How Did I Get TradingView Premium Plan For Free

Published in

Ayuth’s Story

7 min readDec 22, 2022

For education purpose, the method in this blog isn’t be able to produce again. Learn the thinking process then leap from it, not only result.

Back in September last year, during the crypto boom cycle. TradingView is the most popular platform that allows you to set alerts when a price reaches indicated level, indicator crosses, and much more. Everyone is joyful (and FOMO especially, me).

During that period, I subscribed to the TradingView Pro plan too because I do not want to watch the screen all the time, just set some alert when the price reaches that level. I keep using the platform until my curiosity awakens:

How did it know that I’m a pro a basic user?
How does it distinguish between a normal and paid user?
What will happen if I change that indicated variable to the paid one?
How could I make those curiosities above happen?

Before going further, for those who don’t know what TradingView is.

TradingView

Where the world charts, chats and trades markets. We’re a supercharged super-charting platform and social network for traders and investors.

TradingView is the platform that combines all stocks, forex, cryptocurrencies data, and price. Usually, in the bloom cycle, I monitor a lot using this platform that allows me to set an alert, triggering when some of the indicators cross and so on. Let’s get back to our story.

🤔 How do I able to use the TradingView Premium plan for free?

🛠️ Tools you need

You only need Chrome Dev Tools. In order to use these tools, you need to have some familiarity with web development and its debugging tool. Luckily enough, I’ve been teaching several Web Development and React Bootcamp.

💩 Let’s get started

Starting by observing its behavior. If you are not a paid member the dialog will be shown when you click some pro feature, for instance, multiple charts in one tab.

Selecting Layout dialog in TradingView when a user clicked a not eligible plan then the dialog will be shown that my plan doesn’t be able to use this feature

Let’s start by intercepting of clicking event. Open the Chrome Dev Tools and set a breakpoint when the mouse was clicked

Set a breakpoint on the mouse click listener, whenever the user clicked on something, it will be stopped when an event is fired

Then set the breakpoint at the mouse click event listener so that every time I clicked, it will bring me to the handler function for handling the click event.

Then I start playing with the “Step over”, “Step into”, and especially “Breakpoint” quite several hours to understand how its checking logic works. Repeating it until you found something interesting like this

The Chrom Dev Tools windows that show unminified code and debugger its

By the time I found it, this took over and over again (and you need to be more patient). After being played it for a while and making little manipulation of some variables and making actions to produce the dialog again. Here are my rough steps of how it works:

When a user clicks or requests any features
The app gets the user’s profile and grabs the current plan
Comparing the current user plan to {some sort of object that stores all of the plans and a set of eligible features for each plan, let me illustrate this, Pro plan should only open 2 charts in one layout not more than 4 as well as Pro+plan only allows 4, finally premium allowed to 8}
If a current plan is eligible to do that pass it on otherwise the dialog will be shown on request for a feature

The interesting part is steps 2 and 3 either you can modify the logic and make it bypass its checking process.

In my mind, here it comes, what if I just modified the current user’s plan and let the app think that I am currently in the Premium plan is better. The reason behind this is that going through the comparing logic is a nightmare and lots of effort to understand the underlying logic of the app (which some cases is inevitable unless it works for me in this case 🤭).

My other confession, to be honest, I literally don’t know how to reproduce it again if I patch its logic, let me illustrate this:

You need to set a breakpoint to mouse event listener
Unminified the minified source code and set a breakpoint
Playing with the debugger and modifying the variable inside the scope that the debugger stopped, also, the variable doesn’t expose to the global I really don’t know how to access it outside without a debugger.
Make steps 1, 2, and 3 into a script or extension that you don’t need to produce with your own hands again, I’m dead at step 1.

This is not the road I don’t want to go 😥 (if anyone has any advice on this, feel free to share it in the comment everyone would be appreciated it).

Luckily, being played with the variable that stores a user’s current plan. I knew that the platform exposed the user variable to the window object, which can be easily accessed by window.user. Modifying the plan in the user variable. I am able to use the Premium Plan’s feature which I can open 8 charts in one layout and up to 10 indicators. 🎉🎊

The result is that I can open 8 charts layout in one window which is not allowed in my current plan

Create a Script and Automating It

Modifying the client-side script doesn’t allow me to perform all its premium features. As you may know, some of its functions require the server side to perform, for instance, setting an alert when the price is below or above, notifications, and some personal preferences persistent.

With these limitations, I am only allowed to perform client-side, in this scenario, only add more indicators and multiple charts in one layout which is fine for the experiment. One of the reasons that I will make it automatable is to reproduce it before sending the report to their team.

Cover photo of “Building your first malicious chrome extension” talk

Just for an idea, way back in 2020, I attended and was inspired by the talk “Building your first malicious chrome extension 😈” by Alon Kiriati. I remember that at the networking party I met him and said “I like your talk” 😆.

In that talk, Alon Kiriati illustrated that if we can create a malicious chrome extension and demo it to us, it can capture the keyboard inputs which are username, password, chittering chat, and much more you can do with the keyboard.

Here this comes to my mind if we slice a piece of its extension hook, such as when the extension was loaded and the site is https://www.tradingview.com/, I will also be able to perform code injection to evaluate my current plan to Premium. Nevertheless, it’s just an idea, haha. You can watch his talk at this link👈.

Craft and Send a Report To TradingView’s Team

Afterward, before sending it to the TradingView team. I spend a little while reading TradingView’s bug program to see if maybe it would be eligible. I found this, to clarify this, I sent an email asking them about this issue to them and see where it goes. And sleep, my eyes need some rest after debugging minified JavaScript code. 😩

I woke up in the morning and found this email

The response was so fast and they knew it and were fixing this. 🥲

Conclusion

In this blog, I explain the thinking process that I used to reverse engineer the platform and how to get into it with the existing tool that you might have used every day and didn’t know about.

Hope this blog is inspiring or educating you in some way somehow and if you made it just create and share your experience with us. I love to read that, also, with others that have written their experience of bug bounty, how to find it, and the thinking process behind that.

Last but not least, thank you to TradingView to make an incredible platform for us.

Acknowledgment

This blog might not happen If my brother Wongwarit Yok Borriboonsuksri for reminding me to. After he has seen and remembered the post that I wrote on my personal Facebook wall once. He said that “Why don’t you publish it on the blog”, it’s more than 60 days, and you’d be allowed to. I have sent the email about this issue to the TradingView team as well, and the issue is known (with all due to the fast response).