首先要处理的是gtk算法:从
上次分析
以来代码并没有变
登录QQ空间后搜索gtk字符串,在三个js中出现了
operation.50303.js
gdtlib.20160810.js
index.js
第一个js
/* |xGv00|e5808eb94a2bdffe3aae60cd22c5efe2 */
define("app/v8/controls/mood_poster/utils/misc/1.0", ["app/v8/utils/tmpl/1.0"], function(require, exports, module) {
var tmpl = require('app/v8/utils/tmpl/1.0');
var misc = {};
var getUploadUrl = function(callback) {
misc.getRoute(function(routeDomainMap) {
var gtk = 5381;
var url = ['http://', routeDomainMap['u'].replace('photo.qq.com', 'photo.qzone.qq.com'), '/cgi-bin/upload/cgi_upload_image'].join('');
try {
gtk = QZONE.FP.getACSRFToken(url);
} catch (err) {}
callback(url + '?g_tk=' + gtk);
}
);
}
;
}
第二个js
HMod.genGTk = function() {
var skey = comm.cookie.get("skey") || comm.cookie.get("rv2");
return comm.genHash(skey);
}
;
NMod.xhrgetter = function(url, callback, ecb, opts) {
var pid, gtk, domain = document.domain, usecors, valuestaturl = 'http://i.gdt.qq.com/view.fcg?xhr2';
opts = opts || {};
gtk = NMod._ishostSupportxhr() ? helper.genGTk() : '';
if (supportlv2 && NMod._ishostSupportxhr()) {
gtk && (url += '&g_tk=' + gtk);
comm.xhr(url, function(obj) {
NMod._decodexhrjson(obj.resp, callback, ecb);
}
, function(obj) {
ecb(obj);
if (obj && obj.exception && obj.status == 598) {
helper.sendErrMsg(obj.exception, location.href + '&gxhr', '', {
extra: "get xhr transport error",
rate: 100
});
}
}
, opts);
helper.valueStat(valuestaturl, 1, 11, 1, 500);
return;
}
opts.forcescript = true;
NMod._normalgetter(url, callback, ecb, opts);
helper.valueStat(valuestaturl, 1, 12, 1, 500);
}
;
第三个js
/**
* @fileOverview 首页,入口文件
* @author Viktor Li
*/
define.pack("./index", ["lib/jquery", "mall.v8/lib/mall", "./event", "./tmpl", "./asyncRender"], function(require, exports, module) {
var $ = require('lib/jquery')
,
M = require('mall.v8/lib/mall');
var evt = require('./event')
,
TMPL = require('./tmpl')
,
asyncRender = require('./asyncRender');
//发起一个img请求ping后台
function Ping(url, arg) {
arg = arg || {};
if (!('g_tk' in arg)) {
//补上gtk
arg.g_tk = M.user.getToken();
}
var sender = new Image
,
params = $.param(arg);
url = url + (url.indexOf('?') === -1 ? '?' : '&') + params;
sender.src = url;
}
}
看第一个js就够了
这个js从定义的名称来看是获取上传路径的
关键还是这一句
QZONE.FP.getACSRFToken(url) url通过前面传的参数拼接
找函数定义相对准确的做法是用开发者工具watch查看QZONE.FP这个对象,然后找到getACSRFToken(url),右键 show function definition 查看函数定义(
右键的位置很重要
)
找到这个js
QZONE.FrontPage.getACSRFToken = function(url) {
url = QZFL.util.URI(url);
var skey;
if (url) {
if (url.host && url.host.indexOf("qzone.qq.com") > 0) {
skey = QZFL.cookie.get("p_skey");
} else {
if (url.host && url.host.indexOf("qq.com") > 0) {
skey = QZFL.cookie.get("skey");
}
}
}
if (!skey) {
try {
skey = parent.QZFL.cookie.get("p_skey") || "";
} catch (err) {
skey = QZFL.cookie.get("p_skey") || "";
}
}
if (!skey) {
skey = QZFL.cookie.get("skey") || QZFL.cookie.get("rv2");
}
var hash = 5381;
for (var i = 0, len = skey.length;i < len;++i) {
hash += (hash << 5) + skey.charAt(i).charCodeAt();
}
return hash & 2147483647;
};可能是为了方便调用,定义也出现在下面这个js里
QZFL.pluginsDefine.getACSRFToken = function(url) {
url = QZFL.util.URI(url);
var skey;
if (url) {
if (url.host && url.host.indexOf("qzone.qq.com") > 0) {
try {
skey = parent.QZFL.cookie.get("p_skey");
} catch (err) {
skey = QZFL.cookie.get("p_skey");
}
} else {
if (url.host && url.host.indexOf("qq.com") > 0) {
skey = QZFL.cookie.get("skey");
}
}
}
if (!skey) {
skey = QZFL.cookie.get("p_skey") || (QZFL.cookie.get("skey") || (QZFL.cookie.get("rv2") || ""));
}
return arguments.callee._DJB(skey);
};
QZFL.pluginsDefine.getACSRFToken._DJB = function(str) {
var hash = 5381;
for (var i = 0, len = str.length;i < len;++i) {
hash += (hash << 5) + str.charCodeAt(i);
}
return hash & 2147483647;
};
//两个定义大体上时一样的
先看具体情况生成要计算的skey
1.如果url中含有指定主机名,获取cookie中的p_skey或skey作为要计算的skey
2.如果通过url的方式没有获取到,则获取cookie中的p_skey作为要计算的skey
3.如果通过以上两种方式还没有获取到,则获取cookie中的p_skey||rv2作为要计算的skey
QZFL.pluginsDefine对象中的定义将23进行了合并
如果URL方式没获取到,则获取cookie中的p_skey||skey||rv2||””作为要计算的skey
从命名上和逻辑上推测p_skey和skey的关系应该是:当前域的p_skey=当前域的父域的skey值
后面的计算方式没变,这个计算方式很早就有了
这次获取的js和
15年的
没什么区别,这次就把获取方法和具体算法说详细一点
Python3版本的gtk算法代码如下,主机名判断懒得搞了,直接用QZFL.pluginsDefine的第二步,反正能用
def LongToInt(value): # 由于int+int超出范围后自动转为long型,通过这个转回来
if value > 0x7fffffff or value < 0x80000000:
return int(value & 0x7fffffff)
else:
return int(value)
def LeftShiftInt(number, step): # 由于左移可能自动转为long型,通过这个转回来
if (number << step) > 0x7fffffff or (number << step) < 0x80000000:
return int((number << step) - 0x200000000)
else:
return int(number << step)
def getNewGTK(p_skey, skey, rv2):
b = p_skey or skey or rv2
a = 5381
for i in range(0, len(b)):
a = a + LeftShiftInt(a, 5) + ord(b[i])
a = LongToInt(a)
return a & 0x7fffffffPython3的完整版获取QQ空间好友列表代码
运行之前先安装httplib2
pip install httplib2# -*- coding: UTF-8 -*-
import httplib2
import json
import re
def LongToInt(value): # 由于int+int超出范围后自动转为long型,通过这个转回来
if value > 0x7fffffff or value < 0x80000000:
return int(value & 0x7fffffff)
else:
return int(value)
def LeftShiftInt(number, step): # 由于左移可能自动转为long型,通过这个转回来
if (number << step) > 0x7fffffff or (number << step) < 0x80000000:
return int((number << step) - 0x200000000)
else:
return int(number << step)
def getNewGTK(p_skey, skey, rv2):
b = p_skey or skey or rv2
a = 5381
for i in range(0, len(b)):
a = a + LeftShiftInt(a, 5) + ord(b[i])
a = LongToInt(a)
return a & 0x7fffffff
h = httplib2.Http()
url = 'http://m.qzone.com/friend/mfriend_list?g_tk=[g_tk]&res_uin=[QQ号码]&res_type=normal&format=json&count_per_page=10&page_index=0&page_type=0&mayknowuin=&qqmailstat='
myqq=''
cookieStr = ''
headers = {'Cookie': cookieStr}
if re.search(r'p_skey=(?P<p_skey>[^;]*)', cookieStr):
p_skey = re.search(r'p_skey=(?P<p_skey>[^;]*)', cookieStr).group('p_skey')
else:
p_skey = None
if re.search(r'skey=(?P<skey>[^;]*)', cookieStr):
skey = re.search(r'skey=(?P<skey>[^;]*)', cookieStr).group('skey')
else:
skey = None
if re.search(r'rv2=(?P<rv2>[^;]*)', cookieStr):
rv2 = re.search(r'rv2=(?P<rv2>[^;]*)', cookieStr).group('rv2')
else:
rv2 = None
print('gtk='+str(getNewGTK(p_skey, skey, rv2)))
url = url.replace('[g_tk]', str(getNewGTK(p_skey, skey, rv2)))
url = url.replace('[QQ号码]', myqq)
print(url)
resp, content = h.request(url, 'GET', headers=headers)
print(resp)
print(content)
output = json.loads(content) # json字符串转字典
if output['code'] == -3000:
print(output['message'])
else:
items_list = output['data']['list']
qqlist = set()
for item in items_list:
qqlist.add(item['uin'])
# 打印信息并输出到文件
print('获取QQ号个数' + str(len(qqlist)))
filename = 'qqlist.txt'
fileobj = open(filename, 'w')
result = [str(qq) + '\n' for qq in sorted(qqlist)]
fileobj.writelines(result)
fileobj.flush()
fileobj.close()
print('写入完成')使用方法:复制cookie字符串和QQ号粘贴到cookieStr和myqq的引号里面,然后运行即可
跟
Python2版本的代码
相比,处理了以下几个小问题
1.python3把int long合并为int型,左移的代码又不能去掉,所以把int和long类型判断改成数值范围判断,没了long,数值后面的L也要去掉
2.print只能是函数形式了,这里全改成函数形式
版权声明:本文为gsls200808原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。