Qq Automatic Log Analysis

First, let's list the important issues.

1. encryption of the QQ password:

2. Check whether verification code is required for login.

3. The g_tk ParameterAlgorithm.

 

Analysis process.

1. When Logging On, you must first determine whether to use the verification code.

String url = string. Format ("http://ptlogin2.qq.com/check? Uin = {0} & appid = {1} & R = 0. {2} ", txtuser. text. trim (), "2001601", bases. getguid (bases. randenum. numeric, 16 ));

For GET request, if the returned value starts with 1, the verification code is required. If the returned value starts with 0, the verification code is not required.

 

2. If you have a verification code, obtain the image address of the verification code, and record the cookie of the verification code, which must be used for submission.

String strimageurl = string. Format ("http://captcha.qq.com/getimage? & Uin = {0} & vc_type = {1} & Aid = {2} & 0. {3} ", txtuser. text. trim (), vccode, "2001601", bases. getguid (bases. randenum. numeric, 16 ));

 

3. log on,

Login address: http://ptlogin2.qq.com/login? Export & H = 1 & ptredirect = 1 & ptlang = 2052 & from_ui = 1 & dumy = & fp = loginerroralert

Note: U: your QQ number, P: Encrypted QQ password, verifycode: Verification Code

 

3.1: QQ password encryptionCode: C # version.

Public static class qqpwdencrypt
{
/// <Summary>
/// Calculate the encrypted password after QQ logon on the webpage
/// </Summary>
/// <Param name = "PWD"/> QQ password </param>
/// <Param name = "verifycode"/> Verification Code </param>
/// <Returns> </returns>
Public static string encrypt (string PWD, string verifycode)
{
Return (MD5 (md5_3 (PWD). toupper () + verifycode. toupper (). toupper ();
}
/// <Summary>
/// Calculate the three-time MD5 value of the string
/// </Summary>
/// <Param name = "S"/> </param>
/// <Returns> </returns>
Private Static string md5_3 (string S)
{
System. Security. cryptography. MD5 MD5 = new system. Security. cryptography. md5cryptoserviceprovider ();
Byte [] bytes = system. Text. encoding. utf8.getbytes (s );

Bytes = md5.computehash (bytes );
Bytes = md5.computehash (bytes );
Bytes = md5.computehash (bytes );

Md5.clear ();

String ret = "";
For (INT I = 0; I <bytes. length; I ++)
{
RET + = convert. tostring (Bytes [I], 16). padleft (2, '0 ');
}

Return ret. padleft (32, '0 ');
}
/// <Summary>
/// Calculate the MD5 of a string
/// </Summary>
/// <Param name = "S"/> </param>
/// <Returns> </returns>
Private Static string MD5 (string S)
{
System. Security. cryptography. MD5 MD5 = new system. Security. cryptography. md5cryptoserviceprovider ();
Byte [] bytes = system. Text. encoding. utf8.getbytes (s );

Bytes = md5.computehash (bytes );

Md5.clear ();

String ret = "";
For (INT I = 0; I <bytes. length; I ++)
{
RET + = convert. tostring (Bytes [I], 16). padleft (2, '0 ');
}

Return ret. padleft (32, '0 ');
}
}

3.2 for details about the JS version of the encryption method, seeSource code, Read from the QQ page.

 

4. After successful login, start to send logs,

Send log address: http:// B .qzone.qq.com/cgi-bin/blognew/blog_add? G_tk = "+ gtkvalue

1: How to obtain the g_tk parameter:

The value of gtkvalue is encrypted by QQ.

Encryption principle: After successful login, there will be a skey cookie in the successfully logged-on cookie value, take the cookie value, and cyclically retrieve the binary of the single character and take the left value.

I found a js method for obtaining gtkvalue: [who is expected to translate it into Version C #? Because the js method is inconvenient to call in C, you can also reference a DLL control.]

The js method provides the following:

Function getgtk (STR ){
VaR hash = 5381;
For (VAR I = 0, Len = Str. length; I <Len; ++ I)
{
Hash + = (hash <5) + Str. charat (I). charcodeat ();
}
Return hash & 0x7fffffff;
}

After calling some methods, you can obtain the specific log Sending address,

 

5. perform post to provide the log content to be sent. [Note: during login, It is a GET request, not a POST request]

I got stuck here. I don't know why I didn't return any data after the submission, that is, the release was not successful. It's strange that the debugging was not careful.

Later I found that when I submitted the file, I caught "about" protocol conflict committed by the server. Section = responsestatusline"

Frequently query the root cause of the problem: [found online, hey]

The server committed a protocol violation. Section = responseheader detail = CR must be followed by lf Microsoft does not tolerate server responses that do not comply with the requirements that httpheader in RFC 822 must end with CRLF.
Modify the configuration file to modify it in the app. config (winform) or web. config (Web) file.
App. config in winform does not exist by default. manually create an xml configuration file in the same directory as the debug folder. The content is as follows:
<? XML version = "1.0" encoding = "UTF-8"?>
<Configuration>
<System.net>
<Settings>
<Httpwebrequest useunsafeheaderparsing = "true"/>
</Settings>
</System.net>
</Configuration>
After compilation,ProgramConfiguration file named .exe. config

 

Add the above Code and you will be OK.

This article records the analysis process and leaves it for future reference. If it is useless to everyone, please move on. Ha

 

About programsArticle, Or favorites are usually synchronously sent to javaeye, cnblogs,

Other articles are usually sent to Sina and QQ space synchronously.

 

Sent successfully. Haha.