QQ空间g_tk算法的JS脚本的获取和分析
首先我们需要获取g_tk是如何计算的,由于Firefox自带的控制台功能不够用, 这里用Firefox+Firebug来做,其它浏览器应该也有对于的插件
Firebug分析
F12打开Firebug控制台,刷新QQ空间登录后的界面,然后点击“脚本”
下面我们需要在index.js中查找g_tk
先点击所有旁边的xxx.js旁的下三角
输入index.js
选择viewer2的那个js
然后在右边的搜索框中输入gtk=
可能要搜好多次才能出结果,楼主这里投机取巧了,直接给出答案:"g_tk="+QZONE.FP.getACSRFToken()
多搜几次,直接右键复制函数
JS函数是这样定义的
function (a){
a=QZFL.util.URI(a);
var b;
a&&(a.host&&0<a.host.indexOf("qzone.qq.com")?b=QZFL.cookie.get("p_skey"):
a.host&&0<a.host.indexOf("qq.com")&&(b=QZFL.cookie.get("skey")));
b||(b=QZFL.cookie.get("skey")||QZFL.cookie.get("rv2"));
a=5381;
for(var c=0,d=b.length;c<d;++c)
a+=(a<<5)+b.charAt(c).charCodeAt();
return a&2147483647
}
函数所在的JS链接:点这里
<span style="display: none; width: 0px; height: 0px;" id="transmark"></span>
QZONE.FrontPage.getACSRFToken = function (a) {
a = QZFL.util.URI(a);
var b;
a && (a.host && 0 < a.host.indexOf('qzone.qq.com') ? b = QZFL.cookie.get('p_skey') :
a.host && 0 < a.host.indexOf('qq.com') && (b = QZFL.cookie.get('skey')));
b || (b = QZFL.cookie.get('skey') || QZFL.cookie.get('rv2'));
a = 5381;
for (var c = 0, d = b.length; c < d; ++c) a += (a << 5) + b.charAt(c).charCodeAt();
return a & 2147483647
};
网上很多分析抄来抄去,也不仔细看源码,这个函数主要是通过cookie的三个参数p_skey、skey、rv2算出g_tk的值
首先对这三个字符串做或运算,得到一个新的字符串,然后对每个字符取ascii码加上a左移5位的值。
网上很多文章只通过skey来算,目前服务器也能正确响应,可能是原来就只用这一个值算,后面QQ空间要升级的话也可能会出现错误。
Python在计算左移和加法的时候int会自动转long,所以代码不得不特殊处理了
Python2.7代码:
# -*- coding: UTF-8 -*-
import sys
import re
def LongToInt(value): # 由于int+int超出范围后自动转为long型,通过这个转回来
if isinstance(value, int):
return int(value)
else:
return int(value & sys.maxint)
def LeftShiftInt(number, step): # 由于左移可能自动转为long型,通过这个转回来
if isinstance((number << step), long):
return int((number << step) - 0x200000000L)
else:
return int(number << step)
def getOldGTK(skey):
a = 5381
for i in range(0, len(skey)):
a = a + LeftShiftInt(a, 5) + ord(skey[i])
a = LongToInt(a)
return a & 0x7fffffff
def getNewGTK(p_skey, skey, rv2):
b = p_skey or skey or rv2
a = 5381
for i in range(0, len(b)):
a = a + LeftShiftInt(a, 5) + ord(b[i])
a = LongToInt(a)
return a & 0x7fffffff
# @1h4BB3B54 804BF877775DC07D0B313E9BC345C0C10A8DC211948584EB47 1081244980
cookieStr = 'QZ_FE_WEBP_SUPPORT=0; cpu_performance_v8=52; __Q_w_s__QZN_TodoMsgCnt=1; qq_photo_key=3f5a61d2ec8b845c82cb6495b013a161; __Q_w_s_hat_seed=1; uin=o0123456789; skey=@eGUumR6t0; ptisp=cnc; qzone_check=123456789_1441331282; Loading=Yes; p_skey=dArOKuu1XrAD2eXy5WQUcc3yltbmOcl0a2R-s1SZ3ZI_; pt4_token=IrI7MG3O6TmZNggm2el42g__; qqmusic_uin=; qqmusic_key=; qqmusic_fromtag=; qzmusicplayer=qzone_player_123456789_1441331284945; pgv_info=ssid=s1620079896; p_uin=o0123456789; rv2=804BF877775DC07D0B313E9BC345C0C10A8DC211948584EB47; property20=09473DB192D9C42A2785F37178883082E9A5283893BE41ECFA493E95E6F20E27385E24C933D47B5B; '
if re.search(r'p_skey=(?P<p_skey>[^;]*)', cookieStr):
p_skey = re.search(r'p_skey=(?P<p_skey>[^;]*)', cookieStr).group('p_skey')
else:
p_skey = None
if re.search(r'skey=(?P<skey>[^;]*)', cookieStr):
skey = re.search(r'skey=(?P<skey>[^;]*)', cookieStr).group('skey')
else:
skey = None
if re.search(r'rv2=(?P<rv2>[^;]*)', cookieStr):
rv2 = re.search(r'rv2=(?P<rv2>[^;]*)', cookieStr).group('rv2')
else:
rv2 = None
print p_skey
print skey
print rv2
print getOldGTK(skey)
print getNewGTK(p_skey, skey, rv2)