├── README.md ├── boss直聘__zp_stoken__补环境 ├── boss.py └── env.js ├── qq音乐sign算法还原jsvmp ├── qqMusicSign.js └── qqMusicSign.py ├── 七麦数据analysis算法还原 └── sevenDataAnalysis.py └── 巨量星图sign算法还原 └── xtSign.py /README.md: -------------------------------------------------------------------------------- 1 | # 1.AlgorithmRestore 2 | 3 | - App和Web逆向算法还原案例源码分享 4 | - 将持续增加新web站点和app的算法还原 5 | 6 | # 2.郑重声明 7 | 8 | - 本库的所有还原算法仅供学习交流,若读者将其用于非法用途,其造成的一切后果与本人无关 9 | - 如果本库对应算法侵犯到贵公司的权益,请添加我的个人微信YotaGit联系删除 10 | 11 | # 3.算法文章对应的文章 12 | - boss直聘最新版zp_stoken逆向分析源码放送:https://mp.weixin.qq.com/s/it_4GjVgaGVEELOGtONjiQ 13 | - 七麦数据analysis参数算法还原:https://mp.weixin.qq.com/s/IvrBO0KxpaWkysG2lS8P0w 14 | - 巨量星图sign算法还原(头条系):https://mp.weixin.qq.com/s/VR3t4eJwDeiFTlYjAMAv-w 15 | - qq音乐sign算法还原源码放送及jsvmp全流程分析:https://mp.weixin.qq.com/s/6I2iokciUcAwpwFYKISknQ 16 | 17 | 18 | # 4.加入群聊 19 | 20 | - 核心算法内容在群公告的text文件里,补进代码里面即可. 21 | 22 | ![算法还原](https://mmbiz.qpic.cn/mmbiz_png/YYt02skhKQZM0QI7mnnKdria5DiaVDyugmEHr1aHoqUc6TPvF7yYPoaKumkJusx7lT26e3UueBLEibz1jt0OIqiaog/0?wx_fmt=png) 23 | 24 | - 如果二维码失效加我微信YotaGit拉你进群 25 | 26 | # 5.我的微信和公众号 27 | 28 | - 我的微信YotaGit 29 | 30 | ![YotaGit](https://mmbiz.qpic.cn/mmbiz_jpg/YYt02skhKQao2pdSKoS3wpJeAjuDhLeMovOZTY7z8WQQs9aYr8SnicI6R2fdYuyJ3CMAoR5aKdIAKxBMgeRxJiaA/0?wx_fmt=jpeg) 31 | 32 | - 我的公众号 33 | 34 | ![YotaGit](https://mmbiz.qpic.cn/mmbiz_png/YYt02skhKQbZaFCI7icGfA1cjTytgWXQgBpWvicGJAj4kvt0y2IaeBExxvldn0ME4HpzcXGwsVronL2FaaaeHm9Q/640?wx_fmt=png&wxfrom=5&wx_lazy=1&wx_co=1) 35 | 36 | -------------------------------------------------------------------------------- /boss直聘__zp_stoken__补环境/boss.py: -------------------------------------------------------------------------------- 1 | import re 2 | from urllib.parse import unquote 3 | from urllib3 import disable_warnings 4 | import execjs 5 | from requests import Session 6 | 7 | disable_warnings() 8 | session = Session() 9 | with open('env.js', encoding='utf-8')as f: 10 | raw_js = f.read() + '\n!' 11 | tail_js = """ 12 | function get_token(seed, ts) { 13 | return encodeURIComponent((new window.ABC).z(seed, parseInt(ts) + 60 * (480 + (new Date).getTimezoneOffset()) * 1e3)) 14 | } 15 | """ 16 | url = "https://www.zhipin.com/c101280100-p100101/?page=3&ka=page-3" 17 | 18 | payload = {} 19 | headers = { 20 | 'Connection': 'keep-alive', 21 | 'Pragma': 'no-cache', 22 | 'Cache-Control': 'no-cache', 23 | 'sec-ch-ua': '"Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"', 24 | 'sec-ch-ua-mobile': '?0', 25 | 'Upgrade-Insecure-Requests': '1', 26 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36', 27 | 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 28 | 'Sec-Fetch-Site': 'none', 29 | 'Sec-Fetch-Mode': 'navigate', 30 | 'Sec-Fetch-User': '?1', 31 | 'Sec-Fetch-Dest': 'document', 32 | 'Accept-Language': 'zh-CN,zh;q=0.9', 33 | } 34 | count = 0 35 | success = 0 36 | while 1: 37 | try: 38 | session.headers = headers 39 | response = session.request("GET", url, data=payload, verify=False, timeout=3.0) 40 | # response = session.request("GET", url, data=payload, verify=False) 41 | local = response.history[0].headers.get('location') 42 | seed = unquote(re.findall('seed=(.*?)&', local)[0]) 43 | ts = re.findall('ts=(.*?)&', local)[0] 44 | filename = re.findall('name=(.*?)&', local)[0] 45 | print(seed, ts) 46 | ak_url = "https://www.zhipin.com/web/common/security-js/{}.js".format(filename) 47 | response_ak = session.request("GET", ak_url, data=payload, verify=False, timeout=3.0) 48 | # response_ak = session.request("GET", ak_url, data=payload, verify=False) 49 | final_js = raw_js + response_ak.content.decode() + tail_js 50 | final_js = final_js.replace('module', 'moduler') 51 | final_js = final_js.replace('__filename', '__filenamer') 52 | final_js = final_js.replace('=Buffer', '=Bufferr') 53 | final_js = final_js.replace('typeof process', 'typeof child_process') 54 | final_js = re.sub('this===(.*?),', 'true,', final_js) 55 | ff = execjs.compile(final_js) 56 | zp_token = ff.call('get_token', seed, ts) 57 | cookie = {'__zp_stoken__': zp_token} 58 | print(zp_token) 59 | response = session.request("GET", url, data=payload, verify=False, cookies=cookie, timeout=3.0) 60 | # response = session.request("GET", url, data=payload, verify=False, cookies=cookie) 61 | count += 1 62 | if response.status_code == 200: 63 | if "当前IP存在多次违规访问行为,已暂时被禁止访问" in response.content.decode(): 64 | print("当前IP存在多次违规访问行为,已暂时被禁止访问。") 65 | continue 66 | if "BOSS直聘" not in response.content.decode(): 67 | print("BOSS直聘 not in response IP") 68 | continue 69 | success += 1 70 | print(count, success) 71 | except Exception as e: 72 | print(e) 73 | -------------------------------------------------------------------------------- /boss直聘__zp_stoken__补环境/env.js: -------------------------------------------------------------------------------- 1 | // Math.random = function () { 2 | // let ret = 0.16601174644686956 3 | // // console.log(ret) 4 | // return ret; 5 | // } 6 | // Math.toString=function(){ 7 | // return "function Math() { [native code] }" 8 | // } 9 | // 10 | // Date.prototype.getTime = function () { 11 | // return 1621733818282; 12 | // } 13 | // Date.toString=function(){ 14 | // return "function Date() { [native code] }" 15 | // } 16 | 17 | window = { 18 | document: { 19 | cookie: "", 20 | createElement: function (tag) { 21 | if (tag == "canvas") { 22 | return canvas 23 | } else if (tag == "caption") { 24 | return { 25 | tagName: "CAPTION" 26 | } 27 | } 28 | 29 | }, 30 | getElementById: function (a, b, c, d) { 31 | return false 32 | }, 33 | getElementsByName: function (a, b, c, d) { 34 | return false 35 | }, 36 | getElementsByTagName: function (a, b, c, d) { 37 | return false 38 | }, 39 | getElementsByClassName: function (a, b, c, d) { 40 | return false 41 | }, 42 | title: "" 43 | }, 44 | moveBy: function () { 45 | }, 46 | moveTo: function () { 47 | }, 48 | open: function () { 49 | }, 50 | dispatchEvent: function () { 51 | return true 52 | }, 53 | screen: { 54 | availHeight: 824, 55 | availWidth: 1536 56 | }, 57 | location: { 58 | host: "www.zhipin.com", 59 | hostname: "www.zhipin.com", 60 | href: "https://www.zhipin.com/c101280100-p100101/", 61 | origin: "https://www.zhipin.com", 62 | pathname: "/c101280100-p100101/", 63 | toString: function () { 64 | return "https://www.zhipin.com/" 65 | } 66 | }, 67 | decodeURI: decodeURI, 68 | OfflineAudioContext: function () { 69 | this.createOscillator = function () { 70 | return { 71 | frequency: { 72 | setValueAtTime: function () { 73 | } 74 | }, 75 | connect: function () { 76 | }, 77 | start: function () { 78 | }, 79 | } 80 | }, 81 | this.createDynamicsCompressor = function () { 82 | return { 83 | threshold: { 84 | setValueAtTime: function () { 85 | }, 86 | }, 87 | setValueAtTime: function () { 88 | }, 89 | knee: { 90 | setValueAtTime: function () { 91 | }, 92 | }, 93 | ratio: { 94 | setValueAtTime: function () { 95 | }, 96 | }, 97 | reduction: { 98 | setValueAtTime: function () { 99 | }, 100 | }, 101 | attack: { 102 | setValueAtTime: function () { 103 | }, 104 | }, 105 | release: { 106 | setValueAtTime: function () { 107 | }, 108 | }, 109 | connect: function () { 110 | }, 111 | } 112 | }, 113 | this.startRendering = function () { 114 | } 115 | }, 116 | history: { 117 | "length": 2, 118 | "scrollRestoration": "auto", 119 | "state": null 120 | }, 121 | // outerHeight: 824, 122 | // innerHeight: 150, 123 | // outerWidth: 1536, 124 | // innerWidth: 0, 125 | outerHeight: 28, 126 | innerHeight: 0, 127 | outerWidth: 160, 128 | innerWidth: 0, 129 | Math: Math, 130 | Date: Date, 131 | encodeURIComponent: encodeURIComponent, 132 | RegExp: RegExp, 133 | length: 0, 134 | ScreenOrientation: function () { 135 | }, 136 | onmessage: null, 137 | performance: {}, 138 | speechSynthesis: { 139 | paused: false, 140 | pending: false, 141 | speaking: false, 142 | getVoices: function () { 143 | }, 144 | speak: function () { 145 | } 146 | }, 147 | SourceBuffer: function () { 148 | return { 149 | mode: "", 150 | appendWindowStart: "", 151 | audioTracks: "", 152 | buffered: "", 153 | textTracks: "", 154 | toString: function () { 155 | return "function SourceBuffer() { [native code] }" 156 | } 157 | } 158 | }, 159 | 160 | XMLHttpRequest: function () { 161 | return { 162 | readyState: "", 163 | response: "", 164 | responseText: "", 165 | responseURL: "", 166 | responseXML: "", 167 | statusText: "", 168 | toString: function () { 169 | return "function XMLHttpRequest() { [native code] }" 170 | } 171 | } 172 | }, 173 | SpeechSynthesisUtterance: function () { 174 | 175 | }, 176 | toString: function () { 177 | return "[object Window]" 178 | }, 179 | 180 | } 181 | scrollBy = function () { 182 | 183 | } 184 | scrollBy.toString=function(){ 185 | return "function scrollBy() { [native code] }" 186 | } 187 | window.scrollBy=scrollBy 188 | scrollTo = function () { 189 | 190 | } 191 | scrollTo.toString=function(){ 192 | return "function scrollTo() { [native code] }" 193 | } 194 | window.scrollTo=scrollTo 195 | window.open.toString = function () { 196 | return "function open() { [native code] }" 197 | } 198 | 199 | OfflineAudioContext = window.OfflineAudioContext 200 | canvas = { 201 | getContext: function () { 202 | return CanvasRenderingContext2D 203 | }, 204 | toDataURL: function () { 205 | // 实际为canvas画布填充了图片 206 | return "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAACWCAYAAABkW7XSAAAAAXNSR0IArs4c6QAADkdJREFUeF7t3HtwVOUZx/HnJIYkA8ZwUXAAuQkNcgsIBBxrkavFWykKtVRqgeyGcQZQW7UU9Q+xXuoUpK2wS8ERaxXlVqeASrAISolcFCWllZsFglysKAgJhOR0zslu3JAFDA/zkIXv/qO45znPez7v7m/e8+5BR3ghgAACCSLgJMg4GeY5FHAD4p7D0yXMqZyw8HlPmNmKP1AmMMEn8GyGT2CdjRo1tUGAwKoNs2A8BgLLGJx250yAwDpnlIlzIgIrceaKkVYVILAuwk8EgXURTvoFcskE1gUykTW5DAKrJlocW5sECKzaNBtGYyGwjKBpc84FCKxzTlr7T0hg1f45YoTxBQisi/CTQWBdhJN+gVwygXWBTGRNLoPAqokWx9YmAQKrNs2G0VgILCNo2pxzAQLrnJPW/hMSWLV/jhghe1h8BiICBBYfhUQVYIWVqDOnGDeBpcCj9LwKEFjnlf/8NCewzo87XfUC3wbWmJmNJal8hbjOBJkZeKvKqe+eU1fSSl4Txx1craXr3FTt+FONKzc8XRw3L/L2F+K4/SWUt7HycO99kUVVzpcbHiSO+2bcmorjRWYGxsZteaZ+0aLTXfu3/cdLODhNT37+z0Bgnf85YARnJ1CzwBKZFidM/lIteOKNpSJcrpKStGHy0sgjUhEEFbXlSU3EcaeK63zolzpuVylP6iPJZU3EdeaK4w73g62iZqr/3p9z98npAut0/WJD0usXDbaTwzca1CI7xXH7VPY9O+taU0Vg1ZqpYCA1FKgWWG2vLni6742zB+4uumbD4iXjHxLXmSclab/0VliXN97xwpAhT/Z3XGnq9TlxIiV1/4FW3Rs0KPokrc6RP4R6yLzKL3/FQP7tf8m9V8zqLbBWnnHd5I7797W8tk5q8ecNGu0ZF3p+5n8ix6wIBAKHHZEPQuFwv+gKKrhW7ih3k0d5NXXrHdxy6WVfTgxND9/lve8df6IsJWX2rD+1E8dtLWXJd0py2evR1WLcft1kpX9uLwRFxnl10WsXkQX+tQRndBHXeV7Kk8a2y3p/Sc8ef9tdt+7B10Ld5fc1dK5VhxNYtWo6GEwNBOIGVu/e84atXn3n9Vu35tzpr6giK43KwCqX/Eg4eV/2HwUDgeWuyF2rVw8v2rSpX5vKVVQgNE5cZ1Dln71wWSvPSJJkfLo5Z/KKd0eH+t44+8OWrT/Mzl+e26JTh3deTE4qDboie65o/Fnh3s/b3v7RxoGzbrl1ar6US54kyQwvpLp0frt1r17z/rdw4UR3/4GWh0aNvrdk27Yet7274p63T749jNfv6rZr2jvJ8pwfko47W1zn15JUPnfo0Cc+adRwZ7q48qJ/fRXjbz96QuA3ez7tuKq0NO14m1brNieJTJreQ7bXwLlWHUpg1arpYDA1EKgWWC2ab5qdlbVq0leHGs8vGP3WqOAGuaGsNPn+LVtzOq1Zc0frnj0XSVFRlmzffm1FG9dZMuT2px/KbFg0admyQO/duzoGvJDzgsJxpH3FMXLY+5J7/1ouMrm4OGPJnJee9VdHfX4wK9iufcEkx5VPvZXL2LXS2jumtCxln79iEpkWCAT8lVa4hzzohUjdugezR/zs4eMFq+9otfHjgdv7Dwj3Ki2tk/Hum3mdRz88MjW5RH7rlEuGIxJ2RQKn7BcOnfDHV540t13W++uzu7y5sX7m3q/9FVZo5qroqjA4NlB85HDmAytW3JPdt+/swvS0Q7P9QEvQF4GVoBPHsGP+H9eRjeeMjANZOT0XHKtTp2RSs6v+9YFbJuNLijMWegFTbYVVccuU37fPC6ErrtzW9NVXJvf29puCuXn9XEfalaXJxFkd5MvgOrm/8s9PzTnmb+B7r5K0YTEBk58ksqHckUckSV4oPZ4ypHBT30HbP+v2aOQ21A+06KrHuw3cvqP7gPz83OycnPnSqOGu5U3abh7mhZWUyyE/3LzXt/tQVfoV7bpm6+LFE7pJSVpu35umd3Cd8reOHmkwOTt7qZfEC0Lh8GH/VrEkbVhw/Mhg6YmU5l6A3nzzlNSmTTdvqDw/HyIEEDATqLbCatp08+u9e80fvGNHt9RuXf++OSm5bE3ouTmheHtY3igPHGjRyftnevrXa+fPfyQ7q/37E3J6LBhRuQ908qXEbJyPvi+31A8YEYmGW+XhkaC5LHPvquE/ebSl8+1tqP/LYDAY2LJte/e785cF9gwb/tjBoqKsHza/atMbGRkHjlU5V5x+ZaUpKa/MfeKyo0czHvc28+9emfloYeEN9x4+3Oghb/+uckXmuIMzMg5Ij+5vyI7Psv1VZbNmhTsHDgitT0k9NjUU3Qczmy4aIXBxC8Tdw/r+9S/ftv9AqwHp6Ye2+RviU+asrxJY0fDw7HLD0zt2XF7aM2dR6/feuyu7fuaeqdnZb3fz95vifaEj+1rRW8G4YRWdk9zw9Lr1vkz1bv/8wJo2Z2lkdTYtGAx0iATWGm+19cUXLYaVnbgkvWHDoimzryt5qnJa4/RbuvTev+7a2Xm+iDS68sot0qrVBlm//hZJTT0qXhgVF1/66uIl48f4q8UxeW3dJOnvh+C0Gc3TUo8uv+3WZwrq19+7PNE33y/ujz5Xn4gCp/yVcM+erMO7dl8zokOHd5YW7f7efd4G+SluCf3HDgJj8kYUFbXvVljYp+6A/uFdSSllfwxND6dXeQwhRsj71U9EfnzaDezgjC5pdY7MGzr08Y/q1fvqn6FQuDB6vkAw9wH/lnBZwA+s48fTm6xcOfLGrl2X7G90xa77Tg7LeP1GF0qD5GJ5bP/+Nv9YtOjBJ6O/En708aCSgjVDG8fsr/m/isauKC9v9N/Vib75nogfWMZ8cQucMrC8W7qFCycO6dFzUZ8GmbtDL738bE5q2jeD42y6+w+ORjbZ9y5cMPHaTp3zfxq5har+cGhkxTPqF+NWXZJa0rLarWCcW8icXvP8B0cLCob65xs9Lm+XdysZ3XT3Ast7PxwOL+993dyFrVutX5x2+VdBb/8ssuc1KF4/7wcFb4+urCzl0n372vTOzNxXmJr6zSHv34uLM/KvbvfBlMpfJ2Meg2jabPPcfn1nrktP+2ZGIm++X9wffa4+EQWq/dWc6K900T0ob2XiPbLgPQZwIlU2RX6Bq3isIfLyvvixX+wqm+zepvt3WU2dRq/a+U86n//oQuRXxMrxO7Kuprds1a499scCL/xiXrE9E3HiGTMCiShwxsDyLir6LJO48jtx5FfRB0erXHD02aXIf4x9rMF15bj/3FPMntbJoXYmPD/0HPm5d9zJ5zs5PGJDNtrzu/SLDSz/F0uRyXKK4IvX40zXwPsIIKAT4C8/6/yoRgABQwECyxCbVgggoBMgsHR+VCOAgKEAgWWITSsEENAJEFg6P6oRQMBQgMAyxKYVAgjoBAgsnR/VCCBgKEBgGWLTCgEEdAIEls6PagQQMBQgsAyxaYUAAjoBAkvnRzUCCBgKEFiG2LRCAAGdAIGl86MaAQQMBQgsQ2xaIYCAToDA0vlRjQAChgIEliE2rRBAQCdAYOn8qEYAAUMBAssQm1YIIKATILB0flQjgIChAIFliE0rBBDQCRBYOj+qEUDAUIDAMsSmFQII6AQILJ0f1QggYChAYBli0woBBHQCBJbOj2oEEDAUILAMsWmFAAI6AQJL50c1AggYChBYhti0QgABnQCBpfOjGgEEDAUILENsWiGAgE6AwNL5UY0AAoYCBJYhNq0QQEAnQGDp/KhGAAFDAQLLEJtWCCCgEyCwdH5UI4CAoQCBZYhNKwQQ0AkQWDo/qhFAwFCAwDLEphUCCOgECCydH9UIIGAoQGAZYtMKAQR0AgSWzo9qBBAwFCCwDLFphQACOgECS+dHNQIIGAoQWIbYtEIAAZ0AgaXzoxoBBAwFCCxDbFohgIBOgMDS+VGNAAKGAgSWITatEEBAJ0Bg6fyoRgABQwECyxCbVgggoBMgsHR+VCOAgKEAgWWITSsEENAJEFg6P6oRQMBQgMAyxKYVAgjoBAgsnR/VCCBgKEBgGWLTCgEEdAIEls6PagQQMBQgsAyxaYUAAjoBAkvnRzUCCBgKEFiG2LRCAAGdAIGl86MaAQQMBQgsQ2xaIYCAToDA0vlRjQAChgIEliE2rRBAQCdAYOn8qEYAAUMBAssQm1YIIKATILB0flQjgIChAIFliE0rBBDQCRBYOj+qEUDAUIDAMsSmFQII6AQILJ0f1QggYChAYBli0woBBHQCBJbOj2oEEDAUILAMsWmFAAI6AQJL50c1AggYChBYhti0QgABnQCBpfOjGgEEDAUILENsWiGAgE6AwNL5UY0AAoYCBJYhNq0QQEAnQGDp/KhGAAFDAQLLEJtWCCCgEyCwdH5UI4CAoQCBZYhNKwQQ0AkQWDo/qhFAwFCAwDLEphUCCOgECCydH9UIIGAoQGAZYtMKAQR0AgSWzo9qBBAwFCCwDLFphQACOgECS+dHNQIIGAoQWIbYtEIAAZ0AgaXzoxoBBAwFCCxDbFohgIBOgMDS+VGNAAKGAgSWITatEEBAJ0Bg6fyoRgABQwECyxCbVgggoBMgsHR+VCOAgKEAgWWITSsEENAJEFg6P6oRQMBQgMAyxKYVAgjoBAgsnR/VCCBgKEBgGWLTCgEEdAIEls6PagQQMBQgsAyxaYUAAjoBAkvnRzUCCBgKEFiG2LRCAAGdAIGl86MaAQQMBQgsQ2xaIYCAToDA0vlRjQAChgIEliE2rRBAQCdAYOn8qEYAAUMBAssQm1YIIKATILB0flQjgIChAIFliE0rBBDQCRBYOj+qEUDAUIDAMsSmFQII6AQILJ0f1QggYChAYBli0woBBHQCBJbOj2oEEDAUILAMsWmFAAI6gf8DOCrQ04sCaucAAAAASUVORK5CYII=" 207 | }, 208 | } 209 | CanvasRenderingContext2D = { 210 | fillRect: function () { 211 | }, 212 | fillText: function () { 213 | } 214 | } 215 | localStorage = { 216 | removeItem: function (key) { 217 | delete this[key] 218 | }, 219 | getItem: function (key) { 220 | return this[key] ? this[key] : null; 221 | }, 222 | setItem: function (key, value) { 223 | this[key] = "" + value; 224 | }, 225 | }; 226 | sessionStorage = {} 227 | document = window.document 228 | window.navigator = navigator = { 229 | cookieEnabled: true, 230 | language: "zh-CN", 231 | appCodeName: "Mozilla", 232 | appName: "Netscape", 233 | userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36", 234 | appVersion: "5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" 235 | 236 | } 237 | 238 | window.sessionStorage = sessionStorage 239 | window.localStorage = localStorage 240 | setInterval = window.setInterval = function () { 241 | debugger; 242 | } 243 | setInterval.toString = function () { 244 | return "function setInterval() { [native code] }" 245 | } 246 | setTimeout = window.setTimeout = function () { 247 | 248 | } 249 | setTimeout.toString = function () { 250 | return "function setTimeout() { [native code] }" 251 | } 252 | clearTimeout = window.clearTimeout = function () { 253 | 254 | } 255 | clearTimeout.toString = function () { 256 | return "function clearTimeout() { [native code] }" 257 | } 258 | top = window.top = window 259 | self = window.self = window 260 | window.window = window 261 | child_process = undefined; 262 | closed = { 263 | __proto__: (1 >> 3 > 4)["__proto__"] 264 | } 265 | screenTop = { 266 | __proto__: (2)["__proto__"] 267 | } 268 | Function.prototype.toString = function () { 269 | return "function () { [native code] }"; 270 | } 271 | Object.keys(window).forEach(property => { 272 | try { 273 | if (typeof global[property] === 'undefined') { 274 | global[property] = window[property]; 275 | } 276 | } catch (e) { 277 | // console.log(e); 278 | } 279 | }); 280 | global.window = window; 281 | global = undefined; 282 | global = window 283 | process.argv = undefined; 284 | 285 | 286 | //下面这一段的补环境内容在群公告的text文件里,加我微信YotaGit拉你进群 287 | -------------------------------------------------------------------------------- /qq音乐sign算法还原jsvmp/qqMusicSign.js: -------------------------------------------------------------------------------- 1 | 2 | var crypto=require('crypto'); 3 | var md5=crypto.createHash("md5"); 4 | 5 | bbk = { 6 | "0": 0, "1": 1, "2": 2, "3": 3, "4": 4, "5": 5, "6": 6, "7": 7, "8": 8, "9": 9, "A": 10, "B": 11, "C": 12, 7 | "D": 13, "E": 14, "F": 15 8 | } 9 | hhh = [212, 45, 80, 68, 195, 163, 163, 203, 157, 220, 254, 91, 204, 79, 104, 6] 10 | m = [] 11 | m_shit = [] 12 | dd_list = [] 13 | ss = '' 14 | sss = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" 15 | function ack(a, b) { 16 | d = a * 16 17 | ii = d + b 18 | this.m.push(ii) 19 | } 20 | function find_the_map() { 21 | aae = [] 22 | for (var i = 0; i < this.ss.length; i++) { 23 | aae.push(bbk[this.ss[i]]) 24 | } 25 | for (var kk = 0; kk < aae.length; kk += 2) { 26 | ack(aae[kk], aae[kk + 1]) 27 | } 28 | 29 | } 30 | function find_head() { 31 | find_the_map() 32 | hh = '' 33 | var hea=[21, 4, 9, 26, 16, 20, 27, 30] 34 | for (i in hea) { 35 | hh += this.ss[hea[i]] 36 | } 37 | return hh 38 | } 39 | function find_tail() { 40 | tt = '' 41 | tai=[18, 11, 3, 2, 1, 7, 6, 25] 42 | for (j in tai) { 43 | tt += this.ss[tai[j]] 44 | } 45 | return tt 46 | } 47 | function find_middle() { 48 | this.m_shit = [] 49 | this.dd_list=[] 50 | for (var i = 0; i < this.hhh.length; i++) { 51 | var x = this.m[i]; 52 | var y = this.hhh[i]; 53 | this.m_shit.push(x ^ y) 54 | } 55 | for (var jjj = 0; jjj < this.m_shit.length; jjj += 3) { 56 | if (jjj + 3 < this.m_shit.length) { 57 | find_the_shit(this.m_shit[jjj], this.m_shit[jjj + 1], this.m_shit[jjj + 2]) 58 | } 59 | else { 60 | var lll = this.m_shit.length - jjj 61 | if (lll == 2) { 62 | find_the_shit(this.m_shit[jjj], this.m_shit[jjj + 1]) 63 | } else { 64 | find_the_shit(this.m_shit[jjj]) 65 | } 66 | } 67 | 68 | } 69 | var middle=this.dd_list.join('').replace('/','') 70 | return middle 71 | } 72 | function find_the_shit(a, b, c){ 73 | var aa = a >> 2 74 | var aaa = a & 3 75 | var aaa_a = aaa << 4 76 | if(b){ 77 | var bb = b >> 4 78 | var bbb = aaa_a | bb 79 | var bbb_b = 5 + 10 80 | var bbb_bb = b & bbb_b 81 | var bbb_bbb = bbb_bb << 2 82 | if (c){ 83 | var bbb_bbb_b = c >> 6 84 | var cc = bbb_bbb | bbb_bbb_b 85 | var ddd = 53 + 10 86 | var dd = c & ddd 87 | this.dd_list.push(this.sss[aa]) 88 | this.dd_list.push(this.sss[bbb]) 89 | this.dd_list.push(this.sss[cc]) 90 | this.dd_list.push(this.sss[dd])} 91 | else{ 92 | this.dd_list.push(this.sss[aa]) 93 | this.dd_list.push(this.sss[bbb])}} 94 | else{ 95 | 算法内容在群公告的text文件里,加我微信YotaGit拉你进群 96 | } 97 | } 98 | 99 | function get_the_sign(ppk){ 100 | this.ss = md5.update(ppk).digest('hex').toUpperCase(); 101 | var head=find_head() 102 | var mid=find_middle() 103 | var tail=find_tail() 104 | ret = 'zzb' + head + mid+ tail 105 | return ret.toLowerCase() 106 | } 107 | ppp = '{"comm":{"cv":4747474,"ct":24,"format":"json","inCharset":"utf-8","outCharset":"utf-8","notice":0,"platform":"yqq.json","needNewCode":1,"uin":0,"g_tk_new_20200303":5381,"g_tk":5381},"req_1":{"module":"music.musichallSinger.SingerList","method":"GetSingerListIndex","param":{"area":200,"sex":1,"genre":2,"index":1,"sin":0,"cur_page":1}}}' 108 | result = get_the_sign(ppp) 109 | console.log(result) -------------------------------------------------------------------------------- /qq音乐sign算法还原jsvmp/qqMusicSign.py: -------------------------------------------------------------------------------- 1 | from hashlib import md5 2 | 3 | bbk = {"0": 0, "1": 1, "2": 2, "3": 3, "4": 4, "5": 5, "6": 6, "7": 7, "8": 8, "9": 9, "A": 10, "B": 11, "C": 12, 4 | "D": 13, "E": 14, "F": 15} 5 | hhh = [212, 45, 80, 68, 195, 163, 163, 203, 157, 220, 254, 91, 204, 79, 104, 6] 6 | ss = '' 7 | sss = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" 8 | m = list() 9 | dd_list = list() 10 | m_s = list() 11 | 12 | 13 | def ack(a, b): 14 | d = a * 16 15 | ii = d + b 16 | m.append(ii) 17 | 18 | 19 | def find_the_map(): 20 | global m 21 | m = list() 22 | aae = list(map(lambda x: bbk.get(x), ss)) 23 | for kk in range(0, len(aae), 2): 24 | ack(aae[kk], aae[kk + 1]) 25 | 26 | 27 | def find_head(): 28 | find_the_map() 29 | hh = '' 30 | for i in [21, 4, 9, 26, 16, 20, 27, 30]: 31 | hh += ss[i] 32 | return hh 33 | 34 | 35 | def find_tail_shit(): 36 | tt = '' 37 | for i in [18, 11, 3, 2, 1, 7, 6, 25]: 38 | tt += ss[i] 39 | return tt 40 | 41 | 42 | def find_middle(): 43 | global dd_list 44 | dd_list = list() 45 | global m_s 46 | m_s = list(map(lambda x, y: x ^ y, m, hhh)) 47 | for jjj in range(0, len(m_s), 3): 48 | if jjj + 3 < len(m_s): 49 | find_the(*tuple(m_s[jjj:jjj + 3])) 50 | else: 51 | find_the(*tuple(m_s[jjj:len(m_s)])) 52 | 53 | middle = ''.join(dd_list).replace('/', '').replace('+', '') 54 | return middle 55 | 56 | 57 | def find_the(a, b=None, c=None): 58 | aa = a >> 2 59 | aaa = a & 3 60 | aaa_a = aaa << 4 61 | if b: 62 | bb = b >> 4 63 | bbb = aaa_a | bb 64 | bbb_b = 5 + 10 65 | bbb_bb = b & bbb_b 66 | bbb_bbb = bbb_bb << 2 67 | if c: 68 | bbb_bbb_b = c >> 6 69 | cc = bbb_bbb | bbb_bbb_b 70 | ddd = 53 + 10 71 | dd = c & ddd 72 | dd_list.append(sss[aa]) 73 | dd_list.append(sss[bbb]) 74 | dd_list.append(sss[cc]) 75 | dd_list.append(sss[dd]) 76 | else: 77 | dd_list.append(sss[aa]) 78 | dd_list.append(sss[bbb]) 79 | else: 80 | 算法内容在群公告的text文件里,加我微信YotaGit拉你进群 81 | 82 | 83 | def get_the_sign(ppk): 84 | global ss 85 | ss = md5(ppk.encode()).hexdigest().upper() 86 | ret = 'zzb' + find_head() + find_middle() + find_tail_shit() 87 | return ret.lower() 88 | 89 | 90 | if __name__ == '__main__': 91 | ppp = '{"comm":{"cv":4747474,"ct":24,"format":"json","inCharset":"utf-8","outCharset":"utf-8","notice":0,"platform":"yqq.json","needNewCode":1,"uin":0,"g_tk_new_20200303":5381,"g_tk":5381},"req_1":{"module":"music.musichallSinger.SingerList","method":"GetSingerListIndex","param":{"area":200,"sex":1,"genre":2,"index":1,"sin":0,"cur_page":1}}}' 92 | result = get_the_sign(ppp) 93 | print(result) 94 | -------------------------------------------------------------------------------- /七麦数据analysis算法还原/sevenDataAnalysis.py: -------------------------------------------------------------------------------- 1 | def ack(a): 2 | e = 算法内容在群公告的text文件里,加我微信YotaGit拉你进群 3 | t = len(e) 4 | n = len(a) 5 | a = list(a) 6 | for sa in range(n): 7 | a[sa] = chr(ord(a[sa]) ^ ord(e[(sa + 10) % t])) 8 | return "".join(a).encode() 9 | 10 | def get_analysis(url, params): 11 | i = int(time.time() * 1000) - 1865 - 1515125653845 12 | s = [str(value) for value in params.values()] 13 | s = ''.join(sorted(s)) 14 | s = base64.encodebytes(s.encode("utf8")) 15 | s = s.decode("utf8").strip() 16 | s += "@#" + url.replace("https://api.qimai.cn", '') 17 | s += "@#" + str(i) 18 | s += "@#1" 19 | abc = ack(s) 20 | s = base64.encodebytes(abc) 21 | s = s.decode("utf8").strip() 22 | return quote(s) 23 | 24 | if __name__ == '__main__': 25 | uuu='your target url' 26 | ppp = 'your params' 27 | result = get_analysis(uuu,ppp) 28 | print(result) -------------------------------------------------------------------------------- /巨量星图sign算法还原/xtSign.py: -------------------------------------------------------------------------------- 1 | def get_sign_params(oai): 2 | """核心算法还原""" 3 | salt = 'e39539b8836fb99e1538974d3ac1fe98' 4 | #这里举例两种params,其实已经够用了,使用前请替换达人或者主播的o_author_id为对应字符串 5 | params = [('o_author_id',oai), ('platform_source', '1'), ('platform_channel', '10'), 6 | ('limit', '15'), 7 | ('service_name', 'author.AdStarAuthorService'), 8 | ('service_method', 'GetAuthorLatestItems'), ('sign_strict', '1')] 9 | params2 = [('o_author_id', oai), ('platform_source', '1'), ('platform_channel', '10'), 10 | ('limit', '15'), ('only_ecom_live', 'only_ecom_live'), 11 | ('service_name', 'author.AdStarAuthorService'), 12 | ('service_method', 'GetAuthorLatestItems'), ('sign_strict', '1')] 13 | params.sort() 14 | sss = '' 15 | for i in params: 16 | sss += ''.join(list(i)) 17 | sss += salt 18 | sign = 核心算法内容在群公告的text文件里,加我微信YotaGit拉你进群 19 | params.append(('sign', sign)) 20 | params_data_dict = dict() 21 | for item in params: 22 | k = item[0] 23 | v = item[1] 24 | if k == v: 25 | if k == "recommend": 26 | v = "true" 27 | else: 28 | v = "false" 29 | params_data_dict[k] = v 30 | return params_data_dict 31 | 32 | if __name__ == '__main__': 33 | author_id="某个达人或者主播的o_author_id" 34 | result = get_sign_params(author_id) 35 | print(result) --------------------------------------------------------------------------------