#tryhackmeaoc2024 ``` Dirt on the Mayor, the Glitch needed more, But the dirt was protected by a pesky locked door! But no need for panic, no need for dramatics, The Glitch would get through with these game mechanics. ```  ## Learning Objectives - Understand how to interact with an executable's API. - Intercept and modify internal APIs using Frida. - Hack a game with the help of Frida. I changed the OTP.js file to include a log statement where it prints out the OTP in an int format.  I then ran `frida-trace` again.  I inputted the OTP:  > [!check]- First flag received! >  For the 2nd flag, I originally put these logs in the code to see what the different variables mean.  I got this in the console:  Param 1 is the Item ID, Param 2 is the price, and Param 3 is the player's coins. I changed the purchase.js file to look like this, which allows me to buy any item I want! > [!check]- Second flag received! >  The third flag is a bit harder as the function checks for `String`s, not `Int`s. I originally changed the code to grab the memory of the String, but that did not work the best.   Let's change it to something else. Let's add use the `onLeave` function, to find the return value!  If we leave the return value as is, it will still be false, which will not let us pass! If we change it to `True`, though, that should work! We can do so like this:  Now, if we run the game again, we should be let in! Let's try it :)  > [!check]- Third flag received! >  Frida is a very cool tool! Will definitely continue to use it :)