吾爱破解 - LCG - LSG |安卓破解|病毒分析|www.52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 46231|回复: 130
收起左侧

[Android 分享] [教程]微信小程序【消灭病毒】相关修改算法说明

  [复制链接]
M0nster 发表于 2019-3-17 19:36
本帖最后由 M0nster 于 2019-3-18 22:12 编辑

2019-03-18 21:54 第18行代码插入错误,咨询了@Hmily是因为Discuz的问题所导致,现已修复。

之前在福利经验区发了帮人修改的帖子后来因为发错版块被版主删除了,现在公开一下具体算法及代码。
通过反编译小程序源码找到了关键加密算法,想修改相关数值就和吃饭一样容易了。
关于反编译小程序不多说了,到github上找到大神提供的程序wxappUnpacker。其他用到的工具有Fiddler、记事本、postman和浏览器。
小程序有两处关键加密,一处是获取用户信息的sign,一处是修改用户信息的sign。
我们想修改账号内的信息必须要先获取到信息内容。
第一步,获取用户信息的sign。以【ID:123】为例
[JavaScript] 纯文本查看 复制代码
 
 var e = []
 var i = "";
 var t = {
         plat: 'wx',
         time: '1552654618286',
         openid: '123',
         wx_appid: 'wxa2c324b63b2a9e5e',
         wx_secret: '8fbd540d0b23197df1d5095f0d6ee46d'
}
for (var s in t) {
 e.push(s);
 }
e.sort(function(t, e) {
                 return t > e ? 1 : t < e ? -1 : 0;
         });

         var n;
         for (n in e) i += ( s=e[n]) + "=" + t[s] + "&";
        document.write("1.Get UserInfo Hash<br><br>")
        document.write($.md5(i.substring(0,i.length-1)))

微信截图_20190317184229.png
获取到查询用户信息的sign后把它代入到Request里就可以查询到当前用户的详细信息了
[HTML] 纯文本查看 复制代码
POST /api/archive/get  HTTP/1.1
charset:utf-8
Accept-Encoding:gzip
referer:[url=https://servicewechat.com/wxa2c324b63b2a9e5e/43/page-frame.html]https://servicewechat.com/wxa2c324b63b2a9e5e/43/page-frame.html[/url]
content-type:application/x-www-form-urlencoded
User-Agent:Mozilla/5.0 (Linux; Android 9; LYA-AL00 Build/HUAWEILYA-AL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/70.0.3538.110 Mobile Safari/537.36 MicroMessenger/7.0.3.1400(0x27000334) Process/appbrand2 NetType/WIFI Language/zh_CN
Content-Length: 116
Host:wxwyjh.chiji-h5.com
Connection:Keep-Alive

{"plat":"wx","time":1552654618286,"openid":"oc6rl5UBEiRdOTw55r48EBEAoZPQ","sign":"f85180650fefff89967c880cbac02caa"}

post之后得到以下数据
[JavaScript] 纯文本查看 复制代码
{
  "data": {
    "record": "{\"uid\":\"123\",\"isSoundOff\":false,\"isShackOff\":false,\"GMTimeG\":-1,\"GMTimeP\":-1,\"level\":8,\"lDamage\":20,\"lCount\":7,\"lJiaZhi\":7,\"lRiChang\":11,\"curFu\":0,\"levelFuCount\":[2,1,1,1,1,1,1,1,1,1],\"levelFuDamage\":[12,1,1,1,1,1,1,1,1,1],\"getTime2\":1551071798042,\"bgIndex\":6,\"money\":8888,\"tipFU\":false,\"isGuide\":false,\"tiLi\":80,\"tiLiBackTime\":1551079073073,\"today\":4,\"playCount\":0,\"shareCount\":0,\"videoCount\":0,\"isGuanZhu\":0,\"isShouCang\":0,\"tryFuCount\":0,\"pos\":\"u5317u4eac,u5317u4eac\",\"posUpdate\":21,\"zuanShi\":8888,\"getTime\":\"0\",\"sign\":\"e63a0b8b7c02a18737667060d5d1ce3c\"}",
    "gm_record": "",
    "gm_rewards": ""
  },
  "code": 0
}

record里面便是我们要修改的地方,比如说money和zuanShi这两项
[JavaScript] 纯文本查看 复制代码
{"uid":"123","isSoundOff":false,"isShackOff":false,"GMTimeG":-1,"GMTimeP":-1,"level":8,"lDamage":20,"lCount":7,"lJiaZhi":7,"lRiChang":11,"curFu":0,"levelFuCount":[2,1,1,1,1,1,1,1,1,1],"levelFuDamage":[12,1,1,1,1,1,1,1,1,1],"getTime2":1551071798042,"bgIndex":6,"money":"99999999999999","tipFU":false,"isGuide":false,"tiLi":80,"tiLiBackTime":1551079073073,"today":4,"playCount":0,"shareCount":0,"videoCount":0,"isGuanZhu":0,"isShouCang":0,"tryFuCount":0,"pos":"北京,北京","posUpdate":21,"zuanShi":999999999,"getTime":"0","sign":"e63a0b8b7c02a18737667060d5d1ce3c"}

修改好后要算出修改用户信息的sign
[JavaScript] 纯文本查看 复制代码
 var e = []
 var i = "";
 var t = {
         plat: 'wx',
         record: '{"uid":"123","isSoundOff":false,"isShackOff":false,"GMTimeG":-1,"GMTimeP":-1,"level":8,"lDamage":20,"lCount":7,"lJiaZhi":7,"lRiChang":11,"curFu":0,"levelFuCount":[2,1,1,1,1,1,1,1,1,1],"levelFuDamage":[12,1,1,1,1,1,1,1,1,1],"getTime2":1551071798042,"bgIndex":6,"money":"99999999999999","tipFU":false,"isGuide":false,"tiLi":80,"tiLiBackTime":1551079073073,"today":4,"playCount":0,"shareCount":0,"videoCount":0,"isGuanZhu":0,"isShouCang":0,"tryFuCount":0,"pos":"北京,北京","posUpdate":21,"zuanShi":999999999,"getTime":"0","sign":"e63a0b8b7c02a18737667060d5d1ce3c"}',
         time: '1552654613547',
         openid: '123',
         wx_appid: 'wxa2c324b63b2a9e5e',
         wx_secret: '8fbd540d0b23197df1d5095f0d6ee46d'
}
for (var s in t) {
 e.push(s);
 }
e.sort(function(t, e) {
                 return t > e ? 1 : t < e ? -1 : 0;
         });

         var n;
         for (n in e) i += ( s=e[n]) + "=" + t[s] + "&";
        document.write("2.Post UserInfo Hash<br><br>")
        document.write($.md5(i.substring(0,i.length-1)))

微信截图_20190317185344.png
获取到更新用户信息的sign后把它代入到Request里便可完成修改。
[HTML] 纯文本查看 复制代码
POST /api/archive/upload HTTP/1.1
charset:utf-8
Accept-Encoding:gzip
referer:[url=https://servicewechat.com/wxa2c324b63b2a9e5e/43/page-frame.html]https://servicewechat.com/wxa2c324b63b2a9e5e/43/page-frame.html[/url]
content-type:application/x-www-form-urlencoded
User-Agent:Mozilla/5.0 (Linux; Android 9; LYA-AL00 Build/HUAWEILYA-AL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/70.0.3538.110 Mobile Safari/537.36 MicroMessenger/7.0.3.1400(0x27000334) Process/appbrand2 NetType/WIFI Language/zh_CN
Content-Length: 810
Host:wxwyjh.chiji-h5.com
Connection:Keep-Alive

{"plat":"wx","record":"{\"uid\":\"123\",\"isSoundOff\":false,\"isShackOff\":false,\"GMTimeG\":-1,\"GMTimeP\":-1,\"level\":8,\"lDamage\":20,\"lCount\":7,\"lJiaZhi\":7,\"lRiChang\":11,\"curFu\":0,\"levelFuCount\":[2,1,1,1,1,1,1,1,1,1],\"levelFuDamage\":[12,1,1,1,1,1,1,1,1,1],\"getTime2\":1551071798042,\"bgIndex\":6,\"money\":\"99999999999999\",\"tipFU\":false,\"isGuide\":false,\"tiLi\":80,\"tiLiBackTime\":1551079073073,\"today\":4,\"playCount\":0,\"shareCount\":0,\"videoCount\":0,\"isGuanZhu\":0,\"isShouCang\":0,\"tryFuCount\":0,\"pos\":\"北京,北京\",\"posUpdate\":21,\"zuanShi\":999999999,\"getTime\":\"0\",\"sign\":\"e63a0b8b7c02a18737667060d5d1ce3c\"}","time":1552654613547,"openid":"123","sign":"c37ddaffc1a4cdeb0d231dc3c3a5d8df"}
微信截图_20190317184229.png
微信截图_20190317185344.png

免费评分

参与人数 40吾爱币 +41 热心值 +31 收起 理由
机吧 + 1 + 1 算法改了吗
besthyq + 1 我很赞同!
MOBO + 1 + 1 谢谢@Thanks!
1006706246 + 1 + 1 热心回复!
zycode + 1 谢谢@Thanks!
karlyu + 1 热心回复!
老李同志 + 1 我很赞同!
耳食之辈 + 1 谢谢@Thanks!
kalans + 1 + 1 我很赞同!
wjmtgg + 1 + 1 谢谢@Thanks!
HopeTF + 1 + 1 我很赞同!
qtfreet00 + 9 + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!
houkanghk + 1 + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!
Unreal.E.Age + 1 仅用于secret写在小程序前端的app
紫色忧郁 + 1 + 1 谢谢@Thanks!
红颜じ亦回忆ジ + 1 + 1 我很赞同!
sadie + 1 + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!给力
呵呵123 + 1 + 1 用心讨论,共获提升!
qsws3344 + 1 谢谢@Thanks!
罩到胸前必有沟 + 1 + 1 谢谢@Thanks!
NICKM + 1 + 1 我很赞同!
Dbibi + 1 + 1 谢谢@Thanks!
炽之夕 + 1 + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!
caiyaonan + 1 + 1 希望能出详细一点的。加油!
设计师三七 + 1 我很赞同!
aolong77 + 1 + 1 我很赞同!
larf + 1 + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!
呆弟. + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!
yuanfans + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!
哇噻大王 + 1 用心讨论,共获提升!
itmaple + 1 我很赞同!
waithappy + 1 + 1 谢谢@Thanks!
pumishuo + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!
mo衣吖喵~ + 1 + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!
sany1860 + 1 + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!
我老公 + 1 谢谢@Thanks!
℡小疯、 + 1 我很赞同!
绅士的单眼皮 + 1 用心讨论,共获提升!
联合卡环 + 1 + 1 我很赞同!
恪守剑 + 1 + 1 谢谢@Thanks!

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

 楼主| M0nster 发表于 2019-3-17 22:45
第八个男人 发表于 2019-3-17 22:04
这个git已经star了,之前有分析过sign,后来过于繁琐放弃了。不过现在也不打算弄了。毕竟。。。不会玩这游 ...

玩游戏不是主要目的,主要是分析一下淘宝闲鱼那些卖金币钻石的是怎么搞的
sanyao09 发表于 2019-4-13 15:07
karlyu 发表于 2019-4-12 15:40
document.write(md5(i.substring(0, i.length - 1)))这一行总是没有输出,怎么解决?

改成我这样  在MD5 加密

[Java] 纯文本查看 复制代码
var e = []
&#160;var i = "";
&#160;var t = {
&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;plat: 'wx',
&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;record: '{"uid":"123","isSoundOff":false,"isShackOff":false,"GMTimeG":-1,"GMTimeP":-1,"level":8,"lDamage":20,"lCount":7,"lJiaZhi":7,"lRiChang":11,"curFu":0,"levelFuCount":[2,1,1,1,1,1,1,1,1,1],"levelFuDamage":[12,1,1,1,1,1,1,1,1,1],"getTime2":1551071798042,"bgIndex":6,"money":"99999999999999","tipFU":false,"isGuide":false,"tiLi":80,"tiLiBackTime":1551079073073,"today":4,"playCount":0,"shareCount":0,"videoCount":0,"isGuanZhu":0,"isShouCang":0,"tryFuCount":0,"pos":"北京,北京","posUpdate":21,"zuanShi":999999999,"getTime":"0","sign":"e63a0b8b7c02a18737667060d5d1ce3c"}',
&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;time: '1552654613547',
&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;openid: '123',
&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;wx_appid: 'wxa2c324b63b2a9e5e',
&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;wx_secret: '8fbd540d0b23197df1d5095f0d6ee46d'
}
for (var s in t) {
&#160;e.push(s);
&#160;}
e.sort(function(t, e) {
&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;return t > e ? 1 : t < e ? -1 : 0;
&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;});
&#160;
&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;var n;
&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;for (n in e) i += ( s=e[n]) + "=" + t[s] + "&";
&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;document.write("2.Post UserInfo Hash<br><br>")
&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;document.write(i.substring(0,i.length-1))
hmeng 发表于 2019-3-17 20:01
zhizhuodeshu 发表于 2019-3-17 20:02
小白看不懂=  =
情书谈什么恋爱 发表于 2019-3-17 20:24
用心讨论问题的所在,共获提升!
Hmily 发表于 2019-3-17 20:51
@M0nster 发不出来提示什么?

点评

我发你QQ了,代码内容让安域拦截了  详情 回复 发表于 2019-3-17 20:55
Arty_chen 发表于 2019-3-17 20:54
看不懂,能搞个小程序就好了
 楼主| M0nster 发表于 2019-3-17 20:55
Hmily 发表于 2019-3-17 20:51
@M0nster 发不出来提示什么?

我发你QQ了,代码内容让安域拦截了
sylar3164 发表于 2019-3-17 20:56 来自手机
能人异士
ehjxld 发表于 2019-3-17 21:02
日抛游戏。
学会爱自己 发表于 2019-3-17 21:08
感谢分享
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则 警告:本版块禁止灌水或回复与主题无关内容,违者重罚!

快速回复 收藏帖子 返回列表 搜索

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-3-29 20:57

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表