Reviewing Brick Hill's Code
As you guys would know, I have tried to make a Brick Hill clone, but gave up on it when I thought about what will preschoolers do on my website, and I’m still proud of that, anyways, I am gonna talk about the messy code of Brick Hill.
How to not secure IP adresses of the games
Everybody knows that Brick Hill doesn’t have a dedicated server (what an L), instead they give the hosting to the user, which creates really bad issues, for example:
node-hill source code server.ts line 16 to line 39
function maskIP(ip: string): string {
const twoOctets = ip.split(".").splice(0, 2)
return twoOctets.join(".") + ".x.x"
}
async function socketConnection(client: ClientSocket) {
client._chunk = {
recieve: Buffer.alloc(0),
remaining: 0,
clear: function () {
this.recieve = Buffer.alloc(0)
this.remaining = 0
}
}
client.IPV4 = client.remoteAddress
if (Sanction.bannedIPs.has(client.IPV4))
return client.destroy()
client.IP = maskIP(client.IPV4)
client._attemptedAuthentication = false
console.log(`<New client: ${client.IP}>`)
// more code here
}
As you could see, this is how they hide IP adresses, very shameful and very dangerous way to do it, and it’s a reason to use dedicated hosting instead of giving the user choice, smh.
Welp, thats not all!
Brick Hill site source code SetPage.vue line 445
function playButton() {
axios
.get(BH.apiUrl(`v1/auth/generateToken?set=${props.setId}`))
.then(({ data }) => {
let ip = atob(props.setIp.split("").reverse().join(""));
window.location.href = `brickhill.legacy://client/${data.token}/${ip}/${props.setPort}`;
});
}
They literally use base64 to hide IP adresses lmaooo
Crappy GameMaker 8 client
Do I even need to talk about this? It’s an absolute mess like the website.
Conclusion
If you are gonna make a Brick Hill clone, just don’t, if you are still playing Brick Hill, leave it off and play something better
(and don’t touch to sandboxes that don’t have clients, because 100% chance to get your data sold to chinese)