Checks
Check is a common parameter in requests, which is intended to "improve security".
It is often sent in request as chk
.
Check is generated like so:
- Take an arbitrary amount of values.
- Combine them and add salt if there is one.
- Apply SHA-1 hashing to combined values and get its hexadecimal digest.
- Apply XOR Cipher to the digest with the desired key.
- Base64 encode the result.
Code
The generator can be implemented like this:
from hashlib import sha1 as standard_sha1
from typing import Iterable
EMPTY = str()
concat = EMPTY.join
DEFAULT_ENCODING = "utf-8"
DEFAULT_ERRORS = "strict"
def sha1_string(
string: str, salt: str = EMPTY, encoding: str = DEFAULT_ENCODING, errors: str = DEFAULT_ERRORS
) -> str:
return standard_sha1((data + salt).encode(encoding, errors)).hexdigest()
def generate_check(
values: Iterable[str],
key: str,
salt: str = EMPTY,
encoding: str = DEFAULT_ENCODING,
errors: str = DEFAULT_ERRORS,
) -> str:
string = concat(values)
hashed = sha1_string(string, encoding, errors)
xored = cyclic_xor_string(hashed, key, encoding, errors)
encoded = encode_base64_string_url_safe(xored, encoding, errors)
return encoded
XOR keys can be found here.
Here is a summary of Check values and explanations on their generation:
name |
description |
levelID |
ID of the level to download. |
inc |
Unknown functionality. Set to 1 . |
rs |
Random String. |
accountID |
Account ID of the user downloading the level. |
udid |
UDID of the user. |
uuid |
UUID of the user. |
name |
description |
userName |
Name of the user commenting. |
comment |
The content of the comment. |
levelID |
The ID of the level containing the comment (0 for user comments). |
percent |
The percentage on the level (0 for user comments). |
cType |
The comment type (0 for level comments, 1 for user comments). |
name |
description |
chk |
To generate: random string of length 5 + [encoded random integer][robtop]. |
name |
description |
chk |
To generate: random string of length 5 + [encoded random integer][robtop]. |
name |
description |
special |
Special value. 0 for levels, levelID for level comments, commentID for user comments. |
itemID |
ID of the level comment, level or user comment. |
like |
Whether to like the item. |
rs |
Random String. |
accountID |
Account ID of the user (dis)liking an item. |
udid |
UDID of the user. |
uuid |
UUID of the user. |
name |
description |
accountID |
The account ID of the user updating. |
userCoins |
The user coins count. |
demons |
The demons beaten count. |
stars |
The stars count. |
coins |
The secret coins count. |
iconType |
The icon type. |
icon |
ID of the icon. |
diamonds |
The diamonds count. |
accIcon |
ID of the cube selected. |
accShip |
ID of the ship selected. |
accBall |
ID of the ball selected. |
accBird |
ID of the UFO selected. |
accDart |
ID of the wave selected. |
accRobot |
ID of the robot selected. |
glow |
Whether to enable glow. |
accSpider |
ID of the spider selected. |
accExplosion |
ID of the explosion selected. |
name |
description |
accountID |
The account ID of the user requesting. |
levelID |
ID of the level to find leaderboard for. |
percent |
The record percentage on the level. |
jumps |
The total count of jumps on the level. |
attempts |
The total count of attempts spent. |
seed |
See generating leaderboard seed for more information. |
differences |
Personal best differences, e.g 0 -> 13 -> 100 => 13,87 . |
unknown |
Unknown functionality. Set to 1 . |
coins |
The coins count on the level. |
timelyID |
The timely ID of the level (0 if not timely). |
seed |
Random String. |
Salts
salt |
usage |
xI25fpAapCQg |
Level |
xPT6iUrtws0J |
Comment |
ysg6pUrtjn0J |
Like or Rate |
xI35fsAapCRg |
User |
yPg6pUrtWn0J |
Level Leaderboard |