Hacker News new | comments | show | ask | jobs | submit login
I wrote a script that wins the majority of HQ Trivia games (hackernoon.com)
172 points by _sentient 11 months ago | hide | past | web | favorite | 50 comments



This article practically rips off my article as well as an article I cited in that post, which I submitted earlier this week. If you put both articles side-by-side, they have the same structure and a fairly similar approach to the problem. While this could be a coincidence (and honestly, I don’t care), I’m still a little miffed that the author didn’t bother to cite his inspiration.

The post in question:

https://applecrazy.github.io/blog/posts/protect-trivia-from-...

Proof: https://news.ycombinator.com/item?id=15944171


Hi applecrazy! I'm the author of the article.

I'm really sorry that the work seems like it plagiarizes yours. I started this project as soon as HQ Trivia came out, and I did not see your article until reading this comment.

A few other comments on this thread show that others (e.g. https://github.com/nbclark/hqcheat/) also implemented very similar techniques, so it seems that this may just be a "great minds think alike" situation :/.

I'd love to support your article as well, as I love your format and videos! Let me know if you'd like to talk about plagiarism, would love for us to talk directly instead of on comments.


A level headed classy response to a knee jerk baseless claim.

To think that two (or three or a dozen) clever engineers couldn't independently look at one of the most popular mobile apps and think "I can game this" is silly.


After thinking over this, I realized I was in the wrong and I agree with you 100%. This was completely a knee jerk reaction to a coincidence I found, and I apologize for accusing stervy for copying my post on the basis of a mere pattern. I guess I still have more to learn.

I wish I could take back my baseless accusation, but the internet is forever :-/


Thanks for the kind words! I feel bad for accusing you of plagerism based on just structure itself. It was a completely impulsive reaction.


It is different enough that it just looks like parallel thinking. I have been working on the same thing - breaking HQ, i'm certain that almost every hacker had the same thought when they first played the game - that it is possible to take a number of approaches to beat it or at least get some assistance to beat it.

edit: fwiw your post is more fleshed out and better, but OP had some interesting approaches to using the Search API for quick responses to the difficult class of questions. I feel bad for missing your original post

I have three techniques that i've implemented so far - the first is similar to what the two of you did with screenshots and OCR. The second is MITM based, and the third is probably the most interesting since it has a higher success rate and is much more difficult to defend against.

I started when it was 30k viewers per session but now it is up to almost a million and the lag has been bad

I might eventually publish some info - but I was interested also in the challenge of how you would defend against these schemes as HQ will need to be on the ball. I can imagine that, in the long-term, cheating will become a big problem and a competitive advantage they could have over the clone apps is the ability to guarantee to contestants that they're playing against other humans rather than against machines.

I believe that there are successful cheaters at the moment because the ratio of winners to participants (especially later stage participants) has worsened. I don't have enough hard data to prove that and it's mostly anecdotal but obtaining the data to back up that hypothesis shouldn't be too difficult (there used to be regular $100+ wins, today the win rate feels an order of magnitude higher)


It seems you do care, since you've commented twice now claiming the author has ripped off your work, without any evidence whatsoever. Perhaps you should contact them privately if you feel that you've been wronged here?

Publicly claiming someone has ripped off your work is a pretty strong allegation and I don't see any basis for it.

If a problem can be summarized in a few simple steps, then how different do you expect any posts about the topic to be?


I thought about it and I’m clearly in the wrong. See my response to the post author in this thread.


I beat you by 2 weeks ;)

Code open sourced, and auto updating website every time I use the script

https://news.ycombinator.com/item?id=15832124 jakemor.com/hq


You should’ve put HQ Trivia in the post name. Pretty sure that’s why this got more attention.


Good point. I just didn't feel like name-dropping as a means of promotion. It feels clickbait-y.


Mentioning the name of the app you're hacking isn't clickbaity


It's a shame that you put the effort in to write the article on your own platform. Then someone copies it onto a popular platform like hackernoon with more exposure.

I wonder how often this happens to people ...



Yours is better IMO. Also, you showed an actual demo and very thorough explanation of your approach.


Thank you! It's a pleasure to share my ideas with a community like this.


I like the minimal design of your blog with the clickable outline on the right.


The theme I used was called 'Minos' for Hugo.

You can check it out at https://themes.gohugo.io/hugo-theme-minos/


idk, this is pretty low-hanging programmer fruit. I wouldn't be surprised if there's already more than a hundred of these scripts out there.


Fair enough, but what bugged me was that the author didn’t even bother changing the structure of his article. I honestly don’t care about the script, but I’m kind of disappointed that my writing style was copied.


How do you know he read your article?


Google Cloud Vision API does a really great job at OCR'ing your 'adversarial perturbations' example for HQ Trivia: https://imgur.com/a/f06JT


Thanks for pointing that out. I didn't have a Google Cloud account at the time of writing to test my image on. But it's interesting how Google can do a much better job at this OCR task-maybe they have a DL model running in the backend?


It is important to note that trying to hide from OCR systems is not the right approach here. The text displayed in the game is coming from the network, and I highly doubt it's hard to MiTM from your own device.

The other mitigations are more reasonable.


What if the text was rendered as an image on the server, then sent to the device?


Trying to hide from OCR systems is futile anyway. OK, it might make the OCR implementation a bit more complex and less out-of-the-box, but with current technologies anything that's clearly readable will be clearly OCRable, and messing up OCR to a serious error rate would require you to totally hurt your human users by presenting everything in the worst CAPTCHA styles imaginable, where humans would often get confused as well.


This is doable, but painful if you want to support more devices and slow network connections.


Then you would capture that and do OCR on it


Back in the dotcom craze, there was a company trying to promote their internet currency. Think Flooz or Beenz, although it was neither one of those. Let's call it iDollars.

To promote their currency, they had a variety of games you could play to earn small amounts of currency. One was a trivia game. My friends and I wrote a perl script to play the game, guess an answer, and whenever it guessed right, remember that combination for next time.

We ran the bot 24/7. The real coup was throttling the bot so we were never the top earner in any day; we aimed to be approximately in tenth place every day. That managed to keep our gains plausible.

As the dotcom bubble exploded, there was less and less you could do with iDollars. Eventually someone at iDollar caught on and we eventually got a cease-and-desist letter telling us to stop, although the let us keep our spoils. My one friend managed to trade in his remaining iDollars for like 250 iDollar promotional golf towels, right before the company went under for good. I wonder if he still has them.


> Although seemingly insignificant, the right-side UI is actually harder for the Tesseract OCR Engine to parse, since the colors are less distinct.

shrug, all the while making it harder for humans to see, too. All of these suggestions move the goal posts a bit and set things up for a cat-and-mouse game.

I applaud Cognetta's effort but sadly I think we are heading for a future where artificially intelligent agents will ruin fun things like this.


My approach (see below) cropped the screenshot before running OCR to remove mistranslations.


Hey, Cognetta here :).

I also cropped the screenshot before running OCR, but I can still imagine HQ changing its UI frequently to thwart OCR attempts.


Yeah that'd be a simple change for them. I'm happy to know I wasn't alone in this. I knew for sure someone else must be doing the same thing :) How are you taking the screenshots? I made a little hotkey script, but feel I could be a bit quicker on it.


Kind of hacky, but I'm using the shell "screencapture" command and setting the coordinates to the spot on the computer screen where I put the quicktime screen mirroring window


Humans prefer predictable user interfaces. You can change the UI with a major update, but if they'd be changing the UI frequently just to thwart OCR attempts then they'd be throwing out the baby with the bathwater - what good is stopping OCR if the normal users drop your app because it starts sucking?


I've done digging of my own to do the same Google search tricks and found that you can just connect to a websocket and get a live stream of the questions, possible answers as well as every chat message in the feed. OCR not required.

I was also considering using the chat messages to get the answer. People are either going to mostly say the right answer to sound smart or mostly send the wrong answers to try to trick people. Keep track of which is most common and you have an additional datapoint.


> I was also considering using the chat messages to get the answer. People are either going to mostly say the right answer to sound smart or mostly send the wrong answers to try to trick people. Keep track of which is most common and you have an additional datapoint.

I doubt you'd have much success with this approach because how "correct" the group is, as a whole, changes every question. There's no way to know if the chat group is well-informed or not until the question is over and you see how many people were correct.


He really didn't show how it performs or the actual solution running on a screen. The time you have to answer the question is very short and his solution has to work against 1) Latency of OCR 2) Latency of the Google Query 3) Latency of parsing the result 4) Latency of running the three methods 5) Input of the Answer (which needs to be performed by a human reading reading the output from the computer screen).

Can someone confirm if it's possible to do all these in Python in l second or less?


I'm the guy who wrote the article. I can confirm this all works well under 10 seconds, so you can read the results and click the answer.


Was wondering when I'd see a post like this...

https://github.com/nbclark/hqcheat/

Interestingly, we seemed to end up with all 3 of the same approaches. Was fun while it lasted


This is the guy who wrote the post!

Wow, so funny we had the same approaches.


One thing I did which helped results a bit is invert negative queries...So if the query had a NOT in it, remove that, and choose the option with the fewest matches. Seemed to work pretty well.


Ah that's smart. I usually would just read the outputs of my script the opposite way (So find the "min" number of search results, etc.)


"Trivia bots and clever hackers will be no issue for the platform’s rapid growth, as long as HQ makes a few critical adjustments."

Really, pretty much every CAPTCHA has been solved with deep learning now. The mitigations this guy gives can be trivially overcome.

What a game like Trivia HQ does is give a monetary incentive to build better trivia AI. Hi Watson!


Not much of a monetary incentive, considering you only win $2-100 a day, and they'll ban you if you start winning every time.


Also, for iOS devs, remember that you can detect mirroring, and even display a different UI on the "external" screen. In the case of HQ, you could enhance UX by putting the @traptrebek on the external screen while the question stays on the phone.


Simple basic heuristics FTW!! The dumbest thing that can work is often pretty darn good!


[flagged]


Stop.


It's amazing that trivia games are still so hot in mobile. They were very popular 10-15 years ago as well though running via premium SMS and scamy subscriptions


This is different in that it's a live game show, with a host, where everyone competes with each other in real time.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: