Bot-chelors_degree

Premise:
Recently I came across an ad, that according to facebook had only yet been shown to 2k people. The advertisement presented a game, a picture-based challenge that required players to identify the field of study or degree represented by a student wearing their student-overalls. Student-overalls are a huge thing amongst Universities of Finland, and the concept is that each field of study gets their own kind with varying colours.
While the game is initially entertaining, it soon revealed several flaws that allowed players to cheat and potentially break the game. It seemed as though it was a small, rushed hobby project. This article explores how I, with great care and attention to detail, developed a bot to dominate the highscores for this unheard game about .. Finnish student overalls.

Overview of the game

The game presents players a picture of a student wearing overalls and four possible options, each corresponding to a degree or field of study. The players goal is to correctly guess which option corresponds to the overalls. Players are allowed three incorrect guesses, with each guess earning them 100 points. The game ends when the player has made three incorrect guesses. At the end of the game, players with the most points are displayed on a leaderboard.
So what's wrong? Well two things:

• * The images displayed are named according to what field of study they represent. This means anyone who knows how to open "inspect elements" can simply just look at the picture name and deduct the right answer.


• * The correct answers you can also find from the /static/.js file. We can use Python for example to parse the correct answers for the correct pictures.

Overview of the bot

So I built a bot. Let's look at it!

To actually gather points and stand a chance of winning the game, we'll first have to find out the right answers. As mentioned above the correct answers could just be parsed out from the static .js file. Let's do that with Python.

After that, we'll have to somehow interact with the game. We can achieve that with selenium, and beautiful soup. First we need to initialize the web driver for Selenium. Let's use Firefox.

We can scrape the name of the image with beautiful soup and then compare it to the data we scraped off of the static js file. If no correct answer is found, we can throw an error.

We can do this until we want to end the game, thats when we have to pick 3 times wrong. Since this is the only way end the game, we must ensure we begin "losing" right before the questions run out -- if we don't, the website just breaks. Once we recognize the end screen text, we can put in our name and click submit.

Strategy

With said functionalities, what can and what should we do? We can see that the leaderboard. is filled with 9 names, and if the same score occurs the later one gets the "spot". So we should then aim for 9 of the latest insertions of the highest score possible. We know there's (currently) only 97 questions, so we can only get the highscore of 94 before having to "end the game" with 3 wrong answers.

We can also take a look at the scoreboard at any time by reloading the page and answering 3 wrong from the get go. So let's create a persistent bot: We look at the scoreboard -> if we see a name other than ours, we start a loop of 9 iterations to make sure we get all the spots -> each iterations plays the game and gets the highscore. After that, we can sleep for a set amount of time before checking the board again.

Results

So does it work?

Yeah! We can leave it running and it will fill up us for all of the spots on the leaderboard. As the frontend takes around 20-30ms to load new elements, we can only reliably answer questions every 50 milliseconds. This results in a round time of 55 - 75 seconds total. Like 3,5 röntgen, it's not great but not terrible. Technically we could now leave it on loop, and enjoy our "reign" on top of the game -- that has enjoyed the exposure of just around 2 thousand people..

Conclusions

The game presents a fun challenge for players to test their knowledge of different student overalls. However, the game is flawed in that it is incredibly easy to cheat and bot the game. The bot developed in this article demonstrated how these flaws could be exploited to consistently achieve a high score and dominate the leaderboard. While the bots strategy is successful in achieving the highest score and occupying all the spots on the leaderboard, it completely undermines the purpose of the game and deprives other players of the opportunity to compete fairly. While it's tempting to exploit games, it ultimately damages the fun of the game for everyone else. Games should be designed in a way that tries to prevent this exploiting and cheating, and this article demonstrates some ways a michevious player could "exploit the system."

There we go! The source for the bot can be found here: Haalar-it bot. Thanks for reading, and I hope you learned something!
-Vs1m.