From 7c987fe3fefdae2da71150df0a509ee2047aa7a6 Mon Sep 17 00:00:00 2001
From: eva <xyzeva@riseup.net>
Date: Fri, 13 Feb 2026 06:12:44 +0000
Subject: [PATCH] fix: we're so back once again

---
 scripts/standalone-verify.ts     | 17 +++++++++-----
 src/routes/+page.svelte          |  2 +-
 src/routes/api/verify/+server.ts | 38 +++++++++++++++++++-------------
 3 files changed, 36 insertions(+), 21 deletions(-)

diff --git a/scripts/standalone-verify.ts b/scripts/standalone-verify.ts
index c97c275..4086c31 100644
--- a/scripts/standalone-verify.ts
+++ b/scripts/standalone-verify.ts
@@ -379,10 +379,14 @@ async function verify(qrCodeUrlStr: string) {
 
 	const generateTimeline = (maxTime: number) => {
 		const entries = [];
-		for (let i = 0; i < randomInt(2, 5); i++) {
-			const start = randomInt(1, maxTime - 100);
-			const end = start + randomInt(50, 500);
-			if (end < maxTime) entries.push([start, end]);
+		let lastTime = randomInt(100, 500);
+
+		for (let i = 0; i < randomInt(1, 3); i++) {
+			const end = lastTime + randomInt(500, 2000);
+			if (end < maxTime) {
+				entries.push([lastTime, end]);
+				lastTime = end + randomInt(200, 1000);
+			}
 		}
 		return entries;
 	};
@@ -594,7 +598,7 @@ async function verify(qrCodeUrlStr: string) {
 				model_version: 'v.2025.0',
 				cropper_version: 'v.0.0.3',
 				start_time_stamp: currentTime + Number(Math.random().toFixed(3)),
-				end_time_stamp: currentTime + completionTime + Number(Math.random().toFixed(3)),
+				end_time_stamp: currentTime + completionTime / 1000,
 				device_timezone: location.timezone,
 				referring_page: `https://d3ogqhtsivkon3.cloudfront.net/index-v1.10.22.html#/?token=${token}&shi=false&from_qr_scan=true`,
 				parent_page: `https://d3ogqhtsivkon3.cloudfront.net/dynamic_index.html?sl=${jwtPayload.jti}&region=eu-central-1`,
@@ -766,6 +770,9 @@ async function verify(qrCodeUrlStr: string) {
 	const encryptionData = await encryptPayload(sessionData.nonce, payload);
 	payload = Object.assign(payload, encryptionData);
 
+	Deno.writeTextFileSync('genned-payload.json', JSON.stringify(payload, null, 2));
+	return;
+
 	const completeRes = await fetch(`${BASE_URL}/age-services/d-privately-age-services`, {
 		method: 'POST',
 		headers: {
diff --git a/src/routes/+page.svelte b/src/routes/+page.svelte
index e1e700f..691d668 100644
--- a/src/routes/+page.svelte
+++ b/src/routes/+page.svelte
@@ -1,7 +1,7 @@
 <script lang="ts">
 	import QRCodeScanner from '$lib/components/QRCodeScanner.svelte';
 
-	const IS_PATCHED = true;
+	const IS_PATCHED = false;
 </script>
 
 <div class="mx-auto w-screen max-w-6xl items-center p-5 pb-16">
diff --git a/src/routes/api/verify/+server.ts b/src/routes/api/verify/+server.ts
index 26e8de2..6b59dd8 100644
--- a/src/routes/api/verify/+server.ts
+++ b/src/routes/api/verify/+server.ts
@@ -344,16 +344,6 @@ async function encryptPayload(nonce: string, payload: any) {
 	};
 }
 
-async function generateKIDProof(grant: string, attemptId: string) {
-	return Array.from(
-		new Uint8Array(
-			await crypto.subtle.digest('SHA-256', new TextEncoder().encode(`${grant}:${attemptId}:v1`))
-		)
-	)
-		.map((e) => e.toString(16).padStart(2, '0'))
-		.join('');
-}
-
 async function verify(
 	sessionId: string,
 	userAgent: string,
@@ -433,10 +423,14 @@ async function verify(
 
 	const generateTimeline = (maxTime: number) => {
 		const entries = [];
-		for (let i = 0; i < randomInt(2, 5); i++) {
-			const start = randomInt(1, maxTime - 100);
-			const end = start + randomInt(50, 500);
-			if (end < maxTime) entries.push([start, end]);
+		let lastTime = randomInt(100, 500);
+
+		for (let i = 0; i < randomInt(1, 3); i++) {
+			const end = lastTime + randomInt(500, 2000);
+			if (end < maxTime) {
+				entries.push([lastTime, end]);
+				lastTime = end + randomInt(200, 1000);
+			}
 		}
 		return entries;
 	};
@@ -455,8 +449,22 @@ async function verify(
 			'SLOWLY_DISTANCE_YOURSELF_FROM_THE_CAMERA',
 			'TOO_DARK'
 		];
+		const noState = [
+			'VIDEO_PROCESSING',
+			'STAY_STILL',
+			'TURN_RIGHT',
+			'ALIGN_YOUR_FACE_WITH_THE_CAMERA_UP',
+			'ALIGN_YOUR_FACE_WITH_THE_CAMERA_DOWN',
+			'SLIGHTLY_TILT_YOUR_HEAD_LEFT',
+			'SLIGHTLY_TILT_YOUR_HEAD_RIGHT',
+			'OPEN_YOUR_MOUTH'
+		];
 		const timelines: Record<string, number[][]> = {};
 		states.forEach((state) => (timelines[state] = generateTimeline(completionTime)));
+		noState.forEach((state) => {
+			timelines[state] = [];
+		});
+
 		return timelines;
 	};
 	const baseAge = randomFloat(25.2, 26.0);
@@ -634,7 +642,7 @@ async function verify(
 				model_version: 'v.2025.0',
 				cropper_version: 'v.0.0.3',
 				start_time_stamp: currentTime + Number(Math.random().toFixed(3)),
-				end_time_stamp: currentTime + completionTime + Number(Math.random().toFixed(3)),
+				end_time_stamp: currentTime + completionTime / 1000,
 				device_timezone: location.timezone,
 				referring_page: `https://d3ogqhtsivkon3.cloudfront.net/index-v1.10.22.html#/?token=${token}&shi=false&from_qr_scan=true`,
 				parent_page: `https://d3ogqhtsivkon3.cloudfront.net/dynamic_index.html?sl=${jwtPayload.jti}&region=eu-central-1`,