def tlv107(): tlv = '' tlv += Coder.trim('00 00') tlv += Coder.trim('00 00 00 01') tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 07') + tlv return tlv
def tlv2(verifyCode, verifyToken1): tlv = '' tlv += Coder.num2hexstr(len(verifyCode)/2, 4) + verifyCode tlv += Coder.num2hexstr(len(verifyToken1)/2, 2) + verifyToken1 tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('00 02') + tlv return tlv
def login(self, verifyCode=None): '''登录''' #发送登录请求 packet = '' #包头 packet += Coder.trim('00 00 00 08 02 00 00 00 04 00') packet += Coder.num2hexstr(len(self.qqHexstr) / 2 + 4, 4) packet += self.qqHexstr #TEA加密的包体 packet += self.packSendLoginMessage(verifyCode) #总包长 packet = Coder.num2hexstr(len(packet) / 2 + 4, 4) + packet #发送请求 self.socket.sendall(Coder.hexstr2str(packet)) #接收请求 ret = self.socket.recv() pack = HexPacket(Coder.str2hexstr(ret)) #返回包头 pack.shr(4) pack.shr(8) pack.shr(2 + len(self.qqHexstr) / 2) #返回包体 self.unpackRecvLoginMessage(pack.remain()) if self.alive: #登录成功 threading.Thread(target=self.startHeart).start() #心跳 return True elif self.verify: #需要验证码 pass else: return False
def login(self, verifyCode=None): '''登录''' #发送登录请求 packet = '' #包头 packet += Coder.trim('00 00 00 08 02 00 00 00 04 00') packet += Coder.num2hexstr(len(self.qqHexstr)/2+4, 4) packet += self.qqHexstr #TEA加密的包体 packet += self.packSendLoginMessage(verifyCode) #总包长 packet = Coder.num2hexstr(len(packet)/2+4, 4) + packet #发送请求 self.socket.sendall(Coder.hexstr2str(packet)) #接收请求 ret = self.socket.recv() pack = HexPacket(Coder.str2hexstr(ret)) #返回包头 pack.shr(4) pack.shr(8) pack.shr(2 + len(self.qqHexstr)/2) #返回包体 self.unpackRecvLoginMessage(pack.remain()) if self.alive: #登录成功 threading.Thread(target=self.startHeart).start() #心跳 return True elif self.verify: #需要验证码 pass else: return False
def tlv2(verifyCode, verifyToken1): tlv = '' tlv += Coder.num2hexstr(len(verifyCode) / 2, 4) + verifyCode tlv += Coder.num2hexstr(len(verifyToken1) / 2, 2) + verifyToken1 tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv tlv = Coder.trim('00 02') + tlv return tlv
def tlv107(): tlv = '' tlv += Coder.trim('00 00') tlv += Coder.trim('00 00 00 01') tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv tlv = Coder.trim('01 07') + tlv return tlv
def tlv8(): tlv = '' tlv += Coder.trim('00 00') tlv += Coder.trim('00 00 08 04') #request_global._local_id tlv += Coder.trim('00 00') tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('00 08') + tlv return tlv
def online(self): self.FunSend(Coder.hexstr2str(self.Pack_OidbSvc_0x7a2_0())) self.Fun_recv() self.FunSend( Coder.hexstr2str(self.Pack_StatSvc_Register(self.qqnum, 7, 11, 0))) self.Fun_recv()
def tlv202(wifi_name): tlv = '' tlv += Coder.trim('00 10') tlv += Coder.trim('F5 AC 6C 03 0C 31 AE 5C 26 2E BE 49 86 23 65 1E') tlv += Coder.num2hexstr(len(wifi_name)/2, 2) + wifi_name tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('02 02') + tlv return tlv
def __init__(self): self.stub = self self.msg_count = 1 self.bcd_table = '0123456789ABCDEF' self.keys = "" self.keys = self.keys.replace('\r', '').replace('\n', '').replace(' ', '') self.keys = Coder.hexstr2str(Coder.trim(self.keys))
def AutoReceiveFriends(self, targetQQ): if config.AutoAgreeAddFriend == True: data = Packet.Pack_friendlistGetAutoInfoReq(self, targetQQ) self.FunSend(Coder.hexstr2str(data)) time.sleep(1) data1 = Packet.Pack_ProfileServicePbReqSystemMsgActionFriend( self, targetQQ) self.FunSend(Coder.hexstr2str(data1))
def tlv8(): tlv = '' tlv += Coder.trim('00 00') tlv += Coder.trim('00 00 08 04') #request_global._local_id tlv += Coder.trim('00 00') tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv tlv = Coder.trim('00 08') + tlv return tlv
def tlv202(wifi_name): tlv = '' tlv += Coder.trim('00 10') tlv += Coder.trim('F5 AC 6C 03 0C 31 AE 5C 26 2E BE 49 86 23 65 1E') tlv += Coder.num2hexstr(len(wifi_name) / 2, 2) + wifi_name tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv tlv = Coder.trim('02 02') + tlv return tlv
def unpackRecvLoginVerifyMessage(self, data): data = TEA.detea_hexstr(data, self.shareKey) pack = HexPacket(data) pack.shr(3) tlv_num = Coder.hexstr2num(pack.shr(2)) for i in xrange(tlv_num): tlv_cmd = pack.shr(2) tlv_data = pack.shr(Coder.hexstr2num(pack.shr(2))) self.decodeTlv(tlv_cmd, tlv_data)
class test(): if __name__ == '__main__': print 111 code = '3c8c40ab23bc0024d7f0ae9408004500039b40e840008006c623c0a86407716c5a35cbce1f90d7280432bea3a13c5018409962ed000000000373000000080200000004000000000d3633343534353339397a990a6f0da475adcf8c1ed97a7bd860baeaf32322c29186adf521109e60560b579d739d4f891b2e257bea15b0b67d907d388deae0e6b90492456eff361d13b7678cc800352238077f9e1f7124a7b05c252f33cc866da276441b5b2c12a6e487d910e5a51511c9df7008ccc6a51746dc1e7ab36b2deea4f8f007fe42831cb4929192d98e53dec70d03807096bb3bfd16a758465c8bfacfca72ffb2613471718a9e9bcfc1559e51d431a74eefc36f424e143d065e36ca5692f7b85674482a44832aa835703c8999a4a8b97e7b564d0e43274a4ec223ce42eaf38e5fcc68bdf2d054877e2ab27c0f78c3d23bcde79f13fe5c4cad1e6b16ab4352c106ea384e06e9cb185bdeeec36f1ad271cd6e9e65a4c30a424f22ab892430d89c7ff9c461f7e5e721d0391ed1796a2a047eca9e895b50de787e3e1173a98977a4b7581015e21b71d98ec9fbf69157965473150a50222b6d21bff57e2269eaff9eb336563629f99c906dcd1f23aef8ada277bee00c979209e43d6c3404ab9ba41c7c769e37c435441c3adff0359e17d966782adc4105424712d7f03c7906deb73b9e71fb960105c5faf233647291dcaf00f97562b7f300fe77cdac08d81b8137c817491306a95430045488f064b7a219a60c768bf83e3fdc5f26d8f8c8e997f22c166026fec63707706c9a111e5317f138fa22eb3d8dcba6731f0fac3e0ef73a63d9481752feefe3db2c72f57d048804e70f40f9b93108d7a233d81d1de5d175f2392566e18a0263fd20e1f05e31c21b67678afd6f2c9ff0953c83020fe3feb2213f2e496ad17b3d24485ae6abadead85e31704dc9c1ce6aefbd7b2ed1d5e17b786fd8cd37e164eacea9ec60c6f6fa1c5965ffefe8f69148e60c27ce772551157fba9d46c87df59d87fb8f4d383184f52aaa911eed8fd8750e87e221aa18642fd5856376aeb5adbd45b1bf589ef143f44ca5781b82ec5d7ddd3aaae2b1d5c962ec2835bb6599ba1f3d16271ccc262cf0d20e65b1a8741f7fbdca64317759b232ba3a8fc820d3449be7e008609e7dee817df72604c7f20139a2e762f2799fce00bf81f3832de40415ec4c0f90e4af0df5cda6a456b15bee7ce3689688abaf427568fa9551a19eb542ad1e01ba4bed153809bc59c869438f7c09bf124f2aa9b06610bf5f4319bcd05eefe3079c1a1eb38bed8e096e1bea6ee8a1075c6ca3c2f9' #print Coder.hexstr2str(code); # print code.encode('hex'); print 8 << 4 print Coder.num2hexstr(len(Coder.str2hexstr('634545399')) / 2 + 4, 4) print Coder.str2hexstr('634545399') qq = AndroidQQ('634545399', 'xiaomin0322####') packet = qq.packSendLoginMessage() print Coder.num2hexstr(len(packet) / 2 + 4, 4) print len(packet) # ss = '7a215d1c28d0681072f3370142669487fee6b5a222b18751a1a4ce6da0b952253994e847c9e1399a945be54facbd25d5f0d25b8325114dbfc40c2c5c48db42e9fb02e8c566529f7705d7fdf8958b2de7944f5fcfab050838d4809c83b5ab657cf4a4c2042129169059f8053e6f0cd5f0b5ed75dee694a70b236b6d040055bc336ebf678a520911be00e057435ac6c0b21f40718338e696133bc7df52d51632053484b5e53a8a82fde7b148fe5f91bc546d92b1a24f48db2863f7741df7881085a78f75f9b7912c57ccff62bddaa821e4e41dd08ca6c995a5c766b5763c8afcfc96feb80944017eb95e87b0e2f1b156aeb86c0c38d2521a8e9a7cac7ab4184c5d1f89b43dc16e9d24aed14a9f798a974a9ad6555f41ee65d1f5094a8b845140ecfbe01774d0a6ac2a3af893b7a60bdae2d92285bddd0b2162501bc726fbb169abc3c0388e49584f2839225cd5748a8cea428cb89d9f8b36fbacbfdfbbcf2c331d6e548a21c3490a29a20b904f6bf3766042ce90c45376830ce23ca65b261ed79d08722b02aa9d0f3589671efa5860db35fa7e352c765747cfad6ee9ee908dc3b49b9995120c6fe70667250ee615d64004dd20951a274fa7a635262b509db37e1e1115d269c2b90af5da75530e5bba7573798355f6e2839a1fb71c3adf4bf361df606180b71d81bc6faa1132478c0da88475ed835cdda5626142163fb3cf1009730cf18a560fc6c072f84f1e860ed2fed6d58a5befdee5f1579bd978057cdaa59b83940256b9b109984fe16b624338869ed8d01d7e969054abe7f8ae6efc2ba8cf88be35158380f2638bc1c1d86b33f73850d1a3631f5c74aedba7908ac8989729619f192a67809734a21c274c3469384ba209baa1fb60a7e48bc823383ee7a667532e59799b807bb862935e0e72900be302b8f14ada32e30dcb06773db42ea695ae0fdba8440b40c63963452733a9a4fb745df6d29e8a1f7a0c806b2e64f53bac94b7bb6791a36006126f28d1cb975c8253e8148069e4d460cbf3d018b75baebbc9b8ff052cb62c2e39b30d6111f0aca0cb56a852797d1eeefe243168bc87f5b5b574109198c626c64cde9a59d5be65c2f87708de9118b5e272176ec6f7b9bcb030aea0e3a498648aad32d7ddf16e74d9145ee9afab1e29a67012984eb144ae2fa5743bd2b6b209ccef89975d51d122794bd7700df174c5bd' #print TEA.detea_hexstr(ss,'00'*16) ss = '886c8763f92b24c6b7b430906a5466ecdf06d5a9278827279819457bdf1138b901a449f185c23806b0f66a3bb58e4d7b40324bde661bb3e0f31b9d314c21c36de6a6dcd2fa922e5bf53bf27cbac4479aff1295a084d6a9dce8e36fddccbb605267d4fd775fd09a96ab338bba38df5baf51e74266e9ae797c7a6f9c19aea63d551a5639aceb17dc8dbd262b3451f39f3e3b23cf5a964ab52128e31a0b9a88b4fae0ff3b276fc7f450031768de11b57f4773b7bc18218cc5e8261cf2df3a880ef351c195e026596ef5518ffa9765f7a8e458656f1ca72878e8b99f4219ed48ed1b9216c163642aeeffdfa430fcfc02cb58ff0696a313b23de17c77c7ee210155277394060d735ba5210b021a76794578331871275cb26b71880da0843a7bc603e3039fa3094845b6fa21e45a37f795d3103245898a965605d2be285de3a5f135af5478702d2561dbf7b7d1e9b7db8b3297a9a09d86cf812bbf57d7f125ec72c1b05473048cf33297f6f43a9f5c7765e879b77ee7dc73ea372663fda6142bd2686346344557d9c51d6257ea62f7433823e2fe5658543e3874ff33da458ff8e8aedacde7ccb88c6f5bfd6d838ea1a12beedd17a3e8f857b7edd5fcb58ba163ac140a644ce6b86d03c455449f7f25d07991804d97ba6a7c8e014556ac38cb205b28ea0806fdde2eef3b8f70f91dab155efcb1dab319ef8933c6ce00c5a021ab9d8a4f7a37f1f3c66ce3ae165cd9163788385ea77dc06bb15f9476f178e5f2e5f0603948682dabc76cf36a833694d126dde1cc2c730974d1c820f8ee8e9d350f80f63ab5661f92b912cbbdf31543718fd036587c33c303d1665078c39b9c4709d539ba39ab60c345e9731b9276854d25b6e0f3d4d93ddcd425ce5d28ae39cccd90f2086881f38384a9fa847e5e762eb2cde2719a75b1bd4316426e4259efc851826808683b6bd68b7e769b9eaeefb7bcec8bd81c4f66ebfda3fe7fa937a436c459c54f7dd34cfde5a2957704f10d0e46455df476a39256ecbfaa993282100fcdfa8c0d0cd231354748126d31fb95e8083bba7b82a8030a3bf9b0409cb290f8add92e59069994adfb082555b6c0ea2bc5fa51f8b31c608904c12a12987f2de6973cee52fec49a3072949f863334a4142155e846d8ead69cfc6b744b6ec166495d549c0af06a110bbb76d0149f3f83ad3162b4a00ae50dfec4ef8468' packSendLoginMessage = TEA.detea_hexstr(ss, '00' * 16) print packSendLoginMessage packSendLoginTlv = packSendLoginMessage[382:1678] testShareKey = '579C2169A0A34E1162C6E6DB66C2D45D' packSendLoginTlv = TEA.detea_hexstr(packSendLoginTlv, testShareKey) print packSendLoginTlv[108:340] tvl106 = packSendLoginTlv[108:340] print 'tvl106 val ' + tvl106 tvl106 = tvl106[8:len(tvl106)] print 'tvl106 endocer ' + tvl106 pwdKey = '919260a4e19d44a59b5932b8790fc37d' tvl106 = TEA.detea_hexstr(tvl106, pwdKey) tgtKeys = tvl106[102:134] print 'tgtkeys ' + tgtKeys
def unpackRecvLoginVerifyMessage(self, data): data = TEA.detea_hexstr(data, self.shareKey) pack = HexPacket(data) pack.shr(3) tlv_num = Coder.hexstr2num(pack.shr(2)) for i in xrange(tlv_num): tlv_cmd = pack.shr(2) tlv_data = pack.shr(Coder.hexstr2num(pack.shr(2))) self.decodeTlv(tlv_cmd, tlv_data) pass
def tlv144(tgtKey, imei, os_type, os_version, network_type, sim_operator_name, apn, device, device_product): tlv = '' tlv += Coder.trim('00 04') tlv += Tlv.tlv109(imei) tlv += Tlv.tlv124(os_type, os_version, network_type, sim_operator_name, apn) tlv += Tlv.tlv128(device, imei, device_product) tlv += Tlv.tlv16e(device) tlv = TEA.entea_hexstr(tlv, tgtKey) tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 44') + tlv return tlv
def Make_sendSsoMsg(self, cmd, bin): serviceCmd = Coder.str2hexstr(cmd) msg = '' msg += Coder.num2hexstr(len(serviceCmd) / 2 + 4, 4) + serviceCmd msg += Coder.num2hexstr(len(self.msgCookies2) / 2 + 4, 4) + self.msgCookies2 data = '' data += Coder.num2hexstr(len(msg) / 2 + 4, 4) + msg data += bin value = TEA.entea_hexstr(data, self.qqkey) return value
def unpackRecvLoginSucceedMessage(data): data = TEA.detea_hexstr(data,'9A1BDA11D3BEA2DEDC58C487B3D174BA') #shareKey pack = HexPacket(data) pack.shr(2 + 1 + 4) data = pack.shr(Coder.hexstr2num(pack.shr(2))) #TLV解包 data = TEA.detea_hexstr(data,'9d2a2efab0653d0aecdb8a3e97c4dd22')#tgtKey pack = HexPacket(data) tlv_num = Coder.hexstr2num(pack.shr(2)) for i in xrange(tlv_num): tlv_cmd = pack.shr(2) tlv_data = pack.shr(Coder.hexstr2num(pack.shr(2))) decodeTlv(tlv_cmd, tlv_data)
def unpackRecvLoginSucceedMessage(self, data): data = TEA.detea_hexstr(data, self.shareKey) pack = HexPacket(data) pack.shr(2 + 1 + 4) data = pack.shr(Coder.hexstr2num(pack.shr(2))) #TLV解包 data = TEA.detea_hexstr(data, self.tgtKey) pack = HexPacket(data) tlv_num = Coder.hexstr2num(pack.shr(2)) for i in xrange(tlv_num): tlv_cmd = pack.shr(2) tlv_data = pack.shr(Coder.hexstr2num(pack.shr(2))) self.decodeTlv(tlv_cmd, tlv_data)
def tlv128(device, imei, device_product): tlv = '' tlv += Coder.trim('00 00') tlv += Coder.trim('01') tlv += Coder.trim('01') tlv += Coder.trim('00') tlv += Coder.trim('11 00 00 00') tlv += Coder.num2hexstr(len(device) / 2, 2) + device tlv += Coder.num2hexstr(len(imei) / 2, 2) + imei tlv += Coder.num2hexstr(len(device_product) / 2, 2) + device_product tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv tlv = Coder.trim('01 28') + tlv return tlv
def tlv128(device, imei, device_product): tlv = '' tlv += Coder.trim('00 00') tlv += Coder.trim('01') tlv += Coder.trim('01') tlv += Coder.trim('00') tlv += Coder.trim('11 00 00 00') tlv += Coder.num2hexstr(len(device)/2, 2) + device tlv += Coder.num2hexstr(len(imei)/2, 2) + imei tlv += Coder.num2hexstr(len(device_product)/2, 2) + device_product tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 28') + tlv return tlv
def packSendLoginTlv(self, verifyCode=None): if verifyCode == None: tlv = '' tlv += Coder.trim('00 09') tlv += Coder.trim('00 14') #tlv包个数 #tlv组包 tlv += Tlv.tlv18(self.uin) tlv += Tlv.tlv1(self.uin, self.server_time) print 'packSendLoginTlv tlv106 start ' + bytes(len(tlv)) tvl106 = Tlv.tlv106(self.uin, self.server_time, self.pwdMd5, self.tgtKey, self.imei, self.appId, self.pwdKey) tlv +=tvl106 print 'packSendLoginTlv tlv106 end ' + bytes(len(tlv)) tlv += Tlv.tlv116() tlv += Tlv.tlv100() tlv += Tlv.tlv107() tlv += Tlv.tlv144(self.tgtKey, self.imei, self.os_type, self.os_version, self.network_type, self.sim_operator_name, self.apn, self.device, self.device_product) tlv += Tlv.tlv142(self.package_name) tlv += Tlv.tlv145(self.imei) tlv += Tlv.tlv154(self.seq) tlv += Tlv.tlv141(self.sim_operator_name, self.network_type, self.apn) tlv += Tlv.tlv8() tlv += Tlv.tlv16b() tlv += Tlv.tlv147() tlv += Tlv.tlv177() tlv += Tlv.tlv187() tlv += Tlv.tlv188() tlv += Tlv.tlv191() tlv += Tlv.tlv194() tlv += Tlv.tlv202(self.wifi_name) print 'tvl106 index :' + bytes(tlv.find(tvl106)) + '----' + bytes(tlv.find(tvl106)+len(tvl106)) print 'packSendLoginTlv tlv :'+tlv tlv = TEA.entea_hexstr(tlv, self.shareKey) return tlv else: tlv = '' tlv += Coder.trim('00 02') tlv += Coder.trim('00 04') #tlv组包 tlv += Tlv.tlv2(verifyCode, self.verifyToken1) tlv += Tlv.tlv8() tlv += Tlv.tlv104(self.verifyToken2) tlv += Tlv.tlv116() tlv = TEA.entea_hexstr(tlv, self.shareKey) return tlv
def Write_RequestPacket(Version, RequestId, ServantName, FuncName, Bin): data = '' data += out.WriteShort(Version, 1) data += out.WriteShort(0, 2) data += out.WriteShort(0, 3) data += out.WriteInt(RequestId, 4) data += out.WriteStringByte(ServantName, 5) data += out.WriteStringByte(FuncName, 6) data += out.WriteSimpleList(Bin, 7) data += out.WriteInt(0, 8) data += Coder.trim('98 0C') data += Coder.trim('A8 0C') return data
def SendFriendImageMsg(self, targetQQ, ImgName, ImgPath): ImaFileName = ImgName + '.jpg' data = Packet.SendImageMsg(self, '', targetQQ, ImgName, ImaFileName, ImgPath) self.FunSend(Coder.hexstr2str(data))
def Pack_sendSsoMsg_simple(self, bin): msg = '' msg += out.WriteJceStruct(Coder.hexstr2str(bin), 0) ##十六进制转换字符串 map = config.JceMap() map.key_type = config.TYPE_STRING1 map.value_type = config.TYPE_SIMPLE_LIST map.key = 'SvcReqGet' map.value = Coder.hexstr2str(msg) ##十六进制转换字符串 value = out.WriteMap(map, 0) data = '' data += self.Write_RequestPacket(3, 1819559151, 'PushService', 'SvcReqGet', Coder.hexstr2str(value)) reee = Coder.num2hexstr(len(data) / 2 + 4, 4) + data return reee
def Pack_StatSvc_Register(self, Uin, Bid, Status, timeStamp): data = JceFactory.Write_SvcReqRegister(Uin, Bid, Status, timeStamp) bin = out.WriteJceStruct(Coder.hexstr2str(data), 0) map = config.JceMap() map.key_type = config.TYPE_STRING1 map.value_type = config.TYPE_SIMPLE_LIST map.key = "SvcReqRegister" map.value = Coder.hexstr2str(bin) value = out.WriteMap(map, 0) bin = self.Write_RequestPacket(3, 0, 'PushService', 'SvcReqRegister', Coder.hexstr2str(value)) aaa = self.Make_login_sendSsoMsg('StatSvc.register', bin) return self.pack(aaa, 1)
def SendGroupMemberImageMsg(self, GroupQQ, targetQQ, ImgName, ImgPath): #GroupQQ = '574240651' #targetQQ = '296603528' #ImgName = '936ee06bd035095c991c5a2572614ae4' ImaFileName = ImgName + '.jpg' #ImgPath = '/7b9da5a3-8b5b-462f-a03c-eb9c6f37ebb8A' data = Packet.SendImageMsg(self, GroupQQ, targetQQ, ImgName, ImaFileName, ImgPath) self.FunSend(Coder.hexstr2str(data))
def tlv100(): tlv = '' tlv += Coder.trim('00 01') tlv += Coder.trim('00 00 00 05') tlv += Coder.trim('00 00 00 10') tlv += Coder.trim('20 02 9F 54') tlv += Coder.trim('00 00 00 00') tlv += Coder.trim('02 1E 10 E0') tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 00') + tlv return tlv
def tlv100(): tlv = '' tlv += Coder.trim('00 01') tlv += Coder.trim('00 00 00 05') tlv += Coder.trim('00 00 00 10') tlv += Coder.trim('20 02 9F 54') tlv += Coder.trim('00 00 00 00') tlv += Coder.trim('02 1E 10 E0') tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv tlv = Coder.trim('01 00') + tlv return tlv
def tlv124(os_type, os_version, network_type, sim_operator_name, apn): tlv = '' tlv += Coder.num2hexstr(len(os_type)/2, 2) + os_type tlv += Coder.num2hexstr(len(os_version)/2, 2) + os_version tlv += Coder.num2hexstr(len(network_type)/2, 2) + network_type tlv += Coder.num2hexstr(len(sim_operator_name)/2, 2) + sim_operator_name tlv += Coder.trim('00 00') tlv += Coder.num2hexstr(len(apn)/2, 2) + apn tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 24') + tlv return tlv
def tlvdecode(value): data = value[8:] #去掉头 #TLV18 data = data[8:] data = data[28:] qqnum = data[:8] print qqnum data = data[8:] data = data[8:] #TLV1 value = data[4:] value = value[16:] qqnum = value[:8] value = value[8:] print qqnum value = value[8:] #时间 value = value[12:] print value #TLV106 value1 = value[4:] #01 06 lenstr1 = Coder.hexstr2num(value1[:4]) * 2 str = value1[4:][:lenstr1] print '106加密前', str pwdKey = Coder.hash_qqpwd_hexstr('188075889', 'qw6012827') print 'pwdKey', pwdKey string = TEA.detea_hexstr(str, pwdKey) print '106解密后', string value = string[4:] value = value[8:] value = value[32:] value = value[16:] value = value[10:] pwdmd5 = MD5.md5_hex('qw6012827') print pwdmd5 value = value[32:] tgtKey = value[:32] print 'tgtKey', tgtKey
def AutoReceiveAddGroup(self, targetQQ, GroupNumber): if config.AutoAgreeGroup == True: # data = Packet.ProfileServicePbReqSystemMsgNewGroup(self) # self.FunSend(Coder.hexstr2str(data)) # data1 = Packet.Pack_GetSimpleInfo(self,targetQQ) # self.FunSend(Coder.hexstr2str(data1)) # data2 = Packet.Pack_ProfileServicePbReqSystemMsgActionGroup(self,targetQQ,GroupNumber) # self.FunSend(Coder.hexstr2str(data2)) data = Packet.Pack_AutoReceiveGroupRequests( self, targetQQ, GroupNumber) self.FunSend(Coder.hexstr2str(data))
def tlv147(): tlv = '' tlv += Coder.trim('00 00 00 10') tlv += Coder.trim('00 05') tlv += Coder.trim('35 2E 38 2E 30') #request_global._apk_v = 5.8.0 tlv += Coder.trim('00 10') tlv += Coder.trim('A6 B7 45 BF 24 A2 C2 77 52 77 16 F6 F3 6E B6 8D') #request_global._apk_sig tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 47') + tlv return tlv
def tlv16b(): tlv = '' tlv += Coder.trim('00 02') tlv += Coder.trim('00 0B') tlv += Coder.trim('67 61 6D 65 2E 71 71 2E 63 6F 6D') #game.qq.com tlv += Coder.trim('00 0B') tlv += Coder.trim('67 61 6D 65 2E 71 71 2E 63 6F 6D') tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 6B') + tlv return tlv
def tlv16b(): tlv = '' tlv += Coder.trim('00 02') tlv += Coder.trim('00 0B') tlv += Coder.trim('67 61 6D 65 2E 71 71 2E 63 6F 6D') #game.qq.com tlv += Coder.trim('00 0B') tlv += Coder.trim('67 61 6D 65 2E 71 71 2E 63 6F 6D') tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv tlv = Coder.trim('01 6B') + tlv return tlv
def unpackRecvLoginMessage(data): data = TEA.detea_hexstr(data, '00'*16) pack = HexPacket(data) head = pack.shr(Coder.hexstr2num(pack.shr(4))-4) body = pack.remain(1) #head pack = HexPacket(head) Coder.hexstr2num(pack.shr(4)) #seq pack.shr(4) pack.shr(Coder.hexstr2num(pack.shr(4))-4) Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(4))-4)) #cmd pack.shr(Coder.hexstr2num(pack.shr(4))-4) #body pack = HexPacket(body) pack.shr(4 + 1 + 2 + 10 + 2) retCode = Coder.hexstr2num(pack.shr(1)) if retCode == 0: #登录成功 unpackRecvLoginSucceedMessage(pack.remain())
def tlv18(uin): tlv = '' tlv += Coder.trim('00 01') tlv += Coder.trim('00 00 06 00') tlv += Coder.trim('00 00 00 10') tlv += Coder.trim('00 00 00 00') tlv += uin tlv += Coder.trim('00 00 00 00') tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv tlv = Coder.trim('00 18') + tlv return tlv
def tlv18(uin): tlv = '' tlv += Coder.trim('00 01') tlv += Coder.trim('00 00 06 00') tlv += Coder.trim('00 00 00 10') tlv += Coder.trim('00 00 00 00') tlv += uin tlv += Coder.trim('00 00 00 00') tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('00 18') + tlv return tlv
def packSendLoginTlv(self, verifyCode=None): if verifyCode == None: tlv = '' tlv += Coder.trim('00 09') tlv += Coder.trim('00 14') #tlv包个数 #tlv组包 tlv += Tlv.tlv18(self.uin) tlv += Tlv.tlv1(self.uin, self.server_time) tlv += Tlv.tlv106(self.uin, self.server_time, self.pwdMd5, self.tgtKey, self.imei, self.appId, self.pwdKey) tlv += Tlv.tlv116() tlv += Tlv.tlv100() tlv += Tlv.tlv107() tlv += Tlv.tlv144(self.tgtKey, self.imei, self.os_type, self.os_version, self.network_type, self.sim_operator_name, self.apn, self.device, self.device_product) tlv += Tlv.tlv142(self.package_name) tlv += Tlv.tlv145(self.imei) tlv += Tlv.tlv154(self.seq) tlv += Tlv.tlv141(self.sim_operator_name, self.network_type, self.apn) tlv += Tlv.tlv8() tlv += Tlv.tlv16b() tlv += Tlv.tlv147() tlv += Tlv.tlv177() tlv += Tlv.tlv187() tlv += Tlv.tlv188() tlv += Tlv.tlv191() tlv += Tlv.tlv194() tlv += Tlv.tlv202(self.wifi_name) tlv = TEA.entea_hexstr(tlv, self.shareKey) return tlv else: tlv = '' tlv += Coder.trim('00 02') tlv += Coder.trim('00 04') #tlv组包 tlv += Tlv.tlv2(verifyCode, self.verifyToken1) tlv += Tlv.tlv8() tlv += Tlv.tlv104(self.verifyToken2) tlv += Tlv.tlv116() tlv = TEA.entea_hexstr(tlv, self.shareKey) return tlv
def tlv106(uin, server_time, pwdMd5, tgtKey, imei, appId, pwdKey): tlv = '' tlv += Coder.trim('00 03') tlv += Coder.genBytesHexstr(4) tlv += Coder.trim('00 00 00 05 00 00 00 10 00 00 00 00 00 00 00 00') tlv += uin tlv += server_time tlv += Coder.trim('00 00 00 00 01') tlv += pwdMd5 tlv += tgtKey tlv += Coder.trim('00 00 00 00 01') tlv += imei tlv += appId tlv += Coder.trim('00 00 00 01') tlv += Coder.trim('00 00') tlv = TEA.entea_hexstr(tlv, pwdKey) tlv = Coder.num2hexstr(len(tlv) / 2, 2) + tlv tlv = Coder.trim('01 06') + tlv return tlv
def tlv106(uin, server_time, pwdMd5, tgtKey, imei, appId, pwdKey): tlv = '' tlv += Coder.trim('00 03') tlv += Coder.genBytesHexstr(4) tlv += Coder.trim('00 00 00 05 00 00 00 10 00 00 00 00 00 00 00 00') tlv += uin tlv += server_time tlv += Coder.trim('00 00 00 00 01') tlv += pwdMd5 tlv += tgtKey tlv += Coder.trim('00 00 00 00 01') tlv += imei tlv += appId tlv += Coder.trim('00 00 00 01') tlv += Coder.trim('00 00') tlv = TEA.entea_hexstr(tlv, pwdKey) tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 06') + tlv return tlv
def tlv141(sim_operator_name, network_type, apn): tlv = '' tlv += Coder.trim('00 01') tlv += Coder.num2hexstr(len(sim_operator_name)/2, 2) + sim_operator_name tlv += Coder.num2hexstr(len(network_type)/2, 2) + network_type tlv += Coder.num2hexstr(len(apn)/2, 2) + apn tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 41') + tlv return tlv
def tlv116(): tlv = '' tlv += Coder.trim('00') tlv += Coder.trim('00 01 FF 7C') tlv += Coder.trim('00 01 04 00') tlv += Coder.trim('00') tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 16') + tlv return tlv
def tlv177(): tlv = '' tlv += Coder.trim('01') tlv += Coder.trim('55 A3 23 2E') tlv += Coder.trim('00 07') tlv += Coder.trim('35 2E 34 2E 30 2E 37') #5.4.0.7 tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 77') + tlv return tlv
def tlv1(uin, server_time): tlv = '' tlv += Coder.trim('00 01') tlv += Coder.genBytesHexstr(4) tlv += uin tlv += server_time tlv += Coder.trim('00 00 00 00') tlv += Coder.trim('00 00') tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('00 01') + tlv return tlv
def packSendLoginMessage(self, verifyCode=None): #MessageHead msgHeader = '' msgHeader += Coder.num2hexstr(self.seq+1, 4) msgHeader += self.appId msgHeader += self.appId msgHeader += Coder.trim('01 00 00 00 00 00 00 00 00 00 00 00') msgHeader += Coder.num2hexstr(len(self.extBin)/2+4, 4) + self.extBin msgHeader += Coder.num2hexstr(len(self.loginCmd)/2+4, 4) + self.loginCmd msgHeader += Coder.num2hexstr(len(self.msgCookies)/2+4, 4) + self.msgCookies msgHeader += Coder.num2hexstr(len(self.imei)/2+4, 4) + self.imei msgHeader += Coder.num2hexstr(len(self.ksid)/2+4, 4) + self.ksid msgHeader += Coder.num2hexstr(len(self.ver)/2+2, 2) + self.ver msgHeader = Coder.num2hexstr(len(msgHeader)/2+4, 4) + msgHeader #Message msg = '' msg += Coder.trim('1F 41') msg += Coder.trim('08 10 00 01') msg += self.uin msg += Coder.trim('03 07 00 00 00 00 02 00 00 00 00 00 00 00 00 01 01') msg += self.randomKey msg += Coder.trim('01 02') msg += Coder.num2hexstr(len(self.pubKey)/2, 2) + self.pubKey #TEA加密的TLV msg += self.packSendLoginTlv(verifyCode) msg += Coder.trim('03') msg = Coder.num2hexstr(len(msg)/2+2+1, 2) + msg msg = Coder.trim('02') + msg msg = Coder.num2hexstr(len(msg)/2+4, 4) + msg packet = msgHeader + msg packet = TEA.entea_hexstr(packet, self.defaultKey) return packet
def tlv154(seq): tlv = '' tlv += Coder.num2hexstr(seq, 4) tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 54') + tlv return tlv
def tlv104(verifyToken2): tlv = '' tlv += verifyToken2 tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 04') + tlv return tlv
def tlv194(): tlv = '' tlv += Coder.trim('65 68 D4 A4 FA CA 6E 78 B3 6B 07 40 C2 71 A8 6E') tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 94') + tlv return tlv
def tlv187(): tlv = '' tlv += Coder.trim('F9 03 BA FF 80 D5 BA AC DC EA 9C 16 49 6F 53 83') tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 87') + tlv return tlv
def unpackRecvLoginMessage(self, data): data = TEA.detea_hexstr(data, self.defaultKey) pack = HexPacket(data) head = pack.shr(Coder.hexstr2num(pack.shr(4))-4) body = pack.remain(1) #head pack = HexPacket(head) Coder.hexstr2num(pack.shr(4)) #seq pack.shr(4) pack.shr(Coder.hexstr2num(pack.shr(4))-4) Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(4))-4)) #cmd pack.shr(Coder.hexstr2num(pack.shr(4))-4) #body pack = HexPacket(body) pack.shr(4 + 1 + 2 + 10 + 2) retCode = Coder.hexstr2num(pack.shr(1)) if retCode == 0: #登录成功 self.unpackRecvLoginSucceedMessage(pack.remain()) print u'登录成功: ', self.nickname self.alive = True self.verify = False elif retCode == 2: #需要验证码 self.unpackRecvLoginVerifyMessage(pack.remain()) print self.verifyReason self.alive = False self.verify = True threading.Thread(target=Img.showFromHexstr, args=(self.verifyPicHexstr, )).start() code = raw_input(u'请输入验证码:') self.login(Coder.str2hexstr(code)) else: #登录失败 pack = HexPacket(TEA.detea_hexstr(pack.remain(), self.shareKey)) pack.shr(2 + 1 + 4 + 2) pack.shr(4) #type title = Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(2)))) msg = Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(2)))) print title, ': ', msg self.alive = False self.verify = False
def tlv188(): tlv = '' tlv += Coder.trim('3F D1 F5 BA 24 67 56 F3 97 87 49 AE 1D 67 76 EE') tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 88') + tlv return tlv
def decodeTlv(self, cmd, data): if cmd == Coder.trim('01 6A'): pass elif cmd == Coder.trim('01 06'): pass elif cmd == Coder.trim('01 0C'): pass elif cmd == Coder.trim('01 0A'): self.token004c = data elif cmd == Coder.trim('01 0D'): pass elif cmd == Coder.trim('01 14'): pack = HexPacket(data) pack.shr(6) self.token0058 = pack.shr(Coder.hexstr2num(pack.shr(2))) elif cmd == Coder.trim('01 0E'): self.mst1Key = data elif cmd == Coder.trim('01 03'): self.stweb = data elif cmd == Coder.trim('01 1F'): pass elif cmd == Coder.trim('01 38'): pass elif cmd == Coder.trim('01 1A'): pack = HexPacket(data) pack.shr(2 + 1 + 1) self.nickname = Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(1)))) elif cmd == Coder.trim('01 20'): self.skey = data elif cmd == Coder.trim('01 36'): self.vkey = data elif cmd == Coder.trim('01 1A'): pass elif cmd == Coder.trim('01 20'): pass elif cmd == Coder.trim('01 36'): pass elif cmd == Coder.trim('03 05'): self.sessionKey = data elif cmd == Coder.trim('01 43'): self.token002c = data elif cmd == Coder.trim('01 64'): self.sid = data elif cmd == Coder.trim('01 18'): pass elif cmd == Coder.trim('01 63'): pass elif cmd == Coder.trim('01 30'): pack = HexPacket(data) pack.shr(2) self.server_time = pack.shr(4) self.ip = Coder.hexstr2ip(pack.shr(4)) elif cmd == Coder.trim('01 05'): pack = HexPacket(data) self.verifyToken1 = pack.shr(Coder.hexstr2num(pack.shr(2))) self.verifyPicHexstr = pack.shr(Coder.hexstr2num(pack.shr(2))) elif cmd == Coder.trim('01 04'): self.verifyToken2 = data elif cmd == Coder.trim('01 65'): pack = HexPacket(data) pack.shr(4) title = Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(1)))) msg = Coder.hexstr2str(pack.shr(Coder.hexstr2num(pack.shr(4)))) self.verifyReason = title + ": " + msg elif cmd == Coder.trim('01 08'): self.ksid = data elif cmd == Coder.trim('01 6D'): self.superKey = data elif cmd == Coder.trim('01 6C'): self.psKey = data else: print 'unknown tlv: ' print cmd, ': ', data
def tlv191(): tlv = '' tlv += Coder.trim('01') tlv = Coder.num2hexstr(len(tlv)/2, 2) + tlv tlv = Coder.trim('01 91') + tlv return tlv
def __init__(self, qqnum, qqpwd): self.socket = RawSocket('113.108.90.53', 8080) if not self.socket.connect(): raise Exception('socket connect error!') #QQ self.qqnum = qqnum self.qqpwd = qqpwd self.vcode = '' self.qqHexstr = Coder.str2hexstr(qqnum) self.pwdMd5 = MD5.md5_hex(qqpwd) self.uin = Coder.qqnum2hexstr(qqnum) self.HEART_INTERVAL = 8*60 #心跳时间间隔 如果在手机QQ上注销/退出帐号后,一般10分钟左右您的QQ号就不会显示在线了 self.server_time = Coder.num2hexstr(int(time.time()), 4) self.alive = False self.verify = False #Android self.seq = 1000 self.appId = Coder.num2hexstr(537042772, 4) self.extBin = Coder.trim('') self.msgCookies = Coder.trim('F9 83 8D 80') self.imei = Coder.str2hexstr('864116195797922') self.ksid = Coder.trim('') self.extBin = Coder.trim('') self.ver = Coder.str2hexstr('|460006202217491|A5.8.0.157158') self.os_type = Coder.str2hexstr('android') self.os_version = Coder.str2hexstr('4.2.2') self.network_type = Coder.str2hexstr('') self.sim_operator_name = Coder.str2hexstr('CMCC') self.apn = Coder.str2hexstr('wifi') self.device = Coder.str2hexstr('Lenovo A820t') self.device_product = Coder.str2hexstr('Lenovo') self.package_name = Coder.str2hexstr('com.tencent.mobileqq') self.wifi_name = Coder.str2hexstr('OOOOOOOOO') #cmd self.loginCmd = Coder.str2hexstr('wtlogin.login') #Keys self.defaultKey = '00'*16 self.randomKey = Coder.genBytesHexstr(16) self.keyId = random.randint(0, len(Keys.pubKeys)-1) self.pubKey = Keys.pubKeys[self.keyId] self.shareKey = Keys.shareKeys[self.keyId] self.pwdKey = Coder.hash_qqpwd_hexstr(qqnum, qqpwd) self.tgtKey = Coder.genBytesHexstr(16) self.sessionKey = '' #debug print 'uin: ', self.uin print 'pwdMd5: ', self.pwdMd5 print 'randomKey: ', self.randomKey print 'pubKey: ', self.pubKey print 'shareKey: ', self.shareKey print 'pwdKey: ', self.pwdKey print 'tgtKey: ', self.tgtKey