今日不知为何,总有点感慨人生。做了程序猿已经差不多快2年了,除了工作上的软件之外,貌似从来没为自己做过什么实用的软件,比如一些快捷的工具等等。感觉着编程技术在工作上确实很难学到。特别是国内的公司,尽管更新的技术,更优秀的技术诞生了,可我们还是依然用着以前的技术,某些简单的技术,反反复复。很难找到一些挑战性的元素。于是,就找点有意思的事情来做做吧。
腾讯QQ无疑已经是国内即时通讯软件的的巨头了. 相当于国外的MSN。围绕着腾讯QQ的软件也非常多非常多,例如自动回复软件.群发消息软件等等。今天,我们就以腾讯QQ的注册为案列实现一个只需要输入验证码就能注册的C#版软件。
首先我们看看腾讯QQ的注册页面
根据这个页面,我们可以了解到,注册一个QQ的基本元素。 昵称,密码,性别,生日,所在地,验证码(一般第一次打开这个页面时没有验证码),还有立即注册的提交按钮。
在这之前,我们需要这边一个抓包工具来抓取POST包 IE HttpAnalyzer V6
安装后在IE浏览器的工具里可以找到,如上图所示。具体用法请百度了。这里将不再讲述。
PS:刚刚抓包才发现,我的IE HttpAnalyzer已经过期了。将就用HttpWatch吧。其实用哪个都一样。。
抓包结果如图
我们主要关注POST提交这一段就可以了。如图
图片可能小了。看不清楚,附上文字
下面是提交POST的信息
POST /cgi-bin/chs/numreg/get_acc?r=0.6192339314225849 HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Referer: http://zc.qq.com/chs/index.html
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: zc.qq.com
Content-Length: 487
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: pt2gguin=o2863947406; pgv_pvid=7187609245; RK=4/CD46/CsN; ptui_loginuin=617975284; uin=o2863947406; skey=@qeJO2b28Y; ptisp=ctc; pgv_info=ssid=s4156213344; o_cookie=2863947406; verifysession=h00168891a5a6d40916b6ff218c92710d21caffe26443b349cba00a65b3849c8105588840fd02f67123; machineCookie=655f408c42841e99c57598d3968eebf866fa30383ff98073; zc_uid=1350381363_1822484793; sessionCookie=a20b4ac684c8f95844944206dec3534fa154a2929499851a; uoc=0-0-9-0-10-0-0-19; _new_uin=2863947406; wdl=57fe92992131b79c8df28eea424ac528a95c183264a47555; clientkey=b3c7928a115950440deb11c9e59c7f7c1fd8459b8592f2c2; index_ec=0; nick=sdfsdf
&verifycode=ovur&qzone_flag=1&country=1&province=44&city=3&isnongli=0&year=1995&month=3&day=3&isrunyue=0&password=b0b81bd39cc122dc2389abd9a6753c474ffc5cd44b29c6fae65a82d0dc9926d0ae52cfad3e70d2801f81d9fbbdaed68880d1af187d246af698ecb25c7d38795579be20cf9d553c3a9e9c70b205a8152aebd22449e0d253296d94eecad82e9583380d76dce6d91bf3760acc44e4f71ba55026e32cd9ae3601f017b757ca4bb63d&phone_num=&nick=sdfsdf&email=false&other_email=false&elevel=1&sex=1&qzdate=&jumpfrom=58030&csloginstatus=0&r5d8=w5g8
下面是提交完成后返回的数据
HTTP/1.1 200 OK
Server: QZHTTP-2.12
Date: Thu, 18 Oct 2012 02:43:42 GMT
UUID: 0
Content-Length: 61
Set-Cookie:_new_uin=1791969847; Domain=zc.qq.com; Path=/
Set-Cookie:sessionCookie=; Domain=zc.qq.com; Path=/
Set-Cookie:wdl=0341a2fea2414c9b26097c75206bb7339a25631b7f6860c5; Domain=zc.qq.com; Expires=Thu, 18 Oct 2012 03:43:42 GMT; Path=/; HTTPOnly
Set-Cookie:clientkey=bf972ece0ce54040c485d69242c3d588d7fa22a82773ffc6; Domain=zc.qq.com; Path=/
Content-Type: text/html
Connection: keep-alive
{"ec":0,"safeverifyResult":"1","type":"0","uin":"1791969847"}
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
分析提交的数据
&verifycode=ovur&qzone_flag=1&country=1&province=44&city=3&isnongli=0&year=1995&month=3&day=3&isrunyue=0&password=b0b81bd39cc122dc2389abd9a6753c474ffc5cd44b29c6fae65a82d0dc9926d0ae52cfad3e70d2801f81d9fbbdaed68880d1af187d246af698ecb25c7d38795579be20cf9d553c3a9e9c70b205a8152aebd22449e0d253296d94eecad82e9583380d76dce6d91bf3760acc44e4f71ba55026e32cd9ae3601f017b757ca4bb63d&phone_num=&nick=sdfsdf&email=false&other_email=false&elevel=1&sex=1&qzdate=&jumpfrom=58030&csloginstatus=0&r5d8=w5g8
verifycode:验证码
qzone_flag:是否开通空间,1代表开通0不开通
&country=1&province=44&city=3&isnongli=0&year=1995&month=3&day=3:这些你们懂的。。
isrunyue=0:不知道什么,估计是一个固定值
password::密码你懂得后面是加密过密码的字符串
&phone_num=&nick=sdfsdf&email=false&other_email=false&elevel=1&sex=1&qzdate=&jumpfrom=58030&csloginstatus=0&r5d8=w5g8:这些就不说了。估计你不知道的参数保持原样,我们只替换知道的参数就行
分析返回的结果
{"ec":0,"safeverifyResult":"1","type":"0","uin":"1791969847"}
ec:返回的标志代码,初步预测如下:
case 0: 注册成功;
case 1: EMAIL注册成功;
case 2: 验证码错误;
case 4:case 5:case 6: 生日或省份错误;
case 8:case 9: EMAIL错误;
case 13:case 15:昵称错误;
case 20: 需要手机短信验证;
原因:可能是COOKIE错误
case 21: 恶意注册,暂时禁止;
原因:注册的账号过多,或RSA算法错误
case 26: 需要手机激活;
原因:相同IP注册过多或提交的COOKIE已经过期,或SESSION超时
case 30: 浏览器不兼容;
safeverifyResult:验证码通过
type:真心不知
uin:很明显,QQ号码
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
接下来我们就是要模拟数据了,在这之前,我们需要获得一些元素
第一:URL分析
地址:【+ 0.161 ! 0.019 944 304 GET 200 html http://zc.qq.com/cgi-bin/chs/numreg/init?r=0.5402871509444349&cookieCode=undefined】
分析:返回结果 -》{"city":"娣卞湷","cityid":"3","country":"涓浗","countryid":"1","ec":0,"elevel":"1","localdate":"2012-10-18","province":"骞夸笢","provinceid":"44"}
utf-8编码之后,就是正常的了。看字面上的意思,我相信你们理解的。
参数r:随机数,准确的来说是 0.(+16个随机数)[不写貌似也可能获得]
cookiecode:cookie代码,直接忽略吧。不管它
验证码: 【 0.244 ! 0.039 630 2812 GET 200 jpeg http://captcha.qq.com/getimage?aid=1007901&r=0.7166559025129264】
分析:aid是当前的版本,r是随机数
Post地址:【+ 0.000 ! 0.166 1459 564 POST 200 html http://zc.qq.com/cgi-bin/chs/numreg/get_acc?r=0.6192339314225849】
分析:没什么好说的。
第二:密码分析
根据:password=b0b81bd39cc122dc2389abd9a6753c474ffc5cd44b29c6fae65a82d0dc9926d0ae52cfad3e70d2801f81d9fbbdaed68880d1af187d246af698ecb25c7d38795579be20cf9d553c3a9e9c70b205a8152aebd22449e0d253296d94eecad82e9583380d76dce6d91bf3760acc44e4f71ba55026e32cd9ae3601f017b757ca4bb63d
很明显,经过加密的,到底使用什么加密呢?????
通常,如果是我们写注册模块的话。会把加密文件写在哪里呢???
没错,不用怀疑,就是JS。。。JS。
根据我们的预测,我们来look,look我们抓包的页面的js下载的URL(带上你们的火眼look,look)
相信不用一分钟的实现,你们就发现了 simple.js,rsa.js,index.js 我了个去。够明显吧。 rsa.js…..
预测90%是rsa加密了。
index.js 做网站的人大部分都知道…这个文件的含义是什么…。很明显,也是90%通过这个文件提交表单数据,然后再这个文件里面条用rsa.js进行加密。
(PS:剩下10%大家去研究吧..仔细看看文件里面的内容)
本人也在研究中…………………….
大约看了10分钟的样子,肯定加一定:rsa.js加密
细心的你们肯定还会发现…他是这样调用的。。。
rsaEncrypt:function(a)
{
var b=new RSAKey;b.setPublic("C4D23C2DB0ECC904FE0CD0CBBCDC988C039D79E1BDA8ED4BFD4D43754EC9693460D15271AB43A59AD6D0F0EEE95424F70920F2C4A08DFDF03661300047CA3A6212E48204C1BE71A846E08DD2D9F1CBDDFF40CA00C10C62B1DD42486C70A09C454293BCA9ED4E7D6657E3F62076A14304943252A88EFA416770E0FBA270A141E7","10001");
return b.encrypt(a)
}
ok,ok,到这里。我们及知道了rsa.js加密js文件,也知道了调用的方法…那就是说。。密码这一关,过了!!!!
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
万事俱备,只欠东风啊!!!!
分析就此完成,现在开始编码…………….
新建winform程序。。拖点控件啥的就不说了…直接切入主题
第一:准备js
拷贝rsa.js的内容,在后面加个方法,如下:
function parseBigInt(a, b) { return new BigInteger(a, b) } function linebrk(a, b) { for (var c = "", d = 0; d + b < a.length; ) c += a.substring(d, d + b) + "\n", d += b; return c + a.substring(d, a.length) } function byte2Hex(a) { return a < 16 ? "0" + a.toString(16) : a.toString(16) }function pkcs1pad2(a, b) { if (b < a.length + 11) return uv_alert("Message too long for RSA"), null; for (var c = [], d = a.length - 1; d >= 0 && b > 0; ) { var e = a.charCodeAt(d--); e < 128 ? c[--b] = e : e > 127 && e < 2048 ? (c[--b] = e & 63 | 128, c[--b] = e >> 6 | 192) : (c[--b] = e & 63 | 128, c[--b] = e >> 6 & 63 | 128, c[--b] = e >> 12 | 224) } c[--b] = 0; d = new SecureRandom; for (e = []; b > 2; ) { for (e[0] = 0; e[0] == 0; ) d.nextBytes(e); c[--b] = e[0] } c[--b] = 2; c[--b] = 0; return new BigInteger(c) } function RSAKey() { this.n = null; this.e = 0; this.coeff = this.dmq1 = this.dmp1 = this.q = this.p = this.d = null }function RSASetPublic(a, b) { a != null && b != null && a.length > 0 && b.length > 0 ? (this.n = parseBigInt(a, 16), this.e = parseInt(b, 16)) : uv_alert("Invalid RSA public key") } function RSADoPublic(a) { return a.modPowInt(this.e, this.n) } function RSAEncrypt(a) { a = pkcs1pad2(a, this.n.bitLength() + 7 >> 3); if (a == null) return null; a = this.doPublic(a); if (a == null) return null; a = a.toString(16); return (a.length & 1) == 0 ? a : "0" + a }RSAKey.prototype.doPublic = RSADoPublic;RSAKey.prototype.setPublic = RSASetPublic;RSAKey.prototype.encrypt = RSAEncrypt;var dbits, canary = 244837814094590, j_lm = (canary & 16777215) == 15715070; function BigInteger(a, b, c) { a != null && ("number" == typeof a ? this.fromNumber(a, b, c) : b == null && "string" != typeof a ? this.fromString(a, 256) : this.fromString(a, b)) } function nbi() { return new BigInteger(null) } function am1(a, b, c, d, e, f) { for (; --f >= 0; ) { var g = b * this[a++] + c[d] + e, e = Math.floor(g / 67108864); c[d++] = g & 67108863 } return e }function am2(a, b, c, d, e, f) { var g = b & 32767; for (b >>= 15; --f >= 0; ) { var h = this[a] & 32767, i = this[a++] >> 15, k = b * h + i * g, h = g * h + ((k & 32767) << 15) + c[d] + (e & 1073741823), e = (h >>> 30) + (k >>> 15) + b * i + (e >>> 30); c[d++] = h & 1073741823 } return e } function am3(a, b, c, d, e, f) { var g = b & 16383; for (b >>= 14; --f >= 0; ) { var h = this[a] & 16383, i = this[a++] >> 14, k = b * h + i * g, h = g * h + ((k & 16383) << 14) + c[d] + e, e = (h >> 28) + (k >> 14) + b * i; c[d++] = h & 268435455 } return e }j_lm = true; BigInteger.prototype.am = am2; dbits = 30; BigInteger.prototype.DB = dbits; BigInteger.prototype.DM = (1 << dbits) - 1; BigInteger.prototype.DV = 1 << dbits; var BI_FP = 52; BigInteger.prototype.FV = Math.pow(2, BI_FP); BigInteger.prototype.F1 = BI_FP - dbits; BigInteger.prototype.F2 = 2 * dbits - BI_FP; var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz", BI_RC = [], rr, vv;rr = "0".charCodeAt(0); for (vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv; rr = "a".charCodeAt(0); for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv; rr = "A".charCodeAt(0); for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv; function int2char(a) { return BI_RM.charAt(a) } function intAt(a, b) { var c = BI_RC[a.charCodeAt(b)]; return c == null ? -1 : c } function bnpCopyTo(a) { for (var b = this.t - 1; b >= 0; --b) a[b] = this[b]; a.t = this.t; a.s = this.s } function bnpFromInt(a) { this.t = 1; this.s = a < 0 ? -1 : 0; a > 0 ? this[0] = a : a < -1 ? this[0] = a + DV : this.t = 0 }function nbv(a) { var b = nbi(); b.fromInt(a); return b }function bnpFromString(a, b) { var c; if (b == 16) c = 4; else if (b == 8) c = 3; else if (b == 256) c = 8; else if (b == 2) c = 1; else if (b == 32) c = 5; else if (b == 4) c = 2; else { this.fromRadix(a, b); return } this.s = this.t = 0; for (var d = a.length, e = false, f = 0; --d >= 0; ) { var g = c == 8 ? a[d] & 255 : intAt(a, d); g < 0 ? a.charAt(d) == "-" && (e = true) : (e = false, f == 0 ? this[this.t++] = g : f + c > this.DB ? (this[this.t - 1] |= (g & (1 << this.DB - f) - 1) << f, this[this.t++] = g >> this.DB - f) : this[this.t - 1] |= g << f, f += c, f >= this.DB && (f -= this.DB)) } if (c == 8 && (a[0] & 128) != 0) this.s = -1, f > 0 && (this[this.t -1] |= (1 << this.DB - f) - 1 << f); this.clamp(); e && BigInteger.ZERO.subTo(this, this)} function bnpClamp() { for (var a = this.s & this.DM; this.t > 0 && this[this.t - 1] == a; ) --this.t }function bnToString(a) { if (this.s < 0) return "-" + this.negate().toString(a); if (a == 16) a = 4; else if (a == 8) a = 3; else if (a == 2) a = 1; else if (a == 32) a = 5; else if (a == 4) a = 2; else return this.toRadix(a); var b = (1 << a) - 1, c, d = false, e = "", f = this.t, g = this.DB - f * this.DB % a; if (f-- > 0) { if (g < this.DB && (c = this[f] >> g) > 0) d = true, e = int2char(c); for (; f >= 0; ) g < a ? (c = (this[f] & (1 << g) - 1) << a - g, c |= this[--f] >> (g += this.DB - a)) : (c = this[f] >> (g -= a) & b, g <= 0 && (g += this.DB, --f)), c > 0 && (d = true), d && (e += int2char(c)) } return d ? e : "0" }function bnNegate() { var a = nbi(); BigInteger.ZERO.subTo(this, a); return a } function bnAbs() { return this.s < 0 ? this.negate() : this } function bnCompareTo(a) { var b = this.s - a.s; if (b != 0) return b; var c = this.t, b = c - a.t; if (b != 0) return b; for (; --c >= 0; ) if ((b = this[c] - a[c]) != 0) return b; return 0 } function nbits(a) { var b = 1, c; if ((c = a >>> 16) != 0) a = c, b += 16; if ((c = a >> 8) != 0) a = c, b += 8; if ((c = a >> 4) != 0) a = c, b += 4; if ((c = a >> 2) != 0) a = c, b += 2; a >> 1 != 0 && (b += 1); return b }function bnBitLength() { return this.t <= 0 ? 0 : this.DB * (this.t - 1) + nbits(this[this.t - 1] ^ this.s & this.DM) } function bnpDLShiftTo(a, b) { var c; for (c = this.t - 1; c >= 0; --c) b[c + a] = this[c]; for (c = a - 1; c >= 0; --c) b[c] = 0; b.t = this.t + a; b.s = this.s } function bnpDRShiftTo(a, b) { for (var c = a; c < this.t; ++c) b[c - a] = this[c]; b.t = Math.max(this.t - a, 0); b.s = this.s }function bnpLShiftTo(a, b) { var c = a % this.DB, d = this.DB - c, e = (1 << d) - 1, f = Math.floor(a / this.DB), g = this.s << c & this.DM, h; for (h = this.t - 1; h >= 0; --h) b[h + f + 1] = this[h] >> d | g, g = (this[h] & e) << c; for (h = f - 1; h >= 0; --h) b[h] = 0; b[f] = g; b.t = this.t + f + 1; b.s = this.s; b.clamp() }function bnpRShiftTo(a, b) { b.s = this.s; var c = Math.floor(a / this.DB); if (c >= this.t) b.t = 0; else { var d = a % this.DB, e = this.DB - d, f = (1 << d) - 1; b[0] = this[c] >> d; for (var g = c + 1; g < this.t; ++g) b[g - c - 1] |= (this[g] & f) << e, b[g - c] = this[g] >> d; d > 0 && (b[this.t - c - 1] |= (this.s & f) << e); b.t = this.t - c; b.clamp() } }function bnpSubTo(a, b) { for (var c = 0, d = 0, e = Math.min(a.t, this.t); c < e; ) d += this[c] - a[c], b[c++] = d & this.DM, d >>= this.DB; if (a.t < this.t) { for (d -= a.s; c < this.t; ) d += this[c], b[c++] = d & this.DM, d >>= this.DB; d += this.s } else { for (d += this.s; c < a.t; ) d -= a[c], b[c++] = d & this.DM, d >>= this.DB; d -= a.s } b.s = d < 0 ? -1 : 0; d < -1 ? b[c++] = this.DV + d : d > 0 && (b[c++] = d); b.t = c; b.clamp() }function bnpMultiplyTo(a, b) { var c = this.abs(), d = a.abs(), e = c.t; for (b.t = e + d.t; --e >= 0; ) b[e] = 0; for (e = 0; e < d.t; ++e) b[e + c.t] = c.am(0, d[e], b, e, 0, c.t); b.s = 0; b.clamp(); this.s != a.s && BigInteger.ZERO.subTo(b, b) } function bnpSquareTo(a) { for (var b = this.abs(), c = a.t = 2 * b.t; --c >= 0; ) a[c] = 0; for (c = 0; c < b.t - 1; ++c) { var d = b.am(c, b[c], a, 2 * c, 0, 1); if ((a[c + b.t] += b.am(c + 1, 2 * b[c], a, 2 * c + 1, d, b.t - c - 1)) >= b.DV) a[c + b.t] -= b.DV, a[c + b.t + 1] = 1 } a.t > 0 && (a[a.t - 1] += b.am(c, b[c], a, 2 * c, 0, 1)); a.s = 0; a.clamp() }function bnpDivRemTo(a, b, c) { var d = a.abs(); if (!(d.t <= 0)) { var e = this.abs(); if (e.t < d.t) b != null && b.fromInt(0), c != null && this.copyTo(c); else { c == null && (c = nbi()); var f = nbi(), g = this.s, a = a.s, h = this.DB - nbits(d[d.t - 1]); h > 0 ? (d.lShiftTo(h, f), e.lShiftTo(h, c)) : (d.copyTo(f), e.copyTo(c)); d = f.t; e = f[d - 1]; if (e != 0) { var i = e * (1 << this.F1) + (d > 1 ? f[d - 2] >> this.F2 : 0), k = this.FV / i, i = (1 << this.F1) / i, o = 1 << this.F2, l = c.t, m = l - d, j = b == null ? nbi() : b; f.dlShiftTo(m, j); c.compareTo(j) >= 0 && (c[c.t++] = 1, c.subTo(j, c)); BigInteger.ONE.dlShiftTo(d,j); for (j.subTo(f, f); f.t < d; ) f[f.t++] = 0; for (; --m >= 0; ) { var n = c[--l] == e ? this.DM : Math.floor(c[l] * k + (c[l - 1] + o) * i); if ((c[l] += f.am(0, n, c, m, 0, d)) < n) { f.dlShiftTo(m, j); for (c.subTo(j, c); c[l] < --n; ) c.subTo(j, c) } } b != null && (c.drShiftTo(d, b), g != a && BigInteger.ZERO.subTo(b, b)); c.t = d; c.clamp(); h > 0 && c.rShiftTo(h, c); g < 0 && BigInteger.ZERO.subTo(c, c) } } } } function bnMod(a) { var b = nbi(); this.abs().divRemTo(a, null, b); this.s < 0 && b.compareTo(BigInteger.ZERO) > 0 && a.subTo(b, b); return b } function Classic(a) { this.m = a }function cConvert(a) { return a.s < 0 || a.compareTo(this.m) >= 0 ? a.mod(this.m) : a } function cRevert(a) { return a } function cReduce(a) { a.divRemTo(this.m, null, a) } function cMulTo(a, b, c) { a.multiplyTo(b, c); this.reduce(c) } function cSqrTo(a, b) { a.squareTo(b); this.reduce(b) } Classic.prototype.convert = cConvert; Classic.prototype.revert = cRevert; Classic.prototype.reduce = cReduce; Classic.prototype.mulTo = cMulTo; Classic.prototype.sqrTo = cSqrTo;function bnpInvDigit() { if (this.t < 1) return 0; var a = this[0]; if ((a & 1) == 0) return 0; var b = a & 3, b = b * (2 - (a & 15) * b) & 15, b = b * (2 - (a & 255) * b) & 255, b = b * (2 - ((a & 65535) * b & 65535)) & 65535, b = b * (2 - a * b % this.DV) % this.DV; return b > 0 ? this.DV - b : -b } function Montgomery(a) { this.m = a; this.mp = a.invDigit(); this.mpl = this.mp & 32767; this.mph = this.mp >> 15; this.um = (1 << a.DB - 15) - 1; this.mt2 = 2 * a.t }function montConvert(a) { var b = nbi(); a.abs().dlShiftTo(this.m.t, b); b.divRemTo(this.m, null, b); a.s < 0 && b.compareTo(BigInteger.ZERO) > 0 && this.m.subTo(b, b); return b } function montRevert(a) { var b = nbi(); a.copyTo(b); this.reduce(b); return b }function montReduce(a) { for (; a.t <= this.mt2; ) a[a.t++] = 0; for (var b = 0; b < this.m.t; ++b) { var c = a[b] & 32767, d = c * this.mpl + ((c * this.mph + (a[b] >> 15) * this.mpl & this.um) << 15) & a.DM, c = b + this.m.t; for (a[c] += this.m.am(0, d, a, b, 0, this.m.t); a[c] >= a.DV; ) a[c] -= a.DV, a[++c]++ } a.clamp(); a.drShiftTo(this.m.t, a); a.compareTo(this.m) >= 0 && a.subTo(this.m, a) } function montSqrTo(a, b) { a.squareTo(b); this.reduce(b) } function montMulTo(a, b, c) { a.multiplyTo(b, c); this.reduce(c) } Montgomery.prototype.convert = montConvert;Montgomery.prototype.revert = montRevert; Montgomery.prototype.reduce = montReduce; Montgomery.prototype.mulTo = montMulTo; Montgomery.prototype.sqrTo = montSqrTo; function bnpIsEven() { return (this.t > 0 ? this[0] & 1 : this.s) == 0 } function bnpExp(a, b) { if (a > 4294967295 || a < 1) return BigInteger.ONE; var c = nbi(), d = nbi(), e = b.convert(this), f = nbits(a) - 1; for (e.copyTo(c); --f >= 0; ) if (b.sqrTo(c, d), (a & 1 << f) > 0) b.mulTo(d, e, c); else var g = c, c = d, d = g; return b.revert(c) }function bnModPowInt(a, b) { var c; c = a < 256 || b.isEven() ? new Classic(b) : new Montgomery(b); return this.exp(a, c) } BigInteger.prototype.copyTo = bnpCopyTo; BigInteger.prototype.fromInt = bnpFromInt; BigInteger.prototype.fromString = bnpFromString; BigInteger.prototype.clamp = bnpClamp; BigInteger.prototype.dlShiftTo = bnpDLShiftTo; BigInteger.prototype.drShiftTo = bnpDRShiftTo; BigInteger.prototype.lShiftTo = bnpLShiftTo; BigInteger.prototype.rShiftTo = bnpRShiftTo; BigInteger.prototype.subTo = bnpSubTo;BigInteger.prototype.multiplyTo = bnpMultiplyTo; BigInteger.prototype.squareTo = bnpSquareTo; BigInteger.prototype.divRemTo = bnpDivRemTo; BigInteger.prototype.invDigit = bnpInvDigit; BigInteger.prototype.isEven = bnpIsEven; BigInteger.prototype.exp = bnpExp; BigInteger.prototype.toString = bnToString; BigInteger.prototype.negate = bnNegate; BigInteger.prototype.abs = bnAbs; BigInteger.prototype.compareTo = bnCompareTo; BigInteger.prototype.bitLength = bnBitLength; BigInteger.prototype.mod = bnMod; BigInteger.prototype.modPowInt = bnModPowInt;BigInteger.ZERO = nbv(0); BigInteger.ONE = nbv(1); var rng_state, rng_pool, rng_pptr; function rng_seed_int(a) { rng_pool[rng_pptr++] ^= a & 255; rng_pool[rng_pptr++] ^= a >> 8 & 255; rng_pool[rng_pptr++] ^= a >> 16 & 255; rng_pool[rng_pptr++] ^= a >> 24 & 255; rng_pptr >= rng_psize && (rng_pptr -= rng_psize) } function rng_seed_time() { rng_seed_int((new Date).getTime()) } if (rng_pool == null) { rng_pool = []; rng_pptr = 0; var t; for (; rng_pptr < rng_psize; ) t = Math.floor(65536 * Math.random()), rng_pool[rng_pptr++] = t >>> 8, rng_pool[rng_pptr++] = t & 255; rng_pptr = 0; rng_seed_time() }function rng_get_byte() { if (rng_state == null) { rng_seed_time(); rng_state = prng_newstate(); rng_state.init(rng_pool); for (rng_pptr = 0; rng_pptr < rng_pool.length; ++rng_pptr) rng_pool[rng_pptr] = 0; rng_pptr = 0 } return rng_state.next() } function rng_get_bytes(a) { var b; for (b = 0; b < a.length; ++b) a[b] = rng_get_byte() } function SecureRandom() { } SecureRandom.prototype.nextBytes = rng_get_bytes; function Arcfour() { this.j = this.i = 0; this.S = [] }function ARC4init(a) { var b, c, d; for (b = 0; b < 256; ++b) this.S[b] = b; for (b = c = 0; b < 256; ++b) c = c + this.S[b] + a[b % a.length] & 255, d = this.S[b], this.S[b] = this.S[c], this.S[c] = d; this.j = this.i = 0 } function ARC4next() { var a; this.i = this.i + 1 & 255; this.j = this.j + this.S[this.i] & 255; a = this.S[this.i]; this.S[this.i] = this.S[this.j]; this.S[this.j] = a; return this.S[a + this.S[this.i] & 255] } Arcfour.prototype.init = ARC4init; Arcfour.prototype.next = ARC4next; function prng_newstate() { return new Arcfour } var rng_psize = 256; function rs(a) { var b = new RSAKey; b.setPublic("C4D23C2DB0ECC904FE0CD0CBBCDC988C039D79E1BDA8ED4BFD4D43754EC9693460D15271AB43A59AD6D0F0EEE95424F70920F2C4A08DFDF03661300047CA3A6212E48204C1BE71A846E08DD2D9F1CBDDFF40CA00C10C62B1DD42486C70A09C454293BCA9ED4E7D6657E3F62076A14304943252A88EFA416770E0FBA270A141E7", "10001"); return b.encrypt(a) }
要想在winform中调用js….需要安装控件
【Microsoft Script Control 】/Winform 调用js
没有的,猛击这里
不懂怎么操作的,猛击这里
引用的文件要把嵌入互操作类型设为false
第二:准备HttpHelper类
没有的,猛击这里
核心代码页贴出来吧,如下。。。(别人写的)
using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;
using System.Drawing;
using System.Text.RegularExpressions;
namespace WindowsFormsRs
{
public class HttpHelper
{
private CookieContainer cc;
public CookieContainer CC
{
get
{
return cc;
}
set
{
this.cc = value;
}
}
public HttpHelper()
{
this.cc = new CookieContainer();
}
public HttpHelper(CookieContainer cc)
{
this.cc = cc;
}
///
/// 使用post方式访问目标网页,返回stream二进制流
///
public Stream PostAndGetStream(string targetURL, string formData, string contentType, string referer, bool allowAutoRedirect)
{
//数据编码
ASCIIEncoding encoding = new ASCIIEncoding();
//UTF8Encoding encoding = new UTF8Encoding();
byte[] data = encoding.GetBytes(formData);
//请求目标网页
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(targetURL);
request.CookieContainer = cc;
request.Method = "POST"; //使用post方式发送数据
request.ContentType = "application/x-www-form-urlencoded";
request.Referer = referer;
request.AllowAutoRedirect = allowAutoRedirect;
request.ContentLength = data.Length;
request.UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.1124)";
//request.UnsafeAuthenticatedConnectionSharing = false;
//模拟一个UserAgent
Stream newStream = request.GetRequestStream();
newStream.Write(data, 0, data.Length);
newStream.Close();
//获取网页响应结果
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
cc.Add(response.Cookies);
Stream stream = response.GetResponseStream();
return stream;
}
///
/// 使用post方式访问目标网页,返回字节数组
///
public byte[] PostAndGetByte(string targetURL, string formData, string contentType, string referer, bool allowAutoRedirect)
{
Stream stream = PostAndGetStream(targetURL, formData, contentType, referer, allowAutoRedirect);
byte[] bytes = new byte[stream.Length];
stream.Read(bytes, 0, bytes.Length);
stream.Seek(0, SeekOrigin.Begin);
return bytes;
}
///
/// 使用post方式访问目标网页,返回图片
///
public Image PostAndGetBitmap(string targetURL, string formData, string contentType, string referer, bool allowAutoRedirect)
{
Stream stream = PostAndGetStream(targetURL, formData, contentType, referer, allowAutoRedirect);
Image image = Image.FromStream(stream);
return image;
}
///
/// 使用post方式访问目标网页,返回文件
///
public void PostAndGetBitmap(string targetURL, string formData, string contentType, string referer, bool allowAutoRedirect,string fileName)
{
byte[] bytes = PostAndGetByte(targetURL, formData, contentType, referer, allowAutoRedirect);
FileStream fs = new FileStream(fileName, FileMode.Create);
BinaryWriter bw = new BinaryWriter(fs);
bw.Write(bytes);
bw.Close();
fs.Close();
}
///
/// 使用post方式访问目标网页,返回html页面
///
public string PostAndGetHtml(string targetURL, string formData, string contentType, string referer, bool allowAutoRedirect, Encoding encoding)
{
Stream stream = PostAndGetStream(targetURL, formData, contentType, referer, allowAutoRedirect);
string html = new StreamReader(stream, encoding).ReadToEnd();
return html;
}
///
/// 使用get方式访问目标网页,返回stream二进制流
///
public Stream GetAndGetStream(string targetURL, string contentType, string referer, bool allowAutoRedirect)
{
//请求目标网页
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(targetURL);
request.CookieContainer = cc;
CC = cc;
request.Method = "GET"; //使用get方式发送数据
request.ContentType = contentType;
request.Referer = referer;
request.AllowAutoRedirect = allowAutoRedirect;
request.UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.1124)";
//获取网页响应结果
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
cc.Add(response.Cookies);
Stream stream = response.GetResponseStream();
return stream;
}
///
/// 使用get方式访问目标网页,返回字节数组
///
public byte[] GetAndGetByte(string targetURL, string contentType, string referer, bool allowAutoRedirect)
{
Stream stream = GetAndGetStream(targetURL, contentType, referer, allowAutoRedirect);
byte[] bytes = new byte[stream.Length];
stream.Read(bytes, 0, bytes.Length);
stream.Seek(0, SeekOrigin.Begin);
return bytes;
}
///
/// 使用get方式访问目标网页,返回图片
///
public Image GetAndGetBitmap(string targetURL, string contentType, string referer, bool allowAutoRedirect)
{
Stream stream = GetAndGetStream(targetURL, contentType, referer, true);
Image image = Image.FromStream(stream);
return image;
}
///
/// 使用get方式访问目标网页,返回文件
///
public void GetAndGetFile(string targetURL, string contentType, string referer, bool allowAutoRedirect, string fileName)
{
byte[] bytes = GetAndGetByte(targetURL, contentType, referer, allowAutoRedirect);
FileStream fs = new FileStream(fileName, FileMode.Create);
BinaryWriter bw = new BinaryWriter(fs);
bw.Write(bytes);
bw.Close();
fs.Close();
}
///
/// 使用get方式访问目标网页,返回html页面
///
public string GetAndGetHtml(string targetURL, string contentType, string referer, bool allowAutoRedirect, Encoding encoding)
{
Stream stream = GetAndGetStream(targetURL, contentType, referer, allowAutoRedirect);
string html = new StreamReader(stream, encoding).ReadToEnd();
return html;
}
}
}
第三:编写代码开始
private static HttpHelper httpHelper = new HttpHelper();
///
/// 得到第一次加密后的密码
///
/// js文件
/// 加密的方法名
/// 加密方法需要传进的参数(一个是密码,另一个是页面上可获取的一个标志码)
/// 加密过后的密码
public static object GetRSAPassword(string jsFilePath, string funcName, params object[] paramers)
{
StreamReader reader = new StreamReader(jsFilePath);
string sScript = reader.ReadToEnd();
ScriptEngine se = new ScriptEngine(ScriptLanguage.JavaScript);
object obj = se.Run(funcName, paramers, sScript);
return obj;
}
//"nick=" + name+ "&isnongli=0&isrunyue=0&appid=9&year=" + year + "&month=" + month + "&day=" + day + "&sex=" + sex+"&elevel=1&password=" + GetRSAPassword(password) + "&verifycode=" + code;
public static string RegisterQQNum(string name, string rsapassword, string sex, string year, string month, string day, string code)
{
UTF8Encoding utf8 = new UTF8Encoding();
Byte[] encodedBytes = utf8.GetBytes(name);//编码
name = System.Text.Encoding.UTF8.GetString(encodedBytes, 0, (int)encodedBytes.Length);
string registerURL = "http://zc.qq.com/cgi-bin/iframe/numreg/get_acc_9";
string postData = string.Format("nick={0}&isnongli=0&isrunyue=0&appid=9&year={1}&month={2}&day={3}&sex={4}&elevel=1&password={5}&verifycode={6}", "aaaaabbbb", year, month, day, sex, rsapassword, code);
Debug.WriteLine(postData);
// httpHelper.CC = new System.Net.CookieContainer();
string html = httpHelper.PostAndGetHtml(registerURL, postData, null, null, false, Encoding.UTF8);
//string html= htlp.GetHtml(registerURL, postData, Encoding.UTF8);
return html;
}
public static string GetRandrom()
{
Random rand = new Random();
string strNum = "";
int i = 0;
while (i<16)
{
i++;
int randomNum = rand.Next(0,10);
strNum += randomNum.ToString();
}
strNum = "0." + strNum;
return strNum;
}
public static Image GetCode()
{
string path = "http://captcha.qq.com/getimage?aid=1007901&"+GetRandrom();
Image image= httpHelper.GetAndGetBitmap(path, null, null, false);
return image;
}
public static string GetAddress()
{
string path = "http://zc.qq.com/cgi-bin/iframe/numreg/init_9?id="+ GetRandrom();
string html= httpHelper.GetAndGetHtml(path, null, null, true, Encoding.UTF8);
return html;
}
以上是我编写的代码 . 调用而已…没啥啥技术含量滴。。
注册的参数删掉了很多,可以吧不必要的删掉。但是需要谨慎操作啊…!!!
Winform界面代码:(上图,总有动手写几行代码哦,亲…)
界面效果如下:
--------------------------------------------运行中,下图返回---------------------------------------
ok,注册成功
大功告成 !!!
HttpHelper要小小修改一下,腾讯QQ在POST提交的时候要把获取验证码的cookie一并提交上去
但是这个HttpHelper没有把获取图片的Cookie赋值到POST Cookie.
所以要把CC=cc的代码写入.
-----------------------------------------------------------------------------------------------------
申明,本文只做教学指导只用,切勿干坏事!!!
如有疑问请回复本文章
源码:猛击下载