QQ滑块加密算法部分分享

循环不计次

登录入口:https://ui.ptlogin2.qq.com/cgi-bin/login?style=9&appid=16778241&pt_no_auth=1&s_url=https%3A%2F%2Fmyun.tenpay.com%2Fmqq%2Fbanneduser%2Findex.shtml%3Fptdone%3Dtrue%26_ww%3D1027&daid=120


中间取 sess,vsig,websig,sid,cap_cd 等过程略过


直接到验证的这一步 : https://ssl.captcha.qq.com/cap_union_new_verify


来看下最重要的一个参数,
ans后面的一个参数(参数名是动态的):AES加密一串json格式的文本var a = {
        mouseclick:[{"t":898,"x":981,"y":296}],
        keyvalue:[],
        user_Agent:"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
        resolutionx: 1920,
        resolutiony: 1080,
        winSize: [1858,952],
        url:"https://ssl.captcha.qq.com/cap_union_new_show",
        refer:"https://ui.ptlogin2.qq.com/cgi-bin/login",
        begintime:begintime,
        endtime:etime,
        platform:1,
        os:"other",
        keyboards:0,
        flash:1,
        pluginNum:18,
        index:2,
        ptcz:"ac55f1380b90c90382735c82ab0dc48647467bbcd4a7b59b4ff459234f848b6a",
        tokenid:t_tokenid[0],
        a:t_tokenid[0],
        btokenid:null,
        tokents:t_tokenid[1],
        ips:{"in":[]},
        colorDepth:24,
        cookieEnabled:true,
        timezone:timezon,
        wDelta:0,
        mousemove:mmouse,
        keyUpCnt:0,
        keyUpValue: [],
        mouseUpValue:[],
        mouseUpCnt:1,
        mouseDownValue:[],
        mouseDownCnt:0,
        orientation:[{"x":0,"y":0,"z":0},{"x":0,"y":0,"z":0},{"x":0,"y":0,"z":0}],
        focusBlur:{"in":[],"out":[],"t":[]},
        fVersion:27,
        charSet:"UTF-8",
        resizeCnt:0,
        errors:[],
        screenInfo:"1920-1080-1080-24-*-*-*",
        elapsed:1000,
        ft: "6f_7P_n_H",
        clientType: "1",
        coordinate: [783,102,0.4294],
        trycnt: 2,
        refreshcnt: 0,
        slideValue: [],
        dragobj: 0,
        jshook: 4
    };






这就是被AES加密的文本,iv和key都是"0123456789abcdef",下面说说上面几个参数的生成方法

1. function get_endtime(){
   
2. return Math.floor(Date.parse(new Date())/1000)
   
3. }
   
4. function Rnd(a, k) {
   
5. return a + Math.round(Math.random() * (k - a))
   
6. }
   
7. function n() {
   
8. var d = Rnd(1, 9).toString();
   
9. for (var x = 0; x < 9; x++) d += Rnd(0, 9).toString();
   
10. return parseInt(d)
    
11. }
    
12. function get_tokents(){
    
13. return new Date().getTime();
    
14. }
    
15. var test="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063###zh-CN###24###1080x1920###-480###true###true###true###undefined###undefined######Win32######Edge PDF Viewer::Portable Document Format::application/pdf~pdf###data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAACWCAYAAABkW7XSAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAdiSURBVHhe7dsPjNdlHQfw58cQMFRALUpuSBfhn+CWcYdAcybCzKkVpTZJpin3Z8O02bJN01yLpjablhZ3yLRFmVkS6RQXuixF4YjNU/AvlHjH/HccSSeSwK/nee57x4HmrdxaP3m9tuP3/X4/v3u+z8bv997z53sBoFKUilf2I+WGUC4O9yulFp/3SjeoeAX4vyewgIohsICKIbCAiiGwgIqx965Jw8Jz46WfF2eF8tzQ0rQkHzYsvDzWF+Tjclgd/9mcjxc1zc6v9c03xRbn5+Ny+XfxvUfEo9awqPGifK2+eVWsT8nHoXxFT1v922/ut3tV1Fsae/rYsHBaPF+Zj7NUj/dqaRqTTwfqG33sElKp9oywegIhhlUKkBgS6Sd/8cO1RT2FWREwOURaQ6n0hVxLUmDksCpP7wuZvnCK6hcuDaVyVV/bKWz6a1jYkUMu12IbveHTJ4ZVOdxc1OfuVR+ob8D7Qk+w7KN+dZgZK5e81jl24pvbD/pwVdX6FQ8+MG/Uhg21r6YRS2NrOGd3CHPa24+duePNg9rHj1/9s7a2WY2PPXbmsjSaalgT5pfL4bObNtWcHn9/1dFHr3zk4UfOuXTduhPzaKpxTbh+6+uHnbS1a8xxb3SP+MkRVeunPfznucd1fOeG3J/61nB3uvcb3SPHjRvbNqdz6xFX/ebOqw5Jo6kLHw3HDBocrnv5lerat/45bOTYqvUXvLBp0jXLl89f++/6ltpsqQvfS6/EWDfCokK9bQ0rBcKmF2v+cO+9Xz996V1XjLvvvou3DCqFZ6ur/3JU/C/vSGGWAiF+5G+8796Ll7++7fA34qf/+J07B4+II6jNKTBSWO3eGS67f/n8NEIL3dsPPj43HsKGhtbw7Vg/9I4ZnZ+6//75YfTojZN27Rp64KDSzs70hli/NX6qVi296/IrV636Ykj32rVr8LBQLrWnegqrUiks//2yy3785BMzuov6B96tb+n3gMq3d2A1NJcX39q8PgbNzXm0k6ZgUfzSb8z1KIbF1BQoi6aEFel8TevnNsbz13IxKYXaFCiLp4Wn0ulDD523Jl8vpACJgfWL4jRs/OsnHykO88gu1g/vHQ1t3fqRdL/luRilMEz3aqnt6deL7RN3pL7kYjRg34CK1n8N6/IYJ5vzGlCxSD77SwtOO/XUHx2aRkxDhmxPX/y6GAqjYih1pXqMiLSonmwYOnR7e0yjujR6KpXDlnw1rVlFww/ctmrQoJ1/r6p68ux0vntX6Ij3m5aO1649Y92wYds6d5cHHxYDaHq/gBmb/invDs8MGdLdFe85pVyKbZeKtss9947v3zBQ34pXoMLtMyXs+ZKnNaQvP3jY2mef+XSeEqZRzoiRr2xIofHSKx87Jr+1Z5G9b1F9xIiX16WF7n90H/rBfCHtGO4JjTB8eNfj3d2j5hSnKXBuKI7CgcO2dR1wwI6nO9qPOaO4FO1ZVD/k4M6OFKZtbTNz4OWw692NjAbqG/D+sCewWpq+n3bpxl87r/zcs9NPv+NXC0bnRfIYOi+9NP6jBw3f8moMjenPPzfl1CeemBnDKAZGzy5imoqNqqp66vFYn/v0Uyec1rrm87+Ml+tSyKR6GnXV1Kz4ddeWqjtT2w/9ad763lp1dWsOtVkzf/q1zZsnDH1hU835Iy+7utzzWETsYCn0BGBL05iO9qM/8bcXai6Nd1zZW0+jroH6ll6Byrf3CGtR0+yTZ9wy5+MTVt6Tn29qaVpSP69x1ujRzx+V6y1Nj06dcvuxEyeuuKd+XtN56dKkSQ9U7S6HCUV9yeTJy2ZNrl12z4UXNJ6fLk2dduektC6V63GqOeGolRfNmHHLbXEEdF26NKnmj5/JtajzmgU1445s++HZZ119Zay3pmt5Eb3w4lU3HX7k2LbbGhrSlLXUMWpUx+A0Xc3FgfoGVLx9poQhNNeF29PCdZoWpp84QvlKHK3cmEIn7SCmxfS0AxgD5ZLTzrh+wpgxT38o7SIWvx7ygnd8f9rNS+tfcTp3SP+F77xgXgprzp37zR+ccsrN4a0dQ7qLUtZcG76RRkVnnvXduame+lKUspa68NXYfm1aX5s69bep7b76QH0DKlv8vr8H6cn1OLVrbGzaGEc6XW971ik/DFpaGkdEw1NI9e7uZcWT69XVq7918smLT0gh17u7lxVPrjfWN85Jo6xFdaHf+laUn6ovz25oSFPZUJuDrL+B+rYf8xwWleptI6z/yKLG49/1T1/StLL3z3L2FadwaUfypBMX311c2VtaU+t5av2dpXZ7/yznnQzUN6DivLfAAvgfMkTeD5kSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH8lhH8BsX26Fq4KZj4AAAAASUVORK5CYII=###"
    
16. function get_TDC_itoken(){
    
17. var t=new Date().getTime();
    
18. var token=enc(test+t);
    
19. return token+":"+t;
    
20. 
    
21. }
    
22. 
    
23. function enc (info)
    
24. {
    
25. var _0x19fex58, _0x19fex59, _0x19fex5a, _0x19fex5b, _0x19fex5c, _0x19fex5d, _0x19fex5e, _0x19fexf;
    
26. _0x19fex58 = info.length & 3;
    
27. _0x19fex59 = info.length - _0x19fex58;
    
28. _0x19fex5a = 31;
    
29. _0x19fex5c = 0xcc9e2d51;
    
30. _0x19fex5d = 0x1b873593;
    
31. _0x19fexf = 0;
    
32. while (_0x19fexf < _0x19fex59) {
    
33.             _0x19fex5e = ((info.charCodeAt(_0x19fexf) & 0xff)) | ((info.charCodeAt(++_0x19fexf) & 0xff) << 8) | ((info.charCodeAt(++_0x19fexf) & 0xff) << 16) | ((info.charCodeAt(++_0x19fexf) & 0xff) << 24);
    
34.             ++_0x19fexf;
    
35.             _0x19fex5e = ((((_0x19fex5e & 0xffff) * _0x19fex5c) + ((((_0x19fex5e >>> 16) * _0x19fex5c) & 0xffff) << 16))) & 0xffffffff;
    
36.             _0x19fex5e = (_0x19fex5e << 15) | (_0x19fex5e >>> 17);
    
37.             _0x19fex5e = ((((_0x19fex5e & 0xffff) * _0x19fex5d) + ((((_0x19fex5e >>> 16) * _0x19fex5d) & 0xffff) << 16))) & 0xffffffff;
    
38.             _0x19fex5a ^= _0x19fex5e;
    
39.             _0x19fex5a = (_0x19fex5a << 13) | (_0x19fex5a >>> 19);
    
40.             _0x19fex5b = ((((_0x19fex5a & 0xffff) * 5) + ((((_0x19fex5a >>> 16) * 5) & 0xffff) << 16))) & 0xffffffff;
    
41.             _0x19fex5a = (((_0x19fex5b & 0xffff) + 0x6b64) + ((((_0x19fex5b >>> 16) + 0xe654) & 0xffff) << 16));
    
42.         };
    
43. _0x19fex5e = 0;
    
44. 
    
45. switch (_0x19fex58) {
    
46.             case 3: _0x19fex5e ^= (info.charCodeAt(_0x19fexf + 2) & 0xff) << 16;
    
47.             case 2: _0x19fex5e ^= (info.charCodeAt(_0x19fexf + 1) & 0xff) << 8;
    
48.             case 1:
    
49.                 _0x19fex5e ^= (info.charCodeAt(_0x19fexf) & 0xff);
    
50.                 _0x19fex5e = (((_0x19fex5e & 0xffff) * _0x19fex5c) + ((((_0x19fex5e >>> 16) * _0x19fex5c) & 0xffff) << 16)) & 0xffffffff;
    
51.                 _0x19fex5e = (_0x19fex5e << 15) | (_0x19fex5e >>> 17);
    
52.                 _0x19fex5e = (((_0x19fex5e & 0xffff) * _0x19fex5d) + ((((_0x19fex5e >>> 16) * _0x19fex5d) & 0xffff) << 16)) & 0xffffffff;
    
53.                 _0x19fex5a ^= _0x19fex5e;
    
54.         }
    
55.         ;
    
56. 
    
57. _0x19fex5a ^= info.length;
    
58.         _0x19fex5a ^= _0x19fex5a >>> 16;
    
59.         _0x19fex5a = (((_0x19fex5a & 0xffff) * 0x85ebca6b) + ((((_0x19fex5a >>> 16) * 0x85ebca6b) & 0xffff) << 16)) & 0xffffffff;
    
60.         _0x19fex5a ^= _0x19fex5a >>> 13;
    
61.         _0x19fex5a = ((((_0x19fex5a & 0xffff) * 0xc2b2ae35) + ((((_0x19fex5a >>> 16) * 0xc2b2ae35) & 0xffff) << 16))) & 0xffffffff;
    
62.         _0x19fex5a ^= _0x19fex5a >>> 16;
    
63.         return _0x19fex5a >>> 0;
    
64. }
    
65. function get_mousemove(mx,my){
    
66. var t_tmp=+new Date();
    
67. var t=new Date().getTime()-t_tmp;
    
68. var x=Math.round(mx);
    
69. var y=Math.round(my);
    
70. return {}
    
71. }
    
72. function mousemove_enc(_0x167a6a) {
    
73.         var _0x58c159;
    
74.         var _0x553574 = [];
    
75.         for (var _0x168895 = 0x0; _0x168895 < _0x167a6a.length; _0x168895++) {
    
76.             var _0x5dbbf3 = _0x167a6a[_0x168895];
    
77.             if (_0x168895 == 0x0) {
    
78.                 _0x553574.push([_0x5dbbf3.x, _0x5dbbf3.y, _0x5dbbf3.t]);
    
79.             }
    
80.             else {
    
81.                 _0x553574.push([_0x5dbbf3.x- _0x58c159.x, _0x5dbbf3.y - _0x58c159.y, Number((_0x5dbbf3.t - _0x58c159.t)[_0xc7a8('0x14e')](0x3))]);
    
82.             }
    
83.             _0x58c159 = _0x5dbbf3;
    
84.         }
    
85.         return _0x553574;
    
86.     }
    
87. function get_timezone(){
    
88. 
    
89.             
    
90.                 var _0x3e6dea = new Date(new Date().getFullYear(), 0x0, 0xa), _0x342af8 = new Date(_0x3e6dea.toGMTString().replace(/ (GMT|UTC)/, ''));
    
91.                 var _0x5e5a57 = (_0x3e6dea - _0x342af8) / 0x36ee80;
    
92.                 return _0x5e5a57;
    
93.             }
    
94. function get_elapsed(){
    
95. return Date.parse(new Date) -beginT;
    
96. }
    

复制代码

可能我自己都有点乱 说不清楚 你们有问题的留言吧.... 我还没做成成品的 有兴趣的也可以先做出来分享

juebie

最新的目前也有！需要的留言Q:1035960745

CloudyPluie

回复表示一下支持

1031308775

回复表示一下支持

qunsen

求最新的AES

shangzhen

没有看太明白，楼主能交流一下吗

hiqiqi7

看的不是很明白。。。。还是学习了，慢慢消化

8554308

vmData:#!*?GRqlGoNvEJdu8JSVjGVxsWt5x8dvm3sikYj4agn7X
这个参数不也是加密的吗？  X参数每次都会变化的呢。。。大佬这个vmData你怎么解密呢？
我放在易语言解密一次要20多秒钟