Skip to content

Refining the Bagels Server

July 21, 2014

The Bagels Server is currently a single-user thing. It keeps the secret number in a global variable and compares all incoming traffic to it. You could play from multiple browser sessions but everyone would be guessing the same secret!

I could keep a cache of players IP addresses and separate the secrets that way but I’m going to try instead to hide the number in the datastream by using a hidden input in a type=POST form. These come back embedded in the body of the HTTP request and don’t show up in the URL box.

As a trial I just put a static non-hidden text box in a type=POST form on the initial page. The form content is as follows:

<html><body><span style="color:#0000A0">
<center><h1>Olduino 1802 BAGELS Server</h1></center>I AM THINKING OF A 3 DIGIT NUMBER.<BR>TRY TO GUESS MY NUMBER AND I WILL GIVE YOU CLUES AS FOLLOWS:<BR>...PICO - ONE DIGIT IS IN THE WRONG PLACE<BR>...FERMI - ONE DIGIT IS IN THE CORRECT PLACE<BR>...BAGELS - NO DIGIT IS CORRECT<P><p><form method="GET">
<input type="text" name="G"><input type="submit" value="Enter Your Guess">
</form><p><form method="POST">
<input type="submit" value="Secret Test">
<input type="text" name="S" value="xyz"></form><a href="http://goo.gl/p4C0Cg">Olduino</a>: An Arduino for the First of Us<p></body></html>

And in the browser it looks like
14-07-21 postform

and when you press the button the browser sends the following 501 bytes

POST / HTTP/1.1

Host: 169.254.180.2

Connection: keep-alive

Content-Length: 5

Cache-Control: max-age=0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Origin: http://169.254.180.2

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36

Content-Type: application/x-www-form-urlencoded

Referer: http://169.254.180.2/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8



S=xyz

The useful part is in those last 5 bytes. As an aside, I haven’t optimized the receive sequence so that 500 byte incoming request takes almost a second to move in from the wiznet chip

Advertisements

From → web server

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: