2012 Apr 30 11:54 PM UTC | Gaming⁷ Hacks⁹ JavaScript² Programming¹⁸ Python⁴ Web¹³ [2012]⁸

Have you ever heard of Blitz Chess? It’s a type of chess, with time limits on each side.

Google developers have made an App Engine sample. You can play at blitz.appspot.com, but you need to have a Google Account.

After playing a few times, it was fun, but I thought I should go further than that. I read the server’s Python code, and found a checkmate hack exploit. I even tampered HTTP requests and deleted all the losses I had accumulated. However, the deletion hack can also be done natively.

Now, I shall share some fun with you. Execute this JavaScript, and you can might be able to now move EVERYONE’s pieces ANYWHERE. Note that moving your pawn back one space can kill one of your pieces and promote it. This is now encoded, but a lite version is provided.

I also have one to delete your losses, but I won’t give it away as-is…

Enjoy (hit Read More if needed):

Here is one lite version (pawns get 1 extra space of movement), but there is also a pro version…

Chess.prototype.validatePawn=function(move,color){var coords=Chess.toCoords(move);if(color==Chess.WHITE&&coords.to.y<=coords.from.y){return false}else if(color==Chess.BLACK&&coords.to.y>=coords.from.y){return false}if(Chess.isVertical(coords)){var numSquares=Math.abs(coords.from.y-coords.to.y);if(numSquares>3||(numSquares>2&&this.hasMoved(move.from))){return false}var index=(color==Chess.WHITE?8:-8);var i=move.from;while(1){i=i+index;if(this.getPiece(i)!=Chess.BLANK){return false}if(i==move.to){break}}return true}else{if(!Chess.isDiagonal(coords)){return false}var dx=Math.abs(coords.from.x-coords.to.x);var dy=Math.abs(coords.from.y-coords.to.y);if(dx!=dy||dx>2){return false}if(this.getPiece(move.to)!=Chess.BLANK){return true}else{var capturedPawn=this.isEnPassant(move);var opposingPawn=(color==Chess.WHITE?'p':'P');if(capturedPawn!=null&&this.getPiece(capturedPawn)==opposingPawn){var lastMove=this.getLastMove();if(lastMove){if(lastMove.to==capturedPawn&&Math.abs(lastMove.from-lastMove.to)==16){return true}}}return false}}};

Here it is: (move anything anywhere, except to kill a king)

Z2FtZS5oYW5kbGVDbGljayUzZGZ1bmN0aW9uKCklN2JpZihnYW1lLmNhbk1vdmUpJTdiaWYoJTI0KHRoaXMpLmhhc0NsYXNzKCUyNnF1b3QlM2JzZWxlY3RlZCUyNnF1b3QlM2IpKSU3YiUyNCh0aGlzKS5yZW1vdmVDbGFzcyglMjZxdW90JTNic2VsZWN0ZWQlMjZxdW90JTNiKSU3ZGVsc2UraWYoJTI0KCUyNnF1b3QlM2Iuc2VsZWN0ZWQlMjZxdW90JTNiKS5zaXplKCklMjZndCUzYjApJTdidmFyK29sZFBvcyUzZCUyNCglMjZxdW90JTNiLnNlbGVjdGVkJTI2cXVvdCUzYikuYXR0ciglMjZxdW90JTNicG9zJTI2cXVvdCUzYiklM2J2YXIrbmV3UG9zJTNkJTI0KHRoaXMpLmF0dHIoJTI2cXVvdCUzYnBvcyUyNnF1b3QlM2IpJTNidmFyK29sZENsYXNzJTNkJTI0KCUyNnF1b3QlM2Iuc2VsZWN0ZWQlMjZxdW90JTNiKS5hdHRyKCUyNnF1b3QlM2Jwb3NDbGFzcyUyNnF1b3QlM2IpJTNidmFyK25ld0NsYXNzJTNkJTI0KHRoaXMpLmF0dHIoJTI2cXVvdCUzYnBvc0NsYXNzJTI2cXVvdCUzYiklM2J2YXIrcGllY2UlM2RnYW1lLmNoZXNzLmdldFBpZWNlKENoZXNzLnRvSW5kZXgob2xkUG9zKSklM2JpZihwaWVjZS50b0xvd2VyQ2FzZSgpJTNkJTNkJTI3cCUyNyklN2JpZihuZXdQb3MuY2hhckF0KDEpJTNkJTNkJTI3MSUyNyU3YyU3Y25ld1Bvcy5jaGFyQXQoMSklM2QlM2QlMjc4JTI3KSU3YmJsaXR6LmluaXRBbmREaXNwbGF5RGlhbG9nKCUyNyUyM3Byb21vdGVEaWFsb2clMjcpJTNiZ2FtZS5wZW5kaW5nTW92ZSUzZG9sZFBvcyUyYiUyNnF1b3QlM2ItJTI2cXVvdCUzYiUyYm5ld1BvcyUzYnJldHVybiU3ZCU3ZCUyNCh0aGlzKS5yZW1vdmUoKSUzYiUyNCglMjZxdW90JTNiLnNlbGVjdGVkJTI2cXVvdCUzYikucmVtb3ZlQ2xhc3Mob2xkQ2xhc3MpLmFkZENsYXNzKG5ld0NsYXNzKSUzYmdhbWUuc2VuZE1vdmVUb1NlcnZlcihvbGRQb3MlMmIlMjZxdW90JTNiLSUyNnF1b3QlM2IlMmJuZXdQb3MpJTdkZWxzZSU3YiUyNCglMjZxdW90JTNiLnBpZWNlJTI2cXVvdCUzYikucmVtb3ZlQ2xhc3MoJTI2cXVvdCUzYnNlbGVjdGVkJTI2cXVvdCUzYiklM2IlMjQodGhpcykuYWRkQ2xhc3MoJTI2cXVvdCUzYnNlbGVjdGVkJTI2cXVvdCUzYiklN2QlN2QlN2QlM2IlMjQoJTI2cXVvdCUzYi5nYW1lQm9hcmQrLnBpZWNlJTI2cXVvdCUzYikudW5iaW5kKCUyN2NsaWNrJTI3KSUzYiUyNCglMjZxdW90JTNiLmdhbWVCb2FyZCsucGllY2UlMjZxdW90JTNiKS5jbGljayhnYW1lLmhhbmRsZUNsaWNrKQ==

And if you can get to it, you can also delete your losses/ties.

ZnVuY3Rpb24rcmVmcmVzaFBhZ2UoKSU3YmxvY2F0aW9uLnJlbG9hZCgpJTdkJTNiJTI0KCUyNnF1b3QlM2JhLmJ0biUyNnF1b3QlM2IpLnVuYmluZCglMjYlMjMzOSUzYmNsaWNrJTI2JTIzMzklM2IpLmNsaWNrKGZ1bmN0aW9uKGFyZ3MpJTdidmFyK3JlZiUzZHRoaXMuZ2V0QXR0cmlidXRlKCUyNiUyMzM5JTNicmVmJTI2JTIzMzklM2IpJTNidmFyK2tleSUzZHRoaXMuZ2V0QXR0cmlidXRlKCUyNiUyMzM5JTNia2V5JTI2JTIzMzklM2IpJTNidmFyK29wdGlvbnMlM2QlN2J1cmwlM2ElMjZxdW90JTNiJTJmZ2FtZV9hamF4JTJmJTI2cXVvdCUzYiUyYihyZWYlM2ZyZWYlM2FrZXkpJTJjdHlwZSUzYSUyNnF1b3QlM2JERUxFVEUlMjZxdW90JTNiJTJjc3VjY2VzcyUzYXJlZnJlc2hQYWdlJTdkJTNiJTI0LmFqYXgob3B0aW9ucyklN2QpLnRleHQoJTI2JTIzMzklM2JEZWxldGUlMjYlMjMzOSUzYiklM2I=

How do you use it? Well, you have to decode it (thrice) first, then you can execute it into your browser’s JavaScript console. Finally, enjoy!