iOS Captive Portal… Whats wrong with my links!??? >.<

Was working on some wifi related stuff. One of our hotspot landing page will redirect users to another external URL after clicking the “Agree and Connect” button. Very very basic ordinary common practical and usual experience.

That was fine. Works. Connect to the internet. And within the Captive portal, I got redirected to this external URL.

The problem arise on this external URL. Any hyperlinks using simple basic ordinary common <a> tags DON’T work. Tapping on these links will still show you the grey shade feedback as in Safari, but it just won’t take you anywhere. Stays right there. Same URL, same captive portal, same frustration.

For this matter I ran out in the rain, crossed the road, rushed into the hotel next door and tested their Wifi hotpot. Same procedure, agree and connect, and redirected to the hotel homepage.

AND, THE LINKS ON THEIR HOTEL HOMEPAGE WORKS! They even get opened in my Safari instead of the captive portal! The IDEAL behaviour which I just can’t implement on my own WIFI!!!!!!! WTF!!!!!!!!!! Anyone can give me an answer deserve a nice coffee treat in Hong Kong. Come get it!

Posted in Code | Leave a comment


我個人雖然睇落無乜野,同人有講有笑,講是講非,偶爾都會同人撘訕,但係其實我自己覺得我好孤僻。通常一到星期一我就唔想同人講野,Lunch 會想一個人食,因為真係無乜心情同人傾計。

今日雖然係星期五,但係我都一個人食飯。因為今日條 team 好多人放左假,另外d同事一係帶飯,一係就病緊。咁我又唔想同個病既食,因為佢尋日去左食粥,今日都唔見得會食好野,咁我就順理成章一個人食。

今次又再食日式咖哩 GoGoCurry,食第三次都覺得好食。仲叫左多椰菜絲,因為我個人好得意,好鍾意食配菜。以前係大學 canteen 食雙餸飯梗會叫佢俾多D菜,咁岩果D都係椰菜,D阿姐又好落要俾好多我,真係好好味(D椰菜)。


今日點幾兩點去到,點知都仲好多人,好在岩岩有張二人枱剩。叫左個人$75 豬扒飯﹐等左都幾耐,果個人拎個飯俾我果陣,EE哦哦咁左好多日文,但係明明佢就識廣東話,搞到我好odd咁剩係識講 thank you…

Posted in Food | Tagged | Leave a comment



Time is money,朝朝咁樣係中環塞幾個字,一個星期無左一兩個鐘,一個月就無左一個 working day…

如果一個鐘真係 USD100,每個月就無左 5000 幾 6000 蚊 :(

Posted in Work | Leave a comment


人生就好似Outlook D旗仔咁,




Posted in Work | Leave a comment

顧名思義 – 戀戀鮑情


今日返工唔係返中環, 而係個客個灣仔OFFICE到做中環做既野, 人生路不熟, 就忽然諗起舊公司成日一個人食飯, 就決定一個人食飯。仲要拎住把縮骨遮, 好孤單咁去左呢間餐廳食飯。

間野叫戀戀鮑情, 講真都幾唔好聽。英文叫 Hess 61, 我本身估係 Hennessy Road 61號咁解。諗深一層又無理由, Hennessy Road 頭四個字母係 Henn, 咁究竟係點呢…唔緊要, 呢間野好在係你一入去佢唔係俾杯水你, 係俾杯羅漢果水你, 對D未飲過既人黎講都會幾驚嚇, 飲到我成餐白酒芒果汁龍脷柳飯都甘甘甜甜咁好迷離。仲送個沙律, 果汁加一個個樣似雪糕點知係Strawberry Mousse 既甜品。個甜品好似係 Strawberry Cheese Cake 走 Cheese Cake 咁, 食到最尾果幾啖好不安。

雖然好似好恐怖, 但係其實我又OK呢間野, 食得都幾滿足, 埋單$68唔洗加一,算係咁啦。

Posted in Food | 1 Comment

Dragons of Atlantis – Possible to cheat on?

Dragons of Atlantis is a facebook game developed by KABAM. This is a massively multiplayer game which is similar to Travian or Evony, featuring a lively warfare with the wild and other players. The game runs on nginx, which is a high-performance web server, an reverse proxy server as well as email server. With a flash interface, the game interacts with the web server frequently to execute attacks, building structures, retrieving landscapes, chatting with other players and also dozens of other actions. Post data was used to send parameters as JSON, also JSON data was returned from the server for the Flash to process.

I have tried to intercept the information sent to the web server repeatedly by using Firefox and Firebug to look for a possible cheat into the game. However, like previously mentioned game of Zuma Blitz, which is also a facebook game, the HTTP request were not too vulnerable to tampering. Each HTTP request were secured by a security token called X-S3-AWS. Even google gave me no results on this name. I had to look through the nginx documentation and plugins to find that, this header is actually a part of ngx_aws_auth, which is an authentication plugins for Amazon Storage. Each HTTP request requires a valid token for the server to authenticate. If the post data was tampered, you must provide a correct token for the request to be valid. Like previous post, I could only repeat the same request, but not able to send new post data to the server without a valid token as this would result in 500 internal server error.

Although I looked in vain for a cheat, I did learn something about nginx and the authentication plugin. Always something to learn from a failure.

Some updates were made while I was studying for hacks to the game. I looked at the DOA Power Tools for Greasemonkey, which is a tool for playing the game written in javascript. The tool runs natively on Chrome or on Firefox by a addon called GreaseMonkey. The tools can send HTTP requests to the game server as if it was the flash interface. It means that at some point in this tool, the X-S3-AWS header was programmatically generated. I believe the author of this tool has actually decompiled the Flash interface in order to find out the calculation mechanism of this header. It is actually the SHA1 hash of the parameters post data that is sent to the server. Thus each action will gives you a different hash as the X-S3-AWS field in the HTTP header. For details, you can search for this line: ajax.setRequestHeader (‘X-S3-AWS’, SHA1(“playerId” + url + parmStr + “WaterDragon5555”)); in the DOA Power Tools. Cheers to the tools author!

Posted in Code | Leave a comment

Maximum Level, Powers and XP on Zuma Blitz

Recently I tried to increase the XP I earn in each game, and I found a quick cheat on that. If you have not read through my previous post on Zuma Blitz Cheat, please read it first.

After each game, your Zuma Blitz Flash will send a request to Pop Cap server with an URL like:………………..&json=%271%27&csm=79875b6d3758cb49b8972014f9b7feb&s=1206050&x=385&o=1106485&m=975&i=0&nl=0&rt=360&ra=1&v=38&bs=1298306424140

As mentioned before, in the URL, m=975 refers to the amount of mojo you earn. x=385 refers to you earning 385 XP. So if you can locate this URL and change x from 385 to something like 1000003850 and then click Go on your browser, you would immediately gain so much XP that will put you up to the maximum Level 133!

Your Powers will all be upgraded to its maximum. For example, each Time Balls add you 8 seconds, and you can have a 3x multiplier at the start of the game!

Isn’t that cute? Your frog gets to have a new look too!
Zuma Blitz' Golden Frog

Posted in Code | 4 Comments

Mojo, XP and Level Cheats in Zuma Blitz on Facebook

Recently I got addicted in playing Zuma Blitz on Facebook ( I once scored 1.4 million, using 3 powers, spent a lot of Mojo and used up all lives. That’s when I was curious about how to earn Mojo faster and skip waiting for life regeneration. There I found a solution (at least for now).

Like most other Facebook games, Zuma Blitz is a flash based game running as an app inside an iframe. It interacts with the Pop Cap server using HTTP requests sent by the Flash (the swf file). There we can find our way to cheat for Mojo, XP and Leveling up real fast.


Let me first explain the basic concept. Right after each Zuma game ends (ie. the moment that time ran out), the swf file send a request to a URL with a bunch of parameters to the server. However, it does not only report your score, it also reports to the server the Mojo and XP you have earned. If you can capture the parameters of that URL and resend this request over and over again, you can gain a real lot of Mojo and XP without playing the game! Hence you can quickly level up, unlock powers and most importantly play the following games with any powers you want without the worry of Mojo running out.


Everyone has a different Facebook account, hence the only way to cheat is to find that particular URL yourself. One simple way of capturing that link is by using Firefox.

  1. Download and install Firefox if you do not already have it.
  2. We need a Firefox Addon to capture the HTTP Request, Firebug is a great choice. Use Firefox to go to this link and install it.
    You will need to restart the browser after the installation, so it is good idea to bookmark this post before you do so.
  3. After you have restarted Firefox, you should see a bug icon at the bottom right of the screen. That’s the addon. Now go to to get the game Flash started, then click the bug icon.
  4. Click on the Net Tab (red circle) to show the network traffic, and click the HTML Tab (yellow circle) to show HTML requests.
  5. Start Playing Zuma and finish it like your normally do, but don’t disable Firebug. You can resize it if you wish.
  6. After the game finished, you should see something like this in the Firebug Network View.

    You will find a few HTTP requests made before and after the game. Right click on GET report_score.php?signed_request=… and click Open in New Tab.
  7. In the new tab, you will see something similar:


    This is the data responded from the server to tell the swf what data to display. xp means my final XP after game, which is 678015. mojo 2863456, idols, livesused, and the time until next life regeneration. Refresh this page and see what happens. The xp and mojo values increase!!! Great, this is working! Refresh it dozens times and open the game again, you should be rich in Mojo now! Play the game again, you may find yourself Leveling up sooner than you think.


This is one simple way of earning Mojo and XP. However, this is not the end of the story. I studied the parameters sent to report_score.php. You can actually find the score, mojo and XP (parameter s, m and x respectively) in the URL. I tried to change those values but that would result in error, obviously because there is a checksum (parameter csm) which is only valid for that specific s, m, x values. I believe a Flash programmer can decompile the swf and find out the formula for that checksum hash value and fake the score, Mojo and XP to Pop Cap server.

Well, no doubt Zuma is a great game, but finding out how the game operates also interests me a lot! This bug can be fixed simply by making that URL available one time only, so that refreshing will not keep increasing Mojo or XP. Let’s see when will this be fixed.

Posted in Code | 6 Comments