惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Security Latest
Security Latest
C
Cisco Blogs
P
Palo Alto Networks Blog
Know Your Adversary
Know Your Adversary
Project Zero
Project Zero
C
Cyber Attacks, Cyber Crime and Cyber Security
NISL@THU
NISL@THU
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Secure Thoughts
P
Privacy International News Feed
V
Vulnerabilities – Threatpost
D
Docker
Google Online Security Blog
Google Online Security Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Recent Announcements
Recent Announcements
T
The Exploit Database - CXSecurity.com
G
Google Developers Blog
Schneier on Security
Schneier on Security
小众软件
小众软件
爱范儿
爱范儿
GbyAI
GbyAI
J
Java Code Geeks
T
Tailwind CSS Blog
Cisco Talos Blog
Cisco Talos Blog
The Hacker News
The Hacker News
D
DataBreaches.Net
Blog — PlanetScale
Blog — PlanetScale
TaoSecurity Blog
TaoSecurity Blog
MyScale Blog
MyScale Blog
B
Blog RSS Feed
Cyberwarzone
Cyberwarzone
有赞技术团队
有赞技术团队
Martin Fowler
Martin Fowler
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Securelist
L
Lohrmann on Cybersecurity
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Y
Y Combinator Blog
S
Schneier on Security
Latest news
Latest news
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 叶小钗
F
Fortinet All Blogs
M
MIT News - Artificial intelligence
PCI Perspectives
PCI Perspectives
V
V2EX
V2EX - 技术
V2EX - 技术
O
OpenAI News
W
WeLiveSecurity

Mathias Bynens

A horrifying globalThis polyfill in universal JavaScript JavaScript engine fundamentals: optimizing prototypes JavaScript engine fundamentals: Shapes and Inline Caches Asynchronous stack traces: why await beats Promise#then() ECMAScript regular expressions are getting better! Unicode property escapes in JavaScript regular expressions ES2015 const is not about immutability Valid JavaScript variable names in ES2015 Unicode-aware regular expressions in ES2015 Dear Google, please fix plain text emails in Gmail PBKDF2+HMAC hash collisions explained JavaScript has a Unicode problem Processing Content Security Policy violation reports Hiding JSON-formatted data in the DOM with CSP enabled Loading JSON-formatted data with Ajax and xhr.responseType='json' Reserved keywords in JavaScript How to support full Unicode in MySQL databases How to speedrun Dropbox’s Dropquest 2012 Unquoted font family names in CSS Unquoted property names / object keys in JavaScript Valid JavaScript variable names in ES5 CSS character escape sequences JavaScript’s internal character encoding: UCS-2 or UTF-16? The smallest possible valid (X)HTML documents JavaScript character escape sequences JavaScript foo.prototype.bar notation Ambiguous ampersands HTML element + attribute notation How I detect and use localStorage: a simple JavaScript pattern Unquoted attribute values in HTML and CSS/JS selectors The end-tag open (ETAGO) delimiter Using the oninput event handler with onkeyup/onkeydown as its fallback Everything you always wanted to know about touch icons In defense of CSS hacks — introducing “safe CSS hacks” AirPlay video support in iOS Safari — a bookmarklet Using CSS without HTML How to create simple Mac apps from shell scripts Using setTimeout to speed up window.onload Bulletproof JavaScript benchmarks Thoughts on Safari Reader’s generated HTML How to enable Safari Reader on your site? The XML serialization of HTML5, aka ‘XHTML5’ The id attribute got more classy in HTML5 The three levels of HTML5 usage The HTML5 document.head DOM tree accessor Bulletproof HTML5 <details> fallback using jQuery Displaying hidden elements like <head> using CSS Inline <script> and <style> vs. external .js and .css — what’s the size threshold? Using Showdown/PageDown with and without jQuery
Completing Dropbox’s Dropquest 2011 in 60 seconds
Mathias · 2011-01-17 · via Mathias Bynens

Completing Dropbox’s Dropquest 2011 in 60 seconds

Published · tagged with Dropquest, JavaScript

Update: There’s now a speedrun guide for Dropquest 2012 as well. Enjoy!

Dropbox organized a scavenger hunt named Dropquest the other day. The first 81 people to complete all steps won some nice prizes, but everyone participating in the quest can get 1 GB of extra Dropbox storage space. Dropquest ends January 29th 26th.

I placed 826th with a recorded time of 02:20:01. That’s quite a while, but given the circumstances I’m pretty happy about my ‘score’.

  • The timer starts as soon as you load the first step, and I could only really start doing the quest about 30 minutes after I did that.
  • The entire Dropbox website (including the blog and the forums, which were needed for the quest to solve clues) was under heavy traffic at the time. I wasted a lot of time reloading pages over and over again, hoping not to end up with another error message.
  • Also, I did take some breaks to investigate the HTML and JavaScript source code used in Dropquest.

After I finished, it didn’t take very long until people started writing up Dropquest walkthroughs and guides explaining all the different steps in detail.

However, those guides still require you to solve some of the puzzles manually. To complete step 6, you need to solve a click-and-drag puzzle, and step 10 is a 9×9 sudoku. These things can take quite some time, even if you know the correct solutions.

As I mentioned, during the quest I was constantly viewing the HTML source to look for possible exploits. I noticed that for both step 6 and 10, the Dropbox team had written a piece of JavaScript that would redirect you to a new page as soon as you’d successfully solve the puzzle. The new URL was the same as the URL of the current step, only with a query string containing information on how you solved the test appended to it.

For the click-and-drag puzzle in step 6, the query string contained a list of numbers: one for every move you made to complete the test.

location.href = 'r?moves=%s'.format(moves.join(''));

For step 10, the query string basically contains the solution to the sudoku.

location.href = 'b?board=%s'.format(answer.join(''));

These query strings are then processed server-side, to see if they are truly a valid solution. Only if this is the case, you’ll be redirected (again), this time to the next step in the quest.

Once I figured this out, I quickly created a local copy of the HTML and JavaScript files for steps 6 and 10, and made it so that it wouldn’t redirect after successful completion, but instead log the URL it would otherwise redirect to. Easy enough.

It seemed like a fun idea to create a list with only the minimum number of steps required to solve Dropquest 2011.

How to complete Dropquest 2011 using the minimum number of steps required

First, you’ll need a Dropbox account. If you don’t already have one, sign up through this referral link to start off with an extra 250 MB. You’ll need to log in to your account before you can participate in Dropquest.

After that, it’s simple. Just follow these steps in the correct order. If there’s a link, click it; if not, just do what it says.

  1. https://www.dropbox.com/dropquest2011
  2. https://www.dropbox.com/dropquest2011/D
  3. Clicking here will solve the puzzle in step 6 for you
  4. Enter “33739”
  5. Clicking here will solve the sudoku in step 10 for you
  6. https://www.dropbox.com/dropquest2011/x
  7. https://www.dropbox.com/dropquest2011/h
  8. Enter “baff1e”
  9. Enter “Drew Houston”
  10. Share a new folder named “1F75CC” with dropquest@dropbox.com
  11. https://www.dropbox.com/about
  12. https://www.dropbox.com/dropquest2011/R
  13. https://www.dropbox.com/dropquest2011/t
  14. Enter “badcabbage”
  15. Enter “1133471056”
  16. Enter “Dr0pbox heaRts U”

Following these steps, it should be pretty easy to beat my score by a factor of 100. Enjoy!

Comments have been closed for this entry.