Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
weixin_tiaotiao
// ==UserScript==
// @name weixin_tiaotiao
// @namespace http://tampermonkey.net/
// @version 0.1
// @description try to take over the world!
// @author You
// @match https://mp.weixin.qq.com/
// @grant GM_xmlhttpRequest
// @require https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.js
// @require https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/aes.js
// ==/UserScript==
(function() {
'use strict';
// Your code here...
//var CryptoJS = require('crypto-js');
//var request = require('request-promise');
/*
* npm install crypto-js request-promise
* node wx_t1t_hack.js
*/
// export function testEncription(msg, fullKey) {
// var fullKey = fullKey.slice(0, 16)
// var key = CryptoJS.enc.Utf8.parse(fullKey)
// var iv = CryptoJS.enc.Utf8.parse(fullKey)
// var passWord = CryptoJS.AES.encrypt(msg, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 })
// var base64 = passWord.toString()
// console.log('passWord', passWord)
// console.log('sessionId', sessionId)
// console.log('key', key)
// console.log('base64', base64)
// var bytes = CryptoJS.AES.decrypt(base64, key, {
// iv: iv
// });
// console.log('bytes', bytes)
// var plaintext = CryptoJS.enc.Utf8.stringify(bytes);
// console.log('plaintext', plaintext)
// }
function encrypt (text, originKey) {
originKey = originKey.slice(0, 16);
var
key = CryptoJS.enc.Utf8.parse(originKey),
iv = CryptoJS.enc.Utf8.parse(originKey),
msg = JSON.stringify(text);
var ciphertext = CryptoJS.AES.encrypt(msg, key, {
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
return ciphertext.toString();
}
function decrypt (text, originKey) {
originKey = originKey.slice(0, 16);
var
key = CryptoJS.enc.Utf8.parse(originKey),
iv = CryptoJS.enc.Utf8.parse(originKey);
var bytes = CryptoJS.AES.decrypt(text, key, {
iv: iv
});
var plaintext = CryptoJS.enc.Utf8.stringify(bytes);
return plaintext;
}
function extend (target) {
var sources = [].slice.call(arguments, 1);
sources.forEach(function (source) {
for (var prop in source) {
target[prop] = source[prop];
}
});
return JSON.stringify(target);
}
var version = 5,
score = 2018,
// replace with your session_id here
session_id = '';
var headers = {
'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_1 like Mac OS X) AppleWebKit/604.4.7 (KHTML, like Gecko) Mobile/15C153 MicroMessenger/6.6.1 NetType/WIFI Language/zh_CN',
'Referer': 'https://servicewechat.com/wx7c8d593b2c3a7703/' + version + '/page-frame.html',
'Content-Type': 'application/json',
'Accept-Language': 'zh-cn',
'Accept': '*/*'
};
var base_req = {
'base_req': {
'session_id': session_id,
'fast': 1
}
};
var base_site = 'https://mp.weixin.qq.com/wxagame/';
var path = 'wxagame_getuserinfo';
GM_xmlhttpRequest ( {
method: 'POST',
url: base_site + path,
data: JSON.stringify(base_req),
headers: headers,
onload: function (response) {
console.log (response.responseText);
}
});
/*request({
method: 'POST',
url: base_site + path,
headers: headers,
json: true,
body: base_req
}).then(function (response) {
// console.log(path, response);
});*/
path = 'wxagame_getfriendsscore';
GM_xmlhttpRequest ( {
method: 'POST',
url: base_site + path,
data: JSON.stringify(base_req),
headers: headers,
onload: function (response) {
console.log (response.responseText);
var times = JSON.parse(response.responseText).my_user_info.times + 1;
path = 'wxagame_init';
GM_xmlhttpRequest ( {
method: 'POST',
url: base_site + path,
data: extend({}, {version: 9}, base_req),
headers: headers,
onload: function (response) {
//console.log (response.responseText);
var action = [],
musicList = [],
touchList = [];
// for (var i = 0; i < score; i++) {
// action.push([0.752, 1.32, false])
// musicList.push(false)
// touchList.push([185, 451])
// }
var data = {
score: score,
times: times,
game_data: JSON.stringify({
seed: Date.now(),
action: action,
musicList: musicList,
touchList: touchList,
version: 1
})
};
var path = 'wxagame_settlement';
GM_xmlhttpRequest ( {
method: 'POST',
url: base_site + path,
data: extend({}, {action_data: encrypt(data, session_id)}, base_req),
headers: headers,
onload: function (response) {
//console.log (response.responseText);
console.log('2018! Happy new year! 🎉');
}
});
}
});
}
});
/*request({
method: 'POST',
url: base_site + path,
headers: headers,
json: true,
body: base_req
}).then(function (response) {
// console.log(response.my_user_info)
var times = response.my_user_info.times + 1;
path = 'wxagame_init';
request({
method: 'POST',
url: base_site + path,
headers: headers,
json: true,
body: extend({}, {version: 9}, base_req)
}).then(function (response) {
// console.log(path, response)
var action = [],
musicList = [],
touchList = [];
// for (var i = 0; i < score; i++) {
// action.push([0.752, 1.32, false])
// musicList.push(false)
// touchList.push([185, 451])
// }
var data = {
score: score,
times: times,
game_data: JSON.stringify({
seed: Date.now(),
action: action,
musicList: musicList,
touchList: touchList,
version: 1
})
};
path = 'wxagame_settlement';
request({
method: 'POST',
url: base_site + path,
headers: headers,
json: true,
body: extend({}, {action_data: encrypt(data, session_id)}, base_req)
}).then(function (response) {
// console.log(path, response)
console.log('2018! Happy new year! 🎉');
}).catch(function (error) {
console.log(error);
});
});
}).catch(function (error) {
console.log('something crash');
});*/
})();
@touzi

This comment has been minimized.

Copy link

@touzi touzi commented Jan 1, 2018

我在 Chrome 下创建的, 然后访问 mp.weixin.qq.com 控制台无输出.

@achengfu

This comment has been minimized.

Copy link

@achengfu achengfu commented Jan 2, 2018

没执行,,,,

@achengfu

This comment has been minimized.

Copy link

@achengfu achengfu commented Jan 2, 2018

成功了 ,老哥,哈哈哈

@Mind-Hacks

This comment has been minimized.

Copy link

@Mind-Hacks Mind-Hacks commented Jan 2, 2018

Console : 2018!Happy new year! Haha

@qmppz

This comment has been minimized.

Copy link

@qmppz qmppz commented Jan 2, 2018

只能2018??成功一次后就再也没成功过了,求解你们的操作步骤

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment