Holiday Hack 2024: Elf Connect
Introduction
Around the corner from Jingle I’ll find Angel Candysalt by a terminal named Elf Connect:
Angel requests my help:
Angel Candysalt
Welcome back, island adventurer! I’m Angel Candysalt — so happy to finally meet you!
I’m thrilled you’re here because I could really use a hand with something.
Have you ever heard of a game called Connections?
It’s simple! All you need to do is find groups of four related words.
I’ve been stuck on it all day, and I’m sure someone as sharp as you will breeze through it.
Oh, and while you’re at it, check out randomElf’s score — they hit fifty thousand points, which seems… oddly suspicious.
Think they might have tampered with the game? Just a hunch!
Elf Connect
The game launches with a scroll of instructions:
There’s 16 words that I need to group into groups of four:
When I get a group, I get 100 points and the group turns a darker blue and moves to the top:
Video Solution
I’ll show a few ways to hack this game in a video solution:
Silver Solution
Solve By Knowledge
The game has four levels, each with four groups of four. I can solve these just by legit playing the game:
- Level 1:
- Comet, Vixen, Prancer, Blitzen - Santa’s reindeer
- Jingle Bells, White Christmas, Crosby, Belafonte - Christmas songs / singers
- Tinsel, Garland, Star, Lights - Christmas decorations
- Sleigh, Mittens, Bag, Gifts - Things Santa brings with him.
- Level 2:
- burp, OWASP Zap, Nikto, wfuzz - Web enumeration tools
- Metasploit, Cobolt Strike, HAVOC, Empire - C2 frameworks
- Nmap, netcat, Wireshark, Nessus - Network enumeration tools
- AppMon, apktool, Frida, Cycript - Mobile application reversing tools
- Level 3:
- AES, RSA, Blowfish, 3DES - Modern encryption algorithms
- WEP, WPA2, TKIP, LEAP - Wireless security protocols
- Symmetric, Asymmetric, hash, hybrid - Encryption protocols
- Caesar, One-time Pad, Ottendorf, Scytale - Historic encryption algorithms
- Level 4:
- IGMP, IPX, IP, ICMP - Layer 3 protocols
- TLS, SSL, IPSec, SSH - Encrypted protocols
- Ethernet, PPP, IEEE 802.11, ARP - Layer 2 protocols
- HTTP, FTP, SMTP, DNS - Layer 7 protocols
Answering those grants the Silver accomplishment.
Source Analysis
On line 60 of the index.html file, there’s a structure that definds four groups of words:
const wordSets = {
1: ["Tinsel", "Sleigh", "Belafonte", "Bag", "Comet", "Garland", "Jingle Bells", "Mittens", "Vixen", "Gifts", "Star", "Crosby", "White Christmas", "Prancer", "Lights", "Blitzen"],
2: ["Nmap", "burp", "Frida", "OWASP Zap", "Metasploit", "netcat", "Cycript", "Nikto", "Cobalt Strike", "wfuzz", "Wireshark", "AppMon", "apktool", "HAVOC", "Nessus", "Empire"],
3: ["AES", "WEP", "Symmetric", "WPA2", "Caesar", "RSA", "Asymmetric", "TKIP", "One-time Pad", "LEAP", "Blowfish", "hash", "hybrid", "Ottendorf", "3DES", "Scytale"],
4: ["IGMP", "TLS", "Ethernet", "SSL", "HTTP", "IPX", "PPP", "IPSec", "FTP", "SSH", "IP", "IEEE 802.11", "ARP", "SMTP", "ICMP", "DNS"]
};
Each group is 16 items. On line 69, it defines the indexes of the groups for each round:
let correctSets = [
[0, 5, 10, 14], // Set 1
[1, 3, 7, 9], // Set 2
[2, 6, 11, 12], // Set 3
[4, 8, 13, 15] // Set 4
];
This is enough to match up the answers.
Solve
Print Answers
I’ll use some JavaScript in the dev console:
correctSets.forEach(set => {
const words = set.map(index => wordSets[round][index]).join(", ");
console.log(words);
});
This prints the solutions for this round:
Automation
That’s still a lot of clicking. I want to find code that can just do the submissions for me. I’ll start in the source, and find this section in the loop over each of the boxes added to the game:
box.on('pointerdown', function () {
if (!this.selected) {
this.setStyle({ backgroundColor: '#edbb99' }); // card color selected
this.selected = true;
selectedBoxes.push(this);
} else {
//this.setStyle({ backgroundColor: '#0a7e28' }); // card color unselected
this.setStyle({ backgroundColor: '#10ca40' }); // card color unselected
this.selected = false;
selectedBoxes = selectedBoxes.filter(box => box !== this);
}
if (selectedBoxes.length === 4) {
checkSelectedSet(this.scene);
} else {
mainScene.sound.play('click');
}
});
wordBoxes.push(box);
It seems to be adding selected boxes to the selectedBoxes variable, and then calling checkSelectedSet if the length if 4.
I’ll update my JavaScript to do that for me:
correctSets.forEach(set => {
set.forEach(index => {
const word = wordSets[round][index];
const wordBox = wordBoxes.find(box => box.text === word);
if (wordBox) {
selectedBoxes.push(wordBox);
wordBox.selected = true;
if (selectedBoxes.length === 4) {
checkSelectedSet(mainScene);
}
}
});
});
This code in the dev tools auto-solves each level as long as they are in a fresh state.
Gold Solution
In many ways, the gold solve is easier than the silver solve. There is a score variable in the code. It’s initialized on line 81:
let score = parseInt(sessionStorage.getItem('score') || '0'); // Initialize score
Later in the checkSelectSet function referenced above, there’s this block:
// Add high-score board
if (score > 50000) {
highScoreText.setText('High Score: ' + score);
emitter.explode(20);
submitAction(2);
displaySuccessMessage('Great Job Hacker! Elf Connect Complete and Hacked!', function () {
});
}
To get the gold, it’s as simple as going into the dev tools console and updating the score:
Then I just submit a correct set, and it reaches this code:
