Introduction Link to heading
I was doing an IQ test on https://testyouriq.org/ (also known as https://intellitest.io/, https://iqtesting.online/), but when I finished, it presented a payment page.
I already completed my test and was only notified it would be paid AFTER I wasted my time on it. So as any hacker, I started digging on the page.
Discovery Link to heading
The website had a simple structure with no backend or subdomains. The main target was a single webpack JS bundle.
After making the bundle more readable with https://webcrack.netlify.app/ I was able to bypass the payment page. Only before finding out I could just have navigated to /results9eb30f.
The page had the following routes
Instructions: "instructions"
Test: "test"
CalculateResults: "calculation"
TestComplete: "payment"
Education: "education"
DefenceForces: "defence"
Recruiting: "recruiting"
WhatIsIQ: "whatIsIQ"
TheGFactor: "theGFactor"
ContactUs: "contact"
Legalities: "legal"
BasicResults: "results73122c"
ResultsAndCertificate: "resultsbea1c"
CompleteResults: "results9eb30f"
And with the following snippet I could get the router and navigate where I wanted to.
nav = __r(220)
nav.navigate("CompleteResults")
Score algorithm Link to heading
I noticed after multiple runs of tests, many of them kept getting the score of 107, which was odd. After renaming the variables for better readability, there’s what I found:
Questions had four different difficulties that awarded points to your score.
- Easy: 2 points
- Medium: 4 points
- Hard: 6 points
- Very Hard: 10 points
A maximum of 9 points could be added to your score based on your remaining time, and then the result was limited to a value between 107 and 135.
var correctAnswers = [
2, 5, 2, 1, 2, 3, 1, 6, 6, 6, 1, 1, 4, 2, 6, 1, 3, 5, 6, 1, 2, 1, 10, 3, 6, 4, 3, 3, 1, 2, 1, 2,
3, 3, 2, 1, 2, 4, 3, 1,
]
var easy = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 20, 22, 24, 26, 28, 34]
var medium = [19, 21, 27, 30, 31, 32, 33, 35, 37, 40]
var hard = [25, 29, 36]
var vhard = [38, 39]
if (easy.includes(questionnumber)) {
tempscore = answer === correct ? 2 : -1
} else if (medium.includes(questionnumber)) {
tempscore = answer === correct ? 4 : -1
} else if (hard.includes(questionnumber)) {
tempscore = answer === correct ? 6 : -1
} else if (vhard.includes(questionnumber)) {
tempscore = answer === correct ? 10 : -1
}
score += tempscore
var o = Math.min(Math.floor(n.secondsLeft / 30), 9)
score += o
score = Math.max(107, Math.min(score, 135))
n.iq = score
Digging into the certificate Link to heading
The certificate generation code creates a random ID between 160,000,000 and 999,999,999 with Math.random. This provides no real authenticity or ownership of the certificate.
var serial = Math.floor(Math.random() * 839999999 + 160000000).toString()
var datetext = (0, _r(d[15]).translate)("resultsAndCertificateScreen.date")
var certidtext = (0, _r(d[15]).translate)("resultsAndCertificateScreen.certificateID")
There’s no backend to keep track of certificates, payments or accounts. Payments are just links to a Shopify page validated client side.
if (a === "Basic") {
;(0, _r(d[15]).openLinkInBrowser)("https://buy.stripe.com/6oE9Cvavof6k17GfZ2")
} else if (a === "Complete") {
;(0, _r(d[15]).openLinkInBrowser)("https://buy.stripe.com/fZe2a31YS7DS6s0aEK")
} else if (a === "IQ and Certificate") {
;(0, _r(d[15]).openLinkInBrowser)("https://buy.stripe.com/3cscOH1YS4rG9EccMR")
}
I discovered this website because I found an IQ test on Twitter with a score of 86 which is impossible based on the code of the website.
Tweets with a score of exactly 86: https://x.com/PastorAlexLove/status/1778679300994089434 https://x.com/iamyesyouareno/status/1838181847852884137
and many others that seem like advertisements to get people to visit the website.
My conclusion of this website is that it’s a fraud to deceive people into thinking they did a real IQ test.