def tlv107():
tlv = ''
tlv += Coder.trim('00 00')
tlv += Coder.trim('00 00 00 01')
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 07') + tlv
return tlv
def tlv2(verifyCode, verifyToken1):
tlv = ''
tlv += Coder.num2hexstr(len(verifyCode)/2, 4) + verifyCode
tlv += Coder.num2hexstr(len(verifyToken1)/2, 2) + verifyToken1
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('00 02') + tlv
return tlv
def login(self, verifyCode=None):
'''登录'''
#发送登录请求
packet = ''
#包头
packet += Coder.trim('00 00 00 08 02 00 00 00 04 00')
packet += Coder.num2hexstr(len(self.qqHexstr) / 2 + 4, 4)
packet += self.qqHexstr
#TEA加密的包体
packet += self.packSendLoginMessage(verifyCode)
#总包长
packet = Coder.num2hexstr(len(packet) / 2 + 4, 4) + packet
#发送请求
self.socket.sendall(Coder.hexstr2str(packet))
#接收请求
ret = self.socket.recv()
pack = HexPacket(Coder.str2hexstr(ret))
#返回包头
pack.shr(4)
pack.shr(8)
pack.shr(2 + len(self.qqHexstr) / 2)
#返回包体
self.unpackRecvLoginMessage(pack.remain())
if self.alive: #登录成功
threading.Thread(target=self.startHeart).start() #心跳
return True
elif self.verify: #需要验证码
pass
else:
return False
def login(self, verifyCode=None):
'''登录'''
#发送登录请求
packet = ''
#包头
packet += Coder.trim('00 00 00 08 02 00 00 00 04 00')
packet += Coder.num2hexstr(len(self.qqHexstr)/2+4, 4)
packet += self.qqHexstr
#TEA加密的包体
packet += self.packSendLoginMessage(verifyCode)
#总包长
packet = Coder.num2hexstr(len(packet)/2+4, 4) + packet
#发送请求
self.socket.sendall(Coder.hexstr2str(packet))
#接收请求
ret = self.socket.recv()
pack = HexPacket(Coder.str2hexstr(ret))
#返回包头
pack.shr(4)
pack.shr(8)
pack.shr(2 + len(self.qqHexstr)/2)
#返回包体
self.unpackRecvLoginMessage(pack.remain())
if self.alive: #登录成功
threading.Thread(target=self.startHeart).start() #心跳
return True
elif self.verify: #需要验证码
pass
else:
return False
def tlv2(verifyCode, verifyToken1):
tlv = ''
tlv += Coder.num2hexstr(len(verifyCode) / 2, 4) + verifyCode
tlv += Coder.num2hexstr(len(verifyToken1) / 2, 2) + verifyToken1
tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv
tlv = Coder.trim('00 02') + tlv
return tlv
def tlv107():
tlv = ''
tlv += Coder.trim('00 00')
tlv += Coder.trim('00 00 00 01')
tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv
tlv = Coder.trim('01 07') + tlv
return tlv
def tlv8():
tlv = ''
tlv += Coder.trim('00 00')
tlv += Coder.trim('00 00 08 04') #request_global._local_id
tlv += Coder.trim('00 00')
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('00 08') + tlv
return tlv
def online(self):
self.FunSend(Coder.hexstr2str(self.Pack_OidbSvc_0x7a2_0()))
self.Fun_recv()
self.FunSend(
Coder.hexstr2str(self.Pack_StatSvc_Register(self.qqnum, 7, 11, 0)))
self.Fun_recv()
def tlv202(wifi_name):
tlv = ''
tlv += Coder.trim('00 10')
tlv += Coder.trim('F5 AC 6C 03 0C 31 AE 5C 26 2E BE 49 86 23 65 1E')
tlv += Coder.num2hexstr(len(wifi_name)/2, 2) + wifi_name
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('02 02') + tlv
return tlv
def __init__(self):
self.stub = self
self.msg_count = 1
self.bcd_table = '0123456789ABCDEF'
self.keys = ""
self.keys = self.keys.replace('\r', '').replace('\n',
'').replace(' ', '')
self.keys = Coder.hexstr2str(Coder.trim(self.keys))
def AutoReceiveFriends(self, targetQQ):
if config.AutoAgreeAddFriend == True:
data = Packet.Pack_friendlistGetAutoInfoReq(self, targetQQ)
self.FunSend(Coder.hexstr2str(data))
time.sleep(1)
data1 = Packet.Pack_ProfileServicePbReqSystemMsgActionFriend(
self, targetQQ)
self.FunSend(Coder.hexstr2str(data1))
def tlv8():
tlv = ''
tlv += Coder.trim('00 00')
tlv += Coder.trim('00 00 08 04') #request_global._local_id
tlv += Coder.trim('00 00')
tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv
tlv = Coder.trim('00 08') + tlv
return tlv
def tlv202(wifi_name):
tlv = ''
tlv += Coder.trim('00 10')
tlv += Coder.trim('F5 AC 6C 03 0C 31 AE 5C 26 2E BE 49 86 23 65 1E')
tlv += Coder.num2hexstr(len(wifi_name) / 2, 2) + wifi_name
tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv
tlv = Coder.trim('02 02') + tlv
return tlv
def unpackRecvLoginVerifyMessage(self, data):
data = TEA.detea_hexstr(data, self.shareKey)
pack = HexPacket(data)
pack.shr(3)
tlv_num = Coder.hexstr2num(pack.shr(2))
for i in xrange(tlv_num):
tlv_cmd = pack.shr(2)
tlv_data = pack.shr(Coder.hexstr2num(pack.shr(2)))
self.decodeTlv(tlv_cmd, tlv_data)
class test():
if __name__ == '__main__':
print 111
code = '3c8c40ab23bc0024d7f0ae9408004500039b40e840008006c623c0a86407716c5a35cbce1f90d7280432bea3a13c5018409962ed000000000373000000080200000004000000000d3633343534353339397a990a6f0da475adcf8c1ed97a7bd860baeaf32322c29186adf521109e60560b579d739d4f891b2e257bea15b0b67d907d388deae0e6b90492456eff361d13b7678cc800352238077f9e1f7124a7b05c252f33cc866da276441b5b2c12a6e487d910e5a51511c9df7008ccc6a51746dc1e7ab36b2deea4f8f007fe42831cb4929192d98e53dec70d03807096bb3bfd16a758465c8bfacfca72ffb2613471718a9e9bcfc1559e51d431a74eefc36f424e143d065e36ca5692f7b85674482a44832aa835703c8999a4a8b97e7b564d0e43274a4ec223ce42eaf38e5fcc68bdf2d054877e2ab27c0f78c3d23bcde79f13fe5c4cad1e6b16ab4352c106ea384e06e9cb185bdeeec36f1ad271cd6e9e65a4c30a424f22ab892430d89c7ff9c461f7e5e721d0391ed1796a2a047eca9e895b50de787e3e1173a98977a4b7581015e21b71d98ec9fbf69157965473150a50222b6d21bff57e2269eaff9eb336563629f99c906dcd1f23aef8ada277bee00c979209e43d6c3404ab9ba41c7c769e37c435441c3adff0359e17d966782adc4105424712d7f03c7906deb73b9e71fb960105c5faf233647291dcaf00f97562b7f300fe77cdac08d81b8137c817491306a95430045488f064b7a219a60c768bf83e3fdc5f26d8f8c8e997f22c166026fec63707706c9a111e5317f138fa22eb3d8dcba6731f0fac3e0ef73a63d9481752feefe3db2c72f57d048804e70f40f9b93108d7a233d81d1de5d175f2392566e18a0263fd20e1f05e31c21b67678afd6f2c9ff0953c83020fe3feb2213f2e496ad17b3d24485ae6abadead85e31704dc9c1ce6aefbd7b2ed1d5e17b786fd8cd37e164eacea9ec60c6f6fa1c5965ffefe8f69148e60c27ce772551157fba9d46c87df59d87fb8f4d383184f52aaa911eed8fd8750e87e221aa18642fd5856376aeb5adbd45b1bf589ef143f44ca5781b82ec5d7ddd3aaae2b1d5c962ec2835bb6599ba1f3d16271ccc262cf0d20e65b1a8741f7fbdca64317759b232ba3a8fc820d3449be7e008609e7dee817df72604c7f20139a2e762f2799fce00bf81f3832de40415ec4c0f90e4af0df5cda6a456b15bee7ce3689688abaf427568fa9551a19eb542ad1e01ba4bed153809bc59c869438f7c09bf124f2aa9b06610bf5f4319bcd05eefe3079c1a1eb38bed8e096e1bea6ee8a1075c6ca3c2f9'
#print Coder.hexstr2str(code);
# print code.encode('hex');
print 8 << 4
print Coder.num2hexstr(len(Coder.str2hexstr('634545399')) / 2 + 4, 4)
print Coder.str2hexstr('634545399')
qq = AndroidQQ('634545399', 'xiaomin0322####')
packet = qq.packSendLoginMessage()
print Coder.num2hexstr(len(packet) / 2 + 4, 4)
print len(packet)
# ss = '7a215d1c28d0681072f3370142669487fee6b5a222b18751a1a4ce6da0b952253994e847c9e1399a945be54facbd25d5f0d25b8325114dbfc40c2c5c48db42e9fb02e8c566529f7705d7fdf8958b2de7944f5fcfab050838d4809c83b5ab657cf4a4c2042129169059f8053e6f0cd5f0b5ed75dee694a70b236b6d040055bc336ebf678a520911be00e057435ac6c0b21f40718338e696133bc7df52d51632053484b5e53a8a82fde7b148fe5f91bc546d92b1a24f48db2863f7741df7881085a78f75f9b7912c57ccff62bddaa821e4e41dd08ca6c995a5c766b5763c8afcfc96feb80944017eb95e87b0e2f1b156aeb86c0c38d2521a8e9a7cac7ab4184c5d1f89b43dc16e9d24aed14a9f798a974a9ad6555f41ee65d1f5094a8b845140ecfbe01774d0a6ac2a3af893b7a60bdae2d92285bddd0b2162501bc726fbb169abc3c0388e49584f2839225cd5748a8cea428cb89d9f8b36fbacbfdfbbcf2c331d6e548a21c3490a29a20b904f6bf3766042ce90c45376830ce23ca65b261ed79d08722b02aa9d0f3589671efa5860db35fa7e352c765747cfad6ee9ee908dc3b49b9995120c6fe70667250ee615d64004dd20951a274fa7a635262b509db37e1e1115d269c2b90af5da75530e5bba7573798355f6e2839a1fb71c3adf4bf361df606180b71d81bc6faa1132478c0da88475ed835cdda5626142163fb3cf1009730cf18a560fc6c072f84f1e860ed2fed6d58a5befdee5f1579bd978057cdaa59b83940256b9b109984fe16b624338869ed8d01d7e969054abe7f8ae6efc2ba8cf88be35158380f2638bc1c1d86b33f73850d1a3631f5c74aedba7908ac8989729619f192a67809734a21c274c3469384ba209baa1fb60a7e48bc823383ee7a667532e59799b807bb862935e0e72900be302b8f14ada32e30dcb06773db42ea695ae0fdba8440b40c63963452733a9a4fb745df6d29e8a1f7a0c806b2e64f53bac94b7bb6791a36006126f28d1cb975c8253e8148069e4d460cbf3d018b75baebbc9b8ff052cb62c2e39b30d6111f0aca0cb56a852797d1eeefe243168bc87f5b5b574109198c626c64cde9a59d5be65c2f87708de9118b5e272176ec6f7b9bcb030aea0e3a498648aad32d7ddf16e74d9145ee9afab1e29a67012984eb144ae2fa5743bd2b6b209ccef89975d51d122794bd7700df174c5bd'
#print TEA.detea_hexstr(ss,'00'*16)
ss = '886c8763f92b24c6b7b430906a5466ecdf06d5a9278827279819457bdf1138b901a449f185c23806b0f66a3bb58e4d7b40324bde661bb3e0f31b9d314c21c36de6a6dcd2fa922e5bf53bf27cbac4479aff1295a084d6a9dce8e36fddccbb605267d4fd775fd09a96ab338bba38df5baf51e74266e9ae797c7a6f9c19aea63d551a5639aceb17dc8dbd262b3451f39f3e3b23cf5a964ab52128e31a0b9a88b4fae0ff3b276fc7f450031768de11b57f4773b7bc18218cc5e8261cf2df3a880ef351c195e026596ef5518ffa9765f7a8e458656f1ca72878e8b99f4219ed48ed1b9216c163642aeeffdfa430fcfc02cb58ff0696a313b23de17c77c7ee210155277394060d735ba5210b021a76794578331871275cb26b71880da0843a7bc603e3039fa3094845b6fa21e45a37f795d3103245898a965605d2be285de3a5f135af5478702d2561dbf7b7d1e9b7db8b3297a9a09d86cf812bbf57d7f125ec72c1b05473048cf33297f6f43a9f5c7765e879b77ee7dc73ea372663fda6142bd2686346344557d9c51d6257ea62f7433823e2fe5658543e3874ff33da458ff8e8aedacde7ccb88c6f5bfd6d838ea1a12beedd17a3e8f857b7edd5fcb58ba163ac140a644ce6b86d03c455449f7f25d07991804d97ba6a7c8e014556ac38cb205b28ea0806fdde2eef3b8f70f91dab155efcb1dab319ef8933c6ce00c5a021ab9d8a4f7a37f1f3c66ce3ae165cd9163788385ea77dc06bb15f9476f178e5f2e5f0603948682dabc76cf36a833694d126dde1cc2c730974d1c820f8ee8e9d350f80f63ab5661f92b912cbbdf31543718fd036587c33c303d1665078c39b9c4709d539ba39ab60c345e9731b9276854d25b6e0f3d4d93ddcd425ce5d28ae39cccd90f2086881f38384a9fa847e5e762eb2cde2719a75b1bd4316426e4259efc851826808683b6bd68b7e769b9eaeefb7bcec8bd81c4f66ebfda3fe7fa937a436c459c54f7dd34cfde5a2957704f10d0e46455df476a39256ecbfaa993282100fcdfa8c0d0cd231354748126d31fb95e8083bba7b82a8030a3bf9b0409cb290f8add92e59069994adfb082555b6c0ea2bc5fa51f8b31c608904c12a12987f2de6973cee52fec49a3072949f863334a4142155e846d8ead69cfc6b744b6ec166495d549c0af06a110bbb76d0149f3f83ad3162b4a00ae50dfec4ef8468'
packSendLoginMessage = TEA.detea_hexstr(ss, '00' * 16)
print packSendLoginMessage
packSendLoginTlv = packSendLoginMessage[382:1678]
testShareKey = '579C2169A0A34E1162C6E6DB66C2D45D'
packSendLoginTlv = TEA.detea_hexstr(packSendLoginTlv, testShareKey)
print packSendLoginTlv[108:340]
tvl106 = packSendLoginTlv[108:340]
print 'tvl106 val ' + tvl106
tvl106 = tvl106[8:len(tvl106)]
print 'tvl106 endocer ' + tvl106
pwdKey = '919260a4e19d44a59b5932b8790fc37d'
tvl106 = TEA.detea_hexstr(tvl106, pwdKey)
tgtKeys = tvl106[102:134]
print 'tgtkeys ' + tgtKeys
def unpackRecvLoginVerifyMessage(self, data):
data = TEA.detea_hexstr(data, self.shareKey)
pack = HexPacket(data)
pack.shr(3)
tlv_num = Coder.hexstr2num(pack.shr(2))
for i in xrange(tlv_num):
tlv_cmd = pack.shr(2)
tlv_data = pack.shr(Coder.hexstr2num(pack.shr(2)))
self.decodeTlv(tlv_cmd, tlv_data)
pass
def tlv144(tgtKey, imei, os_type, os_version, network_type, sim_operator_name, apn, device, device_product):
tlv = ''
tlv += Coder.trim('00 04')
tlv += Tlv.tlv109(imei)
tlv += Tlv.tlv124(os_type, os_version, network_type, sim_operator_name, apn)
tlv += Tlv.tlv128(device, imei, device_product)
tlv += Tlv.tlv16e(device)
tlv = TEA.entea_hexstr(tlv, tgtKey)
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 44') + tlv
return tlv
def tlv144(tgtKey, imei, os_type, os_version, network_type, sim_operator_name, apn, device, device_product):
tlv = ''
tlv += Coder.trim('00 04')
tlv += Tlv.tlv109(imei)
tlv += Tlv.tlv124(os_type, os_version, network_type, sim_operator_name, apn)
tlv += Tlv.tlv128(device, imei, device_product)
tlv += Tlv.tlv16e(device)
tlv = TEA.entea_hexstr(tlv, tgtKey)
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 44') + tlv
return tlv
def Make_sendSsoMsg(self, cmd, bin):
serviceCmd = Coder.str2hexstr(cmd)
msg = ''
msg += Coder.num2hexstr(len(serviceCmd) / 2 + 4, 4) + serviceCmd
msg += Coder.num2hexstr(len(self.msgCookies2) / 2 + 4,
4) + self.msgCookies2
data = ''
data += Coder.num2hexstr(len(msg) / 2 + 4, 4) + msg
data += bin
value = TEA.entea_hexstr(data, self.qqkey)
return value
def unpackRecvLoginSucceedMessage(data):
data = TEA.detea_hexstr(data,'9A1BDA11D3BEA2DEDC58C487B3D174BA') #shareKey
pack = HexPacket(data)
pack.shr(2 + 1 + 4)
data = pack.shr(Coder.hexstr2num(pack.shr(2)))
#TLV解包
data = TEA.detea_hexstr(data,'9d2a2efab0653d0aecdb8a3e97c4dd22')#tgtKey
pack = HexPacket(data)
tlv_num = Coder.hexstr2num(pack.shr(2))
for i in xrange(tlv_num):
tlv_cmd = pack.shr(2)
tlv_data = pack.shr(Coder.hexstr2num(pack.shr(2)))
decodeTlv(tlv_cmd, tlv_data)
def unpackRecvLoginSucceedMessage(self, data):
data = TEA.detea_hexstr(data, self.shareKey)
pack = HexPacket(data)
pack.shr(2 + 1 + 4)
data = pack.shr(Coder.hexstr2num(pack.shr(2)))
#TLV解包
data = TEA.detea_hexstr(data, self.tgtKey)
pack = HexPacket(data)
tlv_num = Coder.hexstr2num(pack.shr(2))
for i in xrange(tlv_num):
tlv_cmd = pack.shr(2)
tlv_data = pack.shr(Coder.hexstr2num(pack.shr(2)))
self.decodeTlv(tlv_cmd, tlv_data)
def unpackRecvLoginSucceedMessage(self, data):
data = TEA.detea_hexstr(data, self.shareKey)
pack = HexPacket(data)
pack.shr(2 + 1 + 4)
data = pack.shr(Coder.hexstr2num(pack.shr(2)))
#TLV解包
data = TEA.detea_hexstr(data, self.tgtKey)
pack = HexPacket(data)
tlv_num = Coder.hexstr2num(pack.shr(2))
for i in xrange(tlv_num):
tlv_cmd = pack.shr(2)
tlv_data = pack.shr(Coder.hexstr2num(pack.shr(2)))
self.decodeTlv(tlv_cmd, tlv_data)
def tlv128(device, imei, device_product):
tlv = ''
tlv += Coder.trim('00 00')
tlv += Coder.trim('01')
tlv += Coder.trim('01')
tlv += Coder.trim('00')
tlv += Coder.trim('11 00 00 00')
tlv += Coder.num2hexstr(len(device) / 2, 2) + device
tlv += Coder.num2hexstr(len(imei) / 2, 2) + imei
tlv += Coder.num2hexstr(len(device_product) / 2, 2) + device_product
tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv
tlv = Coder.trim('01 28') + tlv
return tlv
def tlv128(device, imei, device_product):
tlv = ''
tlv += Coder.trim('00 00')
tlv += Coder.trim('01')
tlv += Coder.trim('01')
tlv += Coder.trim('00')
tlv += Coder.trim('11 00 00 00')
tlv += Coder.num2hexstr(len(device)/2, 2) + device
tlv += Coder.num2hexstr(len(imei)/2, 2) + imei
tlv += Coder.num2hexstr(len(device_product)/2, 2) + device_product
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 28') + tlv
return tlv
def packSendLoginTlv(self, verifyCode=None):
if verifyCode == None:
tlv = ''
tlv += Coder.trim('00 09')
tlv += Coder.trim('00 14') #tlv包个数
#tlv组包
tlv += Tlv.tlv18(self.uin)
tlv += Tlv.tlv1(self.uin, self.server_time)
print 'packSendLoginTlv tlv106 start ' + bytes(len(tlv))
tvl106 = Tlv.tlv106(self.uin, self.server_time, self.pwdMd5, self.tgtKey, self.imei, self.appId, self.pwdKey)
tlv +=tvl106
print 'packSendLoginTlv tlv106 end ' + bytes(len(tlv))
tlv += Tlv.tlv116()
tlv += Tlv.tlv100()
tlv += Tlv.tlv107()
tlv += Tlv.tlv144(self.tgtKey, self.imei, self.os_type, self.os_version, self.network_type, self.sim_operator_name, self.apn, self.device, self.device_product)
tlv += Tlv.tlv142(self.package_name)
tlv += Tlv.tlv145(self.imei)
tlv += Tlv.tlv154(self.seq)
tlv += Tlv.tlv141(self.sim_operator_name, self.network_type, self.apn)
tlv += Tlv.tlv8()
tlv += Tlv.tlv16b()
tlv += Tlv.tlv147()
tlv += Tlv.tlv177()
tlv += Tlv.tlv187()
tlv += Tlv.tlv188()
tlv += Tlv.tlv191()
tlv += Tlv.tlv194()
tlv += Tlv.tlv202(self.wifi_name)
print 'tvl106 index :' + bytes(tlv.find(tvl106)) + '----' + bytes(tlv.find(tvl106)+len(tvl106))
print 'packSendLoginTlv tlv :'+tlv
tlv = TEA.entea_hexstr(tlv, self.shareKey)
return tlv
else:
tlv = ''
tlv += Coder.trim('00 02')
tlv += Coder.trim('00 04')
#tlv组包
tlv += Tlv.tlv2(verifyCode, self.verifyToken1)
tlv += Tlv.tlv8()
tlv += Tlv.tlv104(self.verifyToken2)
tlv += Tlv.tlv116()
tlv = TEA.entea_hexstr(tlv, self.shareKey)
return tlv
def Write_RequestPacket(Version, RequestId, ServantName, FuncName, Bin):
data = ''
data += out.WriteShort(Version, 1)
data += out.WriteShort(0, 2)
data += out.WriteShort(0, 3)
data += out.WriteInt(RequestId, 4)
data += out.WriteStringByte(ServantName, 5)
data += out.WriteStringByte(FuncName, 6)
data += out.WriteSimpleList(Bin, 7)
data += out.WriteInt(0, 8)
data += Coder.trim('98 0C')
data += Coder.trim('A8 0C')
return data
def SendFriendImageMsg(self, targetQQ, ImgName, ImgPath):
ImaFileName = ImgName + '.jpg'
data = Packet.SendImageMsg(self, '', targetQQ, ImgName, ImaFileName,
ImgPath)
self.FunSend(Coder.hexstr2str(data))
def Pack_sendSsoMsg_simple(self, bin):
msg = ''
msg += out.WriteJceStruct(Coder.hexstr2str(bin), 0) ##十六进制转换字符串
map = config.JceMap()
map.key_type = config.TYPE_STRING1
map.value_type = config.TYPE_SIMPLE_LIST
map.key = 'SvcReqGet'
map.value = Coder.hexstr2str(msg) ##十六进制转换字符串
value = out.WriteMap(map, 0)
data = ''
data += self.Write_RequestPacket(3, 1819559151, 'PushService',
'SvcReqGet', Coder.hexstr2str(value))
reee = Coder.num2hexstr(len(data) / 2 + 4, 4) + data
return reee
def Pack_StatSvc_Register(self, Uin, Bid, Status, timeStamp):
data = JceFactory.Write_SvcReqRegister(Uin, Bid, Status, timeStamp)
bin = out.WriteJceStruct(Coder.hexstr2str(data), 0)
map = config.JceMap()
map.key_type = config.TYPE_STRING1
map.value_type = config.TYPE_SIMPLE_LIST
map.key = "SvcReqRegister"
map.value = Coder.hexstr2str(bin)
value = out.WriteMap(map, 0)
bin = self.Write_RequestPacket(3, 0, 'PushService', 'SvcReqRegister',
Coder.hexstr2str(value))
aaa = self.Make_login_sendSsoMsg('StatSvc.register', bin)
return self.pack(aaa, 1)
def SendGroupMemberImageMsg(self, GroupQQ, targetQQ, ImgName, ImgPath):
#GroupQQ = '574240651'
#targetQQ = '296603528'
#ImgName = '936ee06bd035095c991c5a2572614ae4'
ImaFileName = ImgName + '.jpg'
#ImgPath = '/7b9da5a3-8b5b-462f-a03c-eb9c6f37ebb8A'
data = Packet.SendImageMsg(self, GroupQQ, targetQQ, ImgName,
ImaFileName, ImgPath)
self.FunSend(Coder.hexstr2str(data))
def tlv100():
tlv = ''
tlv += Coder.trim('00 01')
tlv += Coder.trim('00 00 00 05')
tlv += Coder.trim('00 00 00 10')
tlv += Coder.trim('20 02 9F 54')
tlv += Coder.trim('00 00 00 00')
tlv += Coder.trim('02 1E 10 E0')
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 00') + tlv
return tlv
def tlv100():
tlv = ''
tlv += Coder.trim('00 01')
tlv += Coder.trim('00 00 00 05')
tlv += Coder.trim('00 00 00 10')
tlv += Coder.trim('20 02 9F 54')
tlv += Coder.trim('00 00 00 00')
tlv += Coder.trim('02 1E 10 E0')
tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv
tlv = Coder.trim('01 00') + tlv
return tlv
def tlv124(os_type, os_version, network_type, sim_operator_name, apn):
tlv = ''
tlv += Coder.num2hexstr(len(os_type)/2, 2) + os_type
tlv += Coder.num2hexstr(len(os_version)/2, 2) + os_version
tlv += Coder.num2hexstr(len(network_type)/2, 2) + network_type
tlv += Coder.num2hexstr(len(sim_operator_name)/2, 2) + sim_operator_name
tlv += Coder.trim('00 00')
tlv += Coder.num2hexstr(len(apn)/2, 2) + apn
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 24') + tlv
return tlv
def tlv124(os_type, os_version, network_type, sim_operator_name, apn):
tlv = ''
tlv += Coder.num2hexstr(len(os_type)/2, 2) + os_type
tlv += Coder.num2hexstr(len(os_version)/2, 2) + os_version
tlv += Coder.num2hexstr(len(network_type)/2, 2) + network_type
tlv += Coder.num2hexstr(len(sim_operator_name)/2, 2) + sim_operator_name
tlv += Coder.trim('00 00')
tlv += Coder.num2hexstr(len(apn)/2, 2) + apn
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 24') + tlv
return tlv
def tlvdecode(value):
data = value[8:] #去掉头
#TLV18
data = data[8:]
data = data[28:]
qqnum = data[:8]
print qqnum
data = data[8:]
data = data[8:]
#TLV1
value = data[4:]
value = value[16:]
qqnum = value[:8]
value = value[8:]
print qqnum
value = value[8:] #时间
value = value[12:]
print value
#TLV106
value1 = value[4:] #01 06
lenstr1 = Coder.hexstr2num(value1[:4]) * 2
str = value1[4:][:lenstr1]
print '106加密前', str
pwdKey = Coder.hash_qqpwd_hexstr('188075889', 'qw6012827')
print 'pwdKey', pwdKey
string = TEA.detea_hexstr(str, pwdKey)
print '106解密后', string
value = string[4:]
value = value[8:]
value = value[32:]
value = value[16:]
value = value[10:]
pwdmd5 = MD5.md5_hex('qw6012827')
print pwdmd5
value = value[32:]
tgtKey = value[:32]
print 'tgtKey', tgtKey
def AutoReceiveAddGroup(self, targetQQ, GroupNumber):
if config.AutoAgreeGroup == True:
# data = Packet.ProfileServicePbReqSystemMsgNewGroup(self)
# self.FunSend(Coder.hexstr2str(data))
# data1 = Packet.Pack_GetSimpleInfo(self,targetQQ)
# self.FunSend(Coder.hexstr2str(data1))
# data2 = Packet.Pack_ProfileServicePbReqSystemMsgActionGroup(self,targetQQ,GroupNumber)
# self.FunSend(Coder.hexstr2str(data2))
data = Packet.Pack_AutoReceiveGroupRequests(
self, targetQQ, GroupNumber)
self.FunSend(Coder.hexstr2str(data))
def tlv147():
tlv = ''
tlv += Coder.trim('00 00 00 10')
tlv += Coder.trim('00 05')
tlv += Coder.trim('35 2E 38 2E 30') #request_global._apk_v = 5.8.0
tlv += Coder.trim('00 10')
tlv += Coder.trim('A6 B7 45 BF 24 A2 C2 77 52 77 16 F6 F3 6E B6 8D') #request_global._apk_sig
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 47') + tlv
return tlv
def tlv147():
tlv = ''
tlv += Coder.trim('00 00 00 10')
tlv += Coder.trim('00 05')
tlv += Coder.trim('35 2E 38 2E 30') #request_global._apk_v = 5.8.0
tlv += Coder.trim('00 10')
tlv += Coder.trim('A6 B7 45 BF 24 A2 C2 77 52 77 16 F6 F3 6E B6 8D') #request_global._apk_sig
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 47') + tlv
return tlv
def tlv16b():
tlv = ''
tlv += Coder.trim('00 02')
tlv += Coder.trim('00 0B')
tlv += Coder.trim('67 61 6D 65 2E 71 71 2E 63 6F 6D') #game.qq.com
tlv += Coder.trim('00 0B')
tlv += Coder.trim('67 61 6D 65 2E 71 71 2E 63 6F 6D')
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 6B') + tlv
return tlv
def tlv16b():
tlv = ''
tlv += Coder.trim('00 02')
tlv += Coder.trim('00 0B')
tlv += Coder.trim('67 61 6D 65 2E 71 71 2E 63 6F 6D') #game.qq.com
tlv += Coder.trim('00 0B')
tlv += Coder.trim('67 61 6D 65 2E 71 71 2E 63 6F 6D')
tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv
tlv = Coder.trim('01 6B') + tlv
return tlv
def unpackRecvLoginMessage(data):
data = TEA.detea_hexstr(data, '00'*16)
pack = HexPacket(data)
head = pack.shr(Coder.hexstr2num(pack.shr(4))-4)
body = pack.remain(1)
#head
pack = HexPacket(head)
Coder.hexstr2num(pack.shr(4)) #seq
pack.shr(4)
pack.shr(Coder.hexstr2num(pack.shr(4))-4)
Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(4))-4)) #cmd
pack.shr(Coder.hexstr2num(pack.shr(4))-4)
#body
pack = HexPacket(body)
pack.shr(4 + 1 + 2 + 10 + 2)
retCode = Coder.hexstr2num(pack.shr(1))
if retCode == 0: #登录成功
unpackRecvLoginSucceedMessage(pack.remain())
def tlv18(uin):
tlv = ''
tlv += Coder.trim('00 01')
tlv += Coder.trim('00 00 06 00')
tlv += Coder.trim('00 00 00 10')
tlv += Coder.trim('00 00 00 00')
tlv += uin
tlv += Coder.trim('00 00 00 00')
tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv
tlv = Coder.trim('00 18') + tlv
return tlv
def tlv18(uin):
tlv = ''
tlv += Coder.trim('00 01')
tlv += Coder.trim('00 00 06 00')
tlv += Coder.trim('00 00 00 10')
tlv += Coder.trim('00 00 00 00')
tlv += uin
tlv += Coder.trim('00 00 00 00')
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('00 18') + tlv
return tlv
def packSendLoginTlv(self, verifyCode=None):
if verifyCode == None:
tlv = ''
tlv += Coder.trim('00 09')
tlv += Coder.trim('00 14') #tlv包个数
#tlv组包
tlv += Tlv.tlv18(self.uin)
tlv += Tlv.tlv1(self.uin, self.server_time)
tlv += Tlv.tlv106(self.uin, self.server_time, self.pwdMd5, self.tgtKey, self.imei, self.appId, self.pwdKey)
tlv += Tlv.tlv116()
tlv += Tlv.tlv100()
tlv += Tlv.tlv107()
tlv += Tlv.tlv144(self.tgtKey, self.imei, self.os_type, self.os_version, self.network_type, self.sim_operator_name, self.apn, self.device, self.device_product)
tlv += Tlv.tlv142(self.package_name)
tlv += Tlv.tlv145(self.imei)
tlv += Tlv.tlv154(self.seq)
tlv += Tlv.tlv141(self.sim_operator_name, self.network_type, self.apn)
tlv += Tlv.tlv8()
tlv += Tlv.tlv16b()
tlv += Tlv.tlv147()
tlv += Tlv.tlv177()
tlv += Tlv.tlv187()
tlv += Tlv.tlv188()
tlv += Tlv.tlv191()
tlv += Tlv.tlv194()
tlv += Tlv.tlv202(self.wifi_name)
tlv = TEA.entea_hexstr(tlv, self.shareKey)
return tlv
else:
tlv = ''
tlv += Coder.trim('00 02')
tlv += Coder.trim('00 04')
#tlv组包
tlv += Tlv.tlv2(verifyCode, self.verifyToken1)
tlv += Tlv.tlv8()
tlv += Tlv.tlv104(self.verifyToken2)
tlv += Tlv.tlv116()
tlv = TEA.entea_hexstr(tlv, self.shareKey)
return tlv
def tlv106(uin, server_time, pwdMd5, tgtKey, imei, appId, pwdKey):
tlv = ''
tlv += Coder.trim('00 03')
tlv += Coder.genBytesHexstr(4)
tlv += Coder.trim('00 00 00 05 00 00 00 10 00 00 00 00 00 00 00 00')
tlv += uin
tlv += server_time
tlv += Coder.trim('00 00 00 00 01')
tlv += pwdMd5
tlv += tgtKey
tlv += Coder.trim('00 00 00 00 01')
tlv += imei
tlv += appId
tlv += Coder.trim('00 00 00 01')
tlv += Coder.trim('00 00')
tlv = TEA.entea_hexstr(tlv, pwdKey)
tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv
tlv = Coder.trim('01 06') + tlv
return tlv
def tlv106(uin, server_time, pwdMd5, tgtKey, imei, appId, pwdKey):
tlv = ''
tlv += Coder.trim('00 03')
tlv += Coder.genBytesHexstr(4)
tlv += Coder.trim('00 00 00 05 00 00 00 10 00 00 00 00 00 00 00 00')
tlv += uin
tlv += server_time
tlv += Coder.trim('00 00 00 00 01')
tlv += pwdMd5
tlv += tgtKey
tlv += Coder.trim('00 00 00 00 01')
tlv += imei
tlv += appId
tlv += Coder.trim('00 00 00 01')
tlv += Coder.trim('00 00')
tlv = TEA.entea_hexstr(tlv, pwdKey)
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 06') + tlv
return tlv
def tlv141(sim_operator_name, network_type, apn):
tlv = ''
tlv += Coder.trim('00 01')
tlv += Coder.num2hexstr(len(sim_operator_name)/2, 2) + sim_operator_name
tlv += Coder.num2hexstr(len(network_type)/2, 2) + network_type
tlv += Coder.num2hexstr(len(apn)/2, 2) + apn
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 41') + tlv
return tlv
def tlv116():
tlv = ''
tlv += Coder.trim('00')
tlv += Coder.trim('00 01 FF 7C')
tlv += Coder.trim('00 01 04 00')
tlv += Coder.trim('00')
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 16') + tlv
return tlv
def tlv177():
tlv = ''
tlv += Coder.trim('01')
tlv += Coder.trim('55 A3 23 2E')
tlv += Coder.trim('00 07')
tlv += Coder.trim('35 2E 34 2E 30 2E 37') #5.4.0.7
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 77') + tlv
return tlv
def tlv1(uin, server_time):
tlv = ''
tlv += Coder.trim('00 01')
tlv += Coder.genBytesHexstr(4)
tlv += uin
tlv += server_time
tlv += Coder.trim('00 00 00 00')
tlv += Coder.trim('00 00')
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('00 01') + tlv
return tlv
def packSendLoginMessage(self, verifyCode=None):
#MessageHead
msgHeader = ''
msgHeader += Coder.num2hexstr(self.seq+1, 4)
msgHeader += self.appId
msgHeader += self.appId
msgHeader += Coder.trim('01 00 00 00 00 00 00 00 00 00 00 00')
msgHeader += Coder.num2hexstr(len(self.extBin)/2+4, 4) + self.extBin
msgHeader += Coder.num2hexstr(len(self.loginCmd)/2+4, 4) + self.loginCmd
msgHeader += Coder.num2hexstr(len(self.msgCookies)/2+4, 4) + self.msgCookies
msgHeader += Coder.num2hexstr(len(self.imei)/2+4, 4) + self.imei
msgHeader += Coder.num2hexstr(len(self.ksid)/2+4, 4) + self.ksid
msgHeader += Coder.num2hexstr(len(self.ver)/2+2, 2) + self.ver
msgHeader = Coder.num2hexstr(len(msgHeader)/2+4, 4) + msgHeader
#Message
msg = ''
msg += Coder.trim('1F 41')
msg += Coder.trim('08 10 00 01')
msg += self.uin
msg += Coder.trim('03 07 00 00 00 00 02 00 00 00 00 00 00 00 00 01 01')
msg += self.randomKey
msg += Coder.trim('01 02')
msg += Coder.num2hexstr(len(self.pubKey)/2, 2) + self.pubKey
#TEA加密的TLV
msg += self.packSendLoginTlv(verifyCode)
msg += Coder.trim('03')
msg = Coder.num2hexstr(len(msg)/2+2+1, 2) + msg
msg = Coder.trim('02') + msg
msg = Coder.num2hexstr(len(msg)/2+4, 4) + msg
packet = msgHeader + msg
packet = TEA.entea_hexstr(packet, self.defaultKey)
return packet
def tlv154(seq):
tlv = ''
tlv += Coder.num2hexstr(seq, 4)
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 54') + tlv
return tlv
def tlv104(verifyToken2):
tlv = ''
tlv += verifyToken2
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 04') + tlv
return tlv
def tlv194():
tlv = ''
tlv += Coder.trim('65 68 D4 A4 FA CA 6E 78 B3 6B 07 40 C2 71 A8 6E')
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 94') + tlv
return tlv
def tlv187():
tlv = ''
tlv += Coder.trim('F9 03 BA FF 80 D5 BA AC DC EA 9C 16 49 6F 53 83')
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 87') + tlv
return tlv
def unpackRecvLoginMessage(self, data):
data = TEA.detea_hexstr(data, self.defaultKey)
pack = HexPacket(data)
head = pack.shr(Coder.hexstr2num(pack.shr(4))-4)
body = pack.remain(1)
#head
pack = HexPacket(head)
Coder.hexstr2num(pack.shr(4)) #seq
pack.shr(4)
pack.shr(Coder.hexstr2num(pack.shr(4))-4)
Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(4))-4)) #cmd
pack.shr(Coder.hexstr2num(pack.shr(4))-4)
#body
pack = HexPacket(body)
pack.shr(4 + 1 + 2 + 10 + 2)
retCode = Coder.hexstr2num(pack.shr(1))
if retCode == 0: #登录成功
self.unpackRecvLoginSucceedMessage(pack.remain())
print u'登录成功: ', self.nickname
self.alive = True
self.verify = False
elif retCode == 2: #需要验证码
self.unpackRecvLoginVerifyMessage(pack.remain())
print self.verifyReason
self.alive = False
self.verify = True
threading.Thread(target=Img.showFromHexstr, args=(self.verifyPicHexstr, )).start()
code = raw_input(u'请输入验证码:')
self.login(Coder.str2hexstr(code))
else: #登录失败
pack = HexPacket(TEA.detea_hexstr(pack.remain(), self.shareKey))
pack.shr(2 + 1 + 4 + 2)
pack.shr(4) #type
title = Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(2))))
msg = Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(2))))
print title, ': ', msg
self.alive = False
self.verify = False
def tlv188():
tlv = ''
tlv += Coder.trim('3F D1 F5 BA 24 67 56 F3 97 87 49 AE 1D 67 76 EE')
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 88') + tlv
return tlv
def decodeTlv(self, cmd, data):
if cmd == Coder.trim('01 6A'):
pass
elif cmd == Coder.trim('01 06'):
pass
elif cmd == Coder.trim('01 0C'):
pass
elif cmd == Coder.trim('01 0A'):
self.token004c = data
elif cmd == Coder.trim('01 0D'):
pass
elif cmd == Coder.trim('01 14'):
pack = HexPacket(data)
pack.shr(6)
self.token0058 = pack.shr(Coder.hexstr2num(pack.shr(2)))
elif cmd == Coder.trim('01 0E'):
self.mst1Key = data
elif cmd == Coder.trim('01 03'):
self.stweb = data
elif cmd == Coder.trim('01 1F'):
pass
elif cmd == Coder.trim('01 38'):
pass
elif cmd == Coder.trim('01 1A'):
pack = HexPacket(data)
pack.shr(2 + 1 + 1)
self.nickname = Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(1))))
elif cmd == Coder.trim('01 20'):
self.skey = data
elif cmd == Coder.trim('01 36'):
self.vkey = data
elif cmd == Coder.trim('01 1A'):
pass
elif cmd == Coder.trim('01 20'):
pass
elif cmd == Coder.trim('01 36'):
pass
elif cmd == Coder.trim('03 05'):
self.sessionKey = data
elif cmd == Coder.trim('01 43'):
self.token002c = data
elif cmd == Coder.trim('01 64'):
self.sid = data
elif cmd == Coder.trim('01 18'):
pass
elif cmd == Coder.trim('01 63'):
pass
elif cmd == Coder.trim('01 30'):
pack = HexPacket(data)
pack.shr(2)
self.server_time = pack.shr(4)
self.ip = Coder.hexstr2ip(pack.shr(4))
elif cmd == Coder.trim('01 05'):
pack = HexPacket(data)
self.verifyToken1 = pack.shr(Coder.hexstr2num(pack.shr(2)))
self.verifyPicHexstr = pack.shr(Coder.hexstr2num(pack.shr(2)))
elif cmd == Coder.trim('01 04'):
self.verifyToken2 = data
elif cmd == Coder.trim('01 65'):
pack = HexPacket(data)
pack.shr(4)
title = Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(1))))
msg = Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(4))))
self.verifyReason = title + ": " + msg
elif cmd == Coder.trim('01 08'):
self.ksid = data
elif cmd == Coder.trim('01 6D'):
self.superKey = data
elif cmd == Coder.trim('01 6C'):
self.psKey = data
else:
print 'unknown tlv: '
print cmd, ': ', data
def tlv191():
tlv = ''
tlv += Coder.trim('01')
tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv
tlv = Coder.trim('01 91') + tlv
return tlv
def __init__(self, qqnum, qqpwd):
self.socket = RawSocket('113.108.90.53', 8080)
if not self.socket.connect():
raise Exception('socket connect error!')
#QQ
self.qqnum = qqnum
self.qqpwd = qqpwd
self.vcode = ''
self.qqHexstr = Coder.str2hexstr(qqnum)
self.pwdMd5 = MD5.md5_hex(qqpwd)
self.uin = Coder.qqnum2hexstr(qqnum)
self.HEART_INTERVAL = 8*60 #心跳时间间隔 如果在手机QQ上注销/退出帐号后,一般10分钟左右您的QQ号就不会显示在线了
self.server_time = Coder.num2hexstr(int(time.time()), 4)
self.alive = False
self.verify = False
#Android
self.seq = 1000
self.appId = Coder.num2hexstr(537042772, 4)
self.extBin = Coder.trim('')
self.msgCookies = Coder.trim('F9 83 8D 80')
self.imei = Coder.str2hexstr('864116195797922')
self.ksid = Coder.trim('')
self.extBin = Coder.trim('')
self.ver = Coder.str2hexstr('|460006202217491|A5.8.0.157158')
self.os_type = Coder.str2hexstr('android')
self.os_version = Coder.str2hexstr('4.2.2')
self.network_type = Coder.str2hexstr('')
self.sim_operator_name = Coder.str2hexstr('CMCC')
self.apn = Coder.str2hexstr('wifi')
self.device = Coder.str2hexstr('Lenovo A820t')
self.device_product = Coder.str2hexstr('Lenovo')
self.package_name = Coder.str2hexstr('com.tencent.mobileqq')
self.wifi_name = Coder.str2hexstr('OOOOOOOOO')
#cmd
self.loginCmd = Coder.str2hexstr('wtlogin.login')
#Keys
self.defaultKey = '00'*16
self.randomKey = Coder.genBytesHexstr(16)
self.keyId = random.randint(0, len(Keys.pubKeys)-1)
self.pubKey = Keys.pubKeys[self.keyId]
self.shareKey = Keys.shareKeys[self.keyId]
self.pwdKey = Coder.hash_qqpwd_hexstr(qqnum, qqpwd)
self.tgtKey = Coder.genBytesHexstr(16)
self.sessionKey = ''
#debug
print 'uin: ', self.uin
print 'pwdMd5: ', self.pwdMd5
print 'randomKey: ', self.randomKey
print 'pubKey: ', self.pubKey
print 'shareKey: ', self.shareKey
print 'pwdKey: ', self.pwdKey
print 'tgtKey: ', self.tgtKey
