Hacking Wordle
You all know about that game that flooded Twitter and the rest of the internet a few weeks ago. Like many others, I also started playing but my streak was longer than the Golden Gate Bridge and each day I would guess the word on the first try. Wanna know how? Read on…
DISCLAIMER: This hack is outdated. Wordle changed its source code quite a bit. Due to this the old method no longer works. You can check out the latest hack at Re-Hacking Wordle.
When I first looked at the game I thought it was really smart and interesting. My mind would just immediately start working on so many words that I know and want to try. Also choosing a word for your first guess is really hard because there are so many options.
On my first try, I got it in 4 tries + I used an online word dictionary to find the right word that matched the letters I guessed so far.
After that, I went on Twitter to share my score and I saw a guy did it in a single try. He was so happy and said that there is a really small chance he will do it ever again. That got me thinking, is it possible to somehow win every time.. is it possible to cheat the game?
I went on Google and found some interesting topics. There are many helpers for finding the word based on the parameters. Eg. 5 letter words with letters “H, A, K”. Which is similar to how I did it by hand when I first played. Here are a few examples.
- https://wordfinderx.com/wordle/
- https://www.thewordfinder.com/wordle-solver/
- https://word.tips/wordle/
Each of those is great and will help an average Joe to do better or extend their streak but that was not enough, I wanted perfection.
As I am Software Developer (primarily using JavaScript) I was interested to open up Chrome DevTools and look at the Wordle code.
The first thing I did was open the game in Incognito window and started playing. I was expecting to see network requests that would check if solution/word was correct on the server-side. But to my surprise there were none. I said ok, maybe when you win the final answer is sent to the server, and validation is somehow encrypted/obfuscated in client-side (JavaScript) code — but no, even when I won there were no network requests so now it was clear that solutions actually has to be embedded and available on the client-side and all those JavaScript files.
So I moved to Sources tab of Chrome DevTools and started looking at the code. JavaScript was minified but that was no problem because Chrome has an integrated prettifier that formats the code.
Now I was able to get a better look. Again to my surprise the code was not even obfuscated in any way. It was only minified (condensed in a single line). Also, it wasn’t using React or any kind of frontend framework, at least my extensions did not detect it.
Because code was not obfuscated I was able to catch the flow of the game by placing a few breakpoints and just playing the game. Each time I wrote a letter or tried the word or even won/lost different pieces of code would execute.
Now that I knew the control flow of the game I found out that after the page loads there is a solution variable that gets initialized. It was pulling the value from a single function that would get the current day index and then would look at the specific array for word. Yes, I found all the words that were available and will be available in further days for the Wordle game. Then I found the word I guessed on that day and just by looking at the array (because days were used as an index) I could see the word (solution) for the next day.
So nice, success… just by knowing the word for the next day ahead of time I could even now win every day on the first try. But I wanted more…
It was kinda clunky to look at the source code each day and find the answer. I looked at the code some more and I noticed that the game saves a solution variable on its instance. this.solution = solution . When I looked at what this variable is in a current context I found out (to my surprise) that it is actually game-app HTML element (web component).
So just by opening JavaScript console on Wordle website and executing this piece of code, I was able to console.log solution for the current day.
Nice, right? Now I no longer need to look at the code but I can just execute this little snippet. Also in Chrome if you press the arrow up in JavaScript console it will find the snippet in history so it is even faster. But I wanted more…
As I practically had the solution I was thinking.. what if I could actually automate the pressing of keys and solution submission? Short answer, I could…
Nice, right? That is about it for this article. Feel free to use it on days when you are having a hard time guessing the word or just need a mental break and wish to continue your streak. That is what cheats are for 😉. Also, I know that this takes all the fun out of the game. I personally did not care and had more fun reverse engineering and working on this hack. But that is me. I would like to say kudos to the Wordle creator for the fun game, and also a fun challenge for us who like to tinker with the code 😄. Cheers!
FYI: I also managed to hack https://www.lewdlegame.com/ so if you want to see that leave a clap or let me know on Twitter. 👋
If you wish to take a closer look at the final script here is a pretty version with comments:
