def packed(self): """转换消息体为二进制流""" # 找到打包方法 method = getattr(self.parent, "pack_%s" % (self.parent.msgname), None) send_msg = method(self.fields) if self.parent.msgname == 'qq_pre_login': return send_msg if self.parent.msgname == 'qq_login': return send_msg[:16] + tea.encrypt(send_msg[16:], self.qq.initkey) return tea.encrypt(send_msg, self.qq.session)
def packed(self): """转换消息体为二进制流""" # 找到打包方法 method = getattr(self.parent , "pack_%s" %(self.parent.msgname), None) send_msg = method(self.fields) if self.parent.msgname == 'qq_pre_login': return send_msg if self.parent.msgname == 'qq_login': return send_msg[:16]+tea.encrypt(send_msg[16:],self.qq.initkey) return tea.encrypt(send_msg,self.qq.session)
def internal_authenticate(): global cardservice try: challange_str = 'abcdefgh' data = [] for x in challange_str: data.append(ord(x)) header = [CLA, 0x88, 0x00, 0x00, 0x08] response, sw1, sw2 = cardservice.connection.transmit(header+data) if(sw1==0x61): response = get_response(sw2) response_str = '' for x in response: response_str += chr(x) print "Response length : ", len(response_str) key = [0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF] key_str = '' for x in key: key_str += chr(x) encrypted = tea.encrypt(challange_str, key_str) if(response_str==encrypted[:8]): print "Card is authenticated" return True else: print "Card is not authenticated" return False except SWException, e: print str(e) return False
def external_authenticate(): global cardservice try: challange = get_challange() challange_str = '' for x in challange: challange_str += chr(x) key = [ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF ] key_str = '' for x in key: key_str += chr(x) encrypted = tea.encrypt(challange_str, key_str) data = [] for x in encrypted: data.append(ord(x)) header = [CLA, 0x82, 0x00, 0x00, 0x08] response, sw1, sw2 = cardservice.connection.transmit(header + data) if (sw1 == 0x90 and sw2 == 0x00): print "Terminal (external) Authenticated" return response except SWException, e: print str(e) return False
def getEncryption(self): puk = rsa.PublicKey(int( 'F20CE00BAE5361F8FA3AE9CEFA495362' 'FF7DA1BA628F64A347F0A8C012BF0B25' '4A30CD92ABFFE7A6EE0DC424CB6166F8' '819EFA5BCCB20EDFB4AD02E412CCF579' 'B1CA711D55B8B0B3AEB60153D5E0693A' '2A86F3167D7847A0CB8B00004716A909' '5D9BADC977CBB804DBDCBA6029A97108' '69A453F27DFDDF83C016D928B3CBF4C7', 16 ), 3) #e = int(self.qq).to_bytes(8, 'big') e = uni2hex(self.qq) d = hashlib.md5(self.pwd.encode()) #r = bytes.fromhex(o.hexdigest()) r = hexchar2bin(o.hexdigest()) p = hashlib.md5(r + e).hexdigest() a = binascii.b2a_hex(rsa.encrypt(r, puk)).decode() s = hex(len(a) // 2)[2:] l = binascii.hexlify(self.vcode.upper().encode()).decode() c = hex(len(l) // 2)[2:] c = '0' * (4 - len(c)) + c s = '0' * (4 - len(s)) + s salt = s + a + binascii.hexlify(e).decode() + c + l return base64.b64encode( #tea.encrypt(bytes.fromhex(salt), bytes.fromhex(p)) tea.encrypt(hexchar2bin(salt), hexchar2bin(p)) ).decode().replace('/', '-').replace('+', '*').replace('=', '_')
def pack_login(self): self.timestamp = qq_timestamp() login_packet = qq_bytearray() login_packet = login_packet.append_hex( '00 09' ) login_packet = login_packet.append_u16( 19 ) login_packet = login_packet.append_str( self.tlv_18(self.uin) ) login_packet = login_packet.append_str( self.tlv_1(self.uin, self.timestamp) ) login_packet = login_packet.append_str( self.tlv_106(self.uin, self.md5, self.md5_2, self.tgtkey, self.imei, self.timestamp, self.appid) ) login_packet = login_packet.append_str( self.tlv_116() ) login_packet = login_packet.append_str( self.tlv_100(self.appid) ) login_packet = login_packet.append_str( self.tlv_107() ) login_packet = login_packet.append_str( self.tlv_108(self.ksid) ) p_109 = self.tlv_109( self.imei ) p_124 = self.tlv_124( self.os_type, self.os_version, self.network_type, self.apn ) p_128 = self.tlv_128( self.device, self.imei ) p_16e = self.tlv_16e( self.device ) login_packet.extend( self.tlv_144( self.tgtkey, p_109, p_124, p_128, p_16e ) ) login_packet.extend( self.tlv_142(self.apk_id) ) login_packet.extend( self.tlv_145(self.imei) ) login_packet.extend( self.tlv_154(self.requestid.get_and_freeze()) ) login_packet.extend( self.tlv_141(self.network_type, self.apn) ) login_packet.extend( self.tlv_8() ) login_packet.extend( self.tlv_16b() ) login_packet.extend( self.tlv_147(self.apk_version, self.apk_sign) ) login_packet.extend( self.tlv_177() ) login_packet.extend( self.tlv_187() ) login_packet.extend( self.tlv_188() ) login_packet.extend( self.tlv_191() ) login_packet = self.pack_pc('08 10', tea.encrypt(login_packet, self.sharekey), self.randkey, self.pubkey) return self.Make_login_sendSsoMsg('wtlogin.login', login_packet, bytearray(), self.imei, self.ksid, self.ver, True)
def getEncryption(self): puk = rsa.PublicKey(int( 'F20CE00BAE5361F8FA3AE9CEFA495362' 'FF7DA1BA628F64A347F0A8C012BF0B25' '4A30CD92ABFFE7A6EE0DC424CB6166F8' '819EFA5BCCB20EDFB4AD02E412CCF579' 'B1CA711D55B8B0B3AEB60153D5E0693A' '2A86F3167D7847A0CB8B00004716A909' '5D9BADC977CBB804DBDCBA6029A97108' '69A453F27DFDDF83C016D928B3CBF4C7', 16 ), 3) e = int(self.qq).to_bytes(8, 'big') o = hashlib.md5(self.pwd.encode()) r = bytes.fromhex(o.hexdigest()) p = hashlib.md5(r + e).hexdigest() a = binascii.b2a_hex(rsa.encrypt(r, puk)).decode() s = hex(len(a) // 2)[2:] l = binascii.hexlify(self.vcode.upper().encode()).decode() c = hex(len(l) // 2)[2:] c = '0' * (4 - len(c)) + c s = '0' * (4 - len(s)) + s salt = s + a + binascii.hexlify(e).decode() + c + l return base64.b64encode( tea.encrypt(bytes.fromhex(salt), bytes.fromhex(p)) ).decode().replace('/', '-').replace('+', '*').replace('=', '_')
def getEncryption(self): puk = rsa.PublicKey( int( "F20CE00BAE5361F8FA3AE9CEFA495362" "FF7DA1BA628F64A347F0A8C012BF0B25" "4A30CD92ABFFE7A6EE0DC424CB6166F8" "819EFA5BCCB20EDFB4AD02E412CCF579" "B1CA711D55B8B0B3AEB60153D5E0693A" "2A86F3167D7847A0CB8B00004716A909" "5D9BADC977CBB804DBDCBA6029A97108" "69A453F27DFDDF83C016D928B3CBF4C7", 16, ), 3, ) e = int(self.qq).to_bytes(8, "big") o = hashlib.md5(self.pwd.encode()) r = bytes.fromhex(o.hexdigest()) p = hashlib.md5(r + e).hexdigest() a = binascii.b2a_hex(rsa.encrypt(r, puk)).decode() s = hex(len(a) // 2)[2:] l = binascii.hexlify(self.vcode.upper().encode()).decode() c = hex(len(l) // 2)[2:] c = "0" * (4 - len(c)) + c s = "0" * (4 - len(s)) + s salt = s + a + binascii.hexlify(e).decode() + c + l return ( base64.b64encode(tea.encrypt(bytes.fromhex(salt), bytes.fromhex(p))) .decode() .replace("/", "-") .replace("+", "*") .replace("=", "_") )
def send(self, to_num, msg): to_num = hex(to_num)[2:] if len(to_num) == 9: to_num = to_num[:-1] mid = random.randint(4096, 65535) mid = hex(mid)[2:] msg_0 = "{}0012{}00200000090000000086028b5b534f0d".format( to_num, bigendian2hex(msg)) msg_1 = b2a_hex(encrypt(a2b_hex(msg_0), self.key)) msg_3 = "02003706080055{}{}00{}03".format(mid, self.qq_num, msg_1) self.s.send(a2b_hex(msg_3)) print 're_msg' + b2a_hex(self.s.recv(2048))
def tlv_106( self, uin, passmd5, passmd5_2, tgtkey, imei, timestamp, appid ): # uin:bytearray represent username # passmd5: bytearray # passmd5_2: bytearray # tgtkey: bytearray # imei: string # appid: 4 bytes unsigned int # 01 06 # 00 70 [md5(md5(pass)+0 0 0 0+hexQQ)E8 FD 5B 08 BF 42 3C B9 F8 D4 23 30 F2 E2 E3 59 ] # 67 A4 4D 1D 59 08 97 15 92 03 BB E3 E8 7F 49 CC 65 A2 F6 E3 4F 68 DA 9E A2 E9 DA 90 DB 26 2D F5 A4 BD C0 52 51 F0 40 77 B5 50 25 42 AC 68 1B 57 35 61 97 65 36 6B AA 35 C5 E1 E6 C8 91 3B 3E 30 84 AA 6F 6C 32 29 97 FB DF 53 CA 3C B5 F8 F3 13 E4 FF AA 58 39 75 81 45 38 4A A2 BE CA 43 E0 7E 0A 83 71 17 5C 88 7C DE DE ED B8 12 E4 D5 C4 22 # [ # 00 03 //TGTGTVer=3 # 29 A5 69 34 rand32 # 00 00 00 05 # 00 00 00 10 # 00 00 00 00 # 00 00 00 00 # 18 B4 A1 BC [QQ:414491068] # 4D 1F C3 AC //时间 # 00 00 00 00 # 01 # EB E0 80 63 34 8C 9E E1 FD 6B 5E 05 9A 72 84 C6 //MD5PASS # C5 2E 0F 5D A6 20 B5 EE 0B 94 F2 6F C3 05 4A 02 //TGTKey # 00 00 00 # 00 01 # 46 60 1E D3 C6 24 16 BF CA A2 9E 9E B8 9A D2 4E //imei_ # 20 02 93 92 _sub_appid # 00 00 00 01 00 00 # ] # time =Xbin.Flip 取字节集左边 (到字节集 (Other.TimeStamp ()), 4)) p = qq_bytearray() p = p.append_hex( '00 03' ) p = p.append_random( 4 ) p = p.append_hex( '00 00 00 05' ) p = p.append_hex( '00 00 00 10' ) p = p.append_zero( 4 ) p = p.append_zero( 4 ) p = p.append_str( uin ) p = p.append_str( timestamp ) p = p.append_hex( '00 00 00 00 01' ) p = p.append_str( passmd5 ) p = p.append_str( tgtkey ) p = p.append_hex( '00 00 00 00 01' ) p = p.append_str( imei ) p = p.append_u32( appid ) p = p.append_hex( '00 00 00 01' ) p = p.append_zero( 2 ) self.logpacket( str(sys._getframe().f_code.co_name), p ) return self.tlv_pack('01 06', tea.encrypt(p, passmd5_2))
def login0825(self): key0825 = '7792394f1afd3bbfa9006bc807bcf23b' data = '0235550825' # head data += self.getSequence(2) data += '00000000' # QQ Hex data += '030000000101010000674200000000' data += key0825 txt = '001800160001' txt += self.fixedData txt += '0000000000000000' txt += '0004000f0000000b' txt += self.str2hex(self.num) txt += '0309' txt += '0008' txt += '0001000000000004' txt += '00360012' txt += '000200010000000000000000000000000000' txt += '0114001d01020019' txt += self.hdKey data += b2a_hex(tea.encrypt(bytes.fromhex(txt), bytes.fromhex(key0825))).decode() data += '03' data = a2b_hex(data) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.sendto(data, self.address) recvPack = sock.recv(1024) sock.close() recvData = b2a_hex(tea.decrypt(recvPack[14:-1], bytes.fromhex(key0825))).decode() if (recvData[:2] != '00'): recvData = recvData[16:] if (recvData[:2] == '00'): self.token0825 = recvData[10:122] self.serverTime = recvData[134:142] self.serverIP = recvData[166:174] return self.login0826() else: print('0825 error!') return False
def tx_pwd_encode(self, pwd, salt, verifycode): """ js:getEncryption(t, e, i, n) t=pwd, e=salt 二进制形式, i=verifycode, n:default undefined # """ salt = salt.replace(r'\x', '') e = self.fromhex(salt) md5_pwd = o = self.tx_md5(pwd) r = hashlib.md5(pwd).digest() p = self.tx_md5(r + e) a = rsa.encrypt(r, self.rsaKey) rsaData = a = binascii.b2a_hex(a) # rsa length s = self.hexToString(len(a) / 2) s = s.zfill(4) # verifycode先转换为大写,然后转换为bytes verifycodeLen = hex(len(verifycode)).replace(r"0x", "").zfill(4) l = binascii.b2a_hex(verifycode.upper()) # verifycode length c = self.hexToString(len(l) / 2) c = c.zfill(4) # TEA: KEY:p, s+a+ TEA.strToBytes(e) + c +l new_pwd = s + a + salt + c + l saltpwd = base64.b64encode( tea.encrypt(self.fromhex(new_pwd), self.fromhex(p))).decode().replace('/', '-').replace( '+', '*').replace("=", "_") data = {} data['l'] = l data['a'] = a data['o'] = o data['r'] = r data['e'] = e data['p'] = p data['s'] = s data['l'] = l data['c'] = c #pprint(data) return saltpwd
def login0825(self): key0825 = '7792394f1afd3bbfa9006bc807bcf23b' data = '0235550825' # head data += self.getSequence(2) data += '00000000' # QQ Hex data += '030000000101010000674200000000' data += key0825 txt = '001800160001' txt += self.fixedData txt += '0000000000000000' txt += '0004000f0000000b' txt += self.str2hex(self.num) txt += '0309' txt += '0008' txt += '0001000000000004' txt += '00360012' txt += '000200010000000000000000000000000000' txt += '0114001d01020019' txt += self.hdKey data += b2a_hex(tea.encrypt(bytes.fromhex(txt), bytes.fromhex(key0825))).decode() data += '03' data = a2b_hex(data) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.sendto(data, self.address) recvPack = sock.recv(1024) sock.close() recvData = b2a_hex(tea.decrypt(recvPack[14:-1], bytes.fromhex(key0825))).decode() if(recvData[:2]!='00'): recvData = recvData[16:] if(recvData[:2]=='00'): self.token0825 = recvData[10:122] self.serverTime = recvData[134:142] self.serverIP = recvData[166:174] return self.login0826() else: print('0825 error!') return False
def pwdencode(self, vcode, uin, pwd): salt = uin.replace(r'\x', '') h1 = hashlib.md5(pwd.encode()).digest() s2 = hashlib.md5(h1 + self.fromhex(salt)).hexdigest().upper() rsaH1 = binascii.b2a_hex(rsa.encrypt(h1, self.pubKey)).decode() rsaH1Len = hex(len(rsaH1) // 2)[2:] hexVcode = binascii.b2a_hex(vcode.upper().encode()).decode() vcodeLen = hex(len(hexVcode) // 2)[2:] l = len(vcodeLen) if l < 4: vcodeLen = '0' * (4 - l) + vcodeLen l = len(rsaH1Len) if l < 4: rsaH1Len = '0' * (4 - l) + rsaH1Len pwd1 = rsaH1Len + rsaH1 + salt + vcodeLen + hexVcode saltPwd = base64.b64encode( tea.encrypt(self.fromhex(pwd1), self.fromhex(s2)) ).decode().replace('/', '-').replace('+', '*').replace('=', '_') return saltPwd
def tx_pwd_encode(self, pwd, salt, verifycode): """ js:getEncryption(t, e, i, n) t=pwd, e=salt 二进制形式, i=verifycode, n:default undefined # """ salt = salt.replace(r'\x', '') e = self.fromhex(salt) md5_pwd = o = self.tx_md5(pwd) r = hashlib.md5(pwd).digest() p = self.tx_md5( r + e ) a = rsa.encrypt(r, self.rsaKey) rsaData = a = binascii.b2a_hex(a) # rsa length s = self.hexToString( len(a)/2 ) s = s.zfill(4) # verifycode先转换为大写,然后转换为bytes verifycodeLen = hex(len(verifycode)).replace(r"0x","").zfill(4) l = binascii.b2a_hex( verifycode.upper() ) # verifycode length c = self.hexToString( len(l)/2 ) c = c.zfill(4) # TEA: KEY:p, s+a+ TEA.strToBytes(e) + c +l new_pwd = s + a + salt + c + l saltpwd = base64.b64encode( tea.encrypt( self.fromhex(new_pwd), self.fromhex(p) ) ).decode().replace('/', '-').replace('+', '*').replace("=", "_") data = {} data['l'] = l data['a'] = a data['o'] = o data['r'] = r data['e'] = e data['p'] = p data['s'] = s data['l'] = l data['c'] = c #pprint(data) return saltpwd
def Make_login_sendSsoMsg( self, servicecmd, wupbuffer, ext_bin, imei, ksid, ver, islogin): # string bytearray bytearray str str str bool p = qq_bytearray() msgcookies = bytearray.fromhex('B6 CC 78 FC') p = p.append_u32( self.requestid.get_and_freeze() ) p = p.append_u32( self.appid ) p = p.append_u32( self.appid ) p = p.append_hex( '01 00 00 00 00 00 00 00 00 00 00 00' ) p = p.append_u32len_plus_4_and_value( ext_bin ) p = p.append_u32len_plus_4_and_value( servicecmd ) p = p.append_u32len_plus_4_and_value( msgcookies ) p = p.append_u32len_plus_4_and_value( imei ) p = p.append_u32len_plus_4_and_value( ksid ) p = p.append_u16len_plus_2_and_value( ver ) p = p.insert_u32( len(p) + 4 ) p = p.append_u32len_plus_4_and_value( wupbuffer ) return self.pack( tea.encrypt(p, self.key), 0 if islogin else 1 )
def Make_login_sendSsoMsg(self, servicecmd, wupbuffer, ext_bin, imei, ksid, ver, islogin): # string bytearray bytearray str str str bool p = qq_bytearray() msgcookies = bytearray.fromhex('B6 CC 78 FC') p = p.append_u32(self.requestid.get_and_freeze()) p = p.append_u32(self.appid) p = p.append_u32(self.appid) p = p.append_hex('01 00 00 00 00 00 00 00 00 00 00 00') p = p.append_u32len_plus_4_and_value(ext_bin) p = p.append_u32len_plus_4_and_value(servicecmd) p = p.append_u32len_plus_4_and_value(msgcookies) p = p.append_u32len_plus_4_and_value(imei) p = p.append_u32len_plus_4_and_value(ksid) p = p.append_u16len_plus_2_and_value(ver) p = p.insert_u32(len(p) + 4) p = p.append_u32len_plus_4_and_value(wupbuffer) return self.pack(tea.encrypt(p, self.key), 0 if islogin else 1)
def pwdencode(vcode, uin, pwd): # uin is the bytes of QQ number stored in unsigned long (8 bytes) salt = uin.replace(r'\x', '') h1 = hashlib.md5(pwd.encode()).digest() s2 = hashlib.md5(h1 + fromhex(salt)).hexdigest().upper() rsaH1 = binascii.b2a_hex(rsa.encrypt(h1, pubKey)).decode() rsaH1Len = hex(len(rsaH1) // 2)[2:] hexVcode = binascii.b2a_hex(vcode.upper().encode()).decode() vcodeLen = hex(len(hexVcode) // 2)[2:] l = len(vcodeLen) if l < 4: vcodeLen = '0' * (4 - l) + vcodeLen l = len(rsaH1Len) if l < 4: rsaH1Len = '0' * (4 - l) + rsaH1Len pwd1 = rsaH1Len + rsaH1 + salt + vcodeLen + hexVcode saltPwd = base64.b64encode( tea.encrypt(fromhex(pwd1), fromhex(s2)) ).decode().replace('/', '-').replace('+', '*').replace('=', '_') return saltPwd
def tlv_144(self, tgtkey, tlv109, tlv124, tlv128, tlv16e): # all args are bytearray # 01 44 # 00 80 (////_tgtgt_key) # 60 17 BF D3 F7 A4 7E C5 BC 07 47 98 B3 9B 12 C1 # CC F6 87 13 7A 28 BB 62 18 3B 1A 43 F8 FE 07 87 # CB CF 40 3D BD DB 93 0F A7 CC F4 71 67 67 70 9E # 33 14 CD E6 D7 CA 62 B4 48 FB 32 21 47 8F 40 B5 # A0 8E CB 5E 31 70 26 44 EA 79 AD A7 76 00 2A 26 # 56 92 38 EA 78 BB CC 4E E8 E3 F4 CD FE 19 AB 32 # A6 BB 31 72 D7 25 93 94 4A EF A7 94 A9 59 B2 73 # 55 95 4C FC AD C4 1A C2 15 C6 8F A1 39 48 F8 1A # [ # 00 04 //get_tlv_144四个参数byte[]都有数据 # 01 09 //tlv-109 # 00 10 # 46 60 1E D3 C6 24 16 BF CA A2 9E 9E B8 9A D2 4E //_IMEI # 01 24 //tlv-124 # 00 1C # 00 07 61 6E 64 72 6F 69 64 00 05 34 2E 30 2E 34 # 00 01 00 00 00 00 00 04 77 69 66 69 # 01 28 //tlv-128 # 00 2B # 00 00 //0 # 00 //request_global._new_install # 01 //request_global._read_guid # 00 //request_global._guid_chg # 01 00 00 00 //request_global._dev_report # 00 0C # 48 55 41 57 45 49 20 55 39 35 30 38 //request_global._device=HUAWEI U9508 # 00 10 # 46 60 1E D3 C6 24 16 BF CA A2 9E 9E B8 9A D2 4E //request_global._IMEI # 00 00 //0 # 01 6E //tlv-16e # 00 0C # 48 55 41 57 45 49 20 55 39 35 30 38 //request_global._device=HUAWEI U9508 # ] p = qq_bytearray() p = p.append_u16( 4 ) p = qq_bytearray( p + tlv109 + tlv124 + tlv128 + tlv16e ) self.logpacket( str(sys._getframe().f_code.co_name), p ) return self.tlv_pack( '01 44', tea.encrypt(p, tgtkey) )
def pack_login(self): self.timestamp = qq_timestamp() login_packet = qq_bytearray() login_packet = login_packet.append_hex('00 09') login_packet = login_packet.append_u16(19) login_packet = login_packet.append_str(self.tlv_18(self.uin)) login_packet = login_packet.append_str( self.tlv_1(self.uin, self.timestamp)) #login_packet = login_packet.append_str( self.tlv_106(self.uin, self.md5, self.md5_2, self.tgtkey, self.imei, self.timestamp, self.appid) ) login_packet = login_packet.append_str( self.tlv_106(self.uin, self.md5, self.md5_2, self.tgtkey, self.imei_, self.timestamp, self.appid)) login_packet = login_packet.append_str(self.tlv_116()) login_packet = login_packet.append_str(self.tlv_100(self.appid)) login_packet = login_packet.append_str(self.tlv_107()) login_packet = login_packet.append_str(self.tlv_108(self.ksid)) p_109 = self.tlv_109(self.imei) p_124 = self.tlv_124(self.os_type, self.os_version, self.network_type, self.apn) p_128 = self.tlv_128(self.device, self.imei_) p_16e = self.tlv_16e(self.device) login_packet.extend( self.tlv_144(self.tgtkey, p_109, p_124, p_128, p_16e)) login_packet.extend(self.tlv_142(self.apk_id)) login_packet.extend(self.tlv_145(self.imei_)) login_packet.extend(self.tlv_154(self.requestid.get_and_freeze())) login_packet.extend(self.tlv_141(self.network_type, self.apn)) login_packet.extend(self.tlv_8()) login_packet.extend(self.tlv_16b()) login_packet.extend(self.tlv_147(self.apk_version, self.apk_sign)) login_packet.extend(self.tlv_177()) login_packet.extend(self.tlv_187()) login_packet.extend(self.tlv_188()) login_packet.extend(self.tlv_191()) print login_packet login_packet = self.pack_pc('08 10', tea.encrypt(login_packet, self.sharekey), self.randkey, self.pubkey) return self.Make_login_sendSsoMsg('wtlogin.login', login_packet, bytearray(), self.imei, self.ksid, self.ver, True)
def register_gfan(username, password, mail): from tea import encrypt channel_id = 86 app_key = 'fengyunanghu218&' post_url = 'http://api.gfan.com/uc1/common/register' post_data = u'<request><username>%s</username><password>%s</password><email>%s</email></request>' % (username, password, mail) post_data = post_data.encode('utf-8') #map(ord, post_data) app_key = app_key.encode('utf-8') #map(ord, app_key) #print(post_data,app_key) post_data = base64.encodestring(encrypt(post_data, app_key)) user_agent = 'channelID=%d' % channel_id result = http_post(post_url, post_data, 'text', user_agent) print(result) link_key = 0 if result != '': xml_dom = minidom.parseString(result) xml_root = xml_dom.documentElement link_key = xml_root.getElementsByTagName('uid')[0].toxml().replace('<uid>', '').replace('</uid>', '') #print(result_code,result_msg,link_key) return link_key
def on_qq_pre_login(self,message): ''' 当收到登陆令牌后,判断令牌是否正确。 然后发送qq_login的报文开始登陆。 由于这个部分是自动处理的,所以当发送登陆令牌请求包后,会自动工作到改变在线状态为止。 ''' status=message.body.fields['status'] pre_len=message.body.fields['pre_len'] pre=message.body.fields['pre'] if status != 0: print '申请登陆令牌错!' message = qqmsg.outqqMessage(self.qq) message.setMsgName('qq_login') message.body.setField('initkey',self.qq.initkey) message.body.setField('md5',tea.encrypt('',self.qq.md5pwd)) message.body.setField('16_51',a2b_hex(basic.QQ_login_16_51)) message.body.setField('login_status',chr(basic.QQ_login['normal'])) message.body.setField('53_68',a2b_hex(basic.QQ_login_53_68)) message.body.setField('pre_len',chr(pre_len)) message.body.setField('pre',pre[0]) message.body.setField('unknown',chr(0x40)) message.body.setField('login_end',a2b_hex(basic.QQ_login_end)) message.body.setField('end',(416-len(message.body))*chr(00)) self.sendDataToQueue(message)
def on_qq_pre_login(self, message): ''' 当收到登陆令牌后,判断令牌是否正确。 然后发送qq_login的报文开始登陆。 由于这个部分是自动处理的,所以当发送登陆令牌请求包后,会自动工作到改变在线状态为止。 ''' status = message.body.fields['status'] pre_len = message.body.fields['pre_len'] pre = message.body.fields['pre'] if status != 0: print '申请登陆令牌错!' message = qqmsg.outqqMessage(self.qq) message.setMsgName('qq_login') message.body.setField('initkey', self.qq.initkey) message.body.setField('md5', tea.encrypt('', self.qq.md5pwd)) message.body.setField('16_51', a2b_hex(basic.QQ_login_16_51)) message.body.setField('login_status', chr(basic.QQ_login['normal'])) message.body.setField('53_68', a2b_hex(basic.QQ_login_53_68)) message.body.setField('pre_len', chr(pre_len)) message.body.setField('pre', pre[0]) message.body.setField('unknown', chr(0x40)) message.body.setField('login_end', a2b_hex(basic.QQ_login_end)) message.body.setField('end', (416 - len(message.body)) * chr(00)) self.sendDataToQueue(message)
def internal_authenticate(): global cardservice try: challange_str = 'abcdefgh' data = [] for x in challange_str: data.append(ord(x)) header = [CLA, 0x88, 0x00, 0x00, 0x08] response, sw1, sw2 = cardservice.connection.transmit(header + data) if (sw1 == 0x61): response = get_response(sw2) response_str = '' for x in response: response_str += chr(x) print "Response length : ", len(response_str) key = [ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF ] key_str = '' for x in key: key_str += chr(x) encrypted = tea.encrypt(challange_str, key_str) if (response_str == encrypted[:8]): print "Card is authenticated" return True else: print "Card is not authenticated" return False except SWException, e: print str(e) return False
def external_authenticate(): global cardservice try: challange = get_challange() challange_str = '' for x in challange: challange_str += chr(x) key = [0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF] key_str = '' for x in key: key_str += chr(x) encrypted = tea.encrypt(challange_str, key_str) data = [] for x in encrypted: data.append(ord(x)) header = [CLA, 0x82, 0x00, 0x00, 0x08] response, sw1, sw2 = cardservice.connection.transmit(header+data) if(sw1==0x90 and sw2==0x00): print "Terminal (external) Authenticated" return response except SWException, e: print str(e) return False
import tea key = '0123456789abcdef' message = 'Sample message for encryption and decryption.' cipher = tea.encrypt(message, key) print(cipher)
def login0826(self): key0826 = '6d47535a5a573d4872772c2d36717a76' keyCode = '13d924ca5e0469d284effea87a5a5f1c' data = '02355508366848' # head data += '00000000' data += '0300000001010100006742' data += '00000000' data += '000101020019' data += self.hdKey data += '00000010' data += self.getSequence(16) txt = '01120038' txt += self.token0825 txt += '030f0008000657494e444f57' # WINDOWS txt += '0004000f0000000b' txt += self.str2hex(self.num) txt += '00060078' md5p = md5('123456') # 密码加密 pwd = md5p pwd += '00000000' pwd += '00000000' # QQ Hex # 密匙加密 key = 'F36251810002' key += '00000000' # QQ Hex key += self.fixedData key += '000001' key += md5p key += self.serverTime key += '00000000000000000000000000' key += self.serverIP key += '000000000000000600101ba49e165fe954251eb9619f7b1bdf31' key += key0826 txt += b2a_hex(tea.encrypt(bytes.fromhex(key), bytes.fromhex(pwd))).decode() # region CRC txt += '001500300000' txt += '01' txt += '1c26e960' txt += '0010' txt += '028d5f75cbcf4c898ca43a3410b85788' txt += '02' txt += 'b3e8163c' txt += '0010' txt += '1ba49e165fe954251eb9619f7b1bdf31' txt += '001a' txt += '0040' mcrc = '001500300000' mcrc += '01' mcrc += '1c26e960' mcrc += '0010' mcrc += '028d5f75cbcf4c898ca43a3410b85788' mcrc += '02' mcrc += 'b3e8163c' mcrc += '0010' mcrc += '1ba49e165fe954251eb9619f7b1bdf31' txt += b2a_hex(tea.encrypt(bytes.fromhex(mcrc), bytes.fromhex(key0826))).decode() txt += '001800160001' txt += self.fixedData txt += '00000000' # QQ Hex txt += '00010000010300140001' txt += '0010' txt += 'bd41fd502a59f4863ccde044bb41f728' txt += '0312000501000000' txt += '00' # 是否记住密码 txt += '010200620001' txt += '1169a81f699f52de71ef65e9b42d2d8a' txt += '0038' txt += '78b94e76767efdab4dd3b2b0144063f48b57ee27aef152a28aba1f03' txt += '50f02b17a86787fe47d1b189c43c0be7a7dc8c81c40bb622c78ec85b' txt += '0014' txt += '62e172e61421fe8c850c62891efcf7f93a19b892' data += b2a_hex(tea.encrypt(bytes.fromhex(txt), bytes.fromhex(keyCode))).decode() data += '03' data = a2b_hex(data) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.sendto(data, self.address) recvPack = sock.recv(1024) sock.close() recvData = b2a_hex(tea.decrypt(recvPack[14:-1], bytes.fromhex(keyCode))).decode() if recvData[:2] == '06': qq = str(int(recvData[6:14], 16)) else: recvData = recvData[8:] if recvData[:2].lower() == 'fc': qq = str(int(recvData[14:22], 16)) else: qq = False return qq
def encrypt_id(id): return tea.encrypt(id, settings.KEY)
def login(self): print 'Logining...' self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.s.connect((ip_adress3, 14000)) m = hashlib.md5() m.update(self.paw) paw_md5 = m.hexdigest() self.paw_a = "00090001000000003434413741423843414235383746463210{}00".format( paw_md5) pac_get_key = '020033060800491f27{}0034344137414238434142353837464632010100105643514a4a385739364b3645455a445003'.format( self.qq_num) self.s.send(a2b_hex(pac_get_key)) key_0 = self.s.recv(2048) key_1 = b2a_hex(key_0)[28:60] print key_1 self.key = a2b_hex(key_1) paw_tea = encrypt(a2b_hex(self.paw_a), self.key) paw_tea = b2a_hex(paw_tea) pac_login_a = "020047060800500002{0}00{1}03".format( self.qq_num, paw_tea) print pac_login_a pac_login_b = a2b_hex(pac_login_a) self.s.send(pac_login_b) re_login_a = self.s.recv(2048) re_login = b2a_hex(re_login_a) print re_login while len(re_login) > 600: print 'Need Verification Code!' img = re_login[28:] img = img[:-2] img_b = decrypt(a2b_hex(img), self.key) img_a = b2a_hex(img_b) img_a = re.search(r'8950\w+', img_a) img = a2b_hex(img_a.group(0)) #Maybe use 'with' is better f = open('test.jpg', 'wb') f.write(img) f.close() im = Image.open( os.path.abspath('.').replace('\\', '/') + '/test.jpg') im.show() ver = raw_input('Verification Code: ') vercode = "020008003{0}003{1}003{2}003{3}".format( ver[0], ver[1], ver[2], ver[3]) ver_b = encrypt(a2b_hex(vercode), self.key) ver_tea = "020027060800771f2a{}00{}03".format( self.qq_num, b2a_hex(ver_b)) self.s.send(a2b_hex(ver_tea)) re_login = b2a_hex(self.s.recv(2048)) print 'Verification Code error,retry again.' if len(re_login) == 206: print 'Login scuess!' else: print 'Login fail'
def login0826(self): key0826 = '6d47535a5a573d4872772c2d36717a76' keyCode = '13d924ca5e0469d284effea87a5a5f1c' data = '02355508366848' # head data += '00000000' data += '0300000001010100006742' data += '00000000' data += '000101020019' data += self.hdKey data += '00000010' data += self.getSequence(16) txt = '01120038' txt += self.token0825 txt += '030f0008000657494e444f57' # WINDOWS txt += '0004000f0000000b' txt += self.str2hex(self.num) txt += '00060078' md5p = md5('123456') # 密码加密 pwd = md5p pwd += '00000000' pwd += '00000000' # QQ Hex # 密匙加密 key = 'F36251810002' key += '00000000' # QQ Hex key += self.fixedData key += '000001' key += md5p key += self.serverTime key += '00000000000000000000000000' key += self.serverIP key += '000000000000000600101ba49e165fe954251eb9619f7b1bdf31' key += key0826 txt += b2a_hex(tea.encrypt(bytes.fromhex(key), bytes.fromhex(pwd))).decode() # region CRC txt += '001500300000' txt += '01' txt += '1c26e960' txt += '0010' txt += '028d5f75cbcf4c898ca43a3410b85788' txt += '02' txt += 'b3e8163c' txt += '0010' txt += '1ba49e165fe954251eb9619f7b1bdf31' txt += '001a' txt += '0040' mcrc = '001500300000' mcrc += '01' mcrc += '1c26e960' mcrc += '0010' mcrc += '028d5f75cbcf4c898ca43a3410b85788' mcrc += '02' mcrc += 'b3e8163c' mcrc += '0010' mcrc += '1ba49e165fe954251eb9619f7b1bdf31' txt += b2a_hex(tea.encrypt(bytes.fromhex(mcrc), bytes.fromhex(key0826))).decode() txt += '001800160001' txt += self.fixedData txt += '00000000' # QQ Hex txt += '00010000010300140001' txt += '0010' txt += 'bd41fd502a59f4863ccde044bb41f728' txt += '0312000501000000' txt += '00' # 是否记住密码 txt += '010200620001' txt += '1169a81f699f52de71ef65e9b42d2d8a' txt += '0038' txt += '78b94e76767efdab4dd3b2b0144063f48b57ee27aef152a28aba1f03' txt += '50f02b17a86787fe47d1b189c43c0be7a7dc8c81c40bb622c78ec85b' txt += '0014' txt += '62e172e61421fe8c850c62891efcf7f93a19b892' data += b2a_hex(tea.encrypt(bytes.fromhex(txt), bytes.fromhex(keyCode))).decode() data += '03' data = a2b_hex(data) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.sendto(data, self.address) recvPack = sock.recv(1024) sock.close() recvData = b2a_hex(tea.decrypt(recvPack[14:-1],bytes.fromhex(keyCode))).decode() if recvData[:2]=='06': qq = str(int(recvData[6:14], 16)) else: recvData = recvData[8:] if recvData[:2].lower()=='fc': qq = str(int(recvData[14:22], 16)) else: qq = False return qq