Elementary school students never thought that they could be thrashed by college students, PhD students, and even programmer bigwigs for doing an oral math practice problem of addition, subtraction, multiplication, and division!
Recently, this "Ape Mental Calculation" App with PK function has been on fire, who would have thought that a very simple PK of answering questions for elementary school students has evolved into the fourth Ninja World War!
At first, it was still a friendly PK for elementary school students, and then a wave of college students suddenly flooded in to kick off the game, which was called "college students frying fish" by netizens; as the battle intensified, master's degree students and doctoral degree students also joined the battlefield, which directly turned the elementary school students' learning software into an eSports game, and who said that freshman year isn't the first year anymore? This is very much in line with the state of mind of contemporary college students.
However, suddenly a mysterious force appears and it is the programmer who joins the battlefield with technology!Auto-answer one question per second The parents can do nothing but complain under the APP to strictly investigate the plug-ins.
At this time, many people do not realize that the PK of oral arithmetic for elementary school students has evolved into an algorithmic academic exchange competition between universities and programmers!
Various gods have been improving the algorithm overnight, and the data on the leaderboard is getting more and more outrageous, even rolled up to 0.1 seconds a question!
For a demonstration of how the algorithm works, check out the B-site video I posted:/video/BV1xp2hYHEVn
Interfaces are also ports and algorithms are also calculations, there's nothing wrong with that.
At this point, the official had to step in to protect the students, and the battle evolved into a game between the official and the majority of programmers. In just a few days, there are several pages of open-source oral arithmetic scripts on GitHub, and programmer gods have also found a variety of second-quick answer programs.
The official just messed with the encryption and the programmer webmasters immediately managed to decrypt it to the point that theweb rumor Officials have to overpay for anti-crawl algorithm engineers, I suggest just recruiting these open source gurus.
Implementation methodology
This is what happened, I believe my friends are also very curious about the realization principle behind the question of second answer, here I take a few script projects with the highest ranking on GitHub as an example, and share 4 ways to realize it. Of course, in order to give students a better learning experience, I won't demonstrate the specific operation method here, which will soon be suppressed by the officials anyway.
Method 1, OCR recognition + analog operation
First run the app on your computer using an emulator, use Python to read the questions at specific locations on the interface, then use OCR recognition technology to recognize the question images as text and input them to the algorithmic program to answer the questions, and finally use Python's pyautogui library to simulate a human being clicking on and typing in the answers.
This method is better understood and has the widest range of applications, but the disadvantage is that the recognition is limited, and if the topic is more complex, the accuracy is not well guaranteed.
See the open source repository for details:/ChaosJulien/XiaoYuanKouSuan_Auto
Method 2: Grabbing packets to get questions and answers
The Python script captures the App's web request packets, gets the questions and answers from them, and then fills in the answers automatically by simulating a swipe operation via ADB (Android Debug Bridge). However, with the official upgraded interface and encrypted data, this method is no longer effective.
See the open source repository for details:/cr4n5/XiaoYuanKouSuan
Method 3: Grab the packet + Modify the answer
This method is very violent! First of all, intercept the network request of Mouth Calculation App to get the question data and answer through the packet grabbing tool, and then modify the answer in the request body to be all "1", so that you can simulate the operation through ADB, and input 1 every time to finish the answer quickly.According to the test it is possible to achieve an answer time close to 0 seconds!
However, this method only works for the practice field, presumably because the logic of answering questions in the practice field is simpler, and there is no complex checking like in the PK field.
See the open source repository for details:/cr4n5/XiaoYuanKouSuan
Method 4: Modify the JavaScript file of PK field
This method is even more violent! Modify the App's internal JavaScript file to change the answer logic in PK field mode. This is done by analyzing the JavaScript response for theisRight
function, find the logic used to determine whether an answer is correct or not, then replace it with true to force all answers to be determined as correct, and then just tap like crazy.
See the open source repository for details:/cr4n5/XiaoYuanKouSuan
This is possible because the App was developed using a hybrid app architecture, and some functions use WebView to load web content. Moreover, since the PK field answer logic is verified at the front-end, instead of sending all requests to the server for verification, it is possible to bypass the question verification by directly modifying the front-end JS file.
official countermeasure
Officials have gone to great lengths to protect the learning experience for elementary school students.
First of all, strengthened user authentication and management, to prevent college students fried fish students; and in order to take care of college students friends, but also opened a "Peak Match" mode, so that we can also be with the strength of the competition PK.
I suggest adding another programmer mode to also give programmers who love to play with algorithms a chance to compete.
In fact, from a technical point of view, it is not difficult to combat the above mentioned question answering scripts. For example, we can detect the running environment of the App and limit the answers if we find that it is a simulator; we can change the display mode of the questions to fight against OCR identification; we can randomly display part of the UI so that the scripts can't easily click on the correct answers through the hard-coded coordinates; and we can analyze the user's answering speed and operation mode to identify the scripts, for example, the users who are answering the questions faster than 0.1 seconds have obviously exceeded the human's limit.
Isn't 0.0 seconds a bit much (powerful) for this friend?
However, the most critical point is that at present, the App's judging logic is responsible for processing in the front-end, which means that the verification of question answers can be carried out locally without having to communicate with the server, which gives attackers the opportunity to modify the front-end files. Although the official defense has been strengthened by means of interface encryption and behavioral analysis, but the cure is not the root cause, or the judging logic is transferred to the server side, which will be more reliable.
Of course, business processes can't be changed that quickly.
But now the situation is not bad, college students friends happy, programmers have fun, oral calculation App traffic win hemp, can be said to be happy!
Wait, there's something wrong. Stop bullying our elementary school kids!