The Great Food Truck Hack
You may or may not have seen the popular reality show “The Great Food Truck Race” on the Food Network station. For those that haven’t, it’s basically a reality show where several food trucks are in a competition against each other for a chance to win $100k. So far, there have been two seasons. What’s interesting is that the food network channel also ran a separate online voting contest called “America’s Favorite Food Truck”.
This contest started back in July with nearly 600 trucks and asked fans to nominate and vote for their favorite local truck. The food truck to earn the most votes would win $10k as well as the opportunity to be featured on the 3rd season of “The Great Food Truck Race”. That’s pretty huge if you’re in the food truck business. Being on TV would definitely give you good publicity.
I’ve tried the food from several food trucks and my personal favorite was a truck called “Bap pul”. (It means “grain of rice” in Korean) Their “baprito” is just superb. I noticed they were contestants in this online voting contest and they were in 10th place! I tried to hunt down the rest of the trucks in the top 10 list but most of them weren’t local to me.
Curious, I checked out these other trucks’ websites. I was looking at the first and second place trucks. One of them, “Chef Tai’s” had the support of Texas A&M. A quick google search led me to an online forum where A&M fans were sharing “knowledge” and “tricks” to cheat the system and squeeze in more votes for Chef Tai than they were allowed. To top that off, they were really hating on the Los Angeles food trucks. They were hating on the city of Los Angeles, UCLA, and USC! The nerve! lol. Now, I love the state of Texas, but there’s no reason to be immature and wage war against my hometown. To top it off, I don’t think it’s fair that these people are encouraging each other to cheat on this contest.
Now, I’m a fan of the underdogs… especially honest underdogs like Bap pul. Being 10th out of 600 is pretty good… but still, they could do better. So I went online and voted for Bap pul. The food network voting site required a few pieces of information in order to vote: first name, last name, email address, and phone number. So I proceeded to enter my information and vote. There were no captchas and no confirmation emails…. but once you vote, you couldn’t vote again. Wanna take a wild guess at what I was thinking? Yeah. It’s time to make a bot. Not for money nor personal gain. It was simply to help out the little guys. Game on. Let the hacking begin:
First, I needed to generate fake email addresses. A LOT of them. So I wrote a quick script that took my list of Scrabble dictionary words and selected a random word. Then the script would generate a 1 to 4 digit random integer and append it to the end of the random scrabble word. Finally, it would randomly select one of 4 major free email address domains. How well does it work? Here’s an excerpt of the generated emails:
email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com
Looks convincing to me. The bot just needed to generate, register, and save the email addresses to a text file so it can feed a “revoting” bot for the next day.
Next, I needed to find a list of first names and last names so I could randomly pair them and register to vote with them. I was looking for a list of first names online, but instead I came across a list of hurricane / tropical storm names. Haha. That will do. For last names, I just compiled a list of last names… common last names, last names of famous basketball players, politicians, actors, etc. Easy enough.
They also required a phone number. So I just used a pool of all the area codes in the Los Angeles area and created a random number generator for the rest of the seven digits. No problem.
Once you register to vote, the site remembers you so you can’t vote again. You have to wait until the next day before you can vote again. (you’re allowed to vote everyday). How to get around that? Well, using PHP’s curl’s cookie jar option and storing cookies in text format, you can then clear the file after each iteration. It would also be wise to keep altering the user agent string which is supposed to be somewhat unique. Many sites block users based on this string. How do I handle this?
$browserkey = array_rand($browsers,1); $oskey = array_rand($operatingsystems,1); $useragent = $browsers[$browserkey].rand(1,9).".".rand(0,50)." (".$operatingsystems[$oskey]."; ".$operatingsystems[$oskey]."; rv:".rand(1,9).".".rand(1,9).".".rand(1,9).".".rand(1,9).")";
Easy as pie.
Done with the bot. Now, I was in the middle of a meeting with Ed Park and Lucas Bean while coding all of this. I wasn’t sure if I should run the bot or not… so I set the bot to run just 200 times off of my own laptop and terminate. 200 sounds harmless right? Click. I got re-engaged in the meeting. *chit *chat…. I looked down at the screen and clicked refresh. Oh shnapps! They jumped to 8th place!
Fearing that my favorite food truck might get disqualified, I immediately halted the bot. If 8th place was THAT easy to attain, jumping them to 1st place would be nothing. I had no idea how many votes separated 1st place from 2nd place from 3rd place….. and so on. So, I made a quick modification to the bot so that it keeps voting and checking the rankings between each iteration. I would simply enter the desired place and let it run. It didn’t matter if I needed 2 votes or 100,000 votes. It would give me just the right number of votes. I named it “win baby win”. With this bot, I could make the jump in rankings look realistic and gradual without raising suspicion. What about IP address? Well, thank’s to Amazon’s EC2, I’m able to start and stop as many instances as needed…. each coming with its own IP address fresh off the Amazon IP pool. 🙂 I mean…. what are they gonna do? ban Amazon?
Fast forwarding to the final day of the contest….
While doing this, I was able to tell which trucks were cheating and which trucks were not. Yes, Chef Tai had bots running. How do I know this? Because I needed my bot to submit a ridiculous number of fresh votes daily just to catch 1st place. C’mon. No matter how many customers this guy has, he can’t get THAT many votes organically. It’s a friggin food truck getting more votes than a Madison Square Garden sell-out…. and that’s daily! On top of that, their clumsy bots were causing a near denial of service for the poor food network site. I mean, I’m sure at least one computer science major at Texas A&M could hack together a voting bot… But it didn’t matter. My bot was FAR superior.
On the final day I launched 4 different EC2 instances, uploaded the bot to all 4, then ran screen on each instance so each EC2 instance was running multiple instances of my bot! I was careful not to mistakenly cause a denial of service for the voting site. I kept the bots running til the very final moment…. and what do you know? Bap Pul ended up in 1st place!
I checked out the A&M forum again and they sounded bitter. They mentioned an announcement on the Bap pul facebook page stating “if you tell us that you voted for us, we’ll give you a free drink with your food today”. They started crying foul because apparently, according to the “rules of the contest”, that was not allowed. Little did I know they actually contacted food network about that tiny Bap pul announcement and complained. Before the winner was announced, I heard Food network actually contacted Bap pul and told them they were disqualified because they were in first place and they “incentivized the vote”. How petty. So in the end, Chef Tai won by default.
So what’s the moral of the story? There’s a few:
1) Food network needs to fire Team Digital and hire more competent developers to build something as important as an online voting contest… especially if money is involved.
2) Food network should use captchas. Not just any captchas, but my captchas.
3) College educated software engineers are just inferior.
4) Bots still rule the world… especially food network’s world.
5) The real winners: Hurricanes. Hurricanes cast the overwhelming majority of the votes.