免验证码注册QQ研究。。
本帖最后由 dream00 于 2012-09-21 15:46:22 编辑 最近发现注册QQ可以免验证码,我用的网络是北京联通,有些地方也许不可以。
首先打开注册页面 http://zc.qq.com/chs/index.html 单IP第一次是不会显示验证码的,我这里就是这样,然后动手填写一些正常的信息(不要随便乱输),然后点注册就可以成功注册,随便乱输的话会要你用手机确认的。。
我的问题是,我用C#模拟发包,总是要手机确认。。也就是有些地方没有弄对,,有兴趣大家研究下
下面是一些关键的信息
一、首先必须获取两个COOKIE(machineCookie=10c06ec8860bb8e1e0e04550ce368b8d1685ab83df0b8bf3; sessionCookie=efd5960d3ea0363ee60582b2950e84b6a544f8164b1f94c2),下面这样获取
HttpWebRequest hwr = null;
WebResponse wr = null;
StreamReader sr = null;
string sCookie = "";
CookieContainer cc = new CookieContainer();
string sAgent="Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/535.3 (KHTML, like Gecko) Version/5.0.1 Safari/535.3";
Random rnd=new Random();
hwr = (HttpWebRequest)HttpWebRequest.Create("http://zc.qq.com/cgi-bin/chs/numreg/init?r=" + rnd.NextDouble()+"&cookieCode=undefined");
hwr.Method = "get";
hwr.ReadWriteTimeout = 5000;
hwr.Timeout = 5000;
hwr.UserAgent = sAgent;
hwr.ContentType = "application/xml";
hwr.KeepAlive = true;
hwr.CookieContainer = cc;
hwr.Referer = "http://zc.qq.com/chs/index.html";
hwr.Headers.Add("Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3");
wr = hwr.GetResponse();
wr.Close();
hwr.Abort();
二、UOC这个COOKIE,个人觉得没有什么用,网上也有说有些作用的。。
生成规则在JS里面,由7个数字加横线组成 0-0-0-0-0-0-0
第一个数字是昵称框里面的keyup数,第二个数字是昵称里面后退键数
第三个是password keyup 第四个和上面的雷同
第五个是password_again keyup 第6个雷同
最后一个数字是所有数字的总和,back键时,这个值多加1
setCode: function(a, b) {
switch (a) {
case index.keyCode.BACK:
index.safeCode[b + 1]++,
index.safeCode[7]++;
default:
index.safeCode[b]++
}
index.safeCode[7]++
}
这样就可以加上 cc.SetCookies(new Uri("http://zc.qq.com"), "uoc=10-0-9-0-10-0-29");
当然大家也可以不用研究这个,先填写完基本信息,然后在地址栏输入 javascript:alert(index.safeCode.join("-")) 即可获得这个值
三、密码生成rsa码。。。
用到这个rsa加密类 http://id1.idqqimg.com/zc/chs/js/10033/rsa.js
然后用下面这段代码加密即可得到
function dd(a) {
var b = new RSAKey;
b.setPublic("C4D23C2DB0ECC904FE0CD0CBBCDC988C039D79E1BDA8ED4BFD4D43754EC9693460D15271AB43A59AD6D0F0EEE95424F70920F2C4A08DFDF03661300047CA3A6212E48204C1BE71A846E08DD2D9F1CBDDFF40CA00C10C62B1DD42486C70A09C454293BCA9ED4E7D6657E3F62076A14304943252A88EFA416770E0FBA270A141E7", "10001");
return b.encrypt(a)
}
document.write(encodeURIComponent(dd("密码")));
四、然后就是发送注册包了
hwr = (HttpWebRequest)HttpWebRequest.Create("http://zc.qq.com/cgi-bin/chs/numreg/get_acc?r=" + rnd.NextDouble());
hwr.Method = "POST";
hwr.ReadWriteTimeout = 5000;
hwr.Timeout = 5000;
hwr.UserAgent = sAgent;
hwr.ContentType = "application/xml";
hwr.KeepAlive = true;
hwr.CookieContainer = cc;
hwr.Referer = "http://zc.qq.com/chs/index.html";
hwr.Headers.Add("Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3");
string sPostData = "&verifycode=&qzone_flag=0&country=1&province=11&city=2&isnongli=0&year=1993&month=3&day=4&isrunyue=0&password=6a7ad4690bb14a6ee551776e4e344da456e257efcacbcd6d58fcbaddd5ffb291bd9b3b1e4197ee9a79d0c4cc538d0196afe13e5336223f3ffa7428f043e4063f9dcf1be242993554b92ec40bdcb48711fcd435e31cc9f87039839bf3adfe34d2a2309909ceabf4f980009cdb17e13877ddeb9683b312518ad344da17f9fd577d&phone_num=&nick=" + System.Web.HttpUtility.UrlEncode("胡小小", Encoding.UTF8) + "&email=false&other_email=false&elevel=0&sex=1&qzdate=&jumpfrom=58030&csloginstatus=2&k6s1d=t5t6";
byte[] arr = Encoding.ASCII.GetBytes(sPostData);
Stream stream = hwr.GetRequestStream();
stream.Write(arr, 0, arr.Length);
stream.Close();
wr = hwr.GetResponse();
wr.Close();
hwr.Abort();
然后就是本人获得的值
{"ec":20,"em":"need sms verify"}
这个值是什么意思呢,看看下面的JS吧
case 0:
$.winName.set("temp_last_send", 0);
$.winName.set("gurad_phone", "");
$.cookie.set("nick", b.nick, "zc.qq.com", "/", 0.5);
$.winName.set("_new_uin", a.uin);
var c = index.getPwdRank($("password").value);
index.pwdTimeArray[c] = index.pwdNum * 1E3;
switch (c) {
case 1:
$.report.monitor("weakPwd");
break;
case 2:
$.report.monitor("midPwd");
break;
case 3:
$.report.monitor("strongPwd")
}
$.report.isdPwdTime(index.pwdTimeArray);
switch (parseInt(index.type)) {
case 0:
$.winName.set("last_page", 1);
if (g_lang === 1 && Math.floor(Math.random() * index.max_selective_rate) < index.selective_rate) {
var f, a = [];
for (f in b) $.winName.set("user_" + f, b[f]),
a.push(f);
$.report.monitor("QQHuiyuan");
$.winName.set("user_attrs", a.join(","));
window.location = index.selective_decimal_ok
} else $.winName.set("phone_flag", 0),
window.location = index.decimal_ok;
break;
case 1:
$.winName.set("_email", a.email);
$.winName.set("last_page", 1);
window.location = index.email_ok;
break;
case 2:
window.location = index.send_ok
}
break;
case 2:
$("code_info_err").className = "";
$("code_info_err").innerHTML = index.codeE[0];
index.changeCode();
$("code").blur();
index.code = "";
break;
case 5:
$("birthday_info").className = "error";
$("birthday_info").innerHTML = index.birthE[1];
break;
case 8:
case 9:
$("email_info").className = "error";
$("email_info").innerHTML = index.otherEmailE[1];
index.hideEmailCode();
break;
case 13:
case 15:
$("nick_info").className = "error";
$("nick_info").innerHTML = index.nickE[5];
break;
case 20:
$.cookie.setSessionCookie("param", encodeURIComponent(index.json2str(b)), "zc.qq.com", "/");
index.type == 3 && $.winName.set("temp_cellphone", b.phone_num);
$.winName.set("last_page", 1);
window.location = "phone_verify.html?type=" + index.type;
break;
case 26:
$.cookie.setSessionCookie("param", encodeURIComponent(index.json2str(b)), "zc.qq.com", "/", 0.5);
index.type == 3 && $.winName.set("temp_cellphone", b.phone_num);
$.winName.set("last_page", 1);
window.location = "phone_verify_up.html?type=" + index.type;
break;
case 21:
window.location = "worst.html?ec=21";
break;
case 30:
window.location = "worst.html?ec=30";
break;
case 32:
window.location = "phone_tianyi.html?type=" + index.type;
break;
case 33:
$.winName.set("olduin", a.olduin);
window.location = "phone_hasbind.html?type=" + index.type;
break;
default:
window.location = "error.html?ec=" + a.ec
}
已经完了,我怎么都没法获取到QQ号,但手动却可,看其它的一些数据包,应该没有关系。
研究这个推荐IE抓包工具 httpwatch
[解决办法]
你是不是少了请求 或者少了cookie 参数之类的,你想要信浏览器能做的webRequest都能做
