Alright, let me just first start off by telling you guys what this is about. There's a game called Snood (www.snood.com ) and I'm trying to get a false high score. I know it's lame and immature and I don't deserve any help at all. Fine, I know. If you don't want to help, fine, but don't just flame.

I could change the scores on my computer easily enough with a hex edittor, but that's not what I'm trying to do. I'm trying to get my high score on a Web site, and that's a little bit trickier. You don't need to know how to hex edit, but it might save you some time if you do.

If you don't know how to hex edit, go to http://bpsoft.com/ and download Hex Workshop. All the scores from Snood are saved in a file called SnoodPrf.21W. Drag the file to another directory, then create a new score file, and open them both in Hex Workshop and click Tools then Compare to find differences in the files, then change them accordingly to suite your needs.

Alright, now, when you get a high score in Snood, you have the option of getting your Score Verification Number to submit to the high scores Web site. This is an example of the site you'll be taken to. As any hacker would notice, the verification number, level number, and score are right in the URL, and can be changed to whatever you want. There is a problem though, if the score you make up does not fit the verification code, your score will not be posted. So I'm trying to figure out the algorithm used to make the verification codes. I started recording data and figured a few things out. There are multiple verification codes for each score. Also, the score and percentage won in that difficulty are factors for the verification code. I found this out by hexxing the percentage won of all games number, and noticing that the verification code is not changed. I found out that the percentage one in that difficultly number affects the verification code because if you view the high scores list, it has the percentage won number next to the high scores, even though there isn't a field for you to input that number. That means that the server gets your percentage won number from the verification code.

Now here comes the hard part... Figuring out the algorithm. I am not experienced with cryptography. I don't know anything about it, not even the basics or any methods or principles. I don't even know that much math. (I'm in Algebra 1 and a Freshy in high school.) That's why I need your guys' help. I saved several scores with the hope that they can be compared to each other to find a pattern. I haven't had much luck with finding a pattern until I got to the last set. Take a look at what I have and see if you can figure anything out. All the verification codes that I got for the specific score and percentage factors are listed below what my score and pertcetage were.

Score 10 With 0%:
06090166-6061988-06065524
24878988-4487320-20641380
42656700-2803762-44227146
74323433-9937875-75196330
92101255-7353217-99772196

Score 10 With 50%:
00055900-0005340-20021900
14944811-9713011-37314338
32722633-7139453-51990194
46611544-6847124-68283522
78388277-3971237-99152716
64499366-4263566-82869388
96166099-1397679-13738572

Score 20 With 0%:
40676388-0881586-82240908
68454100-8207928-06826764
86232922-6623360-20402520
54565299-9599257-99533336
18909655-3757473-51371714

I looked at this and really couldn't make anything out of it. Then I had an idea. 20% of 10 and 10% of 20 are equal, right? They're both 2. I wanted to see if I'll get the same verification code if I did something like that. Here were my results:

20 Points With 10%:
08021588-8088114-18044262
12910499-7796885-25337690
26809300-6404556-32620028
30798211-5112227-49913456
58576033-3538669-63599212
62465944-2246330-70882640
76354855-1954001-87175078
80243766-0662772-94468406
94132677-9370443-01751834

10 Points With 20%:
08022588-8088114-18043262
12911499-7796885-25336690
26800300-6404556-32629028
30799211-5112227-49912456
62466944-2246330-70881640
76355855-1954001-87174078
80244766-0662772-94467406

You see the similarities? It appears that the fourth digit is always 1 number higher in 10 Points With 20% than 20 Points with 10%. Also, the fourth from the last digit is one lower. Also, if the number is 0, one less of it is 9. And one more than 9 is 0. It only affects the one digit, rather than two digits like in normal addition. This still doesn't leave me with much though. Do any of you notice something that I didn't, or have any suggestions? Any help will be appreciated.

Thanks.

Ramzi

you need to try www. bodacion.com

snood that game is so damn addictive hehe we have it at shool gawd its fun ehehe

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=222673#post480645) by guss
you need to try www. bodacion.com

What am I looking for at this site?

I gotta give credit...the guy may be trying to cheat a score but damn, he's worked his ass off for it!

LOL, that's true, perhaps cheating the score takes more time then getting the score yourself the legitimate way

Is it 10?

I hate how addictive snood is....go anyone whose messing with it...

btw, impressive work

I don't know anything about the game but the encryption scheme may be related with time, username etc.
Try the game on different machines with same and different usernames.
The basics of decrypting lies within the variables...
:cool:

Originally posted by VictorKaum
LOL, that's true, perhaps cheating the score takes more time then getting the score yourself the legitimate way

I know, I actually thought about that before. It's not so much that I want the high score, though, I just want to hack it. It was a challenge, see if it could be done.

[QUOTE]Originally posted by ASA
I don't know anything about the game but the encryption scheme may be related with time, username etc.
Try the game on different machines with same and different usernames.
The basics of decrypting lies within the variables...

I know what the variables are already though. I included that information in my first post. The variables are your score, and your percent won in that difficulty. The server checks and makes sure that the verification code is legitimate, so it wouldn't matter what machine I tried it on using what user name. Even though I might (probably won't) get a different verification code on different machines, there still is an algorithm to create that code. That's what I want, the algorithm. As I also stated in my first post, each set of variables gives multiple verification codes. All legitimate. That means that there are multiple algorithms. All I need is one.

What would be the first step to go about decrypting this?

Ramzi

You do realize of course, that once you have succeeded, all of the other Snood Addicts at AO will know that you didn't really get that impossibly high score on your own...

Good Luck!!:)

P.S. Don't worry, we won't tell... 0:)

Can you post some more variations? I think I can get it if you'll put a couple more on here. Put a couple of like ones on here, as well, but with different percentages or different scores.

Here ya go:

Score 10 at 30%
00053900-0005340-30021000
14942811-9713011-47314438
28831722-8421782-54607866
32720633-7139453-61990294
46619544-6847124-78283622
64497366-4263566-92869488
78386277-3971237-09152816
82275188-2689908-16445244
96164099-1397679-23738672

Score 30 at 10%
00051900-0005340-30023000
14940811-9713011-47316438
28839722-8421782-54609866
32728633-7139453-61992294
46617544-6847124-78285622
64495366-4263566-92861488
78384277-3971237-09154816
82273188-2689908-16447244
96162099-1397679-23730672

God speed, jehnx.

Ramzi

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=222673#post484206) by Ramzi


I know what the variables are already though. I included that information in my first post. The variables are your score, and your percent won in that difficulty. The server checks and makes sure that the verification code is legitimate, so it wouldn't matter what machine I tried it on using what user name.


The variables are only the score & your percent, maybe not.
You cannot understand that without trying using different input for other probable variables.
Yes, this seems to be obvious that the only variables are the score & the percent, but cryptology is not based on obviosity...
:hiphop: :smokes:

these numbers are inert sequences, look at the first digits of each set of 8#s-7#s-8#s

10 Points with 20%

0 8 0 2 2 5 8 8
8 0 8 8 1 1 4
1 8 0 4 3 2 6 2

0 - 8 - 1
0 - 1 and 8

1 2 9 1 1 4 9 9
7 7 9 6 8 8 5
2 5 3 3 6 6 9 0
1 - 7 - 2
1 - 2 and 7

follow down the line
Each set of variables are coded in a sequence of 0-9
By adding the following set, you get the next number:

[+1][+4][+9][+9][+9][+9][+1][+1]
[+9][+7][+1][+8][+7][+7][+1]
[+1][+7][+3][+9][+3][+4][+3][+2]

So what? Well, now we can figure the missing keys in the set for 10pts with 20%:

0: Got it
1: Got it
2: Got it
3: Got it
4: 44688122 - 4820998 - 56205884
5: 58577033 - 3538669 - 63598216
6: Got it
7: Got it
8: Got it
9: 94133777 - 9370443 - 0 ect.

Now we simplify the code key

0XXX[% / 10]XAA - XXAXXXX - XXXXXXXX

Notice how the percent divided by "10" is ALWAYS the 5th digit in the first sequence?
And the 7th and 8th are ALWAYS equal?
Well, I'll continue the rest later, but you get the idea, keep breaking it down, it's barely an algorithm.

But the final solution is going to take a leap of faith of your part…

Stupid question. Why don't you just use a program like ArtMoney Game Cheater at http://download.com.com/3000-2121-9394738.html?legacy=cnet to modify the score BEFORE you submit it?
Cheers,
cgkanchi

you could just get a decompiler and decompile Snood... then you could just look through the source code until you find the algorithm...

ShinMei:

Do you REALLY want to look through a whole heck lot of uncommented optimized assembly language? That's sort of like taking a CD and looking at it with a microscope to see what it contains.

It provides many hours (read weeks) of time-consuming fun (read monotony), however.

Then again, I'm probably one of the few here who actually would find that fun, and I don't have time (school, final exams).