Comments on: Cracking Trivia Crack

By: robert

robert — Tue, 03 Mar 2015 06:13:59 +0000

I was also hoping for an app version of this. Any chance of that being a possibility?

By: Anna

Anna — Sun, 25 Jan 2015 11:39:00 +0000

So I have to be using Chrome Browser in order to be able to download the Trivia Cracker? It’s not an app that’s available from play store to be used with the game app?

By: Jared

Jared — Thu, 22 Jan 2015 23:55:50 +0000

Interesting! I actually found and exploited this glitch myself, though it was time consuming to sift through the responses manually. Thanks for this extension

By: Shandizzle

Shandizzle — Sun, 18 Jan 2015 13:04:51 +0000

This may be the greatest response ever.

By: jodoglevy

jodoglevy — Thu, 15 Jan 2015 22:44:47 +0000

Hi Curtis,

Fun idea. How much time do you have? I have a pretty good idea of how to do this with the online version of the game on Facebook, that might work. Only issue is she would have to access the game on Facebook, and using the Chrome browser started in a special way (so probably from your laptop, unless you have access to hers to set this up). Also, only one answer can be correct, not two, so there would only be one “yes” option.

Find my email on http://jodoglevy.com/ . Always happy to help out an aspiring engineer.

By: Curtis

Curtis — Thu, 15 Jan 2015 20:51:05 +0000

Hey Joe, awesome article about the behind-the-scenes vulnerabilities of Trivia Crack! Would it be possible to insert your own questions this way? I’m a senior in high school hoping to eventually get my master’s in Cyber Security, and I’m pretty well known at school for my reputation as a geek. I want to ask a girl at school to go to prom with me using Trivia Crack (She would spin the wheel, and the question would be “Will you go to prom with me?” The answers would include two “Yes” options and two “No” options. When she presses yes, it would show up as correct.) I know this wouldn’t work on an online version of the game, but would it work as an offline mode (I could download the source code and edit it)? I also have a jailbroken iPhone, a rooted Android phone, a Mac Pro, and a PC, so devices aren’t a problem. Thank you in advance!

By: jodoglevy

jodoglevy — Wed, 14 Jan 2015 18:34:12 +0000

Interesting idea Harris. I don’t think that is the case though because that 99999 value is never sent to the server, it is only received by the client. The 99999 value lets you get past client side checks for things like “does this user have enough lives left to allow them to start a new game,” but then once a user clicks the new game button, the client tells the server “this user wants to start a new game,” and the server, which knows the real # of lives one has left, also validates one has enough lives left to start a new game, and responds to the client “sorry, not enough lives.”

So I think its just simply server side validation, rather than a byte overflow.

By: Harris

Harris — Tue, 13 Jan 2015 05:53:06 +0000

Perhaps this is an amateur guess, but could they be using a byte or some small variable type to store these, and you’re overflowing to numbers <1?

By: jodoglevy

jodoglevy — Tue, 13 Jan 2015 01:53:04 +0000

I actually attempted this and was able to manipulate the responses from the Trivia Crack server in real time to contain 99999 for the lives, coins, and spins. The Trivia Crack client accepted these values and showed them in the UI, but when you use a life, coin, or spin, it tells the server you are using one and the server responds with an error saying you don’t have any left, at which point the client rejects your attempt.

So while Trivia Crack doesn’t validate answers server side, it turns out they do validate lives, coins, and spins!

By: Anonymous

Anonymous — Tue, 13 Jan 2015 01:10:17 +0000

I agree, however if you look at his extension description it says that he will soon be adding infinite lives, powerups and etc.