微信小程序之纷玩岛

本教程仅限于学术探讨,也没有专门针对某个网站而编写,禁止用于非法用途、商业活动、恶意滥用技术等,否则后果自负。观看则同意此约定。如有侵权,请告知删除,谢谢!

 懒得写逆向过程了自己看源码,主导一个懒字,贯彻到底
关注...

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

# !/usr/bin/env python
# -*- coding: utf-8 -*-
# @Time     : 2023/6/7 12:52
# @Author   : Jay
# @File     : fwd.py
# @Description  :
import time
import string
import random
import requests
from loguru import logger
from urllib3 import disable_warnings

disable_warnings()
headers = {
    "Authorization": "",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36 MicroMessenger/7.0.20.1781(0x6700143B) NetType/WIFI MiniProgramEnv/Windows WindowsWechat/WMPF XWEB/6939",
}
strDigit = string.digits + string.ascii_letters


def getIdf():
    e, i, u = "1234567890", 255, 0
    idf = str(int(time.time() * 1000)) + "-" + str(int(1000000 * (random.random() + 1)))
    for a in range(len(idf)):
        i ^= ord(idf[a])
        u += ord(idf[a])
    return idf + str(ord(e[(i + 256) % 10])) + str(ord(e[u % 10]))


# 接口验证定义的BlackBox
def getBlackBox():
    profile_url = "https://fp.tongdun.net/wxapp/profile.json?partner=fenwandao"
    params = {
        # 置空的字段为AES加密,由于key、iv没有传入后端所以无法校验参数,从而置空
        "partner": "fenwandao",
        "app_name": "fenwandao_wx",
        "t": "",
        "id": "",
        "v": "GeVeM4b8MRzyErm9LPSNmp==",  # 后端校验平台的参数固定
        "a": "",
        "b": "",
        "c": "",
        "d": "",
        "e": "",
        "f": "",
        "i": "",
        "idf": getIdf(),
        "g": "",
        "h": ""  # hash128加盐整个params
    }
    tokenId = requests.post(url=profile_url, headers=headers, data=params, verify=False).json()['result']['tokenId']
    return box(tokenId)


def box(td):
    td = list(td)
    td[0] = random.choice(strDigit)
    td.insert(4, random.choice(strDigit))
    td.insert(15, random.choice(strDigit))
    td.insert(-1, random.choice(strDigit))
    return "".join(td) + ":0"


def random_str(s=4):
    return "".join([random.choice(strDigit) for _ in range(s)])


# 自定义的BlackBox
def getCustomBlackBox():
    return box(f"{random_str()}{int(time.time())}{random_str(9)}")


def run():
    data = {
        "contactName": "屌毛",
        "contactPhone": "10086",
        "deliveryType": 1,
        "combineTicketVos": [],
        "ordinaryTicketVos": [{
            "seatPlanId": 1352,
            "seatPlanName": "VIP票320元",
            "seatPlanPrice": 320,
            "seatPlanQuantity": 1,
            "seatInfoVo": None,
            "frequentContactsId": 523566
        }],
        "payment": 320,
        "totalPrice": 320,
        "performId": 389,
        "projectId": "266",
        "privilegeCodeList": [],
        "blackBox": getCustomBlackBox()  # 因blackBox是同盾随机的字符串id,可以自定义类似的随机字符串跳过请求,使提交订单更快
    }
    start_ts = time.time()
    res = requests.post("https://api.livelab.com.cn/order/app/center/v3/create", headers=headers, verify=False, json=data).json()
    orderNo = res.get("data", False)
    if orderNo:
        logger.success(f"`订单号 {orderNo} -> 【广州】萧秉治Xiao Bing Chih Project X Live Tour 巡回演唱会`下单成功!")
        res = requests.post(f"https://api.livelab.com.cn/performance/app/order/cancel/order?orderNo={orderNo}",
                            json={"custom": {"auth": True, "loading": False, "ignoreStatus": False}}, headers=headers, verify=False).json()
        logger.success(f"订单取消状态 --> {res.get('msg', '取消失败.')}")
    else:
        logger.warning(res)

    logger.success(f"订单提交耗时: {round(time.time() - start_ts, 2)} 秒")


if __name__ == '__main__':
    run()

 

你可能感兴趣的:(微信小程序逆向,微信小程序,python)