浏览 8707 次
|
精华帖 (21) :: 良好帖 (0) :: 灌水帖 (0) :: 隐藏帖 (0)
|
|
|---|---|
| 作者 | 正文 |
|
发表时间:2009-07-20
周末闲着没事,看朋友在玩腾迅的那些个SNS游戏,打趣问我以前不是写过kaixin001的外挂程序,为啥不干脆再写个腾讯的,毕竟腾讯的用户多很多。于是也想尝试下。可是一开始就卡在QQ自动登录这里了~~ 先是验证码的问题。自动识别验证码-。-没研究过,弄不出来。。只好采取折中的办法:自动把验证码图片下载下来放到本地目录,同时将cookie verifysession码给保存起来,作为登录时的cookie提交。 开玩开心网写外挂的思路,把form表单和隐藏域的值提交到QQ登录的表单,发现老是密码错误。。。觉得不对劲,于是截了个包看了下。果然,是加过密的密码提交的。。。 可以肯定的是在客户端JS加密,于是在一堆JS文件中翻出一个comm.js,找到了加密的那段JS。心想偷个懒先,JAVA6里不是可以用ScriptEngine来调用JS函数嘛,于是写了段JAVA调用JS的代码,将原始密码加密、发送。。。。还是登录失败!! 于是慢慢调试,发现貌似ScriptEngine调用的JS函数和用JS直接调用该函数,得到的结果竟然不一致!!(由于函数里有大量位运算操作,可能是Java的ScriptEngine和页面JS解释器的位数不一致吧?哪位仁兄有去仔细研究过的,来共享下知识嘛~~)。。。 没办法,只好自己去研究下那个加密函数,看了一下午才弄明白。。 QQ密码加密时,是先将初始密码先经过md5加密得到一个32位的密文,再将密文+4位验证码得到36位密文,再将36位密文进行三次MD5加密,就得到最后的发送密码了。 看来如果想通过截取QQ数据包来破解qq密码的可能性是几乎不存在了。。至少以俺的水平是不可能做到了。。。 T_T 接下来的“抢车位”自动停车、贴条的啥功能,“开心农场”种地偷菜的功能,技术上应该没多大问题了,可问题是…周末过完了。。。哎~~~ 声明:ITeye文章版权属于作者,受法律保护。没有作者书面许可不得转载。
推荐链接
|
| 返回顶楼 | |
|
发表时间:2009-07-20
 有源码共享吗?
|
| 返回顶楼 | |
|
发表时间:2009-07-20
贴上来共享下撒。
|
| 返回顶楼 | |
|
发表时间:2009-07-20
package util.mygametools.qq;
import static util.mygametools.qq.MD5Security.*;
import java.util.ArrayList;
import java.util.List;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.cookie.Cookie;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.HTTP;
import org.apache.http.util.EntityUtils;
import java.io.*;
public class QQcar {
public static final String QQNUM = "10000"; //QQ行号码
public static final String PASSWORD = "password"; //密码
private static DefaultHttpClient httpclient = new DefaultHttpClient();
private static boolean loginFlag = false;
private static List<Cookie> cookies;
private static HttpResponse response;
private static HttpGet request;
private static String verifyString;
private static String verifySession;
private static void getVerifyImage() throws Exception{
String url = "http://ptlogin2.qq.com/getimage?aid=8000108&0.7022592303274631";
HttpGet httpget = new HttpGet(url);
httpget.addHeader("Cookie", "");
httpget.setHeader("Accept", "text/html, */*");
httpget.addHeader("User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727)");
//httpget.addHeader("Connection", "close");
//httpget.setHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20")
response = httpclient.execute(httpget);
Header[] headers = response.getHeaders("Set-Cookie");//.getAllHeaders();
for(Header h : headers){
System.out.println(h);
}
verifySession = headers[0].getValue().split(";|=")[1];
InputStream in = response.getEntity().getContent();
File verifyFile = new File(QQcar.class.getResource("output").getPath() + "/verifycode.jpg");
FileOutputStream out = new FileOutputStream(verifyFile);
byte[] buf = new byte[1024];
while(in.read(buf) != -1){
out.write(buf);
}
out.flush();
System.out.println("验证码图片已生成。路径:" + verifyFile.getCanonicalPath());
System.out.println("请输入验证码:");
verifyString = new BufferedReader(new InputStreamReader(System.in)).readLine();
while(verifyString.length() != 4){
System.out.println("验证码长度有误,请输入4位验证码:");
verifyString = new BufferedReader(new InputStreamReader(System.in)).readLine();
}
}
public static void doLogin() throws Exception{
if(!loginFlag){
getVerifyImage();
HttpPost httpost = new HttpPost("http://ptlogin2.qq.com/login");
List <NameValuePair> nvps = new ArrayList <NameValuePair>();
nvps.add(new BasicNameValuePair("u", QQNUM));
nvps.add(new BasicNameValuePair("p", md5( md5_3(PASSWORD) + verifyString.toUpperCase())));
nvps.add(new BasicNameValuePair("verifycode", verifyString));
nvps.add(new BasicNameValuePair("aid", "8000108"));
nvps.add(new BasicNameValuePair("u1", "http://imgcache.qq.com/qzone/v5/loginsucc.html"));
nvps.add(new BasicNameValuePair("fp", "loginerroralert"));
nvps.add(new BasicNameValuePair("h", "1"));
nvps.add(new BasicNameValuePair("ptredirect", "0"));
nvps.add(new BasicNameValuePair("ptlang", "0"));
nvps.add(new BasicNameValuePair("from_ui", "1"));
nvps.add(new BasicNameValuePair("dumy", "1"));
httpost.setHeader("User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727)");
httpost.setHeader("Cookie", "verifysession=" + verifySession + ";");
httpost.setHeader("Referer", "http://ui.ptlogin2.qq.com/cgi-bin/login?link_target=blank&target=self&appid=8000108&qlogin_jumpname=vipmyqq&f_url=loginerroralert&qlogin_auto_login=1&s_url=http%3A//imgcache.qq.com/qzone/v5/loginsucc.html&qlogin_param=jump_url%3D");
httpost.setHeader("Accept", "text/html, */*");
httpost.removeHeaders("Cookie2");
httpost.removeHeaders("Expect");
httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
response = httpclient.execute(httpost);
cookies = httpclient.getCookieStore().getCookies();
if (cookies.size() < 3) {
System.err.println("登录失败...");
loginFlag = false;
} else {
System.out.println("登录成功...");
for(Cookie c : cookies){
System.out.println(c);
}
loginFlag = true;
}
}
}
public static void main(String[] args) throws Exception{
doLogin();
}
}
|
| 返回顶楼 | |
|
发表时间:2009-07-20
package util.mygametools.qq;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class MD5Security {
private final static char[] hexDigits = { '0', '1', '2', '3', '4', '5',
'6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
private static String bytesToHex(byte[] bytes) {
StringBuffer sb = new StringBuffer();
int t;
for (int i = 0; i < 16; i++) {
t = bytes[i];
if (t < 0)
t += 256;
sb.append(hexDigits[(t >>> 4)]);
sb.append(hexDigits[(t % 16)]);
}
return sb.toString();
}
public static String md5(String input) throws Exception {
return code(input, 32);
}
public static String code(String input, int bit) throws Exception {
try {
MessageDigest md = MessageDigest.getInstance(System.getProperty(
"MD5.algorithm", "MD5"));
if (bit == 16)
return bytesToHex(md.digest(input.getBytes("utf-8")))
.substring(8, 24);
return bytesToHex(md.digest(input.getBytes("utf-8")));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
throw new Exception("Could not found MD5 algorithm.", e);
}
}
public static String md5_3(String b) throws Exception{
MessageDigest md = MessageDigest.getInstance(System.getProperty(
"MD5.algorithm", "MD5"));
byte[] a = md.digest(b.getBytes());
a = md.digest(a);
a = md.digest(a);
return bytesToHex(a);
}
}
|
| 返回顶楼 | |
|
发表时间:2009-07-20
最后修改:2009-07-20
懒得写注释了。。要是啥地方不明白就问我吧
|
| 返回顶楼 | |
|
发表时间:2010-04-10
学习了,最近在搞RSA加密,也是在前台自动生成一个随机数,用脚本对随机数加密,然后用加密的随机数加密密码,再将两个加密数据提交到后台,进行解密。
|
| 返回顶楼 | |
|
发表时间:2010-07-04
不错,有点想法
|
| 返回顶楼 | |
