Slapping Mr Beast 100 Million times – Exploiting Local Storage

Slapping Mr Beast 100 Million times

Exploiting local storage


This was reported to Mr. Beast’s team on August 15, 2022 immediately after this was posted.

Also – Big Thank You to CaliD – couldn’t have done it without ya.

Background

Mr. Beast is a man who needs no introduction; he is most known for his videos which show him giving away a lot of money, and he is one of a very very select few who have hit 100,000,000 subscribers on YouTube. In celebration of hitting this 100M milestone, his merchandise shop (www.shopmrbeast.com) sold special shirts and he had a give away where you could unlock different items by ‘slapping’ Mr. Beast’s face.

Slap-To-Win

The giveaway was ‘Slap-to-win’ – if you ‘slapped’ (clicked) the face a certain number of times, you could unlock different items. The ‘grand’ prize was if you clicked 20,000 times, you could unlock a hat (that would ship with the purchase one of the special shirts). Other prizes you could unlock included stickers, lanyard, and keyring if you clicked 500, 2,000, and 5,000 times respectively.

After actually clicking 20,000 times to get my free hat, I wondered if it would be possible to game the system. Was there a limit on how high you could actually click? 

Local Storage

In Chrome, if you right click and ‘inspect’, there’s a menu called Application. In here, you can find the locally stored variables. You can see in the above photo, you can see the variable ‘mr-beast-slapper-face-selected’. This selects the ‘face’ which you slap. See the selection menu here:

On the left is Mr. Beast, however simply by changing the variable in local storage to “Karl”, for example, and refreshing the page, you can select one of the other faces as seen below. Other faces include Chandler, Chris, and Nolan – members of Mr. Beast’s crew.

Hash’n’Salt

My first step was to look into how the number is stored. 

1 = “U2FsdGVkX19rgaUdun86lNM=”

2 = “U2FsdGVkX18oneybblCfyWQ=”

3 = “U2FsdGVkX1+dBh6eq5NE45Y=”

Each of them start with the same set of characters “U2FsdGVkX1” – which in base64 is “Salted__”. The only information this provides is that it was likely encrypted using OpenSSL, which unfortunately is a bit of a dead end. If anyone knows another way to figure out the encryption algorithm, I’d love to hear about it!

What I next noticed is that you could replace the hash with any of the previous ones – so if you saved “U2FsdGVkX1+dBh6eq5NE45Y=” in the local storage variable, it will always show ‘3’ slaps next time the page is refreshed.

Unfortunately this means I can only insert numbers I already knew the hash for…


Gathering More Intel

Next step was trying to learn more by changing the data in the ‘mr-beast-slapper-score’ field. Thanks to CaliD for helping with these next steps.

First, I started with a known value:
60 = “U2FsdGVkX18fUr/ONk3C/9Ok”

Then changed the last letter from ‘k’ to ‘j’, and this
successfully changed the number from 60 to 67:

67 = “U2FsdGVkX18fUr/ONk3C/9Oj”

But, the previous character from ‘O’ to ‘P’ yielded ‘NAN’

NAN = “U2FsdGVkX18fUr/ONk3C/9Pk”

We them realized the page wouldn’t load with random data. Putting something random, like “nsjkdf” would yield an application error, and the page would not load. More so, the console gave a ‘TypeError”, which led us to some interesting functions.

By clicking on the Object.decrypt, it led us to the encrypt and decrypt functions.

Next step was adding a breakpoint on line 319.


Counting to 100,000,000 

On the right, you can set variables, and we noticed that variable ‘e’ was our slapper score. With my limited understanding – it takes the value in the local storage, decrypts it, updates the slapper score, and then encrypts it again. By updating the value halfway through this process, it allowed us a small window to slap Mr. Beast as many times as we wish.

So I changed the value from 11, to 100,000,000, refreshed the page, and….

And this is how I slapped Mr. Beast one time for every subscriber he has! Many congratulations to Mr. Beast for hitting this incredible milestone!

How High?

And… just for fun….

Well – after putting in some stupidly big numbers, I was curious how high it actually went.

Once you get high enough, it goes into scientific notation..

But… is there a limit? Turns out yes: “1e+308”

If you put in “1e+309”, it says “Infinity” and actually changes the variable to infinity.

Leave a Reply

Your email address will not be published.