The joys of knowing Software - Hacking the Boat License Course

Published 2013-05-27 on Farid Zakaria's Blog

Boat Licenses

NOTE: June 17th 2016 - I received a cease and desist letter from boat-ed.com and they have fixed the way in which the script in this post circumvents the wait. I am not aware of any other way to bypass it.

Summer is fast approaching and me and a group of friends decided to take the water on some ridiculously fun jet skis. In the state of Washington, a boat license is required to operate any PWC (personal watercraft) which thankfully can be done online. As a procrastinator I put aside 30 minutes of my time the night before the excursion to do the online exam on www.boat-ed.com. I was in for a large shock when I discovered that you had to sit through all the course material on the website prior to attempting the exam; average time for completion 6-8 hours.

Time is precious

Time is precious. It's constantly fleeting and the last thing I wanted to do was sit through 6-8 hours of instructions that I knew and are largely common sense. The final exam should be indicative of whether you know the material or not, therefore it is not necessary to force people to sit through the course (all though you can Google the answers to the exam...). As my roomate decided to sit through the course material blindly hitting next when the button becomes available as he watched tv shows on Netflix, I decided to investigate if my knowledge of Computer Science can save me!

Chrome Extensions FTW

tl;dr; Install this Chrome Extension, which will enable you to skip any State Boat License course on www.boat-ed.com

Having some prior experience to writing Chrome Extensions and knowing more than my fair share of web services, I was able to dig into their JavaScript source files and find how they were forcing the users to sit through the course material. I will leave future blog posts perhaps detailing how one might go about "hacking" websites to reverse engineer their web services and fiddle around with it, briefly the steps were:

  1. Reverse obfuscate their JavaScript
  2. Find the offending timer code
  3. Figure out how to diable the timer (was a server call
  4. Fake the code in a Chrome Extension
A photo of my dog Moose

I'm a software engineer, father and wishful amateur surfer. If you've come seeking my political views; you've found the wrong Fareed.

linkedin fmzakari

github fzakaria

email farid.m.zakaria@gmail.com

pgp D1B232E7

Archive

Historic WordPress Blog

Recent Posts

2024-03-03
Visualizing GitHub workflow run length time
2024-02-27
Hermetic, but at what cost?
2024-01-15
Abusing GitHub as a PyPI server

License

The content for this site is CC-BY-SA. The inspiration for the theme for this site is © Drew Devault.

Improve this page @ 3ad6d7c