Hacking Unicoins for Fun and Profit (Stackoverflow.com April Fools 2014)

Stackoverflow introduced an amusing little April Fools feature called 'Unicoins'. Essentially, this currency (that you can earn by mining rocks, since all of the (rather amusing) payment options are currently unavailable') allows you to by silly upgrades for the website. From 'Colorful comments' and 'Guaranteed Answer' through to 'Voting animations' which gives you 'happy unicorn animations everytime you vote'.

Anyways, long story short, I saw a system and wondered how to beat it. Turns out each rock is simply an AJAX request to /unicoin/rock to get a rock ID, and when you sucessfully mine it, you POST back a static fkey (bound to each user I assume?) and the rockId to /unicoin/mine?rock=theRockId

I've put together a little automagical javascript to prevent you all getting RSI. It's for health reasons.. honestly.

Enjoy your unicoins! <3 /dev/alias

https://gist.github.com/0xdevalias/9905949

First, go to stackoverflow.com then define this in your Javascript console:

var hackMeSomeUnicoins = function(myFkey) {
  console.log(&quot;Ok, let&#39;s hack you some shiny unicoins! &lt;3 /dev/alias (www.devalias.net)&quot;)
  console.log(&quot;The powers that be say you can only mine a rock every 10sec, so we do it every 11sec to be sure.&quot;)
  window.setInterval(function(){
    $.get( &quot;http://stackoverflow.com/unicoin/rock&quot;, function( data ) {
      var rockId = data.rock;
      $.post( &quot;http://stackoverflow.com/unicoin/mine?rock=&quot; + rockId, { fkey: myFkey })
      .done(function( data ) {
        console.log(data);
      });
    });
  }, 11000);
};

Once you have done that, just call this from the console:

hackMeSomeUnicoins(StackExchange.options.user.fkey);

(Thanks to @ouranos for the fkey options string)

You can get your fkey by inspecting the POST made when you successfully (manually) mine a rock. (It's also stored in a data-fkey type value somewhere, but haven't been bothered to find it and automagically pull it out (feel free to contribute some JS to do it)

Pimping this: