Invalid challenge step values calculation + wrong rounding secret + missing headers

[grandsilence]

Two causes of the issue #30.

1: Invalid challenge step values calculation (Different number precision in languages)

JS got 15 precision, C# got 16 now.

// step1 any operation
step1=+((!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(!+[]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+[])+(!+[]+!![]+!![]+!![])+(+!![])+(!+[]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]))/+((!+[]+!![]+!![]+!![]+[])+(+[])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(!+[]+!![]+!![]+!![]));

step1 result by language:

2.052213451505437    // JavaScript
2.0522134515054371   // C#

Let's try some values in interactive C# and JS.

So, JS number precision != C# double precision now? (wtf? double-precision (64-bit) IEEE-754 both).
C# 16 precision, not 15

Download HTML source

1.2: The first Issue step by step

js seed = 1.8218306919992202
c# seed = 1.8218306919992202

// Rounded? precision 15, why?
js step 1 = 2.690703827262779
c# step 1 = 2.6907038272627788

// Same
js step 2 = 4.257653205191571
c# step 2 = 4.2576532051915708

// Now is fine again (16) precision
js step 3 = 1.2088149860488984
c# step 3 = 1.2088149860488984

js step 4 = 0.8404492094548377
c# step 4 = 0.8404492094548377

js step 5 = 1.8719165990861497
c# step 5 = 1.8719165990861497

js step 6 = 1.0311952177624564
c# step 6 = 1.0311952177624564

Download HTML source : step by step

2: In ClearenceQuery property, calling Answer.toString() leads to rounding

Rounding when isn't required:

JS does not make rounding when there is a addition of a floating point number and an integer (the length of the string).

So the answer is incorrect in C# because Answer is rounded

2.1: Interactive math language difference

OFC: CultureInfo.Invariant required

2.2: Solution

Here my pull request

Using R format in ToString() call.

public string ClearanceQuery => $"{ClearancePage}?jschl_vc={VerificationCode}&pass={Pass}&jschl_answer={Answer.ToString("R", CultureInfo.InvariantCulture)}"

3: Missing headers

1. Referer must be original URL;
2. User-Agent should be one of most popular (signature detection). I prefer random chrome generation;
3. Accept & Accept-Language also checked (surprise);
4. Upgrade-Insecure-Requests no time for test it. But I prefer use it.

Correct headers example:

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.2296.54 Safari/537.36
Referer: https://opskins.com/?loc=shop_users_page&steamid=76561198073465263
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Upgrade-Insecure-Requests: 1
Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7

For fix "Forbidden" errors - you need to add it all.

[elcattivo]

Thanks for all the information. I have already merged you PR. I will implement your suggested improvements probably next weekend.

[Zaczero]

I made a library inspired by this repo which should fix all of the problems above 👍
https://github.com/Zaczero/CloudflareSolver