QQ空间登录协议分析：JS篇

来源：互联网发布：萌照软件下载编辑：程序博客网时间：2024/04/30 17:07

QQ空间是用GET方法

访问链接：

“http://ptlogin2.qq.com/login?u=” ＋ QQ号＋ “&p=” ＋加密 (QQ号, QQ密码, 验证码) ＋ “&verifycode=” ＋验证码＋ “&aid=1006102&u1=http%3A%2F%2Fid.qq.com%2Findex.html%23myfriends&h=1&ptredirect=1&ptlang=2052&from_ui=1&dumy=&fp=loginerroralert&action=8-57-411578&mibao_css=&t=5&g=1&js_type=0&js_ver=10015&login_sig=M68RroVE7d9cWVGLMysPechIltwu1GWLDkOrMwJ1O2VISYLTKwX6t3*qLIwl1DIa”

检查验证码：

“http://check.ptlogin2.qq.com/check?uin=” ＋ QQ号＋ “&appid=1006102&js_ver=10015&js_type=0&login_sig=y9izLTQDUx-VRJ*tu9aAnzzd3Th5R5d3-LSQ-R-DgQmZx7cRXxodffTGfDUzJtox&u1=http%3A%2F%2Fid.qq.com%2Findex.html&r=” ＋随机数 (15)

验证码地址：

“http://captcha.qq.com/getimage?aid=1006102&r=0.” ＋随机数 () ＋ “&uin=” ＋ QQ号

JS的分析

加密的核心算法

    function getEncryption(password, uin, vcode) {        var str1 = hexchar2bin(md5(password));        var str2 = md5(str1 + uin);        var str3 = md5(str2 + vcode.toUpperCase());        return str3    }

password是密码，uin是QQ号的【字节集】，vcode是验证码

    function hexchar2bin(str) {        var arr = [];        for (var i = 0; i < str.length; i = i + 2) {            arr.push("\\x" + str.substr(i, 2))        }        arr = arr.join("");        eval("var temp = '" + arr + "'");        return temp    }

hexchar2bin是将md5文本转化为【字节集】

function ptui_checkVC(B, E, D) {    clearTimeout(pt.login.checkClock);    pt.login.saltUin = D;    if (D == "\x00\x00\x00\x00\x00\x00\x27\x10") {        pt.login.show_err(pt.str.inv_uin)    } else {        if (!pt.login.hasSubmit) {            pt.login.hide_err()        }    }    if (B == "0") {        pt.login.hideVC();        $("verifycode").value = E;        pt.login.needVc = false    } else {        if (B == "1") {            pt.login.showVC();            $.css.show($("vc_tips"));            pt.login.needVc = true        } else {}    }    pt.login.domFocus($("p"));    pt.login.hasCheck = true;    g_time.time7 = new Date();    var A = g_time.time7 - g_time.time6;    var C = 0;    if (A < 0) {        return    } else {        if (A <= 3000) {            C = 11        } else {            if (A <= 5000) {                C = 12            } else {                C = 13            }        }    }    pt.login.checkResultReport(C)}

获取验证码和pt.login.saltUin ，也就是uin的【字节集】

QZFL.pluginsDefine.getACSRFToken = function() {        return arguments.callee._DJB(QZFL.cookie.get("skey"))    };    QZFL.pluginsDefine.getACSRFToken._DJB = function(str) {        var hash = 5381;        for (var i = 0,        len = str.length; i < len; ++i) hash += (hash << 5) + str.charCodeAt(i);        return hash & 2147483647    };

g_tk算法