Spoofing Speedtest results for your ISP

Finally after a good 4 hours I was finally able to crack speedtest.net results. Pic above is the report generated by speedtest for my broadband speed and hosted at their portal at http://www.speedtest.net/result/1939485616.png.

I wont be detailing on the path I took to crack speedtest results as that would be a long post in itself. But I can share a single linux command that will let you generate speedtest results of your choice. Below is the syntax of the command. 

DOWNLOAD=<downloadspeed-kbits>; UPLOAD=<uploadspeed-kbits&gt; PING=<pinglatency-ms>; SERVER=<server-id>; wget --referer=http://c.speedtest.net/flash/speedtest.swf -qO-  --post-data="download=$DOWNLOAD&ping=$PING&upload=$UPLOAD&promo=90&startmode=flyok&recommendedserverid=$SERVER&accuracy=1&serverid=$SERVER&hash=`echo -n \"$PING-$UPLOAD-$DOWNLOAD-297aae72\" | openssl md5`" http://www.speedtest.net/api/api.php  | grep -Po "resultid=\d+?&" | sed "s#resultid=#http://www.speedtest.net/result/##" | sed "s/\&/\.png/"

Before issuing the command just replace the <pinglatency-ms> , <downloadspeed-kbits> , <uploadspeed-kbits>  and <server-id> with the values you want. For example if I want to report download speed of 100Kbps , upload speed of 200Kbps ,ping latency of 10 milli seconds against speedtest server id=1718 (this is sever located at mumbai) then the command I give on shell prompt will be: 

$  DOWNLOAD=100;UPLOAD=200;PING=10;SERVER=1718; wget --referer=http://c.speedtest.net/flash/speedtest.swf -qO-  --post-data="download=$DOWNLOAD&ping=$PING&upload=$UPLOAD&promo=90&startmode=flyok&recommendedserverid=$SERVER&accuracy=1&serverid=$SERVER&hash=`echo -n \"$PING-$UPLOAD-$DOWNLOAD-297aae72\" | openssl md5`" http://www.speedtest.net/api/api.php  | grep -Po "resultid=\d+?&" | sed "s#resultid=#http://www.speedtest.net/result/##" | sed "s/\&/\.png/"

Output:


http://www.speedtest.net/result/1943250367.png

Output of this command will be a url over which you can see your results. For example the result of the above command was:

http://www.speedtest.net/result/1943250367.png

ServerID

To change the server in the above results you can need to send a server id which uniquely identifies a speedtest server across the globe. To get the list of these servers and there corresponding id's run the command below from you shell prompt;

$ wget -qO- http://www.speedtest.net/speedtest-servers.php | grep -Po "name=.*\sid=\"\d+\"" | sed "s/sponsor.*id/id/"

Output:

..
name="Anantapur" country="India" countrycode="IN" id="2579"
name="Chennai" country="India" countrycode="IN" id="2583"
name="Chennai" country="India" countrycode="IN" id="1826"
name="Bangalore" country="India" countrycode="IN" id="2564"
...


History

This small project started with a post by a friend on Facebook "To my friends in third world countries". Attached was a result image from speedtest.net mentioning his broadband speed. The results were impressive and I instantly felt that feeling of envy cropping up somewhere as I am stuck with a shared airtel dsl *broadband* which unfortunately I have to share with 25 other residents :-( . 

Any ways , that result instantly made me curious about how speedtest measures speeds that you experience and most importantly if its possible to spoof it. I was sure of one thing though that most of the speed measurement logic would be performed at the client side by download/uploading some data to speedtest server. Unfortunately life being Life, I got busy with some stuff and lost my focus on the problem. This status quo was broken after a long time when three days back two more of my friends posted there speedtest results. 

This immediately brought the problem back into my focus and set out to find a solution to it. Fortunately it took only 4 hours to crack the speedtest results. Its much longer than I had expected which I attribute to some measures taken by speedtest to protect the integrity of the results results being posted. 

Hope this info helps

~Vaibhav