-
-
Save Clarence-pan/e809ecd83dc4f3c8aeb2b71f3fffbf48 to your computer and use it in GitHub Desktop.
/* | |
* Recommend run with node v8.9.x or higher version | |
* npm install lodash crypto-js request-promise request | |
* node hack.js | |
*/ | |
const version = 5 // the version of t1t | |
const score = 370 // the score you wanna get | |
const playTimeSeconds = score * 0.01 // simulate the playing time (seconds) | |
// replace with your session_id here | |
const session_id = "your session_id" | |
// import libraries | |
const CryptoJS = require('crypto-js') | |
const requestPromise = require('request-promise') | |
const sleep = (time) => { | |
console.log(`sleeping ${time/1000} second(s)....`) | |
return new Promise(resolve => setTimeout(resolve, time)) | |
} | |
const rand = (min, max) => Math.random() * (max - min) + min | |
const randInt = (min, max) => ~~rand(min, max) | |
const sleepRand = (min, max) => sleep(rand(min, max)) | |
const headers = { | |
'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_2 like Mac OS X) AppleWebKit/603.2.4 (KHTML, like Gecko) Mobile/14F89 MicroMessenger/6.6.1 NetType/WIFI Language/zh_CN', | |
'Referer': 'https://servicewechat.com/wx7c8d593b2c3a7703/' + version + '/page-frame.html', | |
'Content-Type': 'application/json', | |
'Accept-Language': 'zh-cn', | |
'Accept': '*/*' | |
} | |
const base_req = { | |
'base_req': { | |
'session_id': session_id, | |
'fast': 1 | |
} | |
} | |
const base_site = 'https://mp.weixin.qq.com/wxagame/' | |
// the main proccess | |
async function main(){ | |
let settlementRes, res | |
res = await request("POST", 'wxagame_getuserinfo') | |
await sleepRand(100,300) | |
res = await request("POST", 'wxagame_getfriendsscore') | |
// return | |
let times = res.my_user_info.times + 1 | |
await sleepRand(100,300) | |
res = await request('POST', 'wxagame_init', {version: 9}) | |
await sleepRand(playTimeSeconds * 0.9 * 1000, playTimeSeconds * 1.1 * 1000) | |
await (async function(){ | |
let action = [], | |
musicList = [], | |
touchList = [] | |
for (let i = 0; i < score; i++) { | |
action.push([rand(0.752, 0.852), rand(1.31, 1.36), false]) | |
musicList.push(false) | |
touchList.push([randInt(180, 190), randInt(441, 456)]) | |
} | |
let data = { | |
score: score, | |
times: times, | |
game_data: JSON.stringify({ | |
seed: Date.now(), | |
action: action, | |
musicList: musicList, | |
touchList: touchList, | |
version: 1 | |
}) | |
} | |
let action_data = encrypt(data, session_id) | |
settlementRes = await request('POST', 'wxagame_settlement', {action_data}) | |
})() | |
res = await request("POST", 'wxagame_getfriendsscore') | |
console.log("settlement result: ", settlementRes) | |
console.log("Well done! Happy new year! 🎉") | |
} | |
async function request(method, path, body={}){ | |
console.log('----------------------------------------') | |
console.log(`Sending request: %s %s -- %o`, method, path, body) | |
try { | |
const res = await requestPromise({ | |
method: method, | |
url: base_site + path, | |
headers: headers, | |
json: true, | |
body: {...base_req, ...body}, | |
}) | |
console.log("Response: %o", res) | |
return res | |
} catch (e) { | |
console.error('Failed to get response: ', e) | |
throw e | |
} | |
} | |
function encrypt (text, originKey) { | |
const originKey2 = originKey.slice(0, 16) | |
const key = CryptoJS.enc.Utf8.parse(originKey2) | |
const iv = CryptoJS.enc.Utf8.parse(originKey2) | |
const msg = JSON.stringify(text) | |
const ciphertext = CryptoJS.AES.encrypt(msg, key, { | |
iv: iv, | |
mode: CryptoJS.mode.CBC, | |
padding: CryptoJS.pad.Pkcs7 | |
}); | |
return ciphertext.toString() | |
} | |
function decrypt (text, originKey) { | |
const originKey2 = originKey.slice(0, 16) | |
const key = CryptoJS.enc.Utf8.parse(originKey2) | |
const iv = CryptoJS.enc.Utf8.parse(originKey2) | |
const bytes = CryptoJS.AES.decrypt(text, key, {iv}) | |
const plaintext = CryptoJS.enc.Utf8.stringify(bytes) | |
return plaintext | |
} | |
// execute! | |
main().catch(e => { | |
console.error("Opps~ ERROR EXIT: ", e) | |
}) |
@ChenYeah 现在报这个错了!是还有什么没装吗?
module.js:557
throw err;
^
Error: Cannot find module 'request-promise'
at Function.Module._resolveFilename (module.js:555:15)
at Function.Module._load (module.js:482:25)
at Module.require (module.js:604:17)
at require (internal/module.js:11:18)
at Object. (/Users/hai/Desktop/wx_t1t_hack.js:2:15)
at Module._compile (module.js:660:30)
at Object.Module._extensions..js (module.js:671:10)
at Module.load (module.js:573:32)
at tryModuleLoad (module.js:513:12)
at Function.Module._load (module.js:505:3)
npm install request-promise @ haige268
@leo7723 貌似不是这个原因
貌似挂掉
改成666 睡眠21s 死活不通过
@JacobW92 session_id过期了,重新抓包获取
有没有哪位大佬大致告诉我下具体流程,我现在是进去开始游戏,捕捉到sessionid,然后执行js脚本,然后这个游戏界面怎么退出呢。。
@KyonLi 谢谢dalao
hacked !
6666成功实现
四位数就108,几百还是可以的
发现点蹊跷……高了其他分数都不行,但是10w就可以……
88888是可以的
Sending request: POST wxagame_getuserinfo -- {}
Response: { base_resp: { errcode: -1 } }
sleeping 0.15681691764824485 second(s)....
Sending request: POST wxagame_getfriendsscore -- {}
Response: { base_resp: { errcode: -1 } }
Opps~ ERROR EXIT: TypeError: Cannot read property 'times' of undefined
at main (C:\Users\lx\hack.js:53:34)
at
sessionid是最新的,但是一直报这个错
12:59 好像都108了
2018/1/4 14:38
成功!
分数 2018
时间系数 0.31
2018/1/4 16:50
成功!
分数 2018
时间系数 0.31
分数太高好像别人就看不见了,gg
@zake111000 是有这个情况, 2118 分能够看见.
这个还没凉? 其他的都凉了
感觉我已经被拉黑了,刷成功也没分,自己玩不管多少分,过一会就变成0分了~
在手机上玩一次抓包后发现version已经是6了,然后貌似game_data增加了timestamp,steps和version参数
另外,现在times已经取不到了
现在还能下载小程序 pkg 吗?怎样得到它的 appid ?
`
dalao们 为啥我的会这样???