You now need to make the security checksum. They simply hash a specific string and use the first 6 hex characters. Open a online MD5 tool such as this one which has a text box and a button and it outputs a string of gibberish when you press the button.

In the text box write this, filling in the values inside the square brackets as you go:
[episodeId]:[levelId]:[score]:-1:[userId]:1361826675157:BuFu6gBFv79BH9hk

The bit on the end is their ‘top secret’ verification string. You end up with something like this:
4:4:123456:-1:10169xxxxx:1361826675157:BuFu6gBFv79BH9hk

Pop that in to the MD5 box and hit hash. Make sure there are no spaces before or after your text as that changes the outcome. You should get 72a872f0399990657b6dd5fd2012691d for this example. You are only interested in the first 6 characters so keep 72a872 and ignore the rest.

Then you create the magical submit score request and load it in your browser. Fill in the blanks then open it.

https://candycrush.king.com/api/gameEnd?arg0={“score”:[score],”seed”:1361826675157,”cs”:”[6 character hash]“,”timeLeftPercent”:-1,”episodeId”:[episodeId],”reason”:0,”levelId”:[levelId]}&_session=[sessionId]

Remember the bits in [] brackets are the sections you replace. Don’t alter the rest.

Happy cheating.

Apartments Australia is a new real estate portal we have created to focus on Apartments, Townhouses and Units. We’ve given it a modern design, quite unlike most real estates on the net today. It also features some new features such as SMSing a property to yourself.

She is quite a fan of TV and will sit in her paper watching TV at night.
This was taken last night while GNW (Good News Week) was on.

Bunny watching Good News Week

I’m not sure what type of spider this is but its very colourful, and its massive. The web is also very large covering the space between two poles and is very intricate.

Only way to get my N85 to focus on it was to get very close to the spider. The picture was taken about 2cm away from it.

Large colourful spider - Close up

Two Asus VW225TL 22″ monitors next to each other and Logitech 5.1 surround.

The monitors are brilliantly bright. They are mid-range (not the cheapest model) and run at 1680×1050.
On the screen is a very pretty rendering of the solar system, and the desktop is KDE 4.2. Of course its KDE 4.4 now but the pic was taken some time ago.

My Computer - 22" monitors and view of cables at the bottom

For my work for RealSauce, our primary method of advertising is by fax.

What you see here is three D-Link serial dialup modems, three phone lines coming from behind the desk, the power setup and the silvery cables are three USB -> RS232 adaptors.

Oh and a lot of cable ties.

Three modems being used to send faxes

Sometimes you just see the paper moving but you cant see her at all.

Bunny hiding in paper

I believe the technical term for this is the Dead Bunny Flop.

Its hard work being a bunny it seems.

Dead Bunny Flop

For some reason she loves sitting in that box.
She has a Logitech box as well, but she much prefers Asus.

Bunny being very comfortable in a box with shredded paper

Ugh. I put my website up and then wake up to two emails from Club Penguin people.

Club Penguin is too simple to hack. Its no challenge.
No I wont make more hacks.

Talk to RancidKraut, not me.