Research on HTTP interface PHP of QQ

1. research shows that Tencent has an http qq interface in tqq.tencent.com 8000. through this interface, you can perform some basic operations, such: login, logout, and change login status (online, busy, offline, and invisible), add and delete friends, view friends information, send verification information (accept added as friends, apply to add peer as friends, reject being "> <LINKhref =" http ://

1. study description

Tencent has an http qq interface in 8000 of tqq.tencent.com. through this interface, you can perform some basic operations, such: login, logout, and change login status (online, busy, offline, and invisible) add and delete friends, view friends information, send verification information (accept added as friends, apply to add peer as friends, reject added as friends), send and receive user messages, system information.

At present, I am studying the http qq protocol of version 1.1. The research is based on the results of Weicheng. I dare not say anything beyond it, but it is more detailed and accurate.

2. Interface description:

Interface location: tqq.tencent.com: 8000

Communication Protocol: HTTP

Data transmission method: POST

HTTP request format:

Posthttp/1.1

Host: tqq.tencent.com: 8000

Content-Type: text/plain; charset = UTF-8

Content-length: length

Connection: close

Data

The length is the data length. the data format is as follows:

VER = 1.1 & CMD = Command & SEQ = Mark & UIN = QQ number &....

The preceding four parameters are mandatory for each request. In this example, VER indicates the protocol version. Currently, it is 1.1. it is said that 1.2 has come out. in this case, the server returns NULL. CMD indicates the operation instruction, there are Login, List, Query_Stat, GetInfo, AddToList, Ack_AddToList, DelFromList, Change_Stat, GetMsgEx, CLTMSG, and Logout. SEQ is the flag of the current request to prevent repeated sending. the current time can be used, you can also use a random number. UIN is the QQ number of the current operation. However, different CMD parameters are required. I will publish my research results below.

3. research methods:

I am not satisfied with the current information on the internet. I write a program, send multiple requests with the same CMD parameters, and make judgments based on the server's return. If you are interested, you can skip this step.

I will publish the code I tested (PHP) below ):

$ Uin = "QQ number ";

$ Pwd = md5 ("QQ password ");

// Login test

$ Poststring [] = "VER = 1.1 & CMD = Login & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& PS = ". $ pwd. "& M5 = 1 & LC = 9326B87B234E7235 ";

// Note: The login test cannot be performed at the same time. you must wait until the server determines that QQ is disconnected before testing. Otherwise, the result is untrusted.

/*******

$ Poststring [] = "VER = 1.1 & CMD = Login & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& PS = ". $ pwd. "& M5 = 0 & LC = 9326B87B234E7235 ";

$ Poststring [] = "VER = 1.1 & CMD = Login & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& PS = ". $ pwd. "& M5 = 1 & LC = 9326B87B234E7235 ";

$ Poststring [] = "VER = 1.1 & CMD = Login & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& PS = ". $ pwd. "& M5 = 2 & LC = 9326B87B234E7235 ";

$ Poststring [] = "VER = 1.1 & CMD = Login & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& PS = ". $ pwd. "& M5 = 3 & LC = 9326B87B234E7235 ";

$ Poststring [] = "VER = 1.1 & CMD = Login & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& PS = ". $ pwd. "& M6 = 1 & LC = 9326B87B234E7235 ";

$ Poststring [] = "VER = 1.1 & CMD = Login & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& PS = ". $ pwd. "& M6 = 1 & LC = 1223423545756679 ";

*******/

// Obtain the friend list

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ =". rand (,). "& UIN =". $ uin;

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ =". rand (,). "& UIN =". $ uin. "& TN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ =". rand (160,). "& UIN =". $ uin. "& TN = ";

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ =". rand (,). "& UIN =". $ uin. "& UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& UN = ". rand (1, 10 );

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 0 & UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 160 & UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 160 & UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = ". rand (1,200 ). "& UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = ". rand (1,200 ). "& UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = ". rand (1,200 ). "& UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 0 & UN = ". rand (1, 10 );

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 0 & UN = ". rand (1, 10 );

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 0 & UN = ". rand (1, 10 );

$ Poststring [] = "VER = 1.1 & CMD = List & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 0 & UN = 106814 ";

// Obtain the online list

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ =". rand (,). "& UIN =". $ uin;

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ =". rand (,). "& UIN =". $ uin. "& TN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ =". rand (160,). "& UIN =". $ uin. "& TN = ";

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ =". rand (,). "& UIN =". $ uin. "& UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& UN = ". rand (1, 10 );

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 0 & UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 160 & UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 160 & UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = ". rand (1,200 ). "& UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = ". rand (1,200 ). "& UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = ". rand (1,200 ). "& UN = 0 ";

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 0 & UN = ". rand (1, 10 );

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 0 & UN = ". rand (1, 10 );

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 0 & UN = ". rand (1, 10 );

$ Poststring [] = "VER = 1.1 & CMD = Query_Stat & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& TN = 0 & UN = 106814 ";

// View friend information

$ Poststring [] = "VER = 1.1 & CMD = GetInfo & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& LV = 0 & UN = 106814 ";

$ Poststring [] = "VER = 1.1 & CMD = GetInfo & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& amp; LV = 1 & amp; UN = 106814 ";

$ Poststring [] = "VER = 1.1 & CMD = GetInfo & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& amp; LV = 2 & amp; UN = 106814 ";

$ Poststring [] = "VER = 1.1 & CMD = GetInfo & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& amp; LV = 3 & amp; UN = 106814 ";

$ Poststring [] = "VER = 1.1 & CMD = GetInfo & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& amp; LV = 4 & amp; UN = 106814 ";

$ Poststring [] = "VER = 1.1 & CMD = GetInfo & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& amp; LV = 5 & amp; UN = 106814 ";

// Add friends

$ Poststring [] = "VER = 1.1 & CMD = AddToList & SEQ =". rand (106814,). "& UIN =". $ uin. "& UN = ";

// Send verification

$ Poststring [] = "VER = 1.1 & CMD = Ack_AddToList & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& UN = 106814 & CD = 0 & RS = TEST ";

$ Poststring [] = "VER = 1.1 & CMD = Ack_AddToList & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& UN = 106814 & CD = 1 & RS = TEST ";

$ Poststring [] = "VER = 1.1 & CMD = Ack_AddToList & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& UN = 106814 & CD = 2 & RS = TEST ";

$ Poststring [] = "VER = 1.1 & CMD = Ack_AddToList & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& UN = 106814 & CD = 3 & RS = TEST ";

$ Poststring [] = "VER = 1.1 & CMD = Ack_AddToList & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& UN = 106814 & CD = 4 & RS = TEST ";

$ Poststring [] = "VER = 1.1 & CMD = Ack_AddToList & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& UN = 106814 & CD = 5 & RS = TEST ";

// Delete a friend

$ Poststring [] = "VER = 1.1 & CMD = DelFromList & SEQ =". rand (106814,). "& UIN =". $ uin. "& UN = ";

// Change the status

For ($ I = 0; $ I <= 60; $ I = $ I + 5)

{

$ Poststring [] = "VER = 1.1 & CMD = Change_Stat & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& ST = ". $ I;

}

// Obtain the message

$ Poststring [] = "VER = 1.1 & CMD = GetMsgEx & SEQ =". rand (,). "& UIN =". $ uin ."";

// Send a message

$ Poststring [] = "VER = 1.1 & CMD = CLTMSG & SEQ = ". rand (1000,9000 ). "& UIN = ". $ uin. "& UN = 106814 & MG = TEST ";

// Logout

$ Poststring [] = "VER = 1.1 & CMD = Logout & SEQ =". rand (,). "& UIN =". $ uin ."";

$ File = fopen ("p.txt", "w ");

Foreach ($ poststring as $ k => $ v)

{

Ss_timing_start ();

$ Fp = fsockopen ("tqq.tencent.com", "8000", $ errno, $ errstr, $ timeout = 10 );

If (! $ Fp ){

// Error tell us

$ Content = $ k. chr (13). chr (10). "ERROR: $ errstr ($ errno )";

} Else {

// Send the server request

Fputs ($ fp, "post http/1.1 ");

// Fputs ($ fp, "Host: $ host ");

// Fputs ($ fp, "Content-type: application/x-www-form-urlencoded ");

Fputs ($ fp, "Content-length:". strlen ($ v )."");

Fputs ($ fp, "Connection: close ");

Fputs ($ fp, $ v ."");

// Loop through the response from the server

$ Res = "";

While (! Feof ($ fp )){

$ Res. = fgets ($ fp, 4096 );

}

// Close fp-we are done with it

Fclose ($ fp );

$ Content = $ v. chr (13). chr (10). $ res;

}

Ss_timing_stop ();

$ Content. = chr (13 ). chr (10 ). "Time :". ss_timing_current (). chr (13 ). chr (10 ). "--------------------------------------". chr (13 ). chr (10 );

Fputs ($ file, $ content );

}

Fclose ($ file );

?>

Function ss_timing_start ($ name = "default "){

Global $ ss_timing_start_times;

$ Ss_timing_start_times [$ name] = explode ("", microtime ());

}

Function ss_timing_stop ($ name = "default "){

Global $ ss_timing_stop_times;

$ Ss_timing_stop_times [$ name] = explode ("", microtime ());

}

Function ss_timing_current ($ name = "default "){

Global $ ss_timing_start_times, $ ss_timing_stop_times;

If (! Isset ($ ss_timing_start_times [$ name]) {

Return 0;

}

If (! Isset ($ ss_timing_stop_times [$ name]) {

$ Stop_time = explode ("", microtime ());

}

Else {

$ Stop_time = $ ss_timing_stop_times [$ name];

}

$ Current = $ stop_time [1]-$ ss_timing_start_times [$ name] [1];

$ Current + = $ stop_time [0]-$ ss_timing_start_times [$ name] [0];

Return $ current;

}

?>

4. research results:

(1). login

Note: you must log on before you perform any other operations. Other commands can be correctly executed only after logon (RES = 0 is returned). Otherwise, the server returns RES = 20, but the exception is logout. After you log on to the server, the server will verify your identity based on your IP address * and the UIN parameter. A computer can log on to multiple QQ accounts at the same time, which does not affect each other because of the UIN parameter.

* I can confirm that the server is verified by IP address because the server cannot obtain other information through my request. ^_^

Submit data: VER = 1.1 & CMD = Login & SEQ = Mark & UIN = QQ number & PS = qqpassword & M5 = 1 & LC = 9326B87B234E7235

Note: the QQ password is a string encrypted with md5. in PHP, md5 () can be used for encryption;

The role of the M5 parameter is unknown, but it is better to be 1.

The LC parameter is a bit mysterious and cannot be changed at all. Otherwise, the server will not respond (if there is no response, NULL is returned ).

Return: VER = 1.1 & CMD = LOGIN & SEQ = Mark & UIN = QQ number & RES = 0 & RS = 0 & HI = 60 & LI = 300 (successful)

VER = 1.1 & CMD = LOGIN & SEQ = Mark & UIN = QQ number & RES = 0 & RS = 1 & RA = incorrect password (incorrect password)

VER = 1.1 & CMD = LOGIN & SEQ = Mark & UIN = QQ number & RES = 5 (illegal QQ number, such as 100)

NULL (UIN is a character, PS is NULL, LC error)

(2). get the friends list

Submit data: VER = 1.1 & CMD = List & SEQ = Mark & UIN = QQ no. & TN = 160 & UN = 0

Note: TN and UN are not clear about the specific representation, but the value of TN will affect the returned results. Is there any UN that has no effect on the results?

Return: VER = 1.1 & CMD = LIST & SEQ = Mark & UIN = QQ number & RES = 0 & FN = 9 (when TN = 0 or there is no TN parameter, FN indicates the number of friends)

VER = 1.1 & CMD = LIST & SEQ = Mark & UIN = QQ number & RES = 0 & FN = 1 & SN = 9 & UN = 3814526 ,..., (If TN exists and is not 0, FN = 1, SN indicates the number of friends, and UN indicates the list of friends, separated)

VER = 1.1 & CMD = LIST & SEQ = Mark & UIN = QQ number & RES = 20 (incorrect login)

NULL (UIN, TN, and UN are characters)

(3). get the online friends list

Submit data: VER = 1.1 & CMD = Query_Stat & SEQ = Mark & UIN = QQ no. & TN = 50 & UN = 0

Note: TN and UN are not clear about the specific representation, but the value of TN will affect the returned results. Is there any UN that has no effect on the results?

Return: VER = 1.1 & CMD = QUERY_STAT & SEQ = Mark & UIN = QQ number & RES = 0 & FC = 0, & FN = 1 & SN = 1 & ST = 10, & UN = 106814, & NK = Hackfan good, (if TN exists and is not 0, FN = 1, SN indicates the number of online friends, the FC, ST, UN, and NK values are separated by ",", indicating the avatar, status, number, and nickname respectively)

VER = 1.1 & CMD = QUERY_STAT & SEQ = Mark & UIN = QQ number & RES = 20 (incorrect logon)

NULL (UIN, TN, and UN are characters)

Note: FCIs the ID of the QQ image. for example, the ID of the header image is, and the image used by its header is 91.bmp. its algorithm is ID/3 + 1;

ST is the status of QQ users, 10 is online, 20 is offline (or invisible), and 30 is busy;

Note: When TN = 0 or does not exist, the server returns:

VER = 1.1 & CMD = Query_Stat & SEQ = Mark & UIN = QQ number

HTTP/1.1 200 OK

Server: tencent imserver/1.0.0

Content-Type: text/plain; charset = UTF-8

Content-Length: 56

VER = 1.1 & CMD = QUERY_STAT & SEQ = Mark & UIN = QQ number & RES = 0 & FN = 1

HTTP/1.1 200 OK

Server: tencent imserver/1.0.0

Content-Type: text/plain; charset = UTF-8

Content-Length: 77

VER = 1.1 & CMD = QUERY_STAT & SEQ = Mark & UIN = QQ number & RES = 0 & FC = & FN = 1 & SN = 0 & ST = & UN = & NK =

Two times are returned. in the first result, FN is the number of online friends, and the data returned for the second time is basically useless.

(4). View friend information

Submit data: VER = 1.1 & CMD = GetInfo & SEQ = Mark & UIN = QQ number & LV = query type & UN = queried QQ number

Note: LV = is a simplified query, LV = 2 is a common query, and LV> = 3 is a detailed query.

Return: VER = 1.1 & CMD = GETINFO & SEQ = Mark & UIN = QQ number & RES = 0 & LV = 0 & UN = 106814 & NK = Hackfan (simplified query)

VER = 1.1 & CMD = GETINFO & SEQ = Mark & UIN = QQNO & RES = 0 & AD = Address & AG = 19 & EM = hackfan@qq.com & FC = 0 & HP = http://blog.hackfan.net & JB = Student

& LV = 2 & PC = zip code & PH = Phone & PR = The guy is updating. NET Frameword ...... & PV = Jiangsu & RN = Hu Jiyang & SC = Graduate School & SX = 0 & UN = 106814 & NK = Hackfan

Good (normal query)

VER = 1.1 & CMD = GETINFO & SEQ = Mark & UIN = QQ number & RES = 0 & AD = Address & AG = 19 & BT = 2 & CO = 6 & CT = Suzhou & CV = % 01 & CY = People's Republic of China

& EM = hackfan@qq.com & FC = 0 & HP = http://blog.hackfan.net & ID =-& JB = Student & LV = 3 & MO = 136 * & MT = 0 & MV = & PC = zip code & PH = Phone & PR = The guy is

Updating. NET Frameword ...... & PV = Jiangsu & RN = Hu Jiyang & SC = Graduate School & SH = 3 & SX = 0 & UN = 106814 & NK = Hackfan (for details)

VER = 1.1 & CMD = GETINFO & SEQ = Mark & UIN = QQ number & RES = 20 (incorrect logon)

NULL (UIN, LV, and UN are characters)