working with adplay?v=pag__PH1OvUU4OQqdUvv6vbm8Mv2Mnnjko3WFPB7J141

Gruntfile.js

@@ -0,0 +1,38 @@
+module.exports = function(grunt) {
+
+  grunt.initConfig({
+
+    jshint: {
+      options: {
+        curly: true,
+        eqeqeq: true,
+        eqnull: true,
+        browser: true,
+        undef: false,
+        sub: true,
+        globals: {
+          jQuery: true
+        },
+      },
+
+      files: {
+        src: ['headless/*.js', 'chrome extension/*.js', 'chrome extension/*/*.js']
+      },
+    },
+
+    jsonlint: {
+      sample: {
+        src: [ 'headless/json/*.json' ]
+      }
+    },
+
+  });
+
+  grunt.loadNpmTasks('grunt-contrib-jshint');
+  grunt.loadNpmTasks('grunt-jsonlint');
+
+  grunt.registerTask('default', [
+    'jsonlint',
+    'jshint'
+  ]);
+};

LICENSE

@@ -0,0 +1,20 @@
+Copyright 2013 Discountrobot
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,64 @@
+## Headless
+`Headless` is a project demonstrating how easily the verification scheme of [`eovendo.com`](http://eovendo.com) can be foiled. The project both includes a bot based upon [`phantomjs`](http://phantomjs.org/) utilizing multi-threading, dispatched by python. And a [`chrome extension`](chrome extension) for a more visualized demonstration.
+
+#### Features
+1. Minimal bandwidth usage: 
+  (currently using less than 600kb pr. account)
+2. Proxies: Taking advantage of the native proxy flag in [`phantomjs`](http://phantomjs.org/) the python dispatcher can take a list of proxy servers and will randomly assign a proxy to each Thread.
+3. currently undetectable, given the data-model sent between the client and the server (more on this in the [verification scheme](#verification-scheme) section . 
+
+#### Limitations
+1. There are known memory leaks in [`phantomjs`](https://code.google.com/p/phantomjs/issues/detail?id=979), so if you're running the script on something small, say a raspberry pi, then remember to make a swap file to prevent hanging.
+
+### Verification Scheme
+The verification scheme for correctly watching a commercial on [`eovendo.com`](http://eovendo.com) is easily reverse engineered given the insight in the javaScript API, and the console output.
+
+1. javaScript API: [`adplay.js`](headless/docs/adplay.js) 
+2. structure of a  sample "GET" request: [`postback.json`](headless/docs/postback.json).
+
+#### Time validation
+Verification happens through validating the time and that it has changed correctly.
+We can describe this scheme with a formula.  
+`R` = requestTime = the time of the request  
+`S` = startTime = the time stamp given when starting the commercial  
+`E` = endTIme = the time stamp given when finishing the commercial  
+`mediaDuration` = the runtime of the commercial
+
+we describe the formula as `R < (S + mediaDuration) <= E` which can also be visualized as:
+
+<p align="center">
+  <img src="http://i.imgur.com/emNsPgG.png"/>
+</p>
+
+#### Possible pesudo server code
+Below is a pseudo snippet of what could be the validating part of the server, written in javaScript syntax.
+
+```javascript
+if (
+    // timestamp
+    client.RequestTime === server.RequestTime && 
+    client.StartTime > client.RequestTime && 
+    client.EndTime >= client.SartTime + server.Campaign.MediaDuration  &&
+
+    // values that needs to be set accordingly
+    client.AdStatus.value === 'Completed' &&
+    client.Campaign.IsViewed === true &&
+
+    // other values that needs to be set (correct by default)
+    client.id === server.id &&
+    client.UserId === server.UserId &&
+    client.Tag === server.Tag &&
+    client.RequestIpAddress === server.RequestIpAddress &&
+    client.Campaign.CampaignId === server.Campaign.CampaignId &&
+) {
+    return true;
+}
+```
+### Installation
+#### Chrome Extension
+read more here: [`chrome extension`](chrome extension)
+#### Phantomjs bot
+read more here: [`headless.js`](headless)
+
+### License
+[MIT](LICENSE)

chrome extension/README.md

@@ -0,0 +1,21 @@
+### Demonstration
+A video demonstration can be found on youtube  
+<a href="http://www.youtube.com/watch?feature=player_embedded&v=iZwKSeh7GR4
+" target="_blank"><img src="http://img.youtube.com/vi/iZwKSeh7GR4/0.jpg" width="400" height="240" border="1" /></a>
+
+### Features
+1. Generation of random Danish names, passwords and emails on the sign-up page.
+
+### # parameters.
+To extend the generated data at the # page, edit the respective arrays in [`#.js`](scripts/#.js)
+
+### Settings
+There are currently 2 settings for the chrome extension
+
+1. temporarily activate/deactivate the extension
+2. Run automatically on load
+
+![settings picture](http://i.imgur.com/jm9uHBB.png)
+
+### Installation
+Install by adding the folder as an "unpacked extension" in the `chrome://extensions` tab

chrome extension/background.js

@@ -0,0 +1,15 @@
+// add the page action, if we're on the right domain.
+chrome.tabs.onUpdated.addListener(function(tabId, changeInfo, tab) {
+  if (tab.url.indexOf('eovendo.com') !== -1) {
+    chrome.pageAction.show(tabId);
+  }
+});
+
+// return localStorage data upon request.
+chrome.extension.onRequest.addListener(function(request, sender, sendResponse) {
+    if (request.method === "getLocalStorage") {
+      sendResponse({data: localStorage[request.key]});
+    } else {
+      sendResponse({});
+    }
+});

chrome extension/manifest.json

@@ -0,0 +1,37 @@
+{
+  "name": "EovendoHeadless",
+  "version": "0.6",
+  "manifest_version": 2,
+  "icons": {
+    "48" : "icon-24.png",
+    "128" : "icon-24.png"
+  },  
+  "page_action": {
+      "default_name": "EovendoHeadless",
+      "default_icon": "icon-24.png",
+      "default_popup": "popup.html"
+  },
+  "permissions" : [
+    "tabs"
+  ],
+ "background" : {
+    "scripts": ["background.js"]
+  },
+  "content_scripts": [
+    {
+      "matches": ["*://www.eovendo.com/#"],
+      "js": ["scripts/#.js"],
+      "run_at": "document_idle"
+    },
+    {
+      "matches": ["*://www.eovendo.com/Home"],
+      "js": ["scripts/home.js"],
+      "run_at": "document_idle"
+    },
+    {
+      "matches": ["*://www.eovendo.com/UserData"],
+      "js": ["scripts/userData.js"],
+      "run_at": "document_idle"
+    }
+  ]  
+}

chrome extension/popup.html

@@ -0,0 +1,36 @@
+<html>
+<head>
+    <title></title>
+    <script src="popup.js"></script>
+    <style type="text/css">
+        fieldset {
+            border: none;
+            padding: 0;
+            border-bottom: 1px solid #CCC;
+            padding-bottom: 3px;
+            margin-bottom: 3px;
+            width: 230px;
+            font-size: 12px;
+            font-family: Arial;
+        }
+
+        fieldset label,
+        fieldset input {
+            display: inline;
+        }
+        fieldset input {
+            float: right;
+        }
+    </style>
+</head>
+<body>
+    <fieldset>
+        <label for="evhActive">Aktiver EovendoHeadless: </label>
+        <input type="checkbox" class="evh" name="evhActive" id="evhActive"/>
+    </fieldset>
+    <fieldset>
+        <label for="evhAutomatic">Start EovendoHeadless Automatisk:</label>
+        <input type="checkbox" class="evh" name="evhAutomatic" id="evhAutomatic"/>
+    </fieldset>
+</body>
+</html>

chrome extension/popup.js

@@ -0,0 +1,37 @@
+chrome.extension.onRequest.addListener(function(request, sender, sendResponse) {
+    if (request.method === "getLocalStorage") {
+      sendResponse({data: localStorage[request.key]});
+    }
+    else {
+      sendResponse({}); 
+    }
+});
+
+window.onload = function(){
+
+    var $evhActive = document.querySelector('#evhActive');
+    var $evhAutomatic = document.querySelector('#evhAutomatic');
+    var evh = JSON.parse(localStorage['evheadless'] || "{}");
+
+        if(evh.active) { $evhActive.click(); }
+        if(evh.automate) { $evhAutomatic.click(); }
+
+        $evhActive.addEventListener('change', function(){
+            evh.active = this.checked;
+            localStorage['evheadless'] = JSON.stringify(evh);
+
+            chrome.tabs.getSelected(null, function(tab) {
+                chrome.tabs.reload(tab.id);
+            });
+        });
+
+        $evhAutomatic.addEventListener('change', function(){
+            evh.automate = this.checked;
+            localStorage['evheadless'] = JSON.stringify(evh);
+
+            chrome.tabs.getSelected(null, function(tab) {
+                chrome.tabs.reload(tab.id);
+            });
+        });
+
+};