Created
January 1, 2018 07:49
-
-
Save mysteriouss/01d7f18cdef47acc0781e8f484f2d2d0 to your computer and use it in GitHub Desktop.
Revisions
-
mysteriouss created this gist
Jan 1, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,227 @@ // ==UserScript== // @name weixin_tiaotiao // @namespace http://tampermonkey.net/ // @version 0.1 // @description try to take over the world! // @author You // @match https://mp.weixin.qq.com/ // @grant GM_xmlhttpRequest // @require https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.js // @require https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/aes.js // ==/UserScript== (function() { 'use strict'; // Your code here... //var CryptoJS = require('crypto-js'); //var request = require('request-promise'); /* * npm install crypto-js request-promise * node wx_t1t_hack.js */ // export function testEncription(msg, fullKey) { // var fullKey = fullKey.slice(0, 16) // var key = CryptoJS.enc.Utf8.parse(fullKey) // var iv = CryptoJS.enc.Utf8.parse(fullKey) // var passWord = CryptoJS.AES.encrypt(msg, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 }) // var base64 = passWord.toString() // console.log('passWord', passWord) // console.log('sessionId', sessionId) // console.log('key', key) // console.log('base64', base64) // var bytes = CryptoJS.AES.decrypt(base64, key, { // iv: iv // }); // console.log('bytes', bytes) // var plaintext = CryptoJS.enc.Utf8.stringify(bytes); // console.log('plaintext', plaintext) // } function encrypt (text, originKey) { originKey = originKey.slice(0, 16); var key = CryptoJS.enc.Utf8.parse(originKey), iv = CryptoJS.enc.Utf8.parse(originKey), msg = JSON.stringify(text); var ciphertext = CryptoJS.AES.encrypt(msg, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 }); return ciphertext.toString(); } function decrypt (text, originKey) { originKey = originKey.slice(0, 16); var key = CryptoJS.enc.Utf8.parse(originKey), iv = CryptoJS.enc.Utf8.parse(originKey); var bytes = CryptoJS.AES.decrypt(text, key, { iv: iv }); var plaintext = CryptoJS.enc.Utf8.stringify(bytes); return plaintext; } function extend (target) { var sources = [].slice.call(arguments, 1); sources.forEach(function (source) { for (var prop in source) { target[prop] = source[prop]; } }); return JSON.stringify(target); } var version = 5, score = 2018, // replace with your session_id here session_id = ''; var headers = { 'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_1 like Mac OS X) AppleWebKit/604.4.7 (KHTML, like Gecko) Mobile/15C153 MicroMessenger/6.6.1 NetType/WIFI Language/zh_CN', 'Referer': 'https://servicewechat.com/wx7c8d593b2c3a7703/' + version + '/page-frame.html', 'Content-Type': 'application/json', 'Accept-Language': 'zh-cn', 'Accept': '*/*' }; var base_req = { 'base_req': { 'session_id': session_id, 'fast': 1 } }; var base_site = 'https://mp.weixin.qq.com/wxagame/'; var path = 'wxagame_getuserinfo'; GM_xmlhttpRequest ( { method: 'POST', url: base_site + path, data: JSON.stringify(base_req), headers: headers, onload: function (response) { console.log (response.responseText); } }); /*request({ method: 'POST', url: base_site + path, headers: headers, json: true, body: base_req }).then(function (response) { // console.log(path, response); });*/ path = 'wxagame_getfriendsscore'; GM_xmlhttpRequest ( { method: 'POST', url: base_site + path, data: JSON.stringify(base_req), headers: headers, onload: function (response) { console.log (response.responseText); var times = JSON.parse(response.responseText).my_user_info.times + 1; path = 'wxagame_init'; GM_xmlhttpRequest ( { method: 'POST', url: base_site + path, data: extend({}, {version: 9}, base_req), headers: headers, onload: function (response) { //console.log (response.responseText); var action = [], musicList = [], touchList = []; // for (var i = 0; i < score; i++) { // action.push([0.752, 1.32, false]) // musicList.push(false) // touchList.push([185, 451]) // } var data = { score: score, times: times, game_data: JSON.stringify({ seed: Date.now(), action: action, musicList: musicList, touchList: touchList, version: 1 }) }; var path = 'wxagame_settlement'; GM_xmlhttpRequest ( { method: 'POST', url: base_site + path, data: extend({}, {action_data: encrypt(data, session_id)}, base_req), headers: headers, onload: function (response) { //console.log (response.responseText); console.log('2018! Happy new year! 🎉'); } }); } }); } }); /*request({ method: 'POST', url: base_site + path, headers: headers, json: true, body: base_req }).then(function (response) { // console.log(response.my_user_info) var times = response.my_user_info.times + 1; path = 'wxagame_init'; request({ method: 'POST', url: base_site + path, headers: headers, json: true, body: extend({}, {version: 9}, base_req) }).then(function (response) { // console.log(path, response) var action = [], musicList = [], touchList = []; // for (var i = 0; i < score; i++) { // action.push([0.752, 1.32, false]) // musicList.push(false) // touchList.push([185, 451]) // } var data = { score: score, times: times, game_data: JSON.stringify({ seed: Date.now(), action: action, musicList: musicList, touchList: touchList, version: 1 }) }; path = 'wxagame_settlement'; request({ method: 'POST', url: base_site + path, headers: headers, json: true, body: extend({}, {action_data: encrypt(data, session_id)}, base_req) }).then(function (response) { // console.log(path, response) console.log('2018! Happy new year! 🎉'); }).catch(function (error) { console.log(error); }); }); }).catch(function (error) { console.log('something crash'); });*/ })();