The first is to obtain a verification code, grab the package can be:
http://check.ptlogin2.qq.com/check?regmaster=&pt_tea=1&uin=2630366651&appid= 7000101&js_ver=10113&js_type=1&login_sig=jbx* Gegr-bftnprz-rz6ag1f2pwoqw0ksvxs0ghpeceurd0e1vbmwdztn-joaily&u1=http%3a%2f%2fpet.qq.com%2floginback.html &r=0.4001144212670624
UIn is the user name know, Login_sig is still not plugging on can be ignored, the biggest change is to increase the Pt_tea parameters, after the analysis test should be an excessive parameter, if 0 in the login must be required to enter the verification code, and the old algorithm encryption parameters.
This is also why the old program can still log in, but every time to verify the code for the reason, it will soon be blocked, so here should be assigned a value of 1 to adopt the new algorithm.
The response is as follows:
PTUI_CHECKVC (' 0 ', '! MOF ', ' \x00\x00\x00\x00\x9c\xc8\x35\xbb ', ' D1f329403a04f3cdcfa2c2edb634bcba803a436ee23330e6d728500550d61349c756894065e5e2ae635c783dd10d3ba1 ', ' 0 ');
For the sake of narration, the respective segment names left to right are named: ISVERIFIED,VCODE,SALT,PT_VERIFYSESSION_V1,PT_VCODE_V1
Isverified or indicate whether validation is required, 0 and 1 represent without and need respectively.
Slat before called Pt_uin, when using QQ sign-in or old meaning, both the byte of the QQ number, and when the use of mailbox login returned the byte sequence is currently unknown, the analysis of its value is fixed, did not find the algorithm to restore QQ number, It seems that the QQ number of the new algorithm is directly obtained from the cookies.
Pt_verifysession_v1 is the session verification code, has been the device is now blocked, when the need to verify this field is empty, its value needs to be removed from the cookie. The
Pt_vcode_v1 is new and will be discussed later.
Vcode does not need to verify the meaning of the same, when the need to verify the new meaning, this will return a string of characters, the previous code to obtain a picture of the CAP_CD parameter, this time also blocked,
then this parameter where? Is Vcode return of this string of characters, said before the need to verify the PT_VERIFYSESSION_V1 is empty, when the verification code after the cookie will be more than a verifysession, yes it is.
With the above parameters the rest is login:
Http://ptlogin2.qq.com/login? u=2630366651 &p= bf89jslqupb7vtfhxbbds9-0bh2sphfv5f3fcrvspe8tymt24etw5gkvxyaoqxqy58fnimuycuj586naspx8f-m* pvorvhekrqedsliqjfr-nzu6e3w6x8*cvucbb*ls6ohxqssul70impgbumw0kejxurnkapocpeijxy1bceaoklet* realhzlnmsagmnurzvqobavgjfw5qvkmaubxw__ & verifycode=! MOF &aid=7000101&u1=http%3A%2F%2Fpet.qq.com%2Floginback.html&h=1&ptredirect=0& Ptlang=2052&daid=41&from_ui=1&dumy=&low_login_enable=0®master=&fp=loginerroralert &action=1-10-1423480485958&mibao_css=&t=1&g=1&js_ver=10113&js_type=1&login_sig=jbx *gegr-bftnprz-rz6ag1f2pwoqw0ksvxs0ghpeceurd0e1vbmwdztn-joaily&pt_uistyle=17& pt_randsalt=0 & pt_vcode_v1=0 & pt_verifysession_v1= D1f329403a04f3cdcfa2c2edb634bcba803a436ee23330e6d728500550d61349c756894065e5e2ae635c783dd10d3ba1
U is the user name, Verifycode and Pt_verifysession_v1 Needless to say, and pt_vcode_v1 do not be fooled by the goods, regardless of what is returned in front, here should be 0, and the previous verification when the return of the Pt_vcode_ V1 actually corresponds to the pt_randsalt here, what does this field do?
When you log in with the QQ number it is 0, the other hand you use the mailbox and other auxiliary account to log on to 1, otherwise the login will fail.
The final play is the parameter p, it is the secret text password, compared to the previous simple MD5 several times this can be a lunatic also added RSA, I have reversed out more than half, can eventually give up, the reason is very simple new algorithm can change the place more, casually change and spend a lot of energy re-analysis than thankless,
So let's get it right, anyway. Login script is ready, fake Document object or change the script directly with the local JS engine to get the result is good ~ ~ ~
QQ Latest Login algorithm