A simple node script to demonstrate that the MangaRock application's rock system, in-app currency, is abusable by repeating an API request. Inside the app, the rocks are earnable by watching ads or completing tapjoy, ironSource offers. Watching an ad yields 1 to 2 rocks; 100 rocks are about $1. Using this script one can earn an unlimited amount of rocks. The script tells the MangaRock servers "I've just watched an ad, award me with rocks". The server, without any verification, does that. So, we could send 100 requests under a second and earn about 100-200 rocks.

1. Find out client id and session token of your mangarock app

• Every network request from your authenticated mangarock app will include them, catch it using your own means. Possible options are wireshark, setting up a proxy server etc.
• Client id is 40 characters long and is included in X-Parse-Application-Id header (Sample: lpY0gkLg4LOtrTAtNT1L1vwC1llTWkr0F8wusC5i)
• Session token is 34 characters long and is included in X-Parse-Session-Token header (Sample: r:c165f59eaf8fb7ffa0f096ab600edd02)

2. Clone this repository

$ git clone https://github.com/Enkhsanaa/mangarock-rock-miner

3. Update clientID and sessionToken variables in mangaRockMiner.js

4. Install dependencies

$ cd mangarock-rock-miner
$ npm install

5. Run script

$ npm start

• NodeJS - evented I/O for the backend
• Request - Simplified HTTP client

• Enkhsanaa Natsagdorj - Initial work - Enkhsanaa

This project is licensed under the MIT License