Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cslomb42
- #6496
- the_laboratory
- Search
- Welcome to the beginning of the #the_laboratory channel.
- wulfgar yfirson - 09/08/2017
- <div class="form-group">
- <li><input type="text" class="form-control" name="username" placeholder="Username"></li></div>
- <div class="form-group"><li><input type="password" name="password" class="form-control" placeholder="Password"></li>
- </div>
- <button type="submit" name="login" class="btn btn-default">Login</button>
- </form>
- This is how it looks for login credentials(edited)
- login.php runs that code when you click the login button.
- wulfgar yfirson - 09/08/2017
- http://blocgame.com/rankings.php?page=
- Use this to make the spider crawl all the rankings pages looking for nation URLs
- Markers to follow. Format: [Before Marker] [after marker]
- Nation [<p id="nationtitle"><b>] [</n></p>]
- Online [<font size='2'>last online] [</font>]
- Approval [<td>Approval:</td>↵<td><i>] [</i></td></tr>]
- Polsys [<td>Political System:</td>↵<td><i>] [</tr>]
- Stability [<tr>↵<td>Stability:</td>↵<td><i>] [</i></td>↵</tr>]
- Land [<tr>↵<td>Territory:</td>↵<td><i>] [km<sup>2</sup> </i></td></tr>]
- Rebels [<tr>↵<td>Rebel Threat:</td>↵<td><i>] [</i></td>↵</tr>]
- Population [<tr>↵<td>Population:</td>↵<td><i>] [people</i></td>↵</tr>]
- QoL [<tr>↵<td>Quality of Life:</td>↵<td><i>] [</i></td>↵</tr>]
- Healthcare [<tr>↵<td>Healthcare:</td>↵<td><i>] [</i></td>↵</tr>]
- Literacy [<tr>↵<td>Literacy:</td>↵<td><i>] [</i></td>↵</tr>]
- Unis [<tr>↵<td>Universities:</td>↵<td><i>] [universities</i></td></tr>]
- Econ [<tr>↵<td>Economic System:</td>↵<td><i>] [</i></td>↵</tr>]
- Faccos [<tr>↵<td>Industry:</td>↵<td><i>] [factories</i></td>↵</tr>]
- GDP [<tr>↵<td>Gross Domestic Product:</td>↵<td><i>$] [million</i></td>↵</tr>]
- Growth [<tr>↵<td>Growth:</td>↵<td><i>$] [million per month</i></td>↵</tr>]
- FI [<tr>↵<td>Foreign Investment:</td>↵<td><i>$] [k</i></td>↵</tr>]
- Reserves [<tr>↵<td>Discovered Oil Reserves:</td>↵<td><i>] [Mbbl</i></td>↵</tr>]
- Oil Prod [<tr>↵<td>Oil Production:</td>↵<td><i>] [Mbbl per month</i></td>↵</tr>]
- RM Prod [<tr>↵<td>Raw Material Production:</td>↵<td><i>] [Hundred Tons per month </i></td>↵</tr>]
- Aligned [<tr>↵<td>Official Alignment:</td>↵<td><i>] [</i></td>↵</tr>]
- Region [<tr>↵<td>Region:</td>↵<td><i>] [</i></td>↵</tr>]
- Alliance [<tr>↵<td>Alliance:</td>↵<td><i>] [</i></td>↵</tr>]
- Rep [<tr>↵<td>Reputation:</td>↵<td><i>] [</i></td>↵</tr>](edited)
- September 9, 2017
- wulfgar yfirson - 09/09/2017
- Troops [<tr>↵<td>Army Size:</td>↵<td><i>] [k active personnel</i></td>↵</tr>]
- Manpower [<tr>↵<td>Manpower:</td>↵<td>] [(population allows maximum of 100k) </td>↵</tr>]
- Equip [<tr>↵<td>Equipment:</td>↵<td><i>] [</i></td>↵</tr>]
- AF [<tr>↵<td>Airforce:</td>↵<td><div class="dropdown">↵<a data-toggle="dropdown" href="#">↵<i><img src="statsicon.png" height=17px />] [</i></a>]
- Navy [<tr>↵<td>Navy:</td>↵<td><div class="dropdown">↵<a data-toggle="dropdown" href="#">↵<i><img src="statsicon.png" height=17px />] [</i></a>]
- Ships [<ul class="dropdown-menu" role="menu" aria-labelledby="dLabel">] [ships </ul></td>↵</tr>]
- Wars [<td>Wars:</td>↵<td><i>] [</i></td>↵</tr>]
- http://blocgame.com/stats.php?id=
- All nations info pages start like this, use this to ensure it only tries to scrape relevant pages
- blocgame.com/main.php
- Info page for self nation.
- If can crack the PHP authentication can begin accessing everyones main.php, alliancebanklogs.php, and make effective use of any other PHP authenticated action such as withdrawls from banks, assigning new alliance founders, disbanding alliances, declaring war, transferring resources, etc etc etc
- He uses cookies, THE FOOL!!!
- BLOCGAME DOMAIN COOKIES add two underscores - content
- utma - 262948319.1230076983.1500805187.1504921436.1504930957.45
- utmb - 262948319.1.10.1504930957
- utmc - 262948319
- utmt - 1
- utmz - 262948319.1504762605.38.3.utmcsr=nerdydata.com|utmccn=(not%20set)|utmcmd=(not%20set)
- cfduid - d37596b1d859a26b9e85cd44a3fdfe2521500805178(edited)
- BLOC HOST COOKIES - content
- PHPSESSID - 554ed2dd30dce3d4ba61b8f82db76746
- erferedddeddsdsdsd66766 - 899669(edited)
- Tyr (Shitstania) - 09/09/2017
- __cfduid - d04dfd51dfe9d0266c89d817f01fd17a61489540662
- cf_use_ob - 80
- cf_ob_info - 522:343c059b120c1b97:SEA
- erferedddeddsdsdsd66766 - 953616
- __utmt - 1
- __utma - 262948319.1125907029.1489540641.1504201307.1504244335.36
- __utmz - 262948319.1489540641.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)
- __utmb - 262948319.48.10.1504244335
- PHPSESSID - 442e3ec0fa0f1cf5bd4fedf06b671ef4
- that's all of em
- wulfgar yfirson - 09/09/2017
- no utmc
- Tyr (Shitstania) - 09/09/2017
- I'll check again
- nope
- just the ones I posted
- wulfgar yfirson - 09/09/2017
- Doesnt matter all the UTM whatevers are google add cookies
- however that 262948319 intrigues me. I wonder what the significance is, its clearly set by the server and not the local instance
- I bet thats his google adds account
- the cfduid is just cloudflare
- but erferedddeddsdsdsd66766 is interesting
- Tyr (Shitstania) - 09/09/2017
- hm yeah it definitely stands out
- wulfgar yfirson - 09/09/2017
- Ok so the PHPSESSID gets assigned when you log in and he as protections in place that prevent me from just snatching up other peoples session ids and reusing old ones etc
- but thats no biggy I think his primary authenticating cookie is that erferedddeddsdsdsd66766 cookie
- September 10, 2017
- wulfgar yfirson - 09/10/2017
- The list of nations is as follows:
- Nation - discord alias
- Nuln -
- Gluck -
- Caercaled - kolkrabbin
- Stepa - Crepss
- Hellghast - hellghast
- Shitstainia - Shitstainia leader
- Gustavia -
- Snake Mountain - Skeletor Officer
- ALU -
- Norvekia -
- Malay ancap cartel -
- Man -
- 2weq2we - Aleksa
- Muspelheim - Muspelheim Officer
- Fromkina - Adamfromky
- Kenwood -
- Neuguinea Reich -
- New eagleland -
- Vidsia -
- Bitcoincountry - bitcoinplayer
- Wolfelite - Wolfe
- Midasin -
- Cubata -
- H2o - H2o
- Canada c-137 -
- Videoland -
- Limbostan - limboman
- Utrina -
- Portland - Ellio98
- Taylor Swift - Seagull
- - tekoku?
- - the prisoner?
- - boomburst?(edited)
- October 2, 2017
- Ellio98 (Portland) - 10/02/2017
- Okay, firstly normally you can not ask for tanks from US/Russia until you reach a certain level of weapons. But by typing in http://blocgame.com/policies666/m60.php (If usa alligned) http://blocgame.com/policies666/t62.php (Soviet aligned) you can get the event to get the tanks. You pay 3 oil and 13 rep but get 5ish weapons which is a better return then asking for guns
- By typing in http://blocgame.com/policies666/greenrevolution.php you get the green revolution tech almost for free. Only having to pay the cash. This allows you to produce more food without spending your research
- I think most of the others were patched by Rumsod, but im sure if you look into what all the event web address are you might find more like this
- The event address for the starting event might work still. I dont know its address (Forgot but Justin will know) but I heard is how you get unlimited everything.(edited)
- cslomb42 pinned a message to this channel. See all the pins.10/02/2017
- cslomb42 pinned a message to this channel. See all the pins.10/02/2017
- October 3, 2017
- wulfgar yfirson - 10/03/2017
- @Ellio98 (Portland)
- Blocdeth100317.html
- 57.66 KB
- Tyr (Shitstania) - 10/03/2017
- huh only one inactive member in the whole alliance
- ...how do we have a guy with -1 ship
- the scraper got it right, he's actually listed as having -1 ship in game
- wulfgar yfirson - 10/03/2017
- could be an error with the scrapper
- wait what
- Tyr (Shitstania) - 10/03/2017
- http://blocgame.com/stats.php?id=13827
- it says none but when you click it
- it displays -1 ship
- wulfgar yfirson - 10/03/2017
- the actual fuck
- Tyr (Shitstania) - 10/03/2017
- RUMCODE
- wulfgar yfirson - 10/03/2017
- fuckin RUMCODE
- So I am making a google drive folder for the scrapped files
- I cant figure out for the life of me how to pin messages
- https://drive.google.com/open?id=0B_XkOnmTO6AkekpaY056RWZ2Ync
- tell me what alliances to add to the scrape list and I'll put em up on the drive
- Tyr (Shitstania) - 10/03/2017
- I have no idea how to pin messages on a phone, on desktop you just click the dots on the right hand side of the message and then click pin(edited)
- Tyr (Shitstania) pinned a message to this channel. See all the pins.10/03/2017
- Tyr (Shitstania) - 10/03/2017
- as for scraping alliances, the only ones that are really worth scraping right now are us and LC tbh
- wulfgar yfirson - 10/03/2017
- ok
- Tyr (Shitstania) - 10/03/2017
- actually on second thought, go ahead and run a scrape for AC as well, so we can track how they're doing
- I want to see how well they develop over time
- what with them being a protectorate of ours
- we don't really need to worry too much about scraping for them or LC though honestly, it's mostly our own numbers that concern me(edited)
- October 4, 2017
- Ellio98 (Portland) - 10/04/2017
- Thanks for the scrape
- wulfgar yfirson - 10/04/2017
- Np
- October 7, 2017
- Ellio98 (Portland) - 10/07/2017
- So while I was digging around the old messages looking for any guides I can post to the academy I found this: blocgame.com/policies666/imf.php
- It does an event which trades growth for cash. It was removed when Natural gdp was added because you could keep your growth low while also making a crap ton of cash from it
- Unlike the previous ones I posted this is much closer to out right cheating
- wulfgar yfirson - 10/07/2017
- Does it still work?
- Ellio98 (Portland) - 10/07/2017
- Yep
- wulfgar yfirson - 10/07/2017
- Sweet
- wulfgar yfirson - 10/07/2017
- I am experimenting with code to see if I can trick the server into giving a person weapons for free. If I can do that then I can do ships and planes too
- Tyr (Shitstania) - 10/07/2017
- wew
- that'd be quite the exploit
- wulfgar yfirson - 10/07/2017
- uhhh
- New_Bitmap_Image.bmp
- 1.11 MB
- So client side is editible from the browser
- I wonder if its possible to use this fact to trick the server and if the server has any way of detecting this
- Tyr (Shitstania) - 10/07/2017
- hmm
- it's hard to say tbh
- wulfgar yfirson - 10/07/2017
- I just did some testing. It just changes the way its displayed temporarily until you call to the server the server fixes it
- Tyr (Shitstania) - 10/07/2017
- ah gotcha
- wulfgar yfirson - 10/07/2017
- however, I now know what the server is looking at when a call is made. So I know what the server expects to see and what output it will yield when it sees that input
- so I can format a program that simulates opening a browser. Logs into a players nation. Then sends a call to the server for aircraft in such a way the server thinks you have the required resources and it will kick back a plane and the appropriate output resources based on the assumed input resources
- so basically I can make the server give me aircraft and as far as the server is concerned I paid for them
- Assuming I can fine tune the program correctly
- Tyr (Shitstania) - 10/07/2017
- woah
- holy shit
- if that works that'll be absolutely amazing
- would the same approach work for ships or weapons?
- cslomb42 - 10/07/2017
- Please
- We all jump to bw 20/20 overnight
- Tbh I think that's blatant cheatinf
- Tyr (Shitstania) - 10/07/2017
- lmao
- wulfgar yfirson - 10/07/2017
- yes
- and yes
- Tyr (Shitstania) - 10/07/2017
- WOAH
- wulfgar yfirson - 10/07/2017
- but if you do it slowly no one notices
- cslomb42 - 10/07/2017
- What did you just notice shit
- Tyr (Shitstania) - 10/07/2017
- if he can get this working just think of the potential
- wulfgar yfirson - 10/07/2017
- A way to do it more subtly
- is to make the game give you the resources instead
- Tyr (Shitstania) - 10/07/2017
- I mean it totally is cheating
- wulfgar yfirson - 10/07/2017
- anyone asks where they came from someone sent them to you
- or a group of people sent them to you
- Tyr (Shitstania) - 10/07/2017
- but having a cheat strategy on hand doesn't hurt
- this is bloc, nobody plays fair
- wulfgar yfirson - 10/07/2017
- I mean I could have a series of accounts that are for the sole purpose of laundering cheater resources
- Tyr (Shitstania) - 10/07/2017
- dude
- wulfgar yfirson - 10/07/2017
- have the thing log into each one from a separate IP
- Tyr (Shitstania) - 10/07/2017
- you're fucking brilliant at this
- wulfgar yfirson - 10/07/2017
- tell the server that they are supposed to have a few more MG
- basically just manipulate their per turn MG
- get the MG then change it back
- and have it send the MG of into a transfer chain that culminates into our accounts
- like we were the gorram swiss banks
- Tyr (Shitstania) - 10/07/2017
- hahahahaha
- wulfgar yfirson - 10/07/2017
- Thats assuming I can actually make it work
- this is theory at this point
- Tyr (Shitstania) - 10/07/2017
- I gotcha
- wulfgar yfirson - 10/07/2017
- <ul class="dropdown-menu" role="menu" aria-labelledby="dLabel">
- Next month changes:
- <br><font color="green">+50 tons from research</font><br><font color="red">-0 tons from universities</font></ul>(edited)
- the server sees that and the server knows what you are supposed to get
- <a data-toggle="dropdown" href="#" data-original-title="" title=""><i><img src="statsicon.png" height="17px"> 50 Tons </i></a>(edited)
- the server sees that and knows how much you currently have
- note the edit because theoretically if I can write a program that spoofs being a browser and the webpage well enough it could send itself to the Bloc Server without the bloc server realizing the difference and make those changes basically that easy
- also alliance scrape is updated on the google drive
- The main bootstrap looks for the cookies we previously identified
- Tyr (Shitstania) - 10/07/2017
- awesome thanks for updating the scrape for us
- wulfgar yfirson - 10/07/2017
- no problem
- I was doing all this experimental stuff while I was waiting on it to scrape
- erferedddeddsdsdsd66766 is the cookie I was curious about
- and so it gives you that cookie and that cookie stays the same as long as you dont delete it. But if you delete it the next time you do a valid log in youll get a new one thats persistent as long as you dont delete it
- That is the server marking your initial log in from that browser
- PHPSESSID changes with each unique log in
- Tyr (Shitstania) - 10/07/2017
- hm, ok
- wulfgar yfirson - 10/07/2017
- IExplorer uses different cookies but it uses cookies the same
- here is something interesting about erferedddeddsdsdsd66766
- if you delete it while you have a valid sessid it will give you a new one without requiring a log int
- login*
- but if you delete php sess id it logs you out
- ok. So my code has to be able to send to the server the login command and credentials as if it was a browser, receive the phpsessid cookie, using the phpsessid cookie and know lines of script from user side code tell the server what I want the server to believe and get the serve to make those changes then delete the phpsessid cookie
- I really need to see server side code that would make this so much easier
- October 23, 2017
- Hellghast - 10/23/2017
- @wulfgar yfirson can we get an updated scrape list?
- wulfgar yfirson - 10/23/2017
- I'll have to get it when I get home
- Hellghast - 10/23/2017
- Yeah sure take your time
- wulfgar yfirson - 10/23/2017
- Also I'm working on getting regional scrapers up for y'all to use for whatever nefariousness you might use them for
- Userlame (Tiber) 🍪 - 10/23/2017
- fancy
- Ellio98 (Portland) - 10/23/2017
- hmmm, we have all the good stuff
- wulfgar yfirson - 10/23/2017
- scrape in progress
- i'll upload it as a spreadsheet so you can filter out what you dont want
- just give the spider sometime to run it has to create a browser instance and open the urls inside it for legal reasons and because the website blocks non browser access
- Blocdeth.xls
- 196.16 KB
- Crepas - 10/23/2017
- >not use google for documents
- ????
- wulfgar yfirson - 10/23/2017
- i normally do
- Crepas - 10/23/2017
- Much more easier and practical
- wulfgar yfirson - 10/23/2017
- but i posted it in a different format than usual and wanted to get it to yall quicker
- the google docs link goes to an html file that you cant sort and filter
- So how do the teeth in that gift horses mouth look?
- Crepas - 10/23/2017
- Cant see it anyways. Using excel 2007 lol
- Userlame (Tiber) 🍪 - 10/23/2017
- Use an xls to PDF converter
- Blocdeth.pdf
- 54.83 KB
- Nvm
- Doesn't work very well
- Shiiiiiet
- wulfgar yfirson - 10/23/2017
- Download openworks
- It's a freeware version if Microsoft works that actually does.
- November 15, 2017
- Ellio98 (Portland) - 11/15/2017
- Okay, firstly normally you can not ask for tanks from US/Russia until you reach a certain level of weapons. But by typing in http://blocgame.com/policies666/m60.php (If usa alligned) http://blocgame.com/policies666/t62.php (Soviet aligned) you can get the event to get the tanks. You pay 3 oil and 13 rep but get 5ish weapons which is a better return then asking for guns(edited)
- By typing in http://blocgame.com/policies666/greenrevolution.php you get the green revolution tech almost for free. Only having to pay the cash. This allows you to produce more food without spending your research
- Just copy and pasting old messages that had the links in them
- @Hellghast I shall try to fish out any more
- Also please note that you may need to add the www. bit into the links if you log into www.blocgame.com and not blocgame.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement