add main readme, add signals.json, move images to .github

.github/signals.json

@@ -0,0 +1,172 @@
+{
+    "v": "1.8.2",
+    "h": "97946689b033b3727194dd2bffeb337ba15cd6fba2ab5775e8b5e6d255da6074",
+    "tstf": 24,
+    "tagpu": 15.80000000000291,
+    "ccsT": "Error\nat e (http://127.0.0.1:5500/test.html:3505:14)\nat http://127.0.0.1:5500/test.html:4062:22\nat http://127.0.0.1:5500/test.html:3458:50\nat e.<computed",
+    "ccsB": "ol.html:5766:298)\nat a (http://127.0.0.1:5500/test.html:2331:24)\nat n (http://127.0.0.1:5500/test.html:2337:88)\nat http://127.0.0.1:5500/test.html:2339:2",
+    "ccsH": 2520352591,
+    "ccsV": "a709286857318dc6587a0bd877c6010672ad8b5a8eae3d6b29e3c055f629cdf3",
+    "cssS": "4.22,6.36,10.40,0.99,9.20,4.76,13.54,5.38,3.34",
+    "css0": "72, 7, 7",
+    "css1": "0.986106, 0.0755358, -0.0446128, 0.00329489, 0.559566, -5.0294, 3.85297, -0.284562, 0.460775, -7.66815, -2.79845, 0.20668, 6.2389, -103.827, -37.8911, 3.79845",
+    "cssH": "0px",
+    "plgod": false,
+    "plg": 5,
+    "plgne": true,
+    "plgre": true,
+    "plgof": false,
+    "plggt": false,
+    "pltod": false,
+    "psn": true,
+    "edp": true,
+    "addt": true,
+    "wsdc": true,
+    "ccsr": true,
+    "nuad": true,
+    "bcda": false,
+    "idn": true,
+
+    "capi": false,
+    "svde": false,
+    "vpbq": true,
+    "dvm": 8,
+    "vco": "",
+    "vcots": false,
+    "vch": "probably",
+    "vchts": true,
+    "vcw": "probably",
+    "vcwts": true,
+    "vc3": "maybe",
+    "vc3ts": false,
+    "vcmp": "",
+    "vcmpts": false,
+    "vcq": "",
+    "vcqts": false,
+    "vc1": "probably",
+    "vc1ts": true,
+    "aco": "probably",
+    "acots": false,
+    "acmp": "probably",
+    "acmpts": true,
+    "acw": "probably",
+    "acwts": false,
+    "acma": "maybe",
+    "acmats": false,
+    "acaa": "probably",
+    "acaats": true,
+    "ac3": "",
+    "ac3ts": false,
+    "acf": "probably",
+    "acfts": false,
+    "acmp4": "maybe",
+    "acmp4ts": false,
+    "acmp3": "probably",
+    "acmp3ts": false,
+    "acwm": "maybe",
+    "acwmts": false,
+    "ocpt": false,
+    "lg": "en",
+    "orf": "",
+    "wgPCM": "bgra8unorm",
+    "spwn": false,
+    "emt": false,
+    "bfr": false,
+    "npmtm": false,
+    "wdifrm": false,
+    "phe": false,
+    "nm": false,
+    "awe": false,
+    "geb": false,
+    "dat": false,
+    "sqt": false,
+    "trrd": 0.254719152483311,
+    "ucdv": false,
+    "tzp": "Europe/London",
+    "tz": 0,
+    "rs_w": 1440,
+    "rs_h": 900,
+    "isb": false,
+    "pr": 1,
+    "mq": "aptr:fine, ahvr:hover",
+    "plu": "PDF Viewer,Chrome PDF Viewer,Chromium PDF Viewer,Microsoft Edge PDF Viewer,WebKit built-in PDF",
+    "mmt": "application/pdf,text/pdf",
+    "dt": false,
+    "bchk": "3223aeb6721e0d0917e7928181193ac88dcd62fad5cadfbe7a2b2b473ecf58ee70f018dbdb1a1832e8dc6528387b0745971dbcd82384a61e9a4e3f",
+    "crt": 100,
+    "br_w": 1440,
+    "br_h": 739,
+    "br_ih": 739,
+    "br_iw": 1440,
+    "ars_w": 1440,
+    "ars_h": 860,
+    "cvs": true,
+    "hdn": false,
+    "med": "defined",
+    "so": "landscape-primary",
+    "xt1": true,
+    "hcovdr": false,
+    "plovdr": false,
+    "ftsovdr": false,
+    "hcovdr2": false,
+    "plovdr2": false,
+    "ftsovdr2": false,
+    "glvd": "Google Inc. (NVIDIA)",
+    "glrd": "ANGLE (NVIDIA, NVIDIA GeForce RTX 3070 (0x00002484) Direct3D11 vs_5_0 ps_5_0, D3D11)",
+    "hc": 12,
+    "br_oh": 860,
+    "br_ow": 1440,
+    "ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
+    "wbd": false,
+    "ts_mtp": 0,
+    "mob": false,
+    "iccsH": 2622228169,
+    "iccsV": "a709286857318dc6587a0bd877c6010672ad8b5a8eae3d6b29e3c055f629cdf3",
+    "pcsoNumShapes": 7,
+    "chksm": "4f31bc720c37c281b47258f781633391",
+    "k_lyts": 48,
+    "k_lytk": "edu-hz=p;]/[l8ws59o.6v3`gjq1ty'\\#kfirxa27m40nbc,",
+    "wgAdFt": "indirect-first-instance,depth32float-stencil8,depth-clip-control,shader-f16,float32-filterable,texture-compression-bc,rg11b10ufloat-renderable,bgra8unorm-storage",
+    "wgAdLim": "mbs: 2147483648, msbbs: 2147483644",
+    "wgAdNfo": "{\"vendor\":\"nvidia\",\"architecture\":\"ampere\",\"device\":\"\",\"description\":\"\"}",
+    "wgTime": "getAd: 741, adFt: 782.3000000000029, adNfo: 818.6000000000058",
+    "wwl": false,
+    "pcso": "e0e0fea2b798e383357dd34bc72b61c0",
+    "cfpfe": "KHNlbGVjdG9yKSA9PiB7CiAgICAgICAgICAgICAgICBsZXQgbm9kZXMgPSBbXQoKICAgICAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAgIG5vZGVzID0gZG9jdW1lbnQucXVlcnlTZWxlY3RvckFsbChzZWxlY3RvcikKICAgICAgICAgICAgICAgIH0g",
+    "stcfp": "Zm5iaGFncG1qZmthbm5mYmxsYW1nL2pzL2RvbS5qczoyMTozMgphdCBBcnJheS5yZWR1Y2UgKDxhbm9ueW1vdXM+KQphdCBvbk1lc3NhZ2UgKGNocm9tZS1leHRlbnNpb246Ly9ncHBvbmdtaGprcGZuYmhhZ3BtamZrYW5uZmJsbGFtZy9qcy9kb20uanM6MTk6Mjkp",
+    "mdhf": true,
+    "m_crdL": 7,
+    "m_crdR": 215,
+    "m_crdU": 2,
+    "m_crdD": 1,
+    "m_yDspA": 434.3125,
+    "m_yDspSD": 0.8076779989575054,
+    "m_spdA": 413.3231163250851,
+    "m_spdSD": 509.8512304101302,
+    "m_xSpdA": 413.0049576030609,
+    "m_xSpdSD": 510.0652944651921,
+    "m_ySpdA": 3.921022824844902,
+    "m_ySpdSD": 5.4038501867932505,
+    "m_str8": 0.9327850864137673,
+    "m_maxDstB": 0.9663349860229967,
+    "m_maxDstA": 0.9855655330085289,
+    "m_arL": 153.48611111110355,
+    "m_arU": 0,
+    "m_csd": 103,
+    "m_cnt": 32,
+    "m_untrcnt": 0,
+    "m_clsdcnt": 32,
+    "m_clsdrt": 1,
+    "m_incnt": 77,
+    "m_inhsh": 29807592514,
+    "m_fmi": false,
+    "mrpos": "30,22",
+    "bAudio": false,
+    "xUser": 190,
+    "isf": false,
+    "cdhf": true,
+    "dp0": true,
+    "pcsoSeed": -6,
+    "jst3a": 13143,
+    "jstsoc": 1642
+}

README.md

@@ -1 +1,39 @@
 # SlideCaptcha
+
+A repository with the objective of understanding and reversing exactly how Datadome's slide captcha works.
+
+## Table of contents
+1. [Deobfuscator](https://github.com/joekav/SlideCaptcha/tree/main/deobfuscate)
+2. [PuzzleAPI](https://github.com/joekav/SlideCaptcha/tree/main/detection)
+3. [Payload Generator](https://github.com/joekav/SlideCaptcha/tree/main/api)
+
+## What is a slide captcha?
+
+![example](https://github.com/joekav/SlideCaptcha/blob/main/.github/images/debug.jpg?raw=true)
+
+A slide captcha is a method of detecting bots and web scrapers used by Datadome and Geetest. They work by making the user slide a puzzle piece along a background image into the correct position shown by a darker location.
+
+
+## How does this prove you aren't a bot?
+
+Datadome collect [`signals`](https://github.com/joekav/SlideCaptcha/tree/main/.github/signals.json) which are device data, mouse events, screen sizes. I assume this is then run against and AI model which has been trained on other real device data to determine whether the user should be allowed to continue browsing the site.
+
+
+## How can we RE this captcha?
+
+First, we need to deobfuscate the script, to take it from a completely unreadable state, to one we can read and begin to understand. To do this we take the obfuscated code and apply transformations to each obfuscation method used to get as close as possible to the original script. Then, we can start to analyse what the script actually does.
+
+## How does the script run?
+
+[!module](https://github.com/joekav/SlideCaptcha/blob/main/.github/images/module.png?raw=true)
+
+At execution the script begins with a custom module loader, which has a similar function as `require` does in Node.js. This is used throughout the script to access different modules. There is 8 modules inside of the script:
+
+1. The payload generator - how the 'signals' are collected, and encoded for submission.
+2. This module seems to be in charge of all event recording (mouse, keyboard, touch).
+3. This module starts the collection of device data.
+4. This module contains a function used to hash different values during runtime.
+5. This moudle just contains a function used for safe base64 encoding.
+6. This is the first module to run, definition of the signals class, a checksum of different functions within the script.
+7. This module is in charge of canvas fingerprinting.
+8. This module loads all of the images used during the captcha into the DOM - the background image and the puzzle fragment.

api/README.md

@@ -29,7 +29,7 @@ Example request body:
 ```
 
 1. `background_image` is the image url found in the Datadome captcha block page.
-2. `debug` is a boolean which determines whether to write a debug image like [this one](https://github.com/joekav/SlideCaptcha/blob/main/images/debug.jpg).
+2. `debug` is a boolean which determines whether to write a debug image like [this one](https://github.com/joekav/SlideCaptcha/blob/main/.github/images/debug.jpg).
 3. `ddm` is a json object of data found in the Datadome captcha block page.
    1. `hash` is a value which differs on each site Datadome uses the captcha on.
    2. `ua` is the user agent used in the session we are attempting to solve.
@@ -54,16 +54,16 @@ Example response body:
 
 Submitting the resulting payload and captchaChallenge values are quite simple. Datadome have a /catpcha/check endpoint, and the values are used as query parameters in a GET request.
 
-![submit](https://github.com/joekav/SlideCaptcha/blob/main/images/submit.png?raw=true)
+![submit](https://github.com/joekav/SlideCaptcha/blob/main/.github/images/submit.png?raw=true)
 
 Our payload goes into the `ddCaptchaEncodedPayload` parameter, and the captchaChallenge goes into the `captchaChallenge` parameter.
 
 
 The other values can be scraped from the `/captcha` url.
 
-![challengeVals](https://github.com/joekav/SlideCaptcha/blob/main/images/challengeVals.png?raw=true)
-![submitParams](https://github.com/joekav/SlideCaptcha/blob/main/images/submitParams.png?raw=true)
-![ddm](https://github.com/joekav/SlideCaptcha/blob/main/images/ddm.png?raw=true)
+![challengeVals](https://github.com/joekav/SlideCaptcha/blob/main/.github/images/challengeVals.png?raw=true)
+![submitParams](https://github.com/joekav/SlideCaptcha/blob/main/.github/images/submitParams.png?raw=true)
+![ddm](https://github.com/joekav/SlideCaptcha/blob/main/.github/images/ddm.png?raw=true)
 
 
 ## Response from Datadome

deobfuscate/README.md

@@ -38,9 +38,9 @@ The output can be found inside the `assets` folder, where you will find 5 output
 
 Before any transformations
 
-![before](https://github.com/joekav/SlideCaptcha/blob/main/images/before.png?raw=true)
+![before](https://github.com/joekav/SlideCaptcha/blob/main/.github/images/before.png?raw=true)
 
 
 After all transformations
 
-![before](https://github.com/joekav/SlideCaptcha/blob/main/images/after.png?raw=true)
+![before](https://github.com/joekav/SlideCaptcha/blob/main/.github/images/after.png?raw=true)

detection/README.md

@@ -55,4 +55,4 @@ This value is then used in the [payload generator](https://github.com/joekav/Sli
 
 The debug images found if `debug` is true look like this.
 
-![debug](https://github.com/joekav/SlideCaptcha/blob/main/images/debug.jpg?raw=true)
+![debug](https://github.com/joekav/SlideCaptcha/blob/main/.github/images/debug.jpg?raw=true)