Hey there, I'm Morcel Nougat, elf extraordinaire!
You won't believe this, but we're on a magical tropical island called Christmas Island, and it even has snow!
I'm so glad ChatNPT suggested we come here this year!
Santa, some elves, and I are having a snowball fight, and we'd love you to join us. Santa's really good, so trust me when I say it's way more fun when played with other people.
But hey, if you can figure out a way to play solo by tinkering with client side variables or parameters to go solo mode, go for it!
There's also ways to make the elves' snowballs do no damage, and all kinds of other shenanigans, but you didn't hear that from me.
Just remember, it's all about having fun and sharing the joy of the holiday season with each other.
So, are you in? We'd really love your company in this epic snowball battle!
Morcel already gave us the tip to experiment with the parameters. So let's take a look at which URL is called up when we start the game (we can use the developer tools built into our favorite browser, right click in the game window and select inspect
or view source
, just be aware of selecting the iframe window):
So the game is using the following URL: https://hhc23-snowball.holidayhackchallenge.com/room/?username=myusername&roomId=9933a92f&roomType=private&gameType=co-op&id=myID&dna=ATATATTAATATATATATATATATATATATATCGGCCGATATATATATATATTACGATATATATATATATGCATATTAGCATATATATATATATGCATATATATATATATGCATATATTA&singlePlayer=false
Of course we can look into the source code, but the parameter singlePlayer
looks exactly like what we need.
A very easy way to change this on the fly is BurpSuite. We switch to the Proxy tab and then to Proxy Settings. We then enter a rule so that every false
is turned into a true
. Of course, there is a nicer way to do this, but sometimes a simple, straightforward solution is enough.
If we now start the game again, we no longer have to wait for a second player and can go straight to Santa and the elves in the snowball fight.
It wasn't an easy fight, but we were able to prove ourselves.
After successful completion, Morcel tells us:
You're like a snowball fighting ninja! A real-life legend. Can I have your autograph!?