def packed(self):
"""转换消息体为二进制流"""
# 找到打包方法
method = getattr(self.parent, "pack_%s" % (self.parent.msgname), None)
send_msg = method(self.fields)
if self.parent.msgname == 'qq_pre_login':
return send_msg
if self.parent.msgname == 'qq_login':
return send_msg[:16] + tea.encrypt(send_msg[16:], self.qq.initkey)
return tea.encrypt(send_msg, self.qq.session)
def packed(self):
"""转换消息体为二进制流"""
# 找到打包方法
method = getattr(self.parent , "pack_%s" %(self.parent.msgname), None)
send_msg = method(self.fields)
if self.parent.msgname == 'qq_pre_login':
return send_msg
if self.parent.msgname == 'qq_login':
return send_msg[:16]+tea.encrypt(send_msg[16:],self.qq.initkey)
return tea.encrypt(send_msg,self.qq.session)
def internal_authenticate():
global cardservice
try:
challange_str = 'abcdefgh'
data = []
for x in challange_str:
data.append(ord(x))
header = [CLA, 0x88, 0x00, 0x00, 0x08]
response, sw1, sw2 = cardservice.connection.transmit(header+data)
if(sw1==0x61):
response = get_response(sw2)
response_str = ''
for x in response:
response_str += chr(x)
print "Response length : ", len(response_str)
key = [0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF]
key_str = ''
for x in key:
key_str += chr(x)
encrypted = tea.encrypt(challange_str, key_str)
if(response_str==encrypted[:8]):
print "Card is authenticated"
return True
else:
print "Card is not authenticated"
return False
except SWException, e:
print str(e)
return False
def external_authenticate():
global cardservice
try:
challange = get_challange()
challange_str = ''
for x in challange:
challange_str += chr(x)
key = [
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23, 0x45,
0x67, 0x89, 0xAB, 0xCD, 0xEF
]
key_str = ''
for x in key:
key_str += chr(x)
encrypted = tea.encrypt(challange_str, key_str)
data = []
for x in encrypted:
data.append(ord(x))
header = [CLA, 0x82, 0x00, 0x00, 0x08]
response, sw1, sw2 = cardservice.connection.transmit(header + data)
if (sw1 == 0x90 and sw2 == 0x00):
print "Terminal (external) Authenticated"
return response
except SWException, e:
print str(e)
return False
def getEncryption(self):
puk = rsa.PublicKey(int(
'F20CE00BAE5361F8FA3AE9CEFA495362'
'FF7DA1BA628F64A347F0A8C012BF0B25'
'4A30CD92ABFFE7A6EE0DC424CB6166F8'
'819EFA5BCCB20EDFB4AD02E412CCF579'
'B1CA711D55B8B0B3AEB60153D5E0693A'
'2A86F3167D7847A0CB8B00004716A909'
'5D9BADC977CBB804DBDCBA6029A97108'
'69A453F27DFDDF83C016D928B3CBF4C7',
16
), 3)
#e = int(self.qq).to_bytes(8, 'big')
e = uni2hex(self.qq)
d = hashlib.md5(self.pwd.encode())
#r = bytes.fromhex(o.hexdigest())
r = hexchar2bin(o.hexdigest())
p = hashlib.md5(r + e).hexdigest()
a = binascii.b2a_hex(rsa.encrypt(r, puk)).decode()
s = hex(len(a) // 2)[2:]
l = binascii.hexlify(self.vcode.upper().encode()).decode()
c = hex(len(l) // 2)[2:]
c = '0' * (4 - len(c)) + c
s = '0' * (4 - len(s)) + s
salt = s + a + binascii.hexlify(e).decode() + c + l
return base64.b64encode(
#tea.encrypt(bytes.fromhex(salt), bytes.fromhex(p))
tea.encrypt(hexchar2bin(salt), hexchar2bin(p))
).decode().replace('/', '-').replace('+', '*').replace('=', '_')
def pack_login(self):
self.timestamp = qq_timestamp()
login_packet = qq_bytearray()
login_packet = login_packet.append_hex( '00 09' )
login_packet = login_packet.append_u16( 19 )
login_packet = login_packet.append_str( self.tlv_18(self.uin) )
login_packet = login_packet.append_str( self.tlv_1(self.uin, self.timestamp) )
login_packet = login_packet.append_str( self.tlv_106(self.uin, self.md5, self.md5_2, self.tgtkey, self.imei, self.timestamp, self.appid) )
login_packet = login_packet.append_str( self.tlv_116() )
login_packet = login_packet.append_str( self.tlv_100(self.appid) )
login_packet = login_packet.append_str( self.tlv_107() )
login_packet = login_packet.append_str( self.tlv_108(self.ksid) )
p_109 = self.tlv_109( self.imei )
p_124 = self.tlv_124( self.os_type, self.os_version, self.network_type, self.apn )
p_128 = self.tlv_128( self.device, self.imei )
p_16e = self.tlv_16e( self.device )
login_packet.extend( self.tlv_144( self.tgtkey, p_109, p_124, p_128, p_16e ) )
login_packet.extend( self.tlv_142(self.apk_id) )
login_packet.extend( self.tlv_145(self.imei) )
login_packet.extend( self.tlv_154(self.requestid.get_and_freeze()) )
login_packet.extend( self.tlv_141(self.network_type, self.apn) )
login_packet.extend( self.tlv_8() )
login_packet.extend( self.tlv_16b() )
login_packet.extend( self.tlv_147(self.apk_version, self.apk_sign) )
login_packet.extend( self.tlv_177() )
login_packet.extend( self.tlv_187() )
login_packet.extend( self.tlv_188() )
login_packet.extend( self.tlv_191() )
login_packet = self.pack_pc('08 10', tea.encrypt(login_packet, self.sharekey), self.randkey, self.pubkey)
return self.Make_login_sendSsoMsg('wtlogin.login', login_packet, bytearray(), self.imei, self.ksid, self.ver, True)
def getEncryption(self):
puk = rsa.PublicKey(int(
'F20CE00BAE5361F8FA3AE9CEFA495362'
'FF7DA1BA628F64A347F0A8C012BF0B25'
'4A30CD92ABFFE7A6EE0DC424CB6166F8'
'819EFA5BCCB20EDFB4AD02E412CCF579'
'B1CA711D55B8B0B3AEB60153D5E0693A'
'2A86F3167D7847A0CB8B00004716A909'
'5D9BADC977CBB804DBDCBA6029A97108'
'69A453F27DFDDF83C016D928B3CBF4C7',
16
), 3)
e = int(self.qq).to_bytes(8, 'big')
o = hashlib.md5(self.pwd.encode())
r = bytes.fromhex(o.hexdigest())
p = hashlib.md5(r + e).hexdigest()
a = binascii.b2a_hex(rsa.encrypt(r, puk)).decode()
s = hex(len(a) // 2)[2:]
l = binascii.hexlify(self.vcode.upper().encode()).decode()
c = hex(len(l) // 2)[2:]
c = '0' * (4 - len(c)) + c
s = '0' * (4 - len(s)) + s
salt = s + a + binascii.hexlify(e).decode() + c + l
return base64.b64encode(
tea.encrypt(bytes.fromhex(salt), bytes.fromhex(p))
).decode().replace('/', '-').replace('+', '*').replace('=', '_')
def getEncryption(self):
puk = rsa.PublicKey(
int(
"F20CE00BAE5361F8FA3AE9CEFA495362"
"FF7DA1BA628F64A347F0A8C012BF0B25"
"4A30CD92ABFFE7A6EE0DC424CB6166F8"
"819EFA5BCCB20EDFB4AD02E412CCF579"
"B1CA711D55B8B0B3AEB60153D5E0693A"
"2A86F3167D7847A0CB8B00004716A909"
"5D9BADC977CBB804DBDCBA6029A97108"
"69A453F27DFDDF83C016D928B3CBF4C7",
16,
),
3,
)
e = int(self.qq).to_bytes(8, "big")
o = hashlib.md5(self.pwd.encode())
r = bytes.fromhex(o.hexdigest())
p = hashlib.md5(r + e).hexdigest()
a = binascii.b2a_hex(rsa.encrypt(r, puk)).decode()
s = hex(len(a) // 2)[2:]
l = binascii.hexlify(self.vcode.upper().encode()).decode()
c = hex(len(l) // 2)[2:]
c = "0" * (4 - len(c)) + c
s = "0" * (4 - len(s)) + s
salt = s + a + binascii.hexlify(e).decode() + c + l
return (
base64.b64encode(tea.encrypt(bytes.fromhex(salt), bytes.fromhex(p)))
.decode()
.replace("/", "-")
.replace("+", "*")
.replace("=", "_")
)
def send(self, to_num, msg):
to_num = hex(to_num)[2:]
if len(to_num) == 9:
to_num = to_num[:-1]
mid = random.randint(4096, 65535)
mid = hex(mid)[2:]
msg_0 = "{}0012{}00200000090000000086028b5b534f0d".format(
to_num, bigendian2hex(msg))
msg_1 = b2a_hex(encrypt(a2b_hex(msg_0), self.key))
msg_3 = "02003706080055{}{}00{}03".format(mid, self.qq_num, msg_1)
self.s.send(a2b_hex(msg_3))
print 're_msg' + b2a_hex(self.s.recv(2048))
def tlv_106( self, uin, passmd5, passmd5_2, tgtkey, imei, timestamp, appid ): # uin:bytearray represent username
# passmd5: bytearray
# passmd5_2: bytearray
# tgtkey: bytearray
# imei: string
# appid: 4 bytes unsigned int
# 01 06
# 00 70 [md5(md5(pass)+0 0 0 0+hexQQ)E8 FD 5B 08 BF 42 3C B9 F8 D4 23 30 F2 E2 E3 59 ]
# 67 A4 4D 1D 59 08 97 15 92 03 BB E3 E8 7F 49 CC 65 A2 F6 E3 4F 68 DA 9E A2 E9 DA 90 DB 26 2D F5 A4 BD C0 52 51 F0 40 77 B5 50 25 42 AC 68 1B 57 35 61 97 65 36 6B AA 35 C5 E1 E6 C8 91 3B 3E 30 84 AA 6F 6C 32 29 97 FB DF 53 CA 3C B5 F8 F3 13 E4 FF AA 58 39 75 81 45 38 4A A2 BE CA 43 E0 7E 0A 83 71 17 5C 88 7C DE DE ED B8 12 E4 D5 C4 22
# [
# 00 03 //TGTGTVer=3
# 29 A5 69 34 rand32
# 00 00 00 05
# 00 00 00 10
# 00 00 00 00
# 00 00 00 00
# 18 B4 A1 BC [QQ:414491068]
# 4D 1F C3 AC //时间
# 00 00 00 00
# 01
# EB E0 80 63 34 8C 9E E1 FD 6B 5E 05 9A 72 84 C6 //MD5PASS
# C5 2E 0F 5D A6 20 B5 EE 0B 94 F2 6F C3 05 4A 02 //TGTKey
# 00 00 00
# 00 01
# 46 60 1E D3 C6 24 16 BF CA A2 9E 9E B8 9A D2 4E //imei_
# 20 02 93 92 _sub_appid
# 00 00 00 01 00 00
# ]
# time =Xbin.Flip 取字节集左边 (到字节集 (Other.TimeStamp ()), 4))
p = qq_bytearray()
p = p.append_hex( '00 03' )
p = p.append_random( 4 )
p = p.append_hex( '00 00 00 05' )
p = p.append_hex( '00 00 00 10' )
p = p.append_zero( 4 )
p = p.append_zero( 4 )
p = p.append_str( uin )
p = p.append_str( timestamp )
p = p.append_hex( '00 00 00 00 01' )
p = p.append_str( passmd5 )
p = p.append_str( tgtkey )
p = p.append_hex( '00 00 00 00 01' )
p = p.append_str( imei )
p = p.append_u32( appid )
p = p.append_hex( '00 00 00 01' )
p = p.append_zero( 2 )
self.logpacket( str(sys._getframe().f_code.co_name), p )
return self.tlv_pack('01 06', tea.encrypt(p, passmd5_2))
def login0825(self):
key0825 = '7792394f1afd3bbfa9006bc807bcf23b'
data = '0235550825' # head
data += self.getSequence(2)
data += '00000000' # QQ Hex
data += '030000000101010000674200000000'
data += key0825
txt = '001800160001'
txt += self.fixedData
txt += '0000000000000000'
txt += '0004000f0000000b'
txt += self.str2hex(self.num)
txt += '0309'
txt += '0008'
txt += '0001000000000004'
txt += '00360012'
txt += '000200010000000000000000000000000000'
txt += '0114001d01020019'
txt += self.hdKey
data += b2a_hex(tea.encrypt(bytes.fromhex(txt),
bytes.fromhex(key0825))).decode()
data += '03'
data = a2b_hex(data)
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(data, self.address)
recvPack = sock.recv(1024)
sock.close()
recvData = b2a_hex(tea.decrypt(recvPack[14:-1],
bytes.fromhex(key0825))).decode()
if (recvData[:2] != '00'):
recvData = recvData[16:]
if (recvData[:2] == '00'):
self.token0825 = recvData[10:122]
self.serverTime = recvData[134:142]
self.serverIP = recvData[166:174]
return self.login0826()
else:
print('0825 error!')
return False
def tx_pwd_encode(self, pwd, salt, verifycode):
"""
js:getEncryption(t, e, i, n)
t=pwd, e=salt 二进制形式, i=verifycode, n:default undefined
# """
salt = salt.replace(r'\x', '')
e = self.fromhex(salt)
md5_pwd = o = self.tx_md5(pwd)
r = hashlib.md5(pwd).digest()
p = self.tx_md5(r + e)
a = rsa.encrypt(r, self.rsaKey)
rsaData = a = binascii.b2a_hex(a)
# rsa length
s = self.hexToString(len(a) / 2)
s = s.zfill(4)
# verifycode先转换为大写,然后转换为bytes
verifycodeLen = hex(len(verifycode)).replace(r"0x", "").zfill(4)
l = binascii.b2a_hex(verifycode.upper())
# verifycode length
c = self.hexToString(len(l) / 2)
c = c.zfill(4)
# TEA: KEY:p, s+a+ TEA.strToBytes(e) + c +l
new_pwd = s + a + salt + c + l
saltpwd = base64.b64encode(
tea.encrypt(self.fromhex(new_pwd),
self.fromhex(p))).decode().replace('/', '-').replace(
'+', '*').replace("=", "_")
data = {}
data['l'] = l
data['a'] = a
data['o'] = o
data['r'] = r
data['e'] = e
data['p'] = p
data['s'] = s
data['l'] = l
data['c'] = c
#pprint(data)
return saltpwd
def login0825(self):
key0825 = '7792394f1afd3bbfa9006bc807bcf23b'
data = '0235550825' # head
data += self.getSequence(2)
data += '00000000' # QQ Hex
data += '030000000101010000674200000000'
data += key0825
txt = '001800160001'
txt += self.fixedData
txt += '0000000000000000'
txt += '0004000f0000000b'
txt += self.str2hex(self.num)
txt += '0309'
txt += '0008'
txt += '0001000000000004'
txt += '00360012'
txt += '000200010000000000000000000000000000'
txt += '0114001d01020019'
txt += self.hdKey
data += b2a_hex(tea.encrypt(bytes.fromhex(txt), bytes.fromhex(key0825))).decode()
data += '03'
data = a2b_hex(data)
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(data, self.address)
recvPack = sock.recv(1024)
sock.close()
recvData = b2a_hex(tea.decrypt(recvPack[14:-1], bytes.fromhex(key0825))).decode()
if(recvData[:2]!='00'):
recvData = recvData[16:]
if(recvData[:2]=='00'):
self.token0825 = recvData[10:122]
self.serverTime = recvData[134:142]
self.serverIP = recvData[166:174]
return self.login0826()
else:
print('0825 error!')
return False
def pwdencode(self, vcode, uin, pwd):
salt = uin.replace(r'\x', '')
h1 = hashlib.md5(pwd.encode()).digest()
s2 = hashlib.md5(h1 + self.fromhex(salt)).hexdigest().upper()
rsaH1 = binascii.b2a_hex(rsa.encrypt(h1, self.pubKey)).decode()
rsaH1Len = hex(len(rsaH1) // 2)[2:]
hexVcode = binascii.b2a_hex(vcode.upper().encode()).decode()
vcodeLen = hex(len(hexVcode) // 2)[2:]
l = len(vcodeLen)
if l < 4:
vcodeLen = '0' * (4 - l) + vcodeLen
l = len(rsaH1Len)
if l < 4:
rsaH1Len = '0' * (4 - l) + rsaH1Len
pwd1 = rsaH1Len + rsaH1 + salt + vcodeLen + hexVcode
saltPwd = base64.b64encode(
tea.encrypt(self.fromhex(pwd1), self.fromhex(s2))
).decode().replace('/', '-').replace('+', '*').replace('=', '_')
return saltPwd
def tx_pwd_encode(self, pwd, salt, verifycode):
"""
js:getEncryption(t, e, i, n)
t=pwd, e=salt 二进制形式, i=verifycode, n:default undefined
# """
salt = salt.replace(r'\x', '')
e = self.fromhex(salt)
md5_pwd = o = self.tx_md5(pwd)
r = hashlib.md5(pwd).digest()
p = self.tx_md5( r + e )
a = rsa.encrypt(r, self.rsaKey)
rsaData = a = binascii.b2a_hex(a)
# rsa length
s = self.hexToString( len(a)/2 )
s = s.zfill(4)
# verifycode先转换为大写,然后转换为bytes
verifycodeLen = hex(len(verifycode)).replace(r"0x","").zfill(4)
l = binascii.b2a_hex( verifycode.upper() )
# verifycode length
c = self.hexToString( len(l)/2 )
c = c.zfill(4)
# TEA: KEY:p, s+a+ TEA.strToBytes(e) + c +l
new_pwd = s + a + salt + c + l
saltpwd = base64.b64encode(
tea.encrypt( self.fromhex(new_pwd), self.fromhex(p) )
).decode().replace('/', '-').replace('+', '*').replace("=", "_")
data = {}
data['l'] = l
data['a'] = a
data['o'] = o
data['r'] = r
data['e'] = e
data['p'] = p
data['s'] = s
data['l'] = l
data['c'] = c
#pprint(data)
return saltpwd
def Make_login_sendSsoMsg( self, servicecmd, wupbuffer, ext_bin, imei, ksid, ver, islogin):
# string bytearray bytearray str str str bool
p = qq_bytearray()
msgcookies = bytearray.fromhex('B6 CC 78 FC')
p = p.append_u32( self.requestid.get_and_freeze() )
p = p.append_u32( self.appid )
p = p.append_u32( self.appid )
p = p.append_hex( '01 00 00 00 00 00 00 00 00 00 00 00' )
p = p.append_u32len_plus_4_and_value( ext_bin )
p = p.append_u32len_plus_4_and_value( servicecmd )
p = p.append_u32len_plus_4_and_value( msgcookies )
p = p.append_u32len_plus_4_and_value( imei )
p = p.append_u32len_plus_4_and_value( ksid )
p = p.append_u16len_plus_2_and_value( ver )
p = p.insert_u32( len(p) + 4 )
p = p.append_u32len_plus_4_and_value( wupbuffer )
return self.pack( tea.encrypt(p, self.key), 0 if islogin else 1 )
def Make_login_sendSsoMsg(self, servicecmd, wupbuffer, ext_bin, imei, ksid,
ver, islogin):
# string bytearray bytearray str str str bool
p = qq_bytearray()
msgcookies = bytearray.fromhex('B6 CC 78 FC')
p = p.append_u32(self.requestid.get_and_freeze())
p = p.append_u32(self.appid)
p = p.append_u32(self.appid)
p = p.append_hex('01 00 00 00 00 00 00 00 00 00 00 00')
p = p.append_u32len_plus_4_and_value(ext_bin)
p = p.append_u32len_plus_4_and_value(servicecmd)
p = p.append_u32len_plus_4_and_value(msgcookies)
p = p.append_u32len_plus_4_and_value(imei)
p = p.append_u32len_plus_4_and_value(ksid)
p = p.append_u16len_plus_2_and_value(ver)
p = p.insert_u32(len(p) + 4)
p = p.append_u32len_plus_4_and_value(wupbuffer)
return self.pack(tea.encrypt(p, self.key), 0 if islogin else 1)
def pwdencode(vcode, uin, pwd):
# uin is the bytes of QQ number stored in unsigned long (8 bytes)
salt = uin.replace(r'\x', '')
h1 = hashlib.md5(pwd.encode()).digest()
s2 = hashlib.md5(h1 + fromhex(salt)).hexdigest().upper()
rsaH1 = binascii.b2a_hex(rsa.encrypt(h1, pubKey)).decode()
rsaH1Len = hex(len(rsaH1) // 2)[2:]
hexVcode = binascii.b2a_hex(vcode.upper().encode()).decode()
vcodeLen = hex(len(hexVcode) // 2)[2:]
l = len(vcodeLen)
if l < 4:
vcodeLen = '0' * (4 - l) + vcodeLen
l = len(rsaH1Len)
if l < 4:
rsaH1Len = '0' * (4 - l) + rsaH1Len
pwd1 = rsaH1Len + rsaH1 + salt + vcodeLen + hexVcode
saltPwd = base64.b64encode(
tea.encrypt(fromhex(pwd1), fromhex(s2))
).decode().replace('/', '-').replace('+', '*').replace('=', '_')
return saltPwd
def tlv_144(self, tgtkey, tlv109, tlv124, tlv128, tlv16e): # all args are bytearray
# 01 44
# 00 80 (////_tgtgt_key)
# 60 17 BF D3 F7 A4 7E C5 BC 07 47 98 B3 9B 12 C1
# CC F6 87 13 7A 28 BB 62 18 3B 1A 43 F8 FE 07 87
# CB CF 40 3D BD DB 93 0F A7 CC F4 71 67 67 70 9E
# 33 14 CD E6 D7 CA 62 B4 48 FB 32 21 47 8F 40 B5
# A0 8E CB 5E 31 70 26 44 EA 79 AD A7 76 00 2A 26
# 56 92 38 EA 78 BB CC 4E E8 E3 F4 CD FE 19 AB 32
# A6 BB 31 72 D7 25 93 94 4A EF A7 94 A9 59 B2 73
# 55 95 4C FC AD C4 1A C2 15 C6 8F A1 39 48 F8 1A
# [
# 00 04 //get_tlv_144四个参数byte[]都有数据
# 01 09 //tlv-109
# 00 10
# 46 60 1E D3 C6 24 16 BF CA A2 9E 9E B8 9A D2 4E //_IMEI
# 01 24 //tlv-124
# 00 1C
# 00 07 61 6E 64 72 6F 69 64 00 05 34 2E 30 2E 34
# 00 01 00 00 00 00 00 04 77 69 66 69
# 01 28 //tlv-128
# 00 2B
# 00 00 //0
# 00 //request_global._new_install
# 01 //request_global._read_guid
# 00 //request_global._guid_chg
# 01 00 00 00 //request_global._dev_report
# 00 0C
# 48 55 41 57 45 49 20 55 39 35 30 38 //request_global._device=HUAWEI U9508
# 00 10
# 46 60 1E D3 C6 24 16 BF CA A2 9E 9E B8 9A D2 4E //request_global._IMEI
# 00 00 //0
# 01 6E //tlv-16e
# 00 0C
# 48 55 41 57 45 49 20 55 39 35 30 38 //request_global._device=HUAWEI U9508
# ]
p = qq_bytearray()
p = p.append_u16( 4 )
p = qq_bytearray( p + tlv109 + tlv124 + tlv128 + tlv16e )
self.logpacket( str(sys._getframe().f_code.co_name), p )
return self.tlv_pack( '01 44', tea.encrypt(p, tgtkey) )
def pack_login(self):
self.timestamp = qq_timestamp()
login_packet = qq_bytearray()
login_packet = login_packet.append_hex('00 09')
login_packet = login_packet.append_u16(19)
login_packet = login_packet.append_str(self.tlv_18(self.uin))
login_packet = login_packet.append_str(
self.tlv_1(self.uin, self.timestamp))
#login_packet = login_packet.append_str( self.tlv_106(self.uin, self.md5, self.md5_2, self.tgtkey, self.imei, self.timestamp, self.appid) )
login_packet = login_packet.append_str(
self.tlv_106(self.uin, self.md5, self.md5_2, self.tgtkey,
self.imei_, self.timestamp, self.appid))
login_packet = login_packet.append_str(self.tlv_116())
login_packet = login_packet.append_str(self.tlv_100(self.appid))
login_packet = login_packet.append_str(self.tlv_107())
login_packet = login_packet.append_str(self.tlv_108(self.ksid))
p_109 = self.tlv_109(self.imei)
p_124 = self.tlv_124(self.os_type, self.os_version, self.network_type,
self.apn)
p_128 = self.tlv_128(self.device, self.imei_)
p_16e = self.tlv_16e(self.device)
login_packet.extend(
self.tlv_144(self.tgtkey, p_109, p_124, p_128, p_16e))
login_packet.extend(self.tlv_142(self.apk_id))
login_packet.extend(self.tlv_145(self.imei_))
login_packet.extend(self.tlv_154(self.requestid.get_and_freeze()))
login_packet.extend(self.tlv_141(self.network_type, self.apn))
login_packet.extend(self.tlv_8())
login_packet.extend(self.tlv_16b())
login_packet.extend(self.tlv_147(self.apk_version, self.apk_sign))
login_packet.extend(self.tlv_177())
login_packet.extend(self.tlv_187())
login_packet.extend(self.tlv_188())
login_packet.extend(self.tlv_191())
print login_packet
login_packet = self.pack_pc('08 10',
tea.encrypt(login_packet, self.sharekey),
self.randkey, self.pubkey)
return self.Make_login_sendSsoMsg('wtlogin.login', login_packet,
bytearray(), self.imei, self.ksid,
self.ver, True)
def register_gfan(username, password, mail):
from tea import encrypt
channel_id = 86
app_key = 'fengyunanghu218&'
post_url = 'http://api.gfan.com/uc1/common/register'
post_data = u'<request><username>%s</username><password>%s</password><email>%s</email></request>' % (username, password, mail)
post_data = post_data.encode('utf-8') #map(ord, post_data)
app_key = app_key.encode('utf-8') #map(ord, app_key)
#print(post_data,app_key)
post_data = base64.encodestring(encrypt(post_data, app_key))
user_agent = 'channelID=%d' % channel_id
result = http_post(post_url, post_data, 'text', user_agent)
print(result)
link_key = 0
if result != '':
xml_dom = minidom.parseString(result)
xml_root = xml_dom.documentElement
link_key = xml_root.getElementsByTagName('uid')[0].toxml().replace('<uid>', '').replace('</uid>', '')
#print(result_code,result_msg,link_key)
return link_key
def on_qq_pre_login(self,message):
'''
当收到登陆令牌后,判断令牌是否正确。
然后发送qq_login的报文开始登陆。
由于这个部分是自动处理的,所以当发送登陆令牌请求包后,会自动工作到改变在线状态为止。
'''
status=message.body.fields['status']
pre_len=message.body.fields['pre_len']
pre=message.body.fields['pre']
if status != 0:
print '申请登陆令牌错!'
message = qqmsg.outqqMessage(self.qq)
message.setMsgName('qq_login')
message.body.setField('initkey',self.qq.initkey)
message.body.setField('md5',tea.encrypt('',self.qq.md5pwd))
message.body.setField('16_51',a2b_hex(basic.QQ_login_16_51))
message.body.setField('login_status',chr(basic.QQ_login['normal']))
message.body.setField('53_68',a2b_hex(basic.QQ_login_53_68))
message.body.setField('pre_len',chr(pre_len))
message.body.setField('pre',pre[0])
message.body.setField('unknown',chr(0x40))
message.body.setField('login_end',a2b_hex(basic.QQ_login_end))
message.body.setField('end',(416-len(message.body))*chr(00))
self.sendDataToQueue(message)
def on_qq_pre_login(self, message):
'''
当收到登陆令牌后,判断令牌是否正确。
然后发送qq_login的报文开始登陆。
由于这个部分是自动处理的,所以当发送登陆令牌请求包后,会自动工作到改变在线状态为止。
'''
status = message.body.fields['status']
pre_len = message.body.fields['pre_len']
pre = message.body.fields['pre']
if status != 0:
print '申请登陆令牌错!'
message = qqmsg.outqqMessage(self.qq)
message.setMsgName('qq_login')
message.body.setField('initkey', self.qq.initkey)
message.body.setField('md5', tea.encrypt('', self.qq.md5pwd))
message.body.setField('16_51', a2b_hex(basic.QQ_login_16_51))
message.body.setField('login_status', chr(basic.QQ_login['normal']))
message.body.setField('53_68', a2b_hex(basic.QQ_login_53_68))
message.body.setField('pre_len', chr(pre_len))
message.body.setField('pre', pre[0])
message.body.setField('unknown', chr(0x40))
message.body.setField('login_end', a2b_hex(basic.QQ_login_end))
message.body.setField('end', (416 - len(message.body)) * chr(00))
self.sendDataToQueue(message)
def internal_authenticate():
global cardservice
try:
challange_str = 'abcdefgh'
data = []
for x in challange_str:
data.append(ord(x))
header = [CLA, 0x88, 0x00, 0x00, 0x08]
response, sw1, sw2 = cardservice.connection.transmit(header + data)
if (sw1 == 0x61):
response = get_response(sw2)
response_str = ''
for x in response:
response_str += chr(x)
print "Response length : ", len(response_str)
key = [
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23,
0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
]
key_str = ''
for x in key:
key_str += chr(x)
encrypted = tea.encrypt(challange_str, key_str)
if (response_str == encrypted[:8]):
print "Card is authenticated"
return True
else:
print "Card is not authenticated"
return False
except SWException, e:
print str(e)
return False
def external_authenticate():
global cardservice
try:
challange = get_challange()
challange_str = ''
for x in challange:
challange_str += chr(x)
key = [0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF]
key_str = ''
for x in key:
key_str += chr(x)
encrypted = tea.encrypt(challange_str, key_str)
data = []
for x in encrypted:
data.append(ord(x))
header = [CLA, 0x82, 0x00, 0x00, 0x08]
response, sw1, sw2 = cardservice.connection.transmit(header+data)
if(sw1==0x90 and sw2==0x00):
print "Terminal (external) Authenticated"
return response
except SWException, e:
print str(e)
return False
import tea key = '0123456789abcdef' message = 'Sample message for encryption and decryption.' cipher = tea.encrypt(message, key) print(cipher)
def login0826(self):
key0826 = '6d47535a5a573d4872772c2d36717a76'
keyCode = '13d924ca5e0469d284effea87a5a5f1c'
data = '02355508366848' # head
data += '00000000'
data += '0300000001010100006742'
data += '00000000'
data += '000101020019'
data += self.hdKey
data += '00000010'
data += self.getSequence(16)
txt = '01120038'
txt += self.token0825
txt += '030f0008000657494e444f57' # WINDOWS
txt += '0004000f0000000b'
txt += self.str2hex(self.num)
txt += '00060078'
md5p = md5('123456')
# 密码加密
pwd = md5p
pwd += '00000000'
pwd += '00000000' # QQ Hex
# 密匙加密
key = 'F36251810002'
key += '00000000' # QQ Hex
key += self.fixedData
key += '000001'
key += md5p
key += self.serverTime
key += '00000000000000000000000000'
key += self.serverIP
key += '000000000000000600101ba49e165fe954251eb9619f7b1bdf31'
key += key0826
txt += b2a_hex(tea.encrypt(bytes.fromhex(key),
bytes.fromhex(pwd))).decode()
# region CRC
txt += '001500300000'
txt += '01'
txt += '1c26e960'
txt += '0010'
txt += '028d5f75cbcf4c898ca43a3410b85788'
txt += '02'
txt += 'b3e8163c'
txt += '0010'
txt += '1ba49e165fe954251eb9619f7b1bdf31'
txt += '001a'
txt += '0040'
mcrc = '001500300000'
mcrc += '01'
mcrc += '1c26e960'
mcrc += '0010'
mcrc += '028d5f75cbcf4c898ca43a3410b85788'
mcrc += '02'
mcrc += 'b3e8163c'
mcrc += '0010'
mcrc += '1ba49e165fe954251eb9619f7b1bdf31'
txt += b2a_hex(tea.encrypt(bytes.fromhex(mcrc),
bytes.fromhex(key0826))).decode()
txt += '001800160001'
txt += self.fixedData
txt += '00000000' # QQ Hex
txt += '00010000010300140001'
txt += '0010'
txt += 'bd41fd502a59f4863ccde044bb41f728'
txt += '0312000501000000'
txt += '00' # 是否记住密码
txt += '010200620001'
txt += '1169a81f699f52de71ef65e9b42d2d8a'
txt += '0038'
txt += '78b94e76767efdab4dd3b2b0144063f48b57ee27aef152a28aba1f03'
txt += '50f02b17a86787fe47d1b189c43c0be7a7dc8c81c40bb622c78ec85b'
txt += '0014'
txt += '62e172e61421fe8c850c62891efcf7f93a19b892'
data += b2a_hex(tea.encrypt(bytes.fromhex(txt),
bytes.fromhex(keyCode))).decode()
data += '03'
data = a2b_hex(data)
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(data, self.address)
recvPack = sock.recv(1024)
sock.close()
recvData = b2a_hex(tea.decrypt(recvPack[14:-1],
bytes.fromhex(keyCode))).decode()
if recvData[:2] == '06':
qq = str(int(recvData[6:14], 16))
else:
recvData = recvData[8:]
if recvData[:2].lower() == 'fc':
qq = str(int(recvData[14:22], 16))
else:
qq = False
return qq
def encrypt_id(id):
return tea.encrypt(id, settings.KEY)
def login(self):
print 'Logining...'
self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.s.connect((ip_adress3, 14000))
m = hashlib.md5()
m.update(self.paw)
paw_md5 = m.hexdigest()
self.paw_a = "00090001000000003434413741423843414235383746463210{}00".format(
paw_md5)
pac_get_key = '020033060800491f27{}0034344137414238434142353837464632010100105643514a4a385739364b3645455a445003'.format(
self.qq_num)
self.s.send(a2b_hex(pac_get_key))
key_0 = self.s.recv(2048)
key_1 = b2a_hex(key_0)[28:60]
print key_1
self.key = a2b_hex(key_1)
paw_tea = encrypt(a2b_hex(self.paw_a), self.key)
paw_tea = b2a_hex(paw_tea)
pac_login_a = "020047060800500002{0}00{1}03".format(
self.qq_num, paw_tea)
print pac_login_a
pac_login_b = a2b_hex(pac_login_a)
self.s.send(pac_login_b)
re_login_a = self.s.recv(2048)
re_login = b2a_hex(re_login_a)
print re_login
while len(re_login) > 600:
print 'Need Verification Code!'
img = re_login[28:]
img = img[:-2]
img_b = decrypt(a2b_hex(img), self.key)
img_a = b2a_hex(img_b)
img_a = re.search(r'8950\w+', img_a)
img = a2b_hex(img_a.group(0))
#Maybe use 'with' is better
f = open('test.jpg', 'wb')
f.write(img)
f.close()
im = Image.open(
os.path.abspath('.').replace('\\', '/') + '/test.jpg')
im.show()
ver = raw_input('Verification Code: ')
vercode = "020008003{0}003{1}003{2}003{3}".format(
ver[0], ver[1], ver[2], ver[3])
ver_b = encrypt(a2b_hex(vercode), self.key)
ver_tea = "020027060800771f2a{}00{}03".format(
self.qq_num, b2a_hex(ver_b))
self.s.send(a2b_hex(ver_tea))
re_login = b2a_hex(self.s.recv(2048))
print 'Verification Code error,retry again.'
if len(re_login) == 206:
print 'Login scuess!'
else:
print 'Login fail'
def login0826(self):
key0826 = '6d47535a5a573d4872772c2d36717a76'
keyCode = '13d924ca5e0469d284effea87a5a5f1c'
data = '02355508366848' # head
data += '00000000'
data += '0300000001010100006742'
data += '00000000'
data += '000101020019'
data += self.hdKey
data += '00000010'
data += self.getSequence(16)
txt = '01120038'
txt += self.token0825
txt += '030f0008000657494e444f57' # WINDOWS
txt += '0004000f0000000b'
txt += self.str2hex(self.num)
txt += '00060078'
md5p = md5('123456')
# 密码加密
pwd = md5p
pwd += '00000000'
pwd += '00000000' # QQ Hex
# 密匙加密
key = 'F36251810002'
key += '00000000' # QQ Hex
key += self.fixedData
key += '000001'
key += md5p
key += self.serverTime
key += '00000000000000000000000000'
key += self.serverIP
key += '000000000000000600101ba49e165fe954251eb9619f7b1bdf31'
key += key0826
txt += b2a_hex(tea.encrypt(bytes.fromhex(key), bytes.fromhex(pwd))).decode()
# region CRC
txt += '001500300000'
txt += '01'
txt += '1c26e960'
txt += '0010'
txt += '028d5f75cbcf4c898ca43a3410b85788'
txt += '02'
txt += 'b3e8163c'
txt += '0010'
txt += '1ba49e165fe954251eb9619f7b1bdf31'
txt += '001a'
txt += '0040'
mcrc = '001500300000'
mcrc += '01'
mcrc += '1c26e960'
mcrc += '0010'
mcrc += '028d5f75cbcf4c898ca43a3410b85788'
mcrc += '02'
mcrc += 'b3e8163c'
mcrc += '0010'
mcrc += '1ba49e165fe954251eb9619f7b1bdf31'
txt += b2a_hex(tea.encrypt(bytes.fromhex(mcrc), bytes.fromhex(key0826))).decode()
txt += '001800160001'
txt += self.fixedData
txt += '00000000' # QQ Hex
txt += '00010000010300140001'
txt += '0010'
txt += 'bd41fd502a59f4863ccde044bb41f728'
txt += '0312000501000000'
txt += '00' # 是否记住密码
txt += '010200620001'
txt += '1169a81f699f52de71ef65e9b42d2d8a'
txt += '0038'
txt += '78b94e76767efdab4dd3b2b0144063f48b57ee27aef152a28aba1f03'
txt += '50f02b17a86787fe47d1b189c43c0be7a7dc8c81c40bb622c78ec85b'
txt += '0014'
txt += '62e172e61421fe8c850c62891efcf7f93a19b892'
data += b2a_hex(tea.encrypt(bytes.fromhex(txt), bytes.fromhex(keyCode))).decode()
data += '03'
data = a2b_hex(data)
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(data, self.address)
recvPack = sock.recv(1024)
sock.close()
recvData = b2a_hex(tea.decrypt(recvPack[14:-1],bytes.fromhex(keyCode))).decode()
if recvData[:2]=='06':
qq = str(int(recvData[6:14], 16))
else:
recvData = recvData[8:]
if recvData[:2].lower()=='fc':
qq = str(int(recvData[14:22], 16))
else:
qq = False
return qq
