Published on

Indie Dev Weekly #24: An Afternoon as a Failed Hacker

Authors

2023,0724-0730

The big event this week was probably Twitter becoming X, but I don't really care.

My focus was poor this week, only reaching a flow state one afternoon.

Also found that my energy and stamina can't keep up with my execution and imagination. I barely managed to think of an idea for a new app and wrote for a day, but could only write 5 minutes before needing to rest half an hour.

Zen Flip Clock iOS (App Store)

Zen Flip Clock updated to version 4.3.1, 67 days since the previous update.

The main update was to satisfy European users by adding the DD/MM/YYYY date format and German localization.

Germany is the 3rd largest country for Zen Flip Clock users, but has been declining over time. After adding German localization, the user count has slightly rebounded - not sure if they're related. Based on the data, Vietnamese should be the next localization language.

I rushed this submission and forgot to adjust keywords, but based on past experience adjusting them seems useless anyway.

german_users

Minimal Diary iOS (App Store)

Submitted for review last Saturday. Took 24 hours to start review, another 24 hours to get approved, 81 days since last update. The long review time could be because of the long gap since the previous update, or because it was the weekend. In the past updates submitted on weekends could get approved in just 2-3 hours, so App Store review is still a black box.

After the official release, I sent all the beta testers their promised lifetime Pro redemption codes as agreed. But within just 1-2 days of launch, bugs were discovered again. No time to fix them this month, luckily they don't affect daily use.

New App

Thursday morning I suddenly had a new idea. After searching and finding it very feasible to implement, I started writing a demo. Encountered a big problem when creating the new project - naming it. Had AI suggest dozens of names but wasn't satisfied, finally came up with an awesome name myself.

new_app_name

Took just over 10 minutes to write the core gameplay demo, pretty satisfied with the result. But the UI was all basic controls cobbled together, completely devoid of any user experience. After searching many similar app designs online, lamented again that I'm hopeless at designing such a UI - will need professional designers to join later.

quiz_ui

Ideas arise much faster than I can code them, leading to inability to focus and complete current plans. Also when coding I realize things should be more abstract for future extensibility, so it's write and rewrite, two days passed without completing the full workflow, causing anxiety.

Initially thought I could finish this app in a few days, now it looks like at least two weeks to reach usable state. The plan was to build an MVP then invite users to test, but someone suggested involving users in testing as early as possible, to uncover problems and validate if the app truly solves user needs and pain points - I completely agree, but still need to get the full workflow running first.

An Afternoon as a Failed Hacker

Another big event for me this week was the death of "world's number one hacker" Kevin Mitnick. My original motivation to learn computing was to become a hacker. In middle and high school I never missed an issue of "Hacker X Files", immersed in stories of legendary hackers. I love hacker-themed movies and TV shows, my favorite scenes being omnipotent hackers tapping away to break into and take over systems. Compared to Ethan Hunt, I aspired more to be like Luther and Benji.

hacker

The one afternoon I reached flow state was spent trying to hack an educational video task website. The task was to watch assigned videos and accumulate study time. My previous solution for similar sites was using video speedup plugins to finish quickly at 16x speed. But this site had many annoying restrictions to keep you glued in front of the computer:

  1. Study time calculates based on actual video play time, not video length
  2. Playback pauses if no mouse or keyboard activity for over 10 minutes
  3. Going out of browser focus also pauses playback

I first discovered several requests through Chrome DevTools, then tried mimicking the insertStudyTime request that modifies study time through cookies, but kept getting parameter errors. I thought my mocked request was wrong, so I used the Requestly plugin to modify the real request, still no go. I noticed getThisTime is called before insertStudyTime to get current time, and suspected the insertStudyTime params relate to the getThisTime response. Modifying getThisTime with Requestly prevented insertStudyTime from being called.

requestly

Later I looked into the full webpage source code - shockingly the JS had no minification or obfuscation (shoddy outsourcing it seems), and decent comments... After going through the insertStudyTime code I realized the request is simple with no signature and the parameters are mostly fixed except studyTime for modifying time. But even changing studyTime gave "param exception, timing invalid". Through testing I deduced:

  1. This request is called every 5 minutes, studyTime is 5
  2. Valid call interval is over 1 minute, else "call frequent" error
  3. Backend records last successful call time
  4. studyTime validity checks against last successful call time

So if I change studyTime to 30 but last call was 1 minute ago, invalid.

js

Modifying the request wouldn't quickly accumulate time.

The site also has a task to generate a certificate after completing all courses. I tried changing the response study time but certificates require a valid cert ID. Another dead end.

But I did a tiny hack, commenting out the code that pauses playback without mouse/keyboard activity every 10 minutes.