Studying for finals is overrated right? Yea it is.

Preface : If you haven’t, you’re probably gonna wanna read my other article (http://ow.ly/QsuoD) before you read this one. Also, I’ve open sourced the script from the first article as it appears to be patched. Hopefully people can learn from it, or even just understand how I did it. https://github.com/JakeCooper/OnePlusTwoBot

This morning I received an email from OnePlus saying that they were going to patch the exploit I detailed yesterday. Guess it’s time for round 2.

Amidst my search for hacks in my previous article, I discovered another trick that lead to a bigger and better hack. Gmail has what is called “Email aliasing”, which allows emails sent to a permutation of your Gmail to be forwarded to your Gmail. There exist 2 rules to this that I have heard of. The following 2 emails both forward to youremail@gmail.com.

Youremail+anything@gmail.com (Courtesy of /u/pyronautical on Reddit) Your.email@gmail.com

The first one is relatively simple, as it just truncates everything after the +. This was the first one I checked on OnePlus, but no dice, I was blocked by the OnePlus web client. I even tried to request straight to the server like last time. Again, no luck.

The second one proved to be a little more fruitful. OnePlus had done SOME validation, but had let some slide through. It turns out OnePlus WILL accept emails with periods (Which I knew, because mine has a couple), but there are again a couple of rules.

The periods cannot occur at the start or end of the email. Two period cannot occur adjacent to one another in an email.

Now let’s this about this for a second : Given a N sized string, we know that, with (n-1) spaces in between the letters, there are 2^(n-1) permutations where the space between characters can be filled and produce unique strings. Take the string “test” :

test

t.est

te.st

tes.t

t.es.t

te.s.t

t.e.s.t

t.e.st

2^(4–1) = 8. I’d prove this by induction, but I said I wasn’t studying for finals, so let’s skip that (Sorry CSC225 prof).

My email actually has 16 characters not including periods. That means 2^(16–1) = 32768 possible combinations.

I’m fairly certain 30000+ referrals would put me at #1. For the purpose of this article I’m going to use a burner email with 8 characters, so 2^(7) = 128. Less, but still a shitload. Actually 127 because I need to use one to get my referral link.

Let’s start with some code to build the permutations :

Recursion is hard.

The above works. @SamuelMaskell on Twitter beat me to figuring it out, so he gets credit for it.

Now onto the fun part. So now we want to send an email to each of those emails. We can reuse the code from last time :