【开源】关于兜兜风f大佬某东扫码登录分析

ly765893958

按照@Peanut_GGG 大佬分析的思路，弄出了成品，供大家学习和研究！！！
在此特别感谢原作者@兜兜风f  ，也特别感谢@Peanut_GGG 大佬贡献自己的分析思路。
源码+成品下载地址：下载地址
原帖:https://www.52pojie.cn/forum.php?mod=viewthread&tid=1362891&highlight=%B6%B5%B6%B5%B7%E7

ly765893958

zyxm2013 发表于 2021-2-8 20:28
我现在的情况是
没扫码前，提示
{"check_ip":0,"errcode":176,"message":"授权登录未确认"}

我今天也遇到这个情况了，最后的解决办法是更换心跳包的UA为Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.87 Safari/537.36就正常了

Pleasant

分享一个我的实现方式。
1. 获取二维码链接

[C#] 纯文本查看 复制代码

            // 获取s_token
            SessionClient.DefaultRequestHeaders.Add("Accept", "application/json, text/plain, */*");
            SessionClient.DefaultRequestHeaders.Add("ContentType", "application/x-www-form-urlencoded");
            SessionClient.DefaultRequestHeaders.Referrer = new Uri("https://plogin.m.jd.com/login/login?appid=300&returnurl=https%3A%2F%2Fwq.jd.com%2Fpassport%2FLoginRedirect%3Fstate%3D1101078047599%26returnurl%3Dhttps%253A%252F%252Fhome.m.jd.com%252FmyJd%252Fnewhome.action%253Fsceneval%253D2%2526ufc%253D%2526%252FmyJd%252Fhome.action&source=wq_passport");
            var response = await SessionClient.GetAsync(@"https://plogin.m.jd.com/cgi-bin/mm/new_login_entrance?lang=chs&appid=300&returnurl=https:%2F%2Fwq.jd.com%2Fpassport%2FLoginRedirect%3Fstate%3D1101078047599%26returnurl%3Dhttps%253A%252F%252Fhome.m.jd.com%252FmyJd%252Fnewhome.action%253Fsceneval%253D2%2526ufc%253D%2526%252FmyJd%252Fhome.action&source=wq_passport");
            if (response.StatusCode != HttpStatusCode.OK)
            {
                Lbl_QRStatus.Text = "二维码加载失败，请重试或采用Cookie登录";
                return;
            }
            var responseText = await response.Content.ReadAsStringAsync();
            var responseJo = (JObject)JsonConvert.DeserializeObject(responseText);
            SToken = responseJo["s_token"].ToString();
            // 获取token和okl_token
            string tokenAPI = string.Format("https://plogin.m.jd.com/cgi-bin/m/tmauthreflogurl?s_token={0}&v={1}&remember=true", SToken, Utils.GetTimeStampLong());
            var nvc = new List<KeyValuePair<string, string>>
            {
                new KeyValuePair<string, string>("lang", "chs"),
                new KeyValuePair<string, string>("appid", "300"),
                new KeyValuePair<string, string>("returnurl", "https%3A%2F%2Fwqlogin2.jd.com%2Fpassport%2FLoginRedirect%3Fstate%3D1100399130787%26returnurl%3D%252F%252Fhome.m.jd.com%252FmyJd%252Fnewhome.action%253Fsceneval%253D2%2526ufc%253D%2526%252FmyJd%252Fhome.action"),
                new KeyValuePair<string, string>("source", "wq_passport")
            };
            var message = new HttpRequestMessage(HttpMethod.Post, tokenAPI) { Content = new FormUrlEncodedContent(nvc) };
            response = await SessionClient.SendAsync(message);
            responseText = await response.Content.ReadAsStringAsync();
            responseJo = (JObject)JsonConvert.DeserializeObject(responseText);
            if (response.StatusCode != HttpStatusCode.OK || responseJo["errcode"].ToString() != "0")
            {
                Lbl_QRStatus.Text = "二维码加载失败...";
                return;
            }
            Token = responseJo["token"].ToString();
            var collection = CookieContainer.GetCookies(new Uri("https://plogin.m.jd.com"));
            foreach (Cookie cookie in collection)
            {
                if (cookie.Name == "okl_token")
                    OKLToken = cookie.Value;
            }
            if (string.IsNullOrWhiteSpace(OKLToken))
            {
                Lbl_QRStatus.Text = "二维码加载失败...";
                return;
            }
            // 构建二维码URL
            string qrUrl = string.Format("https://plogin.m.jd.com/cgi-bin/m/tmauth?client_type=m&appid=300&token={0}", Token);

2. 轮训结果

[C#] 纯文本查看 复制代码

            if (string.IsNullOrWhiteSpace(Token)) return;
            if (string.IsNullOrWhiteSpace(OKLToken)) return;
            // 对查询API进行轮询
            string checkAPI = string.Format("https://plogin.m.jd.com/cgi-bin/m/tmauthchecktoken?&token={0}&ou_state=0&okl_token={1}", Token, OKLToken);
            var nvc = new List<KeyValuePair<string, string>>
            {
                new KeyValuePair<string, string>("lang", "chs"),
                new KeyValuePair<string, string>("appid", "300"),
                new KeyValuePair<string, string>("returnurl", "https%3A%2F%2Fwqlogin2.jd.com%2Fpassport%2FLoginRedirect%3Fstate%3D1100399130787%26returnurl%3D%252F%252Fhome.m.jd.com%252FmyJd%252Fnewhome.action%253Fsceneval%253D2%2526ufc%253D%2526%252FmyJd%252Fhome.action"),
                new KeyValuePair<string, string>("source", "wq_passport")
            };
            var message = new HttpRequestMessage(HttpMethod.Post, checkAPI) { Content = new FormUrlEncodedContent(nvc) };
            var response = SessionClient.SendAsync(message).Result;
            var responseText = response.Content.ReadAsStringAsync().Result;
            var responseJo = (JObject)JsonConvert.DeserializeObject(responseText);
            // 如果扫码成功，那么得到的CookieContainer就是所要的，否则更新信息到界面上
            if (responseJo["errcode"].ToString() == "0")
            {
                // 设置一下关键Cookie为永不过期
                var cookies = CookieContainer.GetCookies(new Uri("https://api.m.jd.com"));
                foreach (Cookie cookie in cookies)
                {
                    cookie.Expires = DateTime.Now.AddMonths(1);
                }
                TM_FetchStatus.Enabled = false;
                this.DialogResult = DialogResult.OK;
                return;
            }
            else
            {
                Lbl_QRStatus.Text = responseJo["message"].ToString();
            }

一萬只草泥马

感谢分享~吾爱有你更精彩！

fuli2018

好像不行啊？错误提示失效了哦

ly765893958

fuli2018 发表于 2021-2-7 19:07
好像不行啊？错误提示失效了哦

我已经投入使用了

fuli2018

ly765893958 发表于 2021-2-7 19:16
我已经投入使用了

你这个心跳写的逻辑错误！电脑卡的一逼！内存占用率很大！
一直提示重试 错误提示

ly765893958

fuli2018 发表于 2021-2-7 19:22
你这个心跳写的逻辑错误！电脑卡的一逼！内存占用率很大！
一直提示重试 错误提示

放线程里就对了

mosou

有淘宝的吗

wangdian113258

相当不错过来学习了

不苦小和尚

ly765893958 发表于 2021-2-7 19:28
放线程里就对了

能否弄个百度短信验证登录的

恐怖如斯吧

这个不能直接更新