Skip to content

Instantly share code, notes, and snippets.

@cwen0

cwen0/wx_t1t_hack.js

Forked from feix/wx_t1t_hack.js
Created June 29, 2018 08:24
Show Gist options
  • Save cwen0/576a9a4e93f21d9526f74b6d99255f7b to your computer and use it in GitHub Desktop.
Save cwen0/576a9a4e93f21d9526f74b6d99255f7b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
wx_t1t_hack.js
var CryptoJS = require('crypto-js')
var request = require('request-promise')
// export function testEncription(msg, fullKey) {
// var fullKey = fullKey.slice(0, 16)
// var key = CryptoJS.enc.Utf8.parse(fullKey)
// var iv = CryptoJS.enc.Utf8.parse(fullKey)
// var passWord = CryptoJS.AES.encrypt(msg, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 })
// var base64 = passWord.toString()
// console.log('passWord', passWord)
// console.log('sessionId', sessionId)
// console.log('key', key)
// console.log('base64', base64)
// var bytes = CryptoJS.AES.decrypt(base64, key, {
// iv: iv
// });
// console.log('bytes', bytes)
// var plaintext = CryptoJS.enc.Utf8.stringify(bytes);
// console.log('plaintext', plaintext)
// }
function encrypt(text, originKey) {
var originKey = originKey.slice(0, 16),
key = CryptoJS.enc.Utf8.parse(originKey),
iv = CryptoJS.enc.Utf8.parse(originKey),
msg = JSON.stringify(text);
var ciphertext = CryptoJS.AES.encrypt(msg, key, {
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
return ciphertext.toString();
}
function decrypt(text, originKey) {
var originKey = originKey.slice(0, 16),
key = CryptoJS.enc.Utf8.parse(originKey),
iv = CryptoJS.enc.Utf8.parse(originKey)
var bytes = CryptoJS.AES.decrypt(text, key, {
iv: iv
});
var plaintext = CryptoJS.enc.Utf8.stringify(bytes)
return plaintext
}
var version = 5,
score = 1000,
// change session_id
session_id = 'xxxxx'
var headers = {
'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_1 like Mac OS X) AppleWebKit/604.4.7 (KHTML, like Gecko) Mobile/15C153 MicroMessenger/6.6.1 NetType/WIFI Language/zh_CN',
'Referer': 'https://servicewechat.com/wx7c8d593b2c3a7703/' + version + '/page-frame.html',
'Accept-Language': 'zh-cn'
}
console.log(headers)
var base_req = {
'base_req': {
'session_id': session_id,
'fast': 1
}
}
request({
method: 'POST',
url: 'https://mp.weixin.qq.com/wxagame/wxagame_getfriendsscore',
headers: headers,
json: true,
body: base_req
}).then(function (response) {
console.log(response.my_user_info)
var times = response.my_user_info.times + 1
var action = [],
musicList = [],
touchList = []
for (var i = 0; i < score; i++) {
action.push([0.752, 1.32, false])
musicList.push(false)
touchList.push([185, 451])
}
// "{"seed":1514756173427,"action":[[0.852,1.02,false],[0.452,1.84,false],[0.998,0.72,false],[0.506,1.7,false],[0.55,1.63,false],[0.821,1.09,false],[0.706,1.29,false],[0.634,1.46,false],[0.517,1.7,false],[0.564,1.6,false],[0.895,0.95,false],[0.645,1.46,false],[0.315,2.11,true],[0.516,1.7,false],[0.138,2.45,false],[0.163,2.41,false]],"musicList":[false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false],"touchList":[[155,421],[155,421],[155,421],[155,421],[155,421],[155,421],[155,421],[155,421],[155,421],[155,421],[155,421],[155,421],[155,421],[155,421],[161,420],[161,420]],"version":1}"
console.log(score, times, action.length, musicList.length, touchList.length)
var data = {
score: score,
times: times,
game_data: JSON.stringify({
seed: Date.now(),
action: action,
musicList: musicList,
touchList: touchList,
version: 1
})
}
request({
method: 'POST',
url: 'https://mp.weixin.qq.com/wxagame/wxagame_settlement',
headers: headers,
json: true,
body: {
base_req: base_req,
action_data: encrypt(data, session_id)
}
}).then(function (response) {
console.log(response)
}).catch(function (error) {
console.log(error)
})
}).catch(function (error) {
console.log('something crash')
})
Raw
wx_t1t_hack.py
#!/usr/bin/env python2
from Crypto.Cipher import AES
from pkcs7 import PKCS7Encoder
import time
import json
import base64
import requests
class WxCrypto(object):
def __init__(self, key):
self.key = key[:16]
self.iv = key[:16]
self.mode = AES.MODE_CBC
def encrypt(self, text):
aes = AES.new(self.key, self.mode, self.iv)
encoder = PKCS7Encoder()
pad_text = encoder.encode(text)
cipher = aes.encrypt(pad_text)
enc_cipher = base64.b64encode(cipher)
return enc_cipher
def decrypt(self, text):
aes = AES.new(self.key, self.mode, self.iv)
plain_text = aes.decrypt(base64.b64decode(text))
encoder = PKCS7Encoder()
plain_text = encoder.decode(plain_text)
return plain_text
def update_score(session_id, score):
headers = {
'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_1 like Mac OS X) AppleWebKit/604.4.7 (KHTML, like Gecko) Mobile/15C153 MicroMessenger/6.6.1 NetType/WIFI Language/zh_CN',
'Referer': 'https://servicewechat.com/wx7c8d593b2c3a7703/4/page-frame.html',
'Accept-Language': 'zh-cn'
}
base_req = {
'base_req': {
'session_id': session_id,
'fast': 1
}
}
session = requests.Session()
session.headers.update(headers)
my_user_info_resp = session.post('https://mp.weixin.qq.com/wxagame/wxagame_getfriendsscore', json=base_req)
if not my_user_info_resp.ok or not my_user_info_resp.json().get('my_user_info'):
print(my_user_info_resp.json())
raise Exception('something crash')
times = my_user_info_resp.json()['my_user_info']['times']
action_data = {
'score': score,
'times': times,
'game_data': json.dumps({
# 'seed': int(time.time()),
# 'action': [[0.816, 1.09, False],
# [0.275, 2.21, True]],
# 'musicList': [False, False]
})
}
wx_crypto = WxCrypto(session_id[:16])
action_data_cipher = wx_crypto.encrypt(json.dumps(action_data, separators=(',', ':')))
data = {'action_data': action_data_cipher}
data.update(base_req)
result_resp = requests.post('https://mp.weixin.qq.com/wxagame/wxagame_settlement', json=data)
print(result_resp.json())
session_id = 'xxxxxxxxxx'
update_score(session_id, score)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment