Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hackeando a votação do BBB com Python

Diógenes Fernandes
May 30, 2020
Programming
0
110

Hackeando a votação do BBB com Python

:)

Diógenes Fernandes

May 30, 2020
Tweet

More Decks by Diógenes Fernandes

See All by Diógenes Fernandes
ES6 - Consertando as partes ruins do JavaScript
diofeher
0
85
Brincando de músico usando WebAudioAPI
diofeher
0
78
How I made a Spacedrum
diofeher
0
94

Other Decks in Programming

See All in Programming
Implementing Design Systems in Swift
seyfoyun
1
460
Behind VS Code Extensions for JavaScript / TypeScript Linnting and Formatting
unvalley
6
1.2k
Micro Frontends for Java Microservices - Utah JUG 2024
mraible
PRO
1
110
Scalable Customer Journey Orchestration (CJO)
lewuathe
0
420
単体テストを書かない技術 #phpcon_odawara
o0h
PRO
27
8.5k
Deep Dive into React Stream/Serialize
mugi_uno
3
630
try! Swift Tokyo 2024 参加報告 / try! Swift Tokyo 2024 Report
hironytic
0
220
Compose-View Interop in Practice (mDevCamp 2024)
stewemetal
0
170
"config" ってなんだ? / What is "config"?
okashoi
0
250
From Spring Boot 2 to Spring Boot 3 with Java 21 and Jakarta EE
ivargrimstad
0
480
MetricKitで予期せぬ終了を検知する話 / Detect unexpected termination with MetricKit
nekowen
1
200
Komplexe Oberflächen mit SVG und der Web Animation API
joergneumann
0
680

Featured

See All Featured
Art, The Web, and Tiny UX
lynnandtonic
290
19k
The Invisible Side of Design
smashingmag
294
49k
In The Pink: A Labor of Love
frogandcode
138
21k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
358
22k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
65
14k
Become a Pro
speakerdeck
PRO
13
4.6k
The Art of Programming - Codeland 2020
erikaheidi
43
12k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3.1k
Building Applications with DynamoDB
mza
88
5.6k
VelocityConf: Rendering Performance Case Studies
addyosmani
321
23k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
123
39k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
323
20k

Transcript

  1. Hackeando a votação Hackeando a votação do Big Brother Brasil

    do Big Brother Brasil / Diógenes Fernandes @diofeher

  2. $whoami $whoami Jogo na equipe desde Fev/2018 Eng. de Segurança

    na Posto sobre programação / segurança no FireShell MessageBird Youtube

  3. v1 - Selenium + OpenCV v1 - Selenium + OpenCV

  4. None

  5. Login no Selenium Login no Selenium const login = async

    (page, email, password) => { page.goto(links.globoLoginURL, { waitUntil: "networkidle2" }); await page.waitForSelector('#login'); await page.type('#login', email); await page.type('#password', password); await page.click('[class="button ng-scope"]'); }

  6. Baixando as imagens de captcha Baixando as imagens de captcha

    (hook) (hook) if (hookUrl.startsWith(links.captchaURL)) { const res = await response.json(); const { symbol: icon, image } = res.data; fs.writeFile( `./src/images/${icon}.png`, image, "base64", (err) => {}); await votar(page, icon); }

  7. Chamando o script em python Chamando o script em python

    childProcess.execSync( `python ./src/compare_images.py "${iconText}"` )

  8. Quebrando e removendo as linhas Quebrando e removendo as linhas

    do captcha do captcha

  9. SIFT (Scale-Invariant Feature SIFT (Scale-Invariant Feature Transform) Transform)

  10. Banco de imagens Banco de imagens

  11. None

  12. Match Match matcher = cv2.xfeatures2d.SIFT_create(nfeatures=100) kp1, des1 = matcher.detectAndCompute(img1,None) kp2,

    des2 = matcher.detectAndCompute(img2,None) bf = cv2.BFMatcher() matches = bf.match(des1, des2) matches = sorted(matches, key=lambda val: val.distance) score = sum([i.distance for i in matches])

  13. Problemas? Problemas? O que acontece se as classes CSS ou

    o HTML mudam? E se eu quiser escalar? (Muitas instâncias do Chromium ao mesmo tempo) Bugs estranhos no DOM - Puppeteer
  14. None

  15. v2 - Requests + OpenCV v2 - Requests + OpenCV

  16. None

  17. Arquitetura Arquitetura

  18. Requisição ao servidor de votação Requisição ao servidor de votação

    POOL = '9489daaa-15ee-4a2e-8e8d-22391a58e23c' ROYALE_URL = 'royale.globo.com' response = self.session.post( f'https://{ROYALE_URL}/polls/{POOL}/session', params=params, headers=headers ) response_data = response.json() self.symbol = response_data['data']['symbol'] self.captchaSessionToken = response_data['sessionToken']

  19. Requisição ao servidor de captcha Requisição ao servidor de captcha

    response = self.session.post( 'https://captcha.globo.com/api/challenge/generate', params=params, headers=headers ) response_data = response.json() self.symbol = response_data['data']['symbol'] self.captchaSessionToken = response_data['sessionToken']

  20. Proof of Work (Prova de Trabalho) Proof of Work (Prova

    de Trabalho)

  21. Proof of Work (Prova de Trabalho) Proof of Work (Prova

    de Trabalho) break_pow('FIKHSU3LH2JSJK7VJHTVHVZDQM;5', 5) == 379107

  22. Proof of Work (Prova de Trabalho) Proof of Work (Prova

    de Trabalho) def break_pow(hashcash, zeroes): match = "0" * int(zeroes) count = 0 while True: count += 1 h = hashlib.sha1(f'{hashcash}{count}'.encode('utf-8')) if h.hexdigest().startswith(match): return count

  23. Concorrência - Manager Concorrência - Manager class AccountManager(object): self.accounts =

    accs self.q = Queue(maxsize=MAX_CONNS) def run(self): t1 = Thread( target=consumer, args=(self.q, self.accounts, self.participant) ); t1.start(); for _, creds in self.accounts.items(): t2 = Thread( target=producer, args=(self.q, creds, self.participant) ) t2.start()

  24. Concorrência - Produtor Concorrência - Produtor def producer(out_q, data, participant):

    username = data['username'] password = data['password'] semaphore.acquire() try: bot = UserBot(username, password, participant) bot.run() except Exception as e: print(f"{Fore.RED} Teve erro em {username}. {e} Testando com

  25. Concorrência - Consumidor Concorrência - Consumidor def consumer(in_q, accounts, participant):

    while True: username = in_q.get() accounts[username]['timestamp'] = datetime.datetime.now() for username, creds in accounts.items(): diff = datetime.datetime.now() - creds['timestamp'] if diff.seconds > RETRY_TIME: Thread( target=producer, args=(in_q, creds, participant) ).start()

  26. Inteligência Artificial Chinesa Inteligência Artificial Chinesa

  27. Vantagens? Vantagens? Somente Python Fácil de escalar (multi-thread)

  28. Desvantagens? Desvantagens? Engenharia Reversa de todo o código front-end Qualquer

    pequena mudança na arquitetura quebra o código Instalação complicada Trabalhoso de distribuir (build do instalador Windows) Alcance pequeno por ser mais técnico

  29. Extensão no Google Chrome + Extensão no Google Chrome +

    iFrame iFrame
  30. None

  31. Perguntas? Perguntas? @diofeher @diofeher