From 818db3ef4aadf489dba5ba8ba4f3bb4e150f0b22 Mon Sep 17 00:00:00 2001
From: Pinapelz <yukais@pinapelz.com>
Date: Wed, 3 Jun 2026 15:26:26 -0700
Subject: change from aes-gcm to xor shift obfuscation

encryption was pain in the ass on cross platform
---
 src/helpers/fetchSolution.ts | 46 +++++++++++++++-----------------------------
 1 file changed, 15 insertions(+), 31 deletions(-)

(limited to 'src/helpers')

diff --git a/src/helpers/fetchSolution.ts b/src/helpers/fetchSolution.ts
index dd623a0..2ca2e68 100644
--- a/src/helpers/fetchSolution.ts
+++ b/src/helpers/fetchSolution.ts
@@ -1,7 +1,7 @@
 import { Song } from "../types/song";
 
 const SALT = import.meta.env.VITE_HEARDLE_SALT ?? 'changeme';
-const API_URL = import.meta.env.VITE_HEARDLE_API_URL ?? 'https://127.0.0.1:3001';
+const API_URL = import.meta.env.VITE_HEARDLE_API_URL ?? 'http://localhost:3001';
 
 function hexToBytes(hex: string): Uint8Array {
   const bytes = new Uint8Array(hex.length / 2);
@@ -12,23 +12,17 @@ return bytes;
 }
 
 
-async function getDailyKey(): Promise<CryptoKey> {
-  const enc = new TextEncoder();
+function xor(data: Uint8Array, key: Uint8Array): Uint8Array {
+  const output = new Uint8Array(data.length);
+  for (let i = 0; i < data.length; i++) {
+    output[i] = data[i] ^ key[i % key.length];
+  }
+  return output;
+}
+
+function getObfuscationKey(): Uint8Array {
   const date = new Date().toISOString().split('T')[0];
-  const keyMaterial = await crypto.subtle.importKey(
-    'raw',
-    enc.encode(date),
-    'PBKDF2',
-    false,
-    ['deriveKey'],
-  );
-  return crypto.subtle.deriveKey(
-    { name: 'PBKDF2', salt: enc.encode(SALT), iterations: 100_000, hash: 'SHA-256' },
-    keyMaterial,
-    { name: 'AES-GCM', length: 256 },
-    false,
-    ['decrypt'],
-  );
+  return new TextEncoder().encode(SALT + date);
 }
 
 export async function getDailySolution(): Promise<Song> {
@@ -36,19 +30,9 @@ export async function getDailySolution(): Promise<Song> {
   if (!solutionData.ok) {
     throw new Error(`Failed to fetch solution: ${solutionData.statusText}`);
   }
-  const { iv, tag, data } = await solutionData.json();
-  const key = await getDailyKey();
-  const ciphertext = hexToBytes(data);
-  const authTag = hexToBytes(tag);
-  const combined = new Uint8Array(ciphertext.length + authTag.length);
-  combined.set(ciphertext);
-  combined.set(authTag, ciphertext.length);
-  console.log(key.algorithm);
-  console.log(key.usages);
-  const decrypted = await crypto.subtle.decrypt(
-    { name: 'AES-GCM', iv: hexToBytes(iv) },
-    key,
-    combined,
-  );
+  const { data } = await solutionData.json();
+  const obfuscationKey = getObfuscationKey();
+  const obfuscatedBytes = hexToBytes(data);
+  const decrypted = xor(obfuscatedBytes, obfuscationKey);
   return JSON.parse(new TextDecoder().decode(decrypted)) as Song;
 }
-- 
cgit v1.2.3