Created
January 3, 2018 09:39
-
-
Save yangceng/0c2a76564c1afa4cd3a1e238300b311f to your computer and use it in GitHub Desktop.
跳一跳,最高10w
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var CryptoJS = require('crypto-js') | |
| var request = require('request-promise') | |
| /* | |
| * npm install crypto-js request-promise | |
| * node wx_hack.js | |
| */ | |
| // export function testEncription(msg, fullKey) { | |
| // var fullKey = fullKey.slice(0, 16) | |
| // var key = CryptoJS.enc.Utf8.parse(fullKey) | |
| // var iv = CryptoJS.enc.Utf8.parse(fullKey) | |
| // var passWord = CryptoJS.AES.encrypt(msg, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 }) | |
| // var base64 = passWord.toString() | |
| // console.log('passWord', passWord) | |
| // console.log('sessionId', sessionId) | |
| // console.log('key', key) | |
| // console.log('base64', base64) | |
| // var bytes = CryptoJS.AES.decrypt(base64, key, { | |
| // iv: iv | |
| // }); | |
| // console.log('bytes', bytes) | |
| // var plaintext = CryptoJS.enc.Utf8.stringify(bytes); | |
| // console.log('plaintext', plaintext) | |
| // } | |
| function encrypt (text, originKey) { | |
| var originKey = originKey.slice(0, 16), | |
| key = CryptoJS.enc.Utf8.parse(originKey), | |
| iv = CryptoJS.enc.Utf8.parse(originKey), | |
| msg = JSON.stringify(text) | |
| var ciphertext = CryptoJS.AES.encrypt(msg, key, { | |
| iv: iv, | |
| mode: CryptoJS.mode.CBC, | |
| padding: CryptoJS.pad.Pkcs7 | |
| }); | |
| return ciphertext.toString() | |
| } | |
| function decrypt (text, originKey) { | |
| var originKey = originKey.slice(0, 16), | |
| key = CryptoJS.enc.Utf8.parse(originKey), | |
| iv = CryptoJS.enc.Utf8.parse(originKey) | |
| var bytes = CryptoJS.AES.decrypt(text, key, { | |
| iv: iv | |
| }) | |
| var plaintext = CryptoJS.enc.Utf8.stringify(bytes) | |
| return plaintext | |
| } | |
| function extend (target) { | |
| var sources = [].slice.call(arguments, 1) | |
| sources.forEach(function (source) { | |
| for (var prop in source) { | |
| target[prop] = source[prop] | |
| } | |
| }) | |
| return target | |
| } | |
| var version = 5, | |
| // score = Math.round(10000+Math.random()*2000), | |
| score = 13142, | |
| // replace with your session_id here | |
| session_id = 'xxxx' | |
| var headers = { | |
| 'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_1 like Mac OS X) AppleWebKit/604.4.7 (KHTML, like Gecko) Mobile/15C153 MicroMessenger/6.6.1 NetType/WIFI Language/zh_CN', | |
| 'Referer': 'https://servicewechat.com/wx7c8d593b2c3a7703/' + version + '/page-frame.html', | |
| 'Content-Type': 'application/json', | |
| 'Accept-Language': 'zh-cn', | |
| 'Accept': '*/*' | |
| } | |
| var base_req = { | |
| 'base_req': { | |
| 'session_id': session_id, | |
| 'fast': 1 | |
| } | |
| } | |
| var base_site = 'https://mp.weixin.qq.com/wxagame/' | |
| var path = 'wxagame_getuserinfo' | |
| request({ | |
| method: 'POST', | |
| url: base_site + path, | |
| headers: headers, | |
| json: true, | |
| body: base_req | |
| }).then(function (response) { | |
| // console.log(path, response) | |
| }) | |
| path = 'wxagame_getfriendsscore' | |
| request({ | |
| method: 'POST', | |
| url: base_site + path, | |
| headers: headers, | |
| json: true, | |
| body: base_req | |
| }).then(function (response) { | |
| // console.log(response.my_user_info) | |
| var times = response.my_user_info.times + 1 | |
| path = 'wxagame_init' | |
| request({ | |
| method: 'POST', | |
| url: base_site + path, | |
| headers: headers, | |
| json: true, | |
| body: extend({}, {version: 9}, base_req) | |
| }).then(function (response) { | |
| // console.log(path, response) | |
| var action = [], | |
| musicList = [], | |
| touchList = [] | |
| for (var i = 0; i < score; i++) { | |
| action.push([0.752, 1.32, false]) | |
| musicList.push(false) | |
| touchList.push([Math.round(100+Math.random()*200), Math.round(300+Math.random()*200)]) | |
| } | |
| var data = { | |
| score: score, | |
| times: times, | |
| game_data: JSON.stringify({ | |
| seed: Date.now(), | |
| action: action, | |
| musicList: musicList, | |
| touchList: touchList, | |
| version: 1 | |
| }) | |
| } | |
| path = 'wxagame_settlement' | |
| request({ | |
| method: 'POST', | |
| url: base_site + path, | |
| headers: headers, | |
| json: true, | |
| body: extend({}, {action_data: encrypt(data, session_id)}, base_req) | |
| }).then(function (response) { | |
| // console.log(path, response) | |
| console.log('2018! Happy new year! 🎉') | |
| }).catch(function (error) { | |
| console.log(error) | |
| }) | |
| }) | |
| }).catch(function (error) { | |
| console.log('something crash') | |
| }) |
刚刚试了一下 score低于1w,就失效了
version 改 9
把 var times = response.my_user_info.times + 1 改成 var times = response.ts + 1
可以执行
2018年1月3日22:55:41
分数大于1W成功 23:27
版本改为9,分数12018。
把 var times = response.my_user_info.times + 1 改成 var times = response.ts + 1
可以执行。
2018-01-04-00.03可行。
2018年01月04日10:47:54 19999分 亲测可用 分数没测1W以内的
改动记录
- version = 9 (66 行)
- score = 100000
- var times = response.my_user_info.times + 1 改成 var times = response.ts + 1
可以执行 :)
2018-01-04 12:29:45
我用楼主的代码只能改成功一次啊,之后再改就不行了,不知道是什么原因?
@EnderZhou
分数不能改小
@JonyFang 是代码中所有的version都要改为9吗
@jujueyouhuo 我没有改小,我最开始改成234。然后想继续往高了改就没反应了。我用session_id在别人的网站上改倒是成功了。
显示2018! Happy new year! ,但是分数没变
不行的啊,108了
截止到目前,没有成功过
不行的啊,108了
截止到目前,没有成功过
@greatemoon 只修改了 Post API 的 version (66 行
显示2018! Happy new year! ,但是分数没变
可以执行,修改分数为 2018
修改时间 2018-01-04 15:37
@wubianxiaoxian 你改成功了?我为啥报错 base_resp: { errcode: 108 }
sec_id不是一直在变吗?(重启微信就变一次)怎么成功的??
下午朋友反馈,我的12018他已经看不见了。只有自己微信上能看见。2018-01-04
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
不会,score随意改