Skip to content

Instantly share code, notes, and snippets.

@urootcom

urootcom/wx_hack.js

Forked from yangceng/wx_hack.js
Created February 21, 2018 15:19
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save urootcom/50e5b174f43ab18fadf899b29e3e5fd2 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save urootcom/50e5b174f43ab18fadf899b29e3e5fd2 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. yangceng created this gist Jan 3, 2018.
    152 changes: 152 additions & 0 deletions wx_hack.js
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,152 @@
    var CryptoJS = require('crypto-js')
    var request = require('request-promise')

    /*
    * npm install crypto-js request-promise
    * node wx_hack.js
    */

    // export function testEncription(msg, fullKey) {
    // var fullKey = fullKey.slice(0, 16)
    // var key = CryptoJS.enc.Utf8.parse(fullKey)
    // var iv = CryptoJS.enc.Utf8.parse(fullKey)

    // var passWord = CryptoJS.AES.encrypt(msg, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 })
    // var base64 = passWord.toString()

    // console.log('passWord', passWord)
    // console.log('sessionId', sessionId)
    // console.log('key', key)
    // console.log('base64', base64)

    // var bytes = CryptoJS.AES.decrypt(base64, key, {
    // iv: iv
    // });
    // console.log('bytes', bytes)
    // var plaintext = CryptoJS.enc.Utf8.stringify(bytes);
    // console.log('plaintext', plaintext)
    // }

    function encrypt (text, originKey) {
    var originKey = originKey.slice(0, 16),
    key = CryptoJS.enc.Utf8.parse(originKey),
    iv = CryptoJS.enc.Utf8.parse(originKey),
    msg = JSON.stringify(text)
    var ciphertext = CryptoJS.AES.encrypt(msg, key, {
    iv: iv,
    mode: CryptoJS.mode.CBC,
    padding: CryptoJS.pad.Pkcs7
    });
    return ciphertext.toString()
    }

    function decrypt (text, originKey) {
    var originKey = originKey.slice(0, 16),
    key = CryptoJS.enc.Utf8.parse(originKey),
    iv = CryptoJS.enc.Utf8.parse(originKey)
    var bytes = CryptoJS.AES.decrypt(text, key, {
    iv: iv
    })
    var plaintext = CryptoJS.enc.Utf8.stringify(bytes)
    return plaintext
    }

    function extend (target) {
    var sources = [].slice.call(arguments, 1)
    sources.forEach(function (source) {
    for (var prop in source) {
    target[prop] = source[prop]
    }
    })
    return target
    }



    var version = 5,
    // score = Math.round(10000+Math.random()*2000),
    score = 13142,
    // replace with your session_id here
    session_id = 'xxxx'

    var headers = {
    'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_1 like Mac OS X) AppleWebKit/604.4.7 (KHTML, like Gecko) Mobile/15C153 MicroMessenger/6.6.1 NetType/WIFI Language/zh_CN',
    'Referer': 'https://servicewechat.com/wx7c8d593b2c3a7703/' + version + '/page-frame.html',
    'Content-Type': 'application/json',
    'Accept-Language': 'zh-cn',
    'Accept': '*/*'
    }
    var base_req = {
    'base_req': {
    'session_id': session_id,
    'fast': 1
    }
    }
    var base_site = 'https://mp.weixin.qq.com/wxagame/'

    var path = 'wxagame_getuserinfo'
    request({
    method: 'POST',
    url: base_site + path,
    headers: headers,
    json: true,
    body: base_req
    }).then(function (response) {
    // console.log(path, response)
    })

    path = 'wxagame_getfriendsscore'
    request({
    method: 'POST',
    url: base_site + path,
    headers: headers,
    json: true,
    body: base_req
    }).then(function (response) {
    // console.log(response.my_user_info)
    var times = response.my_user_info.times + 1
    path = 'wxagame_init'
    request({
    method: 'POST',
    url: base_site + path,
    headers: headers,
    json: true,
    body: extend({}, {version: 9}, base_req)
    }).then(function (response) {
    // console.log(path, response)
    var action = [],
    musicList = [],
    touchList = []
    for (var i = 0; i < score; i++) {
    action.push([0.752, 1.32, false])
    musicList.push(false)
    touchList.push([Math.round(100+Math.random()*200), Math.round(300+Math.random()*200)])
    }
    var data = {
    score: score,
    times: times,
    game_data: JSON.stringify({
    seed: Date.now(),
    action: action,
    musicList: musicList,
    touchList: touchList,
    version: 1
    })
    }
    path = 'wxagame_settlement'
    request({
    method: 'POST',
    url: base_site + path,
    headers: headers,
    json: true,
    body: extend({}, {action_data: encrypt(data, session_id)}, base_req)
    }).then(function (response) {
    // console.log(path, response)
    console.log('2018! Happy new year! 🎉')
    }).catch(function (error) {
    console.log(error)
    })
    })
    }).catch(function (error) {
    console.log('something crash')
    })