Hacking Crypto Ground Games After Not Getting Into One
How I got intrigued to hack Crypto Ground when I failed to enter into college competition
Date — 12/25/2018
Back story, a friend filled some random form for me, it was a college competition over cryptos. Okay no big deal, everybody loves cryptos, right?
It all started at night while I was watching Mr. Robot — Season 2 while a message arrived that I was added to a group. My head was banging in full swing after watching the Ep 3. So I took a little nap and then tried to enter the competition at 2 AM. Not a good excuse? Okay! Geez, yeah, I get excessively lethargic sometimes.
By the way, Mt. Robot’s Season 2 and 3 are beautifully crafted, at-times haunting/disturbing. Right?
Back in my mind, I passively started thinking how can I win the competition by building a bot, so after watching and before sleeping, I read a little about algorithmic trading and well, it was um, yeah, alluring.
2:00 AM: I tried to login and soon learnt that after a set time, you can’t enter.
And well, that “set time” was already passed. Oh well.
At first, I started looking into the hood and I found that the website was using lots of services, but to get the coin data, the crypto-counter, it was using an API and so, seemed like the bot thing was good to go.
But… I was angry!
I started fiddling around and boom, I found a function. An interesting function.
The function took a string of preset date then using moment.js, calculates the offset, or say the end-time. It then sends a request via GET when the counter comes down to zero. The endpoint which the function pointed to was —
It was the function to end the game.
I said to myself okay if I can intercept and tamper the time counter, I can close any event at my will? Mmm.
I don’t have the payload nor I remember the procedure I used to bring chaos on the website, so, I am gonna go now leaving you all with a screenshot from that time.
Sorry if y’all find this post half-assed, the thing is, I’m trying to clean up my residue drafts in 2021.