Script

u净

December 8, 2024

Script

u净设备 access 空闲

import requests

headers = {
    'Host': 'phoenix.ujing.online',
    'authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBVc2VySWQiOjI2ODQwMzU0LCJleHAiOjE3MTg2ODUyNTQsImlhdCI6MTcxMDY1MDA1NCwiaWQiOjM3MzI3Mzg3LCJuYW1lIjoiMTc2Mjg4MTgwMDcifQ.913YgdVAXa2CpPTy0ZDe4uSU2_rmWae-V9eSDKcjrhk',
    'x-mobile-brand': 'Xiaomi',
    'x-app-code': 'BA',
    'content-type': 'application/json; application/json',
    'weex-version': '1.1.39',
    'x-app-version': '2.4.7',
    'x-mobile-model': 'MI CC 9e',
    'user-agent': 'okhttp/4.3.1',
}

params = {
    'lat': '31.781257',
    'lont': '104.722751',
    'page': '1',
    'size': '10',
    'scope': '2000',
    'mode': 'BA',
}

response = requests.get('https://phoenix.ujing.online/api/v1/stores/near', params=params, headers=headers)
print(response.text)

import requests

headers = {
    'Host': 'phoenix.ujing.online',
    'authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBVc2VySWQiOjI2ODQwMzU0LCJleHAiOjE3MTg2OTM4NDYsImlhdCI6MTcxMDY1ODY0NiwiaWQiOjM3MzI3Mzg3LCJuYW1lIjoiMTc2Mjg4MTgwMDcifQ.O57d8RDSIPiPMjujCOJy_kDk4pP4JPb6kOcNPyZfKBk',
    'x-mobile-brand': 'Xiaomi',
    'x-app-code': 'QA',
    'weex-version': '1.0.14',
    'x-app-version': '2.4.7',
    'x-mobile-model': 'MI CC 9e',
    'content-type': 'application/json; charset=utf-8',
    # 'content-length': '39',
    # 'accept-encoding': 'gzip',
    # 'cookie': 'acw_tc=46584e69e6704d70326faa561c30589410c3faf879df2677554cfe0275ad3f64; acw_tc=b5d1fb8f9754db56830caa042106f70756ae7df3f15ad4b08dba5a1747dde946; acw_tc=dd343230f10c3b47c0647be29166f50f265a0ab12e193611382832f9d47a65d8',
    'user-agent': 'okhttp/4.3.1',
}

data = {'washer':['62b409a508d91213947e6cc1']}

response = requests.post(
    'https://phoenix.ujing.online/api/v1/app/commonality/store/getCommonUsedStoreDetail',
    headers=headers,
    json=data,
)

print(response.text)

山西恒安刷课以及考试

December 8, 2024

Re, Script

软件正常无法抓包，简单绕过，无加密，整个流程可也说是设计得比较好，就是有点费服务器，斻多API，都是一条一条拉满了的，以下是python代码

考试

import requests, json



header={
    'Host': 'nazx.yunkeonline.cn',
    'content-type': 'application/json',
    'x-access-token': '8ECDCD1C5FCC04DE8E35C5255185385F7CFE78459FAE318A432E95140FC1CFFC',
    'app-version': '2.1.0',
    'app-os': 'ANDROID',
    'code-version': '2.1.1',
    'user-agent': 'okhttp/3.14.9',
}
def login(uname,pwd):

    headers = {
        'Host': 'nazx.yunkeonline.cn',
        'app-version': '2.1.0',
        'app-os': 'ANDROID',
        'code-version': '2.1.1',
        'content-type': 'application/json;charset=UTF-8',
        'user-agent': 'okhttp/3.14.9',
    }
    data = {"bindMobile":uname,"imageCode":"","password":pwd,"username":"","verifyCode":""}

    response = requests.post('https://nazx.yunkeonline.cn/c/user/login', headers=headers, json=data)
    print(response.text)
    return response.json()['result']['token']


def get_courseId():
    params = {
        'statusList': '1,2',
        'pageNo': '1',
        'pageSize': '3',
    }

    response = requests.get('https://nazx.yunkeonline.cn/c/trainPlan/getMyPlan', params=params, headers=header)
    classId=response.json()['result']['records'][0]['trainPlanId']
    params = {
        'classId': classId,
    }
    response = requests.get('https://nazx.yunkeonline.cn/c/trainPlan/getAppClassTaskList', params=params, headers=header)

    return response.json()['result']['trainPlanStageDetailDtos'][1]['planAppTaskListDtos'][0]['taskId']


def get_question_list(id):

    response = requests.get(f'https://nazx.yunkeonline.cn/c/exam/getQuestionList/{id}', headers=header)
    for i in response.json()['result']:

        with open('answer.json', 'r') as f:
            answers=json.load(f)

        for j in answers['result']:
            
            if j['id']==i['id']:
                print(j['analysis'],' ==> ',answer)
                answer=j['answer']
                answerQuestion(answer,id,j['id'])

                
    return response.json()['result']


def start_exam(id):

    response = requests.post(f'https://nazx.yunkeonline.cn/c/exam/startExam/{id}', headers=header)
    print(response.text)


def answerQuestion(answer,id,qid):
    data = {'answer':answer,'examinationId':id,'questionId':qid}
    response = requests.post('https://nazx.yunkeonline.cn/c/exam/answerQuestion', headers=header, json=data)


def submit_exam(id):

    response = requests.post(f'https://nazx.yunkeonline.cn/c/exam/submit/{id}/0', headers=header)
    print(response.text)
    print("考试完成")

def run():
    header['x-access-token']=login(phone,pwd)
    id=get_courseId()
    start_exam(id)
    get_question_list(id)

    submit_exam(id)


phone="150343xxxx"
pwd="xx"
run()

刷课, 只想到了多线程,异步没能实现，理论上可，但是失败了开了36线程的线程池，10 ==>360秒，1分钟看36分钟，算总时常，异步理论上更佳，奈何实力不到

...

某图库

October 24, 2023

Python, Script

一点点加密，随便还找了一个oss直连

import random
import time
def encode(_str):
    staticchars = "PXhw7UT1B0a9kQDKZsjIASmOezxYG4CHo5Jyfg2b8FLpEvRr3WtVnlqMidu6cN"
    encodechars = ""
    for i in range(len(_str)):
        num0 = staticchars.find(_str[i])
        if num0 == -1:
            code = _str[i]
        else:
            code = staticchars[(num0 + 3) % 62]
            
        num1 = random.randint(0, 61)
        num2 = random.randint(0, 61)
        encodechars += staticchars[num1] + code + staticchars[num2]
    return encodechars

def timestamp():
    return str(int(time.time()))
def sing():
   return encode("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJvcGVuaWQiOiJvMTExMTExMTExMTExMTExMTExMTEiLCJleHBpcmVfdGltZSI6MTY5NzMwNDUzNX0=.)FxVKiDH9rnMKEuTNMkRa7ibMrhp-Vdi-FHBgWOomdaQ###"+timestamp())

import requests

headers = {
    'authority': 'stapi.youpengw.com',
    'accept': '*/*',
    'accept-language': 'zh-CN,zh;q=0.9',
    'content-type': 'application/json',
    'sec-fetch-dest': 'empty',
    'sec-fetch-mode': 'cors',
    'sec-fetch-site': 'cross-site',
    'sign': sing(),
    'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 MicroMessenger/7.0.20.1781(0x6700143B) NetType/WIFI MiniProgramEnv/Windows WindowsWechat/WMPF XWEB/8447',
    'xweb_xhr': '1',
}

json_data = {
    'homepage_id': '233033',
    'classify_id': 5,
    'sort_type': 'default',
    'album_id': 0,
    'uid': 219050,
    'page': 1,
    'limit': 32,
    'action': 'cover',
    'version': 1,
    'appid': 'wx111117',
    'openid': '1111111',
    'timestamp': 1697353429134,
}

response = requests.post('https://xxx.xxxx.com/miniwechat/v1/natujun/photoList', headers=headers, json=json_data)
k=response.json()
s=[]
for i in k['data']['photoList']:
    s.append(i['url'])
print(s)

某刷课

October 23, 2023

Script

无任何难度，android rsa，第二次加入了人脸识别，幌子，直接用实名的人脸绕过


from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
import base64,requests

KEY='MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3Vsn6GuSivbc0mh1QFDjFVMdkb7lcAfsGdw6WuR0yM4GBP5MCJr301VX5aQucOKmpnpR4mhMSaCG0AVbK9VBNlghFcihfn3u4uMPGtqtXzKSJNZmLrzrS7Xd0ecUcAGHAnpEnXXgoUoYrAkthwKTBDayEIygQBrq+nMX53gST9QIDAQAB'
def RSA_encrypt(clear):
    if clear=='':
        return '' 
    rsa_key = RSA.import_key(base64.b64decode(KEY))
    cipher = PKCS1_v1_5.new(rsa_key)
    return base64.b64encode(cipher.encrypt(str(clear).encode('utf-8'))).decode()

def course_list():
    url='http://app.lfanpei.com/api/index/apiSafeLearning/learningCourseDetail'
    data={'apiToken':'','classId':classid,'courseId':courseId}
    data={k:RSA_encrypt(v) for k,v in data.items()}
    data['apiToken']=TOKEN
    #print(data)
    result=requests.post(url,data=data)
    # print(result.text)
    cl=[]
    for i in result.json()['data']['apiSafeCourseDetail']['safeCourseChaptersList']:
        for j in i['apiSafeCourseviewList']:
            if j['faceContrastTimes']!=1:
                face_Comparison()
                return 0
            if j['viewOver']!=1:  # 1 为已完成的
                cl.append([j['viewId'],TIME,j['courseViewHours'],j['viewTitle']])
            else:
                print('已完成',j['viewTitle'])

    return cl

def learm_update():
    url='http://app.lfanpei.com/api/video/apiSafeView/saveVideoPlayProgress'
    
    data={'apiToken':'','classId':classid,'courseId':courseId,'viewfileId':viewfileid,'curPercent':'100','curChapter':'0','viewTime':TIME,'curView':'1','viewOver':'1'}
    data={k:RSA_encrypt(v) for k,v in data.items()}
    data['apiToken']=TOKEN
    result=requests.post(url,json=data)
    print('\t'+result.text)
    if '不符' in result.text:
        print('--------------- id ',viewTitle,courseViewHours)
        print('exit-----------')
        exit()
def learm_begin():
    url='http://app.lfanpei.com/api/video/apiSafeView/updateVideoBeginTime'
    data={'apiToken':'','classId':classid,'courseId':courseId,'viewfileId':viewfileid,'ip':'127.0.0.1'}
    data={k:RSA_encrypt(v) for k,v in data.items()}
    data['apiToken']=TOKEN
    result=requests.post(url,data=data)
    print('\t'+result.text)
def learm_list():
    data = {'apiToken': TOKEN}
    result = requests.post('http://app.lfanpei.com/api/index/apiSafeLearning/oneClickLearningIndex', data=data)
    # print(result.text)
    ll=[]
    for i in result.json()['data']['learningIndexData']['classmateLearningList']:
        ll.append([i['classId'],i['name']])
        # print(i['classId'],i['name'])

    return ll

# 人脸图片对比
def face_Comparison():
    c=requests.get(get_face_img()).content
    files={'headPictureFile':c}
    data={'apiToken':'',
        'buisnessId':classid,
        'buisnessType':1,
        'viewId':courseid,
        'courseId':courseId
    }
    data={k:RSA_encrypt(v) for k,v in data.items()}
    data['apiToken']=TOKEN
    result=requests.post('http://app.lfanpei.com/api/liveCheck/apiSafeFace/faceComparison',data=data,files=files)
    print(result.text)
def get_face_img():
    url='http://app.lfanpei.com/api/user/apiSafeUserInfo/queryUserClassInfo'
    data={'apiToken':'','classId':classid}
    data={k:RSA_encrypt(v) for k,v in data.items()}
    data['apiToken']=TOKEN
    result=requests.post(url,data).json()
    # print(result)
    return result['data']['apiClassInformationPo']['apiUserDataSubmit']['picture']


# 暂时无用
# def get_classid():
#     url='http://app.lfanpei.com/api/user/apiSafeUserInfo/dataRevision'
#     result=requests.post(url,data={'apiToken':TOKEN}).json()
#     return result['data']['classList'][0]['class_id']
TOKEN='Api eyJhbGciOiJIUzUxMiJ9.eyJhcGlfbG9naW5fdXNlcl9rZXkiOiIzODgwOCNhNzUwMzljYy1mYjUyLTRjZWUtYjY5Ny0zMzRlMTI2YjNjNmIifQ.yQpzqsx1xP4AEmPh_goIQJY61mVTcGWS3Wdqx5FRAgrC89Mm5g_-OYWSTK_kR0bTELxxyoRvDkhxV1n-iOpweQ'
courseId='1603'
classid='279'
viewfileid='3410'
# 设置一个时间 200000——6000000
TIME='510000'
# face_Comparison()


# learm_begin()
# learm_update()


# print(get_face_img())


learm_type=1  # 1->一键学习
if __name__ == '__main__':
    if learm_type:
        for classid,learm_title in learm_list():
            print('当前学习classid',classid,learm_title)
            for viewfileid,TIME,courseViewHours,viewTitle in course_list():
                print(viewfileid,TIME,courseViewHours,viewTitle)
                # print('\t当前课程courseid',courseid,viewTitle,courseViewHours)
                learm_begin()
                learm_update()
    else:
        if TOKEN and courseid:
            for courseid,TIME,courseViewHours,viewTitle in course_list():
                print('当前课程courseid',courseid,viewTitle,courseViewHours)
                learm_begin()
                learm_update()


# eyJhbGciOiAiTm9uZSJ9.eyJhcGlfbG9naW5fdXNlcl9rZXkiOiAiMzc0ODAjODAzYzk3MTItZTYwOC00YTM4LWE1ZjgtNGE5ZGQzNDQxYjA3In0K.