Reverse Development of April Fools' Snake by Google

Perhaps one of you noticed that Google on April 1 added an interactive game “Snake” to the Google Maps application for Android and iOS.

Check Point specialists are usually busy researching the latest cyber threats, but here they were very enthusiastic about this game, however, they were very upset because of losses ... therefore a logical thought arose: why not crack it!

Thus, our most mischievous employees began to think about the reverse development of the application using remote debugging. In general, they succeeded, and soon we successfully completed the task of never losing - and even added a simple AI that plays the game itself.
')




In this article we describe in detail the hack.

First, we opened the application on a virtual device through Genymotion and launched “Snake”, which is located in the menu in the upper right corner.

It looks like the game is displayed in WebView, so we launched remote debugging in the Chrome developer tools:



Then we went to the site and found the v18.js file on the source tab, and there are several interesting features.

First, the fa () function initiates a 20 × 20 field:

this.height = this.width = 20; 

Our main goal is to find and change a function that determines when a snake smashes into a wall or into itself in order to disable the possibility of losing. The variables width and height represent the dimensions of the playing field, so we looked for the width and height inside the source code and found the function F (a, b) :



It seems that F (a, b) checks if the coordinates of the body of the snake are within the field. One option is to completely remove the conditions in the function so that it always returns the truth, thereby transferring us to the “God mode” where we can pass through the walls without dying.

To do this, we pressed the Inspect button in the remote console and changed the function F (a, b) to the following:



Now we can pass through the walls:


Fig. 1. God mode

It's all very well, but we still have to play, picking up people on our own to earn points. The following hack will solve this problem.

There are many wa (a) function calls in the call stack. If we study this function, we will see that it is recursive and is responsible for requesting animation frames. wa (a) calls the functions xa (a, b) and ya (a) , which display the game pieces (train, people) and field, respectively.

Consider the function xa (a, b) :



It takes two arguments: 'a' and 'b'. The first is part of the global variable Q, which contains interesting information about our game, including an array, which represents the playing field (Fig. 2), where we see the train (M), people and objects (K). The function also calculates the score and stores it in ci, which is also equivalent to Qb.


Fig. 2. Array of the playing field

This array corresponds to this field:


Fig. 3. Playing field

xa (a) also refers to the sa (a) function in fig. 4, which generates random coordinates each time a new person is created. If you call a function more than once, you can create as many people as you like (Fig. 5).


Fig. 4. Calling sa (a)

Like here:


Fig. 5. The function call with the creation of any number of people on the map

Please note that even if you call sa (a) more than once and pick up a person, the bill does not change. When selecting a passenger, the function ka (a, b) in fig. 6. Thus, it needs to be changed so that with each call it adds 10 points and updates the score on the screen.


Fig. 6. Updated feature

The coordinates of each part of the train are given in Qbob, where the first element is the first carriage on the train.


Fig. 7. Array of trailers

This is needed to create a simple AI. Let's start with his logic:


Fig. 8. Logic AI

Snake is a state machine (state machine):

1. On X = 19 go down until we get to Y = 19.
2. On X = 19 and Y = 19, we go left to X = 0.
3. Go to the state machine for zigzags:
   
   1. Up one square and to the right to X = 18.
   2. Up one square and left to X = 0.
   3. Back to step A.
4. At Y = 0, go right to X = 19.
5. Go back to step 1.

The full code is published on GitHub .

Video: