Hacker News new | past | comments | ask | show | jobs | submit login

something similar

  eval(atob('ZnVuY3Rpb24gdXBkYXRlKCkgewogIGlmICghdGlja3MpIHsKICAgIHBsYXllciA9IHsgeDogNDAsIHZ4OiAxIH07CiAgICBlbmVteSA9IHsgeDogMTAwLCBleWVWeDogMCB9OwogICAgbXVsdGlwbGllciA9IDA7CiAgICBhZGREb3RzKCk7CiAgICBwb3dlclRpY2tzID0gYW5pbVRpY2tzID0gMDsKICB9CiAgYW5pbVRpY2tzICs9IGRpZmZpY3VsdHk7CiAgY29sb3IoImJsYWNrIik7CiAgdGV4dChgeCR7bXVsdGlwbGllcn1gLCAzLCA5KTsKICBpZiAoaW5wdXQuaXNKdXN0UHJlc3NlZCkgewogICAgcGxheWVyLnZ4ICo9IC0xOwogIH0KICBwbGF5ZXIueCArPSBwbGF5ZXIudnggKiAwLjUgKiBkaWZmaWN1bHR5OwogIGlmIChwbGF5ZXIueCA8IC0zKSB7CiAgICBwbGF5ZXIueCA9IDEwMzsKICB9IGVsc2UgaWYgKHBsYXllci54ID4gMTAzKSB7CiAgICBwbGF5ZXIueCA9IC0zOwogIH0KICBjb2xvcigiYmx1ZSIpOwogIHJlY3QoMCwgMjMsIDEwMCwgMSk7CiAgcmVjdCgwLCAyNSwgMTAwLCAxKTsKICByZWN0KDAsIDM0LCAxMDAsIDEpOwogIHJlY3QoMCwgMzYsIDEwMCwgMSk7CiAgY29sb3IoImdyZWVuIik7CiAgY29uc3QgYWkgPSBmbG9vcihhbmltVGlja3MgLyA3KSAlIDQ7CiAgY2hhcihhZGRXaXRoQ2hhckNvZGUoImEiLCBhaSA9PT0gMyA/IDEgOiBhaSksIHBsYXllci54LCAzMCwgewogICAgLy8gQHRzLWlnbm9yZQogICAgbWlycm9yOiB7IHg6IHBsYXllci52eCB9LAogIH0pOwogIHJlbW92ZShkb3RzLCAoZCkgPT4gewogICAgY29sb3IoCiAgICAgIGQuaXNQb3dlciAmJiBmbG9vcihhbmltVGlja3MgLyA3KSAlIDIgPT09IDAgPyAidHJhbnNwYXJlbnQiIDogInllbGxvdyIKICAgICk7CiAgICBjb25zdCBjID0gY2hhcihkLmlzUG93ZXIgPyAiZyIgOiAiZiIsIGQueCwgMzApLmlzQ29sbGlkaW5nLmNoYXI7CiAgICBpZiAoYy5hIHx8IGMuYiB8fCBjLmMpIHsKICAgICAgaWYgKGQuaXNQb3dlcikgewogICAgICAgIHBsYXkoImp1bXAiKTsKICAgICAgICBpZiAoZW5lbXkuZXllVnggPT09IDApIHsKICAgICAgICAgIHBvd2VyVGlja3MgPSAxMjA7CiAgICAgICAgfQogICAgICB9IGVsc2UgewogICAgICAgIHBsYXkoImhpdCIpOwogICAgICB9CiAgICAgIGFkZFNjb3JlKG11bHRpcGxpZXIpOwogICAgICByZXR1cm4gdHJ1ZTsKICAgIH0KICB9KTsKICBjb25zdCBldnggPQogICAgZW5lbXkuZXllVnggIT09IDAKICAgICAgPyBlbmVteS5leWVWeAogICAgICA6IChwbGF5ZXIueCA+IGVuZW15LnggPyAxIDogLTEpICogKHBvd2VyVGlja3MgPiAwID8gLTEgOiAxKTsKICBlbmVteS54ID0gY2xhbXAoCiAgICBlbmVteS54ICsKICAgICAgZXZ4ICoKICAgICAgICAocG93ZXJUaWNrcyA+IDAgPyAwLjI1IDogZW5lbXkuZXllVnggIT09IDAgPyAwLjc1IDogMC41NSkgKgogICAgICAgIGRpZmZpY3VsdHksCiAgICAwLAogICAgMTAwCiAgKTsKICBpZiAoKGVuZW15LmV5ZVZ4IDwgMCAmJiBlbmVteS54IDwgMSkgfHwgKGVuZW15LmV5ZVZ4ID4gMCAmJiBlbmVteS54ID4gOTkpKSB7CiAgICBlbmVteS5leWVWeCA9IDA7CiAgfQogIGNvbG9yKAogICAgcG93ZXJUaWNrcyA+IDAKICAgICAgPyBwb3dlclRpY2tzIDwgMzAgJiYgcG93ZXJUaWNrcyAlIDEwIDwgNQogICAgICAgID8gImJsYWNrIgogICAgICAgIDogImJsdWUiCiAgICAgIDogZW5lbXkuZXllVnggIT09IDAKICAgICAgPyAiYmxhY2siCiAgICAgIDogInJlZCIKICApOwogIGNvbnN0IGMgPSBjaGFyKAogICAgZW5lbXkuZXllVnggIT09IDAgPyAiaCIgOiBhZGRXaXRoQ2hhckNvZGUoImQiLCBmbG9vcihhbmltVGlja3MgLyA3KSAlIDIpLAogICAgZW5lbXkueCwKICAgIDMwLAogICAgewogICAgICAvLyBAdHMtaWdub3JlCiAgICAgIG1pcnJvcjogeyB4OiBldnggfSwKICAgIH0KICApLmlzQ29sbGlkaW5nLmNoYXI7CiAgaWYgKGVuZW15LmV5ZVZ4ID09PSAwICYmIChjLmEgfHwgYy5iIHx8IGMuYykpIHsKICAgIGlmIChwb3dlclRpY2tzID4gMCkgewogICAgICBwbGF5KCJwb3dlclVwIik7CiAgICAgIGFkZFNjb3JlKDEwICogbXVsdGlwbGllciwgZW5lbXkueCwgMzApOwogICAgICBlbmVteS5leWVWeCA9IHBsYXllci54ID4gNTAgPyAtMSA6IDE7CiAgICAgIHBvd2VyVGlja3MgPSAwOwogICAgICBtdWx0aXBsaWVyKys7CiAgICB9IGVsc2UgewogICAgICBwbGF5KCJleHBsb3Npb24iKTsKICAgIH0KICB9CiAgcG93ZXJUaWNrcyAtPSBkaWZmaWN1bHR5OwogIGlmIChkb3RzLmxlbmd0aCA9PT0gMCkgewogICAgcGxheSgiY29pbiIpOwogICAgYWRkRG90cygpOwogIH0KfQ=='))
when tired just call end()

probably better to manipulate the score directly but its not fun that way :)




Not sure why you obfuscated it but here's the code for anyone curious:

    function update() {
      if (!ticks) {
        player = { x: 40, vx: 1 };
        enemy = { x: 100, eyeVx: 0 };
        multiplier = 0;
        addDots();
        powerTicks = animTicks = 0;
      }
      animTicks += difficulty;
      color("black");
      text(`x${multiplier}`, 3, 9);
      if (input.isJustPressed) {
        player.vx *= -1;
      }
      player.x += player.vx * 0.5 * difficulty;
      if (player.x < -3) {
        player.x = 103;
      } else if (player.x > 103) {
        player.x = -3;
      }
      color("blue");
      rect(0, 23, 100, 1);
      rect(0, 25, 100, 1);
      rect(0, 34, 100, 1);
      rect(0, 36, 100, 1);
      color("green");
      const ai = floor(animTicks / 7) % 4;
      char(addWithCharCode("a", ai === 3 ? 1 : ai), player.x, 30, {
        // @ts-ignore
        mirror: { x: player.vx },
      });
      remove(dots, (d) => {
        color(
          d.isPower && floor(animTicks / 7) % 2 === 0 ? "transparent" : "yellow"
        );
        const c = char(d.isPower ? "g" : "f", d.x, 30).isColliding.char;
        if (c.a || c.b || c.c) {
          if (d.isPower) {
            play("jump");
            if (enemy.eyeVx === 0) {
              powerTicks = 120;
            }
          } else {
            play("hit");
          }
          addScore(multiplier);
          return true;
        }
      });
      const evx =
        enemy.eyeVx !== 0
          ? enemy.eyeVx
          : (player.x > enemy.x ? 1 : -1) * (powerTicks > 0 ? -1 : 1);
      enemy.x = clamp(
        enemy.x +
          evx *
            (powerTicks > 0 ? 0.25 : enemy.eyeVx !== 0 ? 0.75 : 0.55) *
            difficulty,
        0,
        100
      );
      if ((enemy.eyeVx < 0 && enemy.x < 1) || (enemy.eyeVx > 0 && enemy.x > 99)) {
        enemy.eyeVx = 0;
      }
      color(
        powerTicks > 0
          ? powerTicks < 30 && powerTicks % 10 < 5
            ? "black"
            : "blue"
          : enemy.eyeVx !== 0
          ? "black"
          : "red"
      );
      const c = char(
        enemy.eyeVx !== 0 ? "h" : addWithCharCode("d", floor(animTicks / 7) % 2),
        enemy.x,
        30,
        {
          // @ts-ignore
          mirror: { x: evx },
        }
      ).isColliding.char;
      if (enemy.eyeVx === 0 && (c.a || c.b || c.c)) {
        if (powerTicks > 0) {
          play("powerUp");
          addScore(10 * multiplier, enemy.x, 30);
          enemy.eyeVx = player.x > 50 ? -1 : 1;
          powerTicks = 0;
          multiplier++;
        } else {
          play("explosion");
        }
      }
      powerTicks -= difficulty;
      if (dots.length === 0) {
        play("coin");
        addDots();
      }
    }


Why would anyone even consider pasting obfuscated JS into their console, on HN of all places, is beyond me.


No different than clicking on the links, right?

(Admittedly I typically browse with JS disabled...)


Theoretically, what's the worst thing that could happen - given it's a pacman game's console and not your online bank's?


I recall manually entered commmands have access to some APIs that are not normally accessible. Maybe timing related? So in the theoretical extreme, a timing attack to access something in your entire system memory and upload it via HTTP... while you watch the game play :)


Do they? It's easy enough to 'give' any API accessible to the console to the page by setting a variable from the page to point to a console-only accessible function.

Given there aren't many sites that say "just open the console and paste this command to win the big prize", I suspect that any console-only API's aren't very powerful if they exist at all.


Browsers now require you to manually type 'allow pasting':

https://developer.chrome.com/blog/new-in-devtools-120#self-x...


Because normies are extremely susceptible to things like "hack Facebook, see the PMs of any hot girl u want!111 just right-click and paste this into your browser console trust me bro"

As well as the usual engagement driving "challenges" like "Omg did you know there's no country starting with Z! Bet you can't think of one!" meanwhile comments are filled with "duuuuh Zanzibaaaar!" and post engagement is >>>>>>>>>>>>


This seems to make it possible for Pac-man to stick with the ghosts while still consuming pellets, so maybe still evading the rules of the game :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: