Un ingénieur américain conçoit un jeu en ligne composé d’un million de cases à cocher et en à peine deux semaines, le site attire un demi-million de joueurs qui interagissent massivement avec les cases. Un véritable phénomène estival.
Et le meilleur : des utilisateurs ont caché des URLs, en binaire et QR-Code, et des dessins cachés en dézommant la page jusqu’à avoir 1000x1000 checkboxs formant une image.
L’auteur du site les a trouvé, et rencontré les cachottiers sur un Discord.
https://x.com/itseieio/status/1829268247105138764
At the height of One Million Checkboxes’s popularity I thought I’d been hacked. A few hours later I was tearing up, extraordinarily proud of some brilliant teens.
…
So a few days in I’m exhausted. I’d just finished rewriting the backend in go. And I decide to dump the my database in ascii.I have no idea why I did this. I just did it.
This is what I saw.
WHAT THE FUCK IS THAT
a URL with « catgirls » in it was sitting there in my database and I PANICKED. I thought I’d been hacked! I started searching through my code, searching through my logs, trying to find the problem.
But I couldn’t find anything. Everything looked ok. And then
wait
wait!
I saw itI looked at the checkboxes on the site that corresponded to that sketchy, repeated URL.
Like this H here. That represents a byte.
8 bits
8 checkboxes
those 8 checkboxesAnd I realized there was a pattern in the checkboxes. And if I changed something in that pattern - if I unchecked a box - the pattern immediately reappeared.
somebody was checking boxes to write me a message in binarySo someone was:
- Checking boxes
- To make numbers
- To form letters
- To spell this URL
probably with a bot to make sure that the boxes stayed checked a certain way.
I wasn’t hacked! I had found a secret.And the link went to a discord! And the discord was called « Checking Boxes »
And we chat for a minute, and then they ask me a question that blows my mind:
« have you seen your checkboxes as a 1000x1000 image yet? »So there’s a lot going on here! In addition to the drawings, we’ve got some secrets. There’s the binary message I found, but above that is a base64 version of the same message. And we’ve also got a QR code (with full error correction) that linked to the discord.
The discord was full of very sharp teens, and they were writing this message in secret to gather other very sharp teens.
And it totally worked!! There were 15 people when I joined the discord but over 60 by the time I shut down the site.
(the discord is now hidden)I tried to make it hard to draw but they said « 1000 times 1000 is a million » - they found a way! And they started drawing some crazy stuff.
