
I wrote a script that wins the majority of HQ Trivia games - _sentient
https://hackernoon.com/i-hacked-hq-trivia-but-heres-how-they-can-stop-me-68750ed16365
======
applecrazy
This article practically rips off my article as well as an article I cited in
that post, which I submitted earlier this week. If you put both articles side-
by-side, they have the same structure and a fairly similar approach to the
problem. While this could be a coincidence (and honestly, I don’t care), I’m
still a little miffed that the author didn’t bother to cite his inspiration.

The post in question:

[https://applecrazy.github.io/blog/posts/protect-trivia-
from-...](https://applecrazy.github.io/blog/posts/protect-trivia-from-bots/)

Proof:
[https://news.ycombinator.com/item?id=15944171](https://news.ycombinator.com/item?id=15944171)

~~~
stervy
Hi applecrazy! I'm the author of the article.

I'm really sorry that the work seems like it plagiarizes yours. I started this
project as soon as HQ Trivia came out, and I did not see your article until
reading this comment.

A few other comments on this thread show that others (e.g.
[https://github.com/nbclark/hqcheat/](https://github.com/nbclark/hqcheat/))
also implemented very similar techniques, so it seems that this may just be a
"great minds think alike" situation :/.

I'd love to support your article as well, as I love your format and videos!
Let me know if you'd like to talk about plagiarism, would love for us to talk
directly instead of on comments.

~~~
cantrip
A level headed classy response to a knee jerk baseless claim.

To think that two (or three or a dozen) clever engineers couldn't
independently look at one of the most popular mobile apps and think "I can
game this" is silly.

~~~
applecrazy
After thinking over this, I realized I was in the wrong and I agree with you
100%. This was completely a knee jerk reaction to a coincidence I found, and I
apologize for accusing stervy for copying my post on the basis of a mere
pattern. I guess I still have more to learn.

I wish I could take back my baseless accusation, but the internet is forever
:-/

------
iancarroll
It is important to note that trying to hide from OCR systems is not the right
approach here. The text displayed in the game is coming from the network, and
I highly doubt it's hard to MiTM from your own device.

The other mitigations are more reasonable.

~~~
imgyuri
What if the text was rendered as an image on the server, then sent to the
device?

~~~
PeterisP
Trying to hide from OCR systems is futile anyway. OK, it might make the OCR
implementation a bit more complex and less out-of-the-box, but with current
technologies anything that's clearly readable will be clearly OCRable, and
messing up OCR to a serious error rate would require you to totally hurt your
human users by presenting everything in the worst CAPTCHA styles imaginable,
where humans would often get confused as well.

------
IvyMike
Back in the dotcom craze, there was a company trying to promote their internet
currency. Think Flooz or Beenz, although it was neither one of those. Let's
call it iDollars.

To promote their currency, they had a variety of games you could play to earn
small amounts of currency. One was a trivia game. My friends and I wrote a
perl script to play the game, guess an answer, and whenever it guessed right,
remember that combination for next time.

We ran the bot 24/7\. The real coup was throttling the bot so we were never
the top earner in any day; we aimed to be approximately in tenth place every
day. That managed to keep our gains plausible.

As the dotcom bubble exploded, there was less and less you could do with
iDollars. Eventually someone at iDollar caught on and we eventually got a
cease-and-desist letter telling us to stop, although the let us keep our
spoils. My one friend managed to trade in his remaining iDollars for like 250
iDollar promotional golf towels, right before the company went under for good.
I wonder if he still has them.

------
wyldfire
> Although seemingly insignificant, the right-side UI is actually harder for
> the Tesseract OCR Engine to parse, since the colors are less distinct.

 _shrug_ , all the while making it harder for humans to see, too. All of these
suggestions move the goal posts a bit and set things up for a cat-and-mouse
game.

I applaud Cognetta's effort but sadly I think we are heading for a future
where artificially intelligent agents will ruin fun things like this.

~~~
nbclark
My approach (see below) cropped the screenshot before running OCR to remove
mistranslations.

~~~
stervy
Hey, Cognetta here :).

I also cropped the screenshot before running OCR, but I can still imagine HQ
changing its UI frequently to thwart OCR attempts.

~~~
nbclark
Yeah that'd be a simple change for them. I'm happy to know I wasn't alone in
this. I knew for sure someone else must be doing the same thing :) How are you
taking the screenshots? I made a little hotkey script, but feel I could be a
bit quicker on it.

~~~
stervy
Kind of hacky, but I'm using the shell "screencapture" command and setting the
coordinates to the spot on the computer screen where I put the quicktime
screen mirroring window

------
jtokoph
I've done digging of my own to do the same Google search tricks and found that
you can just connect to a websocket and get a live stream of the questions,
possible answers as well as every chat message in the feed. OCR not required.

I was also considering using the chat messages to get the answer. People are
either going to mostly say the right answer to sound smart or mostly send the
wrong answers to try to trick people. Keep track of which is most common and
you have an additional datapoint.

~~~
clay_to_n
> I was also considering using the chat messages to get the answer. People are
> either going to mostly say the right answer to sound smart or mostly send
> the wrong answers to try to trick people. Keep track of which is most common
> and you have an additional datapoint.

I doubt you'd have much success with this approach because how "correct" the
group is, as a whole, changes every question. There's no way to know if the
chat group is well-informed or not until the question is over and you see how
many people were correct.

------
whoisjuan
He really didn't show how it performs or the actual solution running on a
screen. The time you have to answer the question is very short and his
solution has to work against 1) Latency of OCR 2) Latency of the Google Query
3) Latency of parsing the result 4) Latency of running the three methods 5)
Input of the Answer (which needs to be performed by a human reading reading
the output from the computer screen).

Can someone confirm if it's possible to do all these in Python in l second or
less?

~~~
stervy
I'm the guy who wrote the article. I can confirm this all works well under 10
seconds, so you can read the results and click the answer.

------
nbclark
Was wondering when I'd see a post like this...

[https://github.com/nbclark/hqcheat/](https://github.com/nbclark/hqcheat/)

Interestingly, we seemed to end up with all 3 of the same approaches. Was fun
while it lasted

~~~
stervy
This is the guy who wrote the post!

Wow, so funny we had the same approaches.

~~~
nbclark
One thing I did which helped results a bit is invert negative queries...So if
the query had a NOT in it, remove that, and choose the option with the fewest
matches. Seemed to work pretty well.

~~~
stervy
Ah that's smart. I usually would just read the outputs of my script the
opposite way (So find the "min" number of search results, etc.)

------
EGreg
_" Trivia bots and clever hackers will be no issue for the platform’s rapid
growth, as long as HQ makes a few critical adjustments."_

Really, pretty much every CAPTCHA has been solved with deep learning now. The
mitigations this guy gives can be trivially overcome.

What a game like Trivia HQ does is give a monetary incentive to build better
trivia AI. Hi Watson!

~~~
a13n
Not much of a monetary incentive, considering you only win $2-100 a day, and
they'll ban you if you start winning every time.

------
bound008
Also, for iOS devs, remember that you can detect mirroring, and even display a
different UI on the "external" screen. In the case of HQ, you could _enhance_
UX by putting the @traptrebek on the external screen while the question stays
on the phone.

------
codinghorror
Simple basic heuristics FTW!! The dumbest thing that can work is often pretty
darn good!

------
yread
It's amazing that trivia games are still so hot in mobile. They were very
popular 10-15 years ago as well though running via premium SMS and scamy
subscriptions

~~~
dplgk
This is different in that it's a live game show, with a host, where everyone
competes with each other in real time.

