NickStallman.net

club penguin

Cheat in Candy Crush Saga: Easier than you think

by on Feb.28, 2013, under club penguin

Well the other day I took a little peek at Candy Crush Saga’s security mechanisms and I found them somewhat lacking. It is trivial to skip levels and input arbitrary scores and their servers will accept it without too much trouble.

Candy Crush Level Map

First you need to get your session id. In Chrome you can do it by opening Facebook, right clicking on a blank bit of the page and in the Developer Tools menu clicking ‘Network’. Then open the game.

Chrome Developer Tools showing the gameInit request

You will see a lot of different hits that your browser is making, but you want to scroll down until you find the gameInit request. Copy and paste that url in to a new tab to load it and scroll right down to the bottom. There will be a chunk of text at the bottom like “currentUser”:{“userId”:10169xxxxx. 10169xxxxx is your user id so keep that for later. In the url you also see gameInit?_session=M-RzT9CNQfjM6xxxxxxx and the part after the = is your session id. You also need this.

Behind the scenes Candy Crush Saga uses a different naming scheme for the levels. You have an episode id and a level id. Episode id seems to be after every ‘break’ in the track in game and level id is the number of levels after the break starting from 1. For example level 39 is episode 4 level 4.

So you now have the following information:

Episode id: 4
Level id: 4
Session: M-RzT9CNQfjM6xxxxxxx
Facebook id: 10169xxxxx
Score: 123456 (Make something roughly plausible up for this)

You now need to make the security checksum. They simply hash a specific string and use the first 6 hex characters. Open a online MD5 tool such as this one which has a text box and a button and it outputs a string of gibberish when you press the button.

In the text box write this, filling in the values inside the square brackets as you go:
[episodeId]:[levelId]:[score]:-1:[userId]:1361826675157:BuFu6gBFv79BH9hk

The bit on the end is their ‘top secret’ verification string. You end up with something like this:
4:4:123456:-1:10169xxxxx:1361826675157:BuFu6gBFv79BH9hk

Pop that in to the MD5 box and hit hash. Make sure there are no spaces before or after your text as that changes the outcome. You should get 72a872f0399990657b6dd5fd2012691d for this example. You are only interested in the first 6 characters so keep 72a872 and ignore the rest.

Then you create the magical submit score request and load it in your browser. Fill in the blanks then open it. :)

https://candycrush.king.com/api/gameEnd?arg0={“score”:[score],”seed”:1361826675157,”cs”:”[6 character hash]“,”timeLeftPercent”:-1,”episodeId”:[episodeId],”reason”:0,”levelId”:[levelId]}&_session=[sessionId]

Remember the bits in [] brackets are the sections you replace. Don’t alter the rest.

Happy cheating.

17 Comments more...

Apartments Australia is now Live!

by on Dec.02, 2011, under club penguin

Apartments Australia is a new real estate portal we have created to focus on Apartments, Townhouses and Units. We’ve given it a modern design, quite unlike most real estates on the net today. It also features some new features such as SMSing a property to yourself.

Leave a Comment more...

Bunny watching Good News Week at night

by on Mar.16, 2010, under club penguin

She is quite a fan of TV and will sit in her paper watching TV at night.
This was taken last night while GNW (Good News Week) was on.

Bunny watching Good News Week

Bunny watching Good News Week

Leave a Comment more...

Colourful large spider

by on Mar.16, 2010, under club penguin

I’m not sure what type of spider this is but its very colourful, and its massive. The web is also very large covering the space between two poles and is very intricate.

Only way to get my N85 to focus on it was to get very close to the spider. The picture was taken about 2cm away from it.

Large colourful spider

Large colourful spider - Close up

Leave a Comment more...

My rig – Desk side

by on Mar.03, 2010, under club penguin

Two Asus VW225TL 22″ monitors next to each other and Logitech 5.1 surround.

The monitors are brilliantly bright. They are mid-range (not the cheapest model) and run at 1680×1050.
On the screen is a very pretty rendering of the solar system, and the desktop is KDE 4.2. Of course its KDE 4.4 now but the pic was taken some time ago.

My Computer - 22" monitors

My Computer - 22" monitors and view of cables at the bottom

Leave a Comment more...

Automated Fax Setup

by on Mar.03, 2010, under club penguin

For my work for RealSauce, our primary method of advertising is by fax.

What you see here is three D-Link serial dialup modems, three phone lines coming from behind the desk, the power setup and the silvery cables are three USB -> RS232 adaptors.

Oh and a lot of cable ties.

Three modems being used to send faxes with efax

Three modems being used to send faxes

Leave a Comment more...

Bunny buried in paper

by on Mar.03, 2010, under club penguin

Sometimes you just see the paper moving but you cant see her at all.

Bunny hiding in paper

Bunny hiding in paper

Leave a Comment more...

Dead Bunny Flop

by on Mar.03, 2010, under club penguin

I believe the technical term for this is the Dead Bunny Flop.

Its hard work being a bunny it seems.

Dead Bunny Flop

Dead Bunny Flop

Leave a Comment more...

Bunny in a Asus box with shredded paper

by on Mar.03, 2010, under club penguin

For some reason she loves sitting in that box.
She has a Logitech box as well, but she much prefers Asus.

Bunny being very comfortable in a box with shredded paper

Bunny being very comfortable in a box with shredded paper

Leave a Comment more...

About Me

by on Apr.01, 2008, under club penguin

If you haven’t figured it out yet, I’m Nick Stallman.
You probably know me better as Cheater or Cheater512 when some bastard steals my name. :)

I’m a programmer and electronics hobbyist.

I’ve been programming for around 10 years and I know nearly every popular language.
Mind you there are a few languages on my shit list which I refuse to learn. :)
I most commonly use PHP, Perl and C/C++ and I dabble in C# when I need a cross platform app.
My shit list includes Ruby, Python and Lisp mainly.

I enjoy mucking around with AVR and its much more powerful cousin, the AVR32.
Two main reasons why I use AVR over others like Basic Stamp and PICs: The AVR has excellent GCC support and it also is significantly faster than other microcontrollers.
My NGW100 is a AVR32 and its just to muck around with. :)

I do freelance so if you have a programming or electronic job which you need done, drop me a line.
My rates are pretty cheap and are generally based on how complex a job is and not how much time it takes.

I’m 19 and I live in Brisbane, Australia.
I go to QUT (Queensland University of Technology) where I do IT.
And that sums me up pretty well. :)

Leave a Comment more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...