Bruteforcing not working

[AntonUden]

PS C:\Users\Desktop\Helix-master> py .\helix.py -c
Bruteforcing game code...
The current code is: 5200
PS C:\Users\Desktop\Helix-master> py .\helix.py -c
Bruteforcing game code...
The current code is: 5300
PS C:\Users\Desktop\Helix-master> py .\helix.py -c
Bruteforcing game code...
The current code is: 3400
PS C:\Users\Desktop\Helix-master> py .\helix.py -c
Bruteforcing game code...
The current code is: 4400
PS C:\Users\Desktop\Helix-master> py .\helix.py -c
Bruteforcing game code...
The current code is: 1000

[AntonUden]

output from https://helixgame.liseberg.se/checkgamecode looks like this
{
"status": 200,
"data": {
"status": "invalid"
}
}

if i change
if js['data'] != "invalid":
to
if js['data']['status'] != "invalid":

but now it says

py .\helix.py -c
Bruteforcing game code...
The current code is: 0

[AntonUden]

they added udid to checkCode

` checkCode: function(func, code) {
console.log("DATAMANAGER: " + this.SERVICE_VALIDATE_GAME_CODE);

//  Build data to send
var data = "";
data += "code=" + code;
data += "&udid=" + this.fingerprint;

// udid, score, session
var request = new PIXI.AjaxRequest();
request.open("POST", this.SERVICE_VALIDATE_GAME_CODE, true);
request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");

var scope = this;
request.onload = function() {
  // do something to response
  var result;
  try {
    result = JSON.parse(this.responseText);
  } catch (error) {}

  if (result && result.status && result.status == 200) {
    var response = result.data;

    var isValid = response.status == "invalid" ? false : true;

    if (isValid) {
      // Save for later use
      scope.latestCode = code;
      scope.sessionToken = response.token;

      scope.codeTimestamp = new Date().getTime();

      // Unlock bonus game and schedule notification
      // and set badge number.
      // First, get current unlock time for the bonus game, if any
      var unlockTimestamp = Helix.Storage.getValue("bonusGameUnlockTimestamp");

      console.log("UNLOCK TIME STAMP: " + unlockTimestamp);

      // We don't want to set it again if already set, so find out if it is
      if (unlockTimestamp == undefined) {
        // The bonus game unlock time stamp isn't set, so we'll do that
        // now.
        var timestamp = new Date().getTime() / 1000;

        // Add 24 hours because we want it unlocked tomorrow
        timestamp += 60 * 60 * 24;

        // Save unlock time stamp to storage, to be able to retrieve it later
        Helix.Storage.setValue("bonusGameUnlockTimestamp", timestamp, true);

        // Schedule notification and badge number
        var notifications = new Helix.NotificationManager();
        notifications.scheduleNotification("Bonusspel", "Grattis! Bonusspelet är upplåst.", timestamp, undefined);
        notifications.scheduleBadgeNumber(1, timestamp);
      }
    }

    func(isValid);
  } else {
    func(false);
  }
};

//
request.send(data);

},`

[Hagmar]

Hi, thanks for the flag! There are actually other changes in addition to this, because right now every tested code will get the same response even with a udid. Although I suppose it's also possible that the udid I'm currently using is invalid...