Dwi Siswanto

Security R&D | Rapper | Shitposter | ACAB Hacking Wordle for Solution (No-Guess Attempt!) | Dwi Siswanto

Hacking Wordle for Solution (No-Guess Attempt!)

February 10, 2022

What is Wordle?

Wordle is an online 5-letter word game. Each day a new word is released and players have to guess what the word of the day is.

How does a Wordle work?

The premise of Wordle is simple; players have six tries to guess a 5-letter mystery word. During the guesses, tiles will change colour to help players get the word. A grey letter means it isn’t in today’s word, whilst a yellow letter signals it is in the word but in the wrong position. Then there’s the green letter which means it’s in the word and in the right place (if any). If it’s completely right – the full 5 letters turn green.

How to hack Wordle?

If you Google it, there are already plenty of resources on how to solve this game. Many advise choosing your first 5-letter word carefully, avoid reusing letters that have come before, or using an solver, like: anagram solver, word unscrambler, or even use a neural network.

wordle-hacc

In fact, it’s very easy to hack Wordle! In this way, you don’t need any kind of algorithm or solver. Wordle runs entirely on the client-side, which means there doesn’t need any validation on the server-side. So, that way we don’t need advanced attacks like brute-force, just need to understand the logic flow to get today’s word.

When we type the word and submit for the answer, these submitGuess method is called.

After that, the evaluateRow method is called in order to validate the word.

The r variable declared as a function: it’s the key to reach the solution! That function performs a letter comparison of the word we input (s as e) with a predetermined solution (this.solution as a). Which will do the marking of the letters we input, as:

Then look for where the solution is defined(?), and I get eye-catching variables!

The za function retrieves the gameState item from local storage, and if the item doesn’t exist, the xa variable will be initialized.

Sure enough! After taking the initiative to check that the item is declared in local storage, the word that is the solution is defined in it along with the evaluations, game status, last played, etc.

> JSON.parse(window.localStorage.gameState)

Then I created a JavaScript one-liner to execute the solution from local storage to submit guesses! \o/

output