05-02-2024, 04:33 PM
Hey yall, so lately I have been bored after checking up on clarty and not seeing anything new on the rise, so I decided to reverse engineer kiwifarms anti DDoS protection for fun lol
kiwifarms basically uses a Proof of work system to prevent people from just attacking their site with a DDoS attack, now sadly this means we can't scrape much of the fun stuff from their site
but luckily I figured out how to reverse engineer and automate their anti DDoS Proof of work system for the heck of it
the site gives you a waiting page that has a string of random characters. with the string of characters the site gave you, you have to guess the right number that comes after it where once it is put inside a sha256 hashing algorithm, the output will start with the needed amount of leading zero's
now the difficulty or the amount of leading zero's the site wanted usually sit at 16bit which isn't that hard and could be solved in less than a second.
Anyways here's the semi de obfuscated Javascript files that does these Proof of work challenges on your browser that helped in figuring out how the site works:
/.sssg/public/challenge.js
/.sssg/public/worker.js
and here is the python script I used to automate/emulate shit:
https://pastebin.com/HbjwidWZ
dependencies:
requests
beautifulsoup4
anyways, make sure to have fun ;D
kiwifarms basically uses a Proof of work system to prevent people from just attacking their site with a DDoS attack, now sadly this means we can't scrape much of the fun stuff from their site
but luckily I figured out how to reverse engineer and automate their anti DDoS Proof of work system for the heck of it
the site gives you a waiting page that has a string of random characters. with the string of characters the site gave you, you have to guess the right number that comes after it where once it is put inside a sha256 hashing algorithm, the output will start with the needed amount of leading zero's
now the difficulty or the amount of leading zero's the site wanted usually sit at 16bit which isn't that hard and could be solved in less than a second.
Anyways here's the semi de obfuscated Javascript files that does these Proof of work challenges on your browser that helped in figuring out how the site works:
/.sssg/public/challenge.js
/.sssg/public/worker.js
and here is the python script I used to automate/emulate shit:
https://pastebin.com/HbjwidWZ
dependencies:
requests
beautifulsoup4
anyways, make sure to have fun ;D