preface
Recently the application of answer class is really too hot, what rushed to the top of the general assembly, millions of heroes ah, always dozens of millions of bonuses, really let a person look very jealous… Then the weak chicken to learn thin just shallow… The subject depends entirely on meng, do not gather what lively. After a few days there is a small program is in the office inside the fire, is the need to take the “king of the mind”, in fact, is an answer to the small program, so still not good at it. Although I am not good at answering questions, BUT I am at least a programmer ah, so I embarked on a programmer’s path to the top…
results
Each round requires five correct and quick answers to get a full score of 1200 points. With this record, world Number one is not a dream! Of course, playing games is for fun, the weak chicken is just out of interest, this kind of answer games or their own play more interesting.
The preparatory work
Think about a few questions before you start writing AIDS for this kind of game.
- How do I forge an interface request?
- How to achieve accurate answers?
- How to complete the auto answer?
How do I forge an interface request?
First of all, the interface requests of the small program are based on HTTPS. I still use Anyproxy to capture HTTPS, which requires the installation of the corresponding HTTPS certificate. The previous article also mentioned, here again repeat. The Anyproxy used in this article is the same as other proxy tools.
NPM I -g anyproxy 3. Anyproxy-ca // Generate a certificate 4. Anyproxy -i // Start the proxy in HTTPS mode // Then configure the proxy IP address and PORT on the mobile phone. // The default port of Anyproxy WebService is 8002. You can see the interface here. // After configuring the proxy on the mobile phone, download the certificate and trust it. / / apple side can enter inside the cell phone Safiri XXX, XXX, XXX, XXX: 8002 / download fetchCrtFile way to certificate / / high version of the iOS trust may need to be in two places.Copy the code
After configuration, open the game will be able to grab the brain king of the corresponding request package. I first simulated a friend versus friend game and then needed to analyze which packs were needed. I will post some important interfaces directly here
- Login interface (Login interface, where the important information is UID and token)
- IntoRoom interface (enter room interface)
- BeginFight interface
- FindQuiz Interface
- Choose interface
- GetResults interface (interface to get match results)
- LeaveRoom interface (leaveRoom interface)
Looking at the interfaces, it’s a pretty smooth game flow, but can I start doing whatever I want with those interfaces? Obviously not. If everyone had access to other people’s interfaces, wouldn’t it be easy to do DDoS attacks or get the information they want? Obviously, an experienced company would not make this mistake, so I will take a random interface to do a little analysis.
MatchId, npcId, uid, t and sign are all required. If only one parameter fails, the request cannot succeed. The first four parameters are actually easy to understand, but the key is the fifth parameter sign.
This is where reverse engineering comes in… The simple description is that… Get the small program in the mind king compressed after the source code, and analyze the encryption rules, space is limited, here is a direct description of the encryption rules.
Sign generation rule: For example, if uid=111, T =222, and token=333, the substring should be T = 222Token = 333UID =111 before encryption
Now that sign is available, it’s actually quite simple, so I write a simple client with Node to make a fake interface request.
How to achieve accurate answers?
At present, there are also a lot of assistance for chongding Congress and millions of heroes. Their idea is to quickly identify the questions and search the questions for auxiliary questions. However, for this game, if you want to achieve accurate answers, the best way is to match the question bank, so the question is how to come the question bank? Of course it’s crawling through the crawler, OK… Let’s find the interface to the question bank! Obviously this is impossible! If the external open question bank interface, this game is too easy to be broken. But from the above step, in fact, we have realized the opening of the room simulation against, so is it possible to always open the room always against the way to obtain the question bank? So that’s what I’m going to do here.
Success is the correct number of automatic script questions (total 5 questions), and total is the total number of question banks. From this scale, it can be seen that the accuracy rate is very high, indicating that the number of question banks should be estimated only in the range of about 17,000, but because the remaining question banks are still replenishment and the last 10% will need a large cost to cover, in fact, the question banks can do this step is enough, 80%+ probability of full score… It’s almost impossible to beat, isn’t it?
How to implement auto answer?
There are two automatic answer schemes:
- Similar to jump jump game, through the screen shot =>OCR reading questions => matching question bank => simulation click the answer
- Anyproxy proxy writes the rule file to modify the request, captures the findQuiz request interface, and the server re-initiates the request and waits for the data to return. => Determine whether the returned question already exists in the database. => Match the answer and answer the question directly or return the question
This weak chicken is used here is the second scheme (specific implementation is not described, we can directly look at the source code)
conclusion
I am not good at writing articles, many of the above steps have been briefly described here, and THEN I will open source this part of the code, I hope you do not laugh at it. (Since I cannot use Babel when writing Anyproxy rule, I use require instead of import). Finally, I hope you can give me a little support and affirmation, give me a star… >. <
GitHub: Brain King Assist