WEB QQ的登录步骤与协议,需要的度娘下,很多。
转载说明来源:http://www.cnblogs.com/ryhan/p/4602762.html
我这实现是参考了度娘搜的 和自己抓包分析的。
目前实现了登录后的定向发消息功能。中间遇到很多坑,前前后后用了我两周时间,今天终于能发消息了,经过实际测试,能发中文、英文消息给指定好友、指定群组。
PS:
1.暂时对需要验证码图片下载与识别没做。
2.主要的难点在协议分析,及各种加密算法。我走的捷径,用控件执行JS脚本。
下面是脚本的执行日志截图:
我直接贴代码了。如果有疑问,或者需要交流的,回帖联系我吧。
一、主要代码(Py):
py:pyQQ.py
1 #!/usr/bin/env python 2 # -*- coding: utf-8 -*- 3 4 import requests 5 import json 6 import random 7 import re 8 from encryption import QJsMd5Rsa 9 from reqhash import QJsHash 10 import urllib 11 12 13 class WebQQ(): 14 15 def __init__(self, user, pwd): 16 self.user = user 17 self.pwd = pwd 18 self.htp = requests.Session() 19 20 def __printlog(self, title, url, text, newcookies, allcookies, data=''): 21 22 print '步骤:', title 23 print '地址:', url 24 print '发送:', data 25 print '返回:', text 26 27 print '-' * 20, 'cookies', '-' * 20 28 print '新增:', newcookies 29 print '所有:', allcookies 30 31 print '*' * 49 32 33 def __checkVerify(self): 34 35 url = ('https://ssl.ptlogin2.qq.com/check?pt_tea=1&uin=%s&appid=501004106' % self.user 36 + '&r=%s' % str(random.random())) 37 r = self.htp.get(url) 38 self.__printlog('检查验证码', url, r.text, r.cookies, self.htp.cookies) 39 40 ''' 41 r.text: 42 43 ptui_checkVC('0','!UCA','\x00\x00\x00\x00\x3a\x02\x14\xcc','8e3d94255c24398ca0efd3b19aebb1386d0ac31b8ca2266267e7f4436d94c6edfb2e8ec953bfb70d731c0efdca63dc030e8d1a120fa2a0b8','0'); 44 45 参数 1:“0” 表示不需要验证码,但需要使用随后的缺省验证码来登录。“1” 表示需要验证码。 46 参数 2:如果以 “!” 开头则是传递给服务器的缺省验证码。 47 参数 3:QQ号码的十六进制格式。(登录加密时会用到) 48 参数4:登录参数的 pt_verifysession_v1 49 参数6:是否使用随机盐(pt.isRandSalt = c) 50 51 ''' 52 53 pattern = re.compile("ptui_checkVC\('(.*)','(.*)','(.*)','(.*)','(.*)'\);") 54 checkdatas = pattern.search(r.text).groups() 55 56 self.needpic = checkdatas[0] 57 self.verifycode = checkdatas[1] 58 self.pt_verifysession_v1 = checkdatas[3] 59 60 61 62 # if self.checkdatas[0] == '1': 63 # print '需要处理密码问题' 64 # pass 65 66 def userLogin(self): 67 68 # 先搞验证码的问题 69 self.__checkVerify() 70 71 # 下面开始做密码加密运算,为登录做准备 72 rsapwd = QJsMd5Rsa.GetQQMd5Rsa(self.pwd, self.user, self.verifycode) 73 # print rsapwd 74 75 # 密码登录 需要替换4个参数 分别是u=%s&p=%s&verifycode=%s*****pt_verifysession_v1=%s 76 url = ('https://ssl.ptlogin2.qq.com/login?u=%s&p=%s&verifycode=%s&webqq_type=10&remember_uin=1&login2qq=1&aid=501004106' % (self.user, rsapwd, self.verifycode) 77 + '&u1=http%3A%2F%2Fw.qq.com%2Fproxy.html%3Flogin2qq%3D1%26webqq_type%3D10&h=1&ptredirect=0&ptlang=2052&daid=164' 78 + '&from_ui=1&pttype=1&dumy=&fp=loginerroralert&action=0-76-43894&mibao_css=m_webqq&t=3&g=1&js_type=0&js_ver=10126' 79 + '&login_sig=&pt_randsalt=0&pt_vcode_v1=0&pt_verifysession_v1=%s' % self.pt_verifysession_v1) 80 ref = ('https://ui.ptlogin2.qq.com/cgi-bin/login?daid=164&target=self&style=16&mibao_css=m_webqq&appid=501004106&enable_qlogin=0' 81 + '&no_verifyimg=1&s_url=http://w.qq.com/proxy.html&f_url=loginerroralert&strong_login=1&login_state=10&t=20131024001') 82 headers = {'Accept': 'application/javascript, */*;q=0.8', 'Referer':ref} 83 84 # 这个地方是GET登录 85 r = self.htp.get(url, headers=headers) 86 self.__printlog('GET登录', url, r.text, r.cookies, self.htp.cookies) 87 88 # 这个值后面需要用到(POST登录的时候) 89 self.ptwebqq = r.cookies['ptwebqq'] 90 # print ptwebqq 91 92 # 获取密码登录后的回调地址 93 # text = '''ptuiCB('0','0','http://ptlogin4.web2.qq.com/check_sig?pttype=1&uin=973214924&service=login&nodirect=0&ptsigx=8be9168e06bf82a19e05108cdce9a5d351aea559057553e6482b68414b364ddc556d468bffedfc35df1f87bb6faca53161e109b1790ad236a36426f8b3d2b232&s_url=http%3A%2F%2Fw.qq.com%2Fproxy.html%3Flogin2qq%3D1%26webqq_type%3D10&f_url=&ptlang=2052&ptredirect=100&aid=501004106&daid=164&j_later=0&low_login_hour=0®master=0&pt_login_type=1&pt_aid=0&pt_aaid=0&pt_light=0&pt_3rd_aid=0','0','登录成功!', '旺旺雪饼');''' 94 pattern = re.compile("ptuiCB\('(.*)','(.*)','(.*)','(.*)','(.*)',\s+'(.*)'\);") 95 logindatas = pattern.search(r.text).groups() 96 # print logindatas 97 98 99 # 回调成功登录地址(拿到对应的cookies,POST登录的时候要) 100 url = logindatas[2] 101 r = self.htp.get(url, allow_redirects=False) 102 self.__printlog('回调登录返回的地址 拿Cookies', url, r.text, r.cookies, self.htp.cookies) 103 104 105 # Post Login登录 106 url = 'http://d.web2.qq.com/channel/login2' 107 datas = 'r={"ptwebqq":"%s","clientid":53999199,"psessionid":"","status":"online"}' % self.ptwebqq 108 ref = ('http://d.web2.qq.com/proxy.html?v=20130916001&callback=1&id=2') 109 # 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 1.1.4322; InfoPath.3)'\ 110 # 这地方一直报错 500 ,尼玛!通过各种抓包对比发现是少了请求头 Content-Type: application/x-www-form-urlencoded 111 headers = {'Referer':ref, 'Content-Type': 'application/x-www-form-urlencoded'} 112 113 # POST登录 到这个地方为止 已经成功登录 ,下一步就是去拿好友列表了 114 r = self.htp.post(url, data=datas, headers=headers) 115 self.__printlog('POST登录', url, r.text, r.cookies, self.htp.cookies, datas) 116 # r.text 117 ''' 118 { 119 "retcode":0, 120 "result":{ 121 "uin":973214924, 122 "cip":1017527010, 123 "index":1075, 124 "port":58759, 125 "status":"online", 126 "vfwebqq":"500df48dc767afb6e82d850e795340b16a6e42542bc63890f80fb172c2f7c37b3ec41ad817ad4771", 127 "psessionid":"8368046764001d636f6e6e7365727665725f77656271714031302e3133392e372e31363400000b190000106e036e0400cc14023a6d0000000a4077494e50395a55474c6d00000028500df48dc767afb6e82d850e795340b16a6e42542bc63890f80fb172c2f7c37b3ec41ad817ad4771", 128 "user_state":0, 129 "f":0 130 } 131 } 132 ''' 133 self.result = json.loads(r.text) 134 self.vfwebqq = self.result['result']['vfwebqq'] 135 self.psessionid = self.result['result']['psessionid'] 136 137 def getGroups(self): 138 139 # 获取群组列表 140 hashkey = QJsHash.GetQQHash(self.user, self.ptwebqq) 141 url = 'http://s.web2.qq.com/api/get_group_name_list_mask2' 142 143 datas = 'r={"vfwebqq":"%s","hash":"%s"}' % (self.vfwebqq, hashkey) 144 ref = 'http://s.web2.qq.com/proxy.html?v=20130916001&callback=1&id=1' 145 headers = {'Referer':ref, 'Content-Type': 'application/x-www-form-urlencoded' 146 , 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 1.1.4322; InfoPath.3)' 147 , 'Accept-Language': 'zh-CN,zh;q=0.8' 148 , 'Origin': 'http://s.web2.qq.com'} 149 150 # 去拿群组列表 151 r = self.htp.post(url, data=datas, headers=headers) 152 self.__printlog('获取群组列表', url, r.text, r.cookies, self.htp.cookies, datas) 153 154 self.groups = json.loads(r.text) 155 156 ''' 157 { 158 "retcode":0, 159 "result":{ 160 "gmasklist":[ 161 ], 162 "gnamelist":[ 163 { 164 "flag":17826817, 165 "name":"20班", 166 "gid":2019657155, 167 "code":707730478 168 }, 169 { 170 "flag":1090520065, 171 "name":"低调点", 172 "gid":4242729568, 173 "code":3367636394 174 } 175 ], 176 "gmarklist":[ 177 ] 178 } 179 } 180 ''' 181 def getFriends(self): 182 183 # 获取好友列表 184 # hash算法 不对,一次哈希还不行。得到的值不对,拿不到好友列表 185 # 搞错对象,Hash用的是ptwebqq值 186 hashkey = QJsHash.GetQQHash(self.user, self.ptwebqq) 187 url = 'http://s.web2.qq.com/api/get_user_friends2' 188 189 # 获取自己的详细信息 190 datas = 'r={"vfwebqq":"%s","hash":"%s"}' % (self.vfwebqq, hashkey) 191 ref = 'http://s.web2.qq.com/proxy.html?v=20130916001&callback=1&id=1' 192 # 这地方一直报错 500 ,尼玛!通过各种抓包对比发现是少了请求头 Content-Type: application/x-www-form-urlencoded 193 headers = {'Referer':ref, 'Content-Type': 'application/x-www-form-urlencoded' 194 , 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 1.1.4322; InfoPath.3)' 195 , 'Accept-Language': 'zh-CN,zh;q=0.8' 196 , 'Origin': 'http://s.web2.qq.com'} 197 198 # 去拿好友列表了 199 r = self.htp.post(url, data=datas, headers=headers) 200 self.__printlog('获取好友列表', url, r.text, r.cookies, self.htp.cookies, datas) 201 202 self.friends = json.loads(r.text) 203 204 def sendGroupMsg(self, uin, msg, face=None): 205 ''' 206 r= 207 { 208 "group_uin":4242729568, 209 "content":"["饿了",["font",{"name":"宋体","size":10,"style":[0,0,0],"color":"000000"}]]", 210 "face":774, 211 "clientid":53999199, 212 "msg_id":44050002, 213 "psessionid":"8368046764001d636f6e6e7365727665725f77656271714031302e3133392e372e31363400004881000010a5036e0400cc14023a6d0000000a40644f787a776b7454646d00000028b33a3a944975b00083704a7669f6f720d797f6eb2c8fd7df5ed4d17c98375e7b009e8b8d93bbe2fb" 214 } 215 216 ''' 217 msg = urllib.quote(msg,":?=/") 218 datas = ('r={"group_uin":%s,' % uin + 219 u'"content":"[\\\"%s\\\",[\\\"font\\\",{\\\"name\\\":\\\"\\u5B8B\\u4F53\\\",\\\"size\\\":10,\\\"style\\\":[0,0,0],\\\"color\\\":\\\"000000\\\"}]]",' % msg + 220 '"face":774,' + 221 '"clientid":53999199,' + 222 '"msg_id":44050002,' + 223 '"psessionid":"%s"' % self.psessionid + 224 '}') 225 226 # 发送群组消息 227 url = 'http://d.web2.qq.com/channel/send_qun_msg2' 228 229 ref = 'http://d.web2.qq.com/proxy.html?v=20130916001&callback=1&id=2' 230 headers = {'Referer':ref 231 , 'Content-Type': 'application/x-www-form-urlencoded' 232 , 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 1.1.4322; InfoPath.3)' 233 # , 'Accept-Language': 'zh-CN,zh;q=0.8' 234 } 235 236 # 去拿群组列表 237 r = self.htp.post(url, data=datas, headers=headers) 238 self.__printlog('发送群组消息', url, r.text, r.cookies, self.htp.cookies, datas) 239 240 241 pass 242 243 def sendFriendMsg(self, uin, msg): 244 ''' 245 r={ 246 "to":3709697278 247 ,"content":"[\"给我自己发\",[\"font\",{\"name\":\"宋体\",\"size\":10,\"style\":[0,0,0],\"color\":\"000000\"}]]" 248 ,"face":774 249 ,"clientid":53999199 250 ,"msg_id":35090001 251 ,"psessionid":"8368046764001d636f6e6e7365727665725f77656271714031302e3133392e372e31363400004881000010a5036e0400cc14023a6d0000000a40644f787a776b7454646d00000028e8f2fd0393d150b2404a4d198f196be7132786a4e3fc28c6b4014b78bcd1eda6bad51ef92d5e0862" 252 } 253 254 ''' 255 msg = urllib.quote(msg,":?=/") 256 datas = ('r={' + 257 '"to":%s' % uin + 258 ',"content":"[\\\"%s\\\",[\\\"font\\\",{\\\"name\\\":\\\"\u5B8B\u4F53\\\",\\\"size\\\":10,\\\"style\\\":[0,0,0],\\\"color\\\":\\\"000000\\\"}]]"' % msg + 259 ',"face":774' + 260 ',"clientid":53999199' + 261 ',"msg_id":35090001' + 262 ',"psessionid":"%s"' % self.psessionid + 263 '}') 264 265 url = 'http://d.web2.qq.com/channel/send_buddy_msg2' 266 ref = 'http://d.web2.qq.com/proxy.html?v=20130916001&callback=1&id=2' 267 headers = {'Referer':ref 268 , 'Content-Type': 'application/x-www-form-urlencoded' 269 , 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 1.1.4322; InfoPath.3)' 270 } 271 272 # 发消息给好友 273 r = self.htp.post(url, data=datas, headers=headers) 274 self.__printlog('发送好友消息', url, r.text, r.cookies, self.htp.cookies, datas) 275 pass 276 277 if __name__ == '__main__': 278 279 qq = WebQQ('这是帐号', '这是密码') 280 qq.userLogin() 281 282 qq.getGroups() 283 quin=qq.groups['result']['gnamelist'][1]['gid'] 284 qq.sendGroupMsg(str(quin), '其实我是想写个聊天机器人的,不过有点高深,另外,登录验证码的破解逻辑,还没写') 285 286 qq.getFriends() 287 fuin = qq.friends['result']['info'][6]['uin'] 288 print fuin 289 qq.sendFriendMsg(str(fuin), 'shen me qing kuang ')
二、哈希算法(Py与JS):
py:reqhash.py
1 #! /usr/bin/env python 2 # coding=utf-8 3 4 5 import win32com.server.util, win32com.client 6 7 # 以下代码解决输出乱码问题 8 import sys 9 # print sys.getdefaultencoding() 10 reload(sys) 11 sys.setdefaultencoding('utf8') 12 # print sys.getdefaultencoding() 13 14 class __PyWinQQJsHash: 15 16 def __init__(self): 17 18 js = win32com.client.Dispatch('MSScriptControl.ScriptControl') 19 js.Language = 'JavaScript' 20 js.AllowUI = True 21 js.AddCode(self.__readJsFile("jsfiles/reqHash.js")) 22 self.jsengine = js 23 24 def __readJsFile(self, filename): 25 26 fp = file(filename, 'r') 27 lines = '' 28 for line in fp: 29 lines += line 30 return lines 31 32 def __driveJsCode(self, func, paras): 33 34 if paras: 35 return self.jsengine.Run(func, paras[0], paras[1]) 36 else: 37 return self.jsengine.Run(func) 38 39 def GetQQHash(self, qqnum, ptwebqq): 40 return self.__driveJsCode("GetQQHash", [qqnum, ptwebqq]) 41 42 43 QJsHash = __PyWinQQJsHash()
js:reqHash.js
1 function GetQQHash(x, K) { 2 x += ""; 3 for (var N = [], T = 0; T < K.length; T++) 4 N[T % 4] ^= K.charCodeAt(T); 5 var U = ["EC", "OK"], V = []; 6 V[0] = x >> 24 & 255 ^ U[0].charCodeAt(0); 7 V[1] = x >> 16 & 255 ^ U[0].charCodeAt(1); 8 V[2] = x >> 8 & 255 ^ U[1].charCodeAt(0); 9 V[3] = x & 255 ^ U[1].charCodeAt(1); 10 U = []; 11 for (T = 0; T < 8; T++) 12 U[T] = T % 2 == 0 ? N[T >> 1] : V[T >> 1]; 13 N = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F"]; 14 V = ""; 15 for (T = 0; T < U.length; T++) { 16 V += N[U[T] >> 4 & 15]; 17 V += N[U[T] & 15] 18 } 19 return V 20 };
三、密码加密(Py与JS):
py:encryption.py
1 #! /usr/bin/env python 2 # coding=utf-8 3 4 5 import win32com.server.util, win32com.client 6 import json 7 8 # 以下代码解决输出乱码问题 9 import sys 10 from test.test_audioop import datas 11 # print sys.getdefaultencoding() 12 reload(sys) 13 sys.setdefaultencoding('utf8') 14 # print sys.getdefaultencoding() 15 16 class __PyWinQQJsMd5Rsa: 17 18 def __init__(self): 19 20 js = win32com.client.Dispatch('MSScriptControl.ScriptControl') 21 js.Language = 'JavaScript' 22 js.AllowUI = True 23 js.AddCode(self.__readJsFile("jsfiles/loginRsa.js")) 24 js.AddCode(self.__readJsFile("jsfiles/loginMd5.js")) 25 js.AddCode(self.__readJsFile("jsfiles/loginUtil.js")) 26 self.jsengine = js 27 28 def __readJsFile(self, filename): 29 30 fp = file(filename, 'r') 31 lines = '' 32 for line in fp: 33 lines += line 34 return lines 35 36 def __driveJsCode(self, func, paras): 37 38 if paras: 39 return self.jsengine.Run(func, paras[0], paras[1], paras[2]) 40 else: 41 return self.jsengine.Run(func) 42 43 def GetQQMd5Rsa(self, password, salt, verifycode): 44 return self.__driveJsCode("GetQQMd5Rsa", [password, salt, verifycode]) 45 46 47 QJsMd5Rsa = __PyWinQQJsMd5Rsa()
js:loginUtil.js
1 function GetQQMd5Rsa(password, salt, verifycode) { 2 3 //return salt; 4 //return $.Encryption.getRSAEncryption(password, verifycode); 5 return $.Encryption.getEncryption(password,uin2hex(salt), verifycode); 6 // return typeof($.Encryption.getEncryption); 7 }; 8 9 function uin2hex(str) { 10 var maxLength = 16; 11 var hex = parseInt(str).toString(16); 12 var len = hex.length; 13 for (var i = len; i < maxLength; i++) { 14 hex = '0' + hex 15 } 16 var arr = []; 17 for (var j = 0; j < maxLength; j += 2) { 18 arr.push('\\x' + hex.substr(j, 2)) 19 } 20 var result = arr.join(''); 21 eval('result="' + result + '"'); 22 return result 23 }
js:loginRsa.js
1 var window = {}; 2 var navigator = {}; 3 $ = {}; 4 $pt = {} 5 window.$ = $; 6 window.$pt = $pt; 7 8 9 // var window = window || {}; 10 // var navigator = navigator || {}; 11 // 12 // $ = window.$ || {}; 13 // $pt = window.$pt || {}; 14 15 16 $.RSA = $pt.RSA = function() { 17 function g(z, t) { 18 return new ar(z, t) 19 } 20 function ah(aA, aB) { 21 var t = ""; 22 var z = 0; 23 while (z + aB < aA.length) { 24 t += aA.substring(z, z + aB) + "\n"; 25 z += aB 26 } 27 return t + aA.substring(z, aA.length) 28 } 29 function r(t) { 30 if (t < 16) { 31 return "0" + t.toString(16) 32 } else { 33 return t.toString(16) 34 } 35 } 36 function af(aB, aE) { 37 if (aE < aB.length + 11) { 38 uv_alert("Message too long for RSA"); 39 return null 40 } 41 var aD = new Array(); 42 var aA = aB.length - 1; 43 while (aA >= 0 && aE > 0) { 44 var aC = aB.charCodeAt(aA--); 45 aD[--aE] = aC 46 } 47 aD[--aE] = 0; 48 var z = new ad(); 49 var t = new Array(); 50 while (aE > 2) { 51 t[0] = 0; 52 while (t[0] == 0) { 53 z.nextBytes(t) 54 } 55 aD[--aE] = t[0] 56 } 57 aD[--aE] = 2; 58 aD[--aE] = 0; 59 return new ar(aD) 60 } 61 function L() { 62 this.n = null; 63 this.e = 0; 64 this.d = null; 65 this.p = null; 66 this.q = null; 67 this.dmp1 = null; 68 this.dmq1 = null; 69 this.coeff = null 70 } 71 function o(z, t) { 72 if (z != null && t != null && z.length > 0 && t.length > 0) { 73 this.n = g(z, 16); 74 this.e = parseInt(t, 16) 75 } else { 76 uv_alert("Invalid RSA public key") 77 } 78 } 79 function W(t) { 80 return t.modPowInt(this.e, this.n) 81 } 82 function p(aA) { 83 var t = af(aA, (this.n.bitLength() + 7) >> 3); 84 if (t == null) { 85 return null 86 } 87 var aB = this.doPublic(t); 88 if (aB == null) { 89 return null 90 } 91 var z = aB.toString(16); 92 if ((z.length & 1) == 0) { 93 return z 94 } else { 95 return "0" + z 96 } 97 } 98 L.prototype.doPublic = W; 99 L.prototype.setPublic = o; 100 L.prototype.encrypt = p; 101 var aw; 102 var ai = 244837814094590; 103 var Z = ((ai & 16777215) == 15715070); 104 function ar(z, t, aA) { 105 if (z != null) { 106 if ("number" == typeof z) { 107 this.fromNumber(z, t, aA) 108 } else { 109 if (t == null && "string" != typeof z) { 110 this.fromString(z, 256) 111 } else { 112 this.fromString(z, t) 113 } 114 } 115 } 116 } 117 function h() { 118 return new ar(null) 119 } 120 function b(aC, t, z, aB, aE, aD) { 121 while (--aD >= 0) { 122 var aA = t * this[aC++] + z[aB] + aE; 123 aE = Math.floor(aA / 67108864); 124 z[aB++] = aA & 67108863 125 } 126 return aE 127 } 128 function ay(aC, aH, aI, aB, aF, t) { 129 var aE = aH & 32767, 130 aG = aH >> 15; 131 while (--t >= 0) { 132 var aA = this[aC] & 32767; 133 var aD = this[aC++] >> 15; 134 var z = aG * aA + aD * aE; 135 aA = aE * aA + ((z & 32767) << 15) + aI[aB] + (aF & 1073741823); 136 aF = (aA >>> 30) + (z >>> 15) + aG * aD + (aF >>> 30); 137 aI[aB++] = aA & 1073741823 138 } 139 return aF 140 } 141 function ax(aC, aH, aI, aB, aF, t) { 142 var aE = aH & 16383, 143 aG = aH >> 14; 144 while (--t >= 0) { 145 var aA = this[aC] & 16383; 146 var aD = this[aC++] >> 14; 147 var z = aG * aA + aD * aE; 148 aA = aE * aA + ((z & 16383) << 14) + aI[aB] + aF; 149 aF = (aA >> 28) + (z >> 14) + aG * aD; 150 aI[aB++] = aA & 268435455 151 } 152 return aF 153 } 154 if (Z && (navigator.appName == "Microsoft Internet Explorer")) { 155 ar.prototype.am = ay; 156 aw = 30 157 } else { 158 if (Z && (navigator.appName != "Netscape")) { 159 ar.prototype.am = b; 160 aw = 26 161 } else { 162 ar.prototype.am = ax; 163 aw = 28 164 } 165 } 166 ar.prototype.DB = aw; 167 ar.prototype.DM = ((1 << aw) - 1); 168 ar.prototype.DV = (1 << aw); 169 var aa = 52; 170 ar.prototype.FV = Math.pow(2, aa); 171 ar.prototype.F1 = aa - aw; 172 ar.prototype.F2 = 2 * aw - aa; 173 var ae = "0123456789abcdefghijklmnopqrstuvwxyz"; 174 var ag = new Array(); 175 var ap, v; 176 ap = "0".charCodeAt(0); 177 for (v = 0; v <= 9; ++v) { 178 ag[ap++] = v 179 } 180 ap = "a".charCodeAt(0); 181 for (v = 10; v < 36; ++v) { 182 ag[ap++] = v 183 } 184 ap = "A".charCodeAt(0); 185 for (v = 10; v < 36; ++v) { 186 ag[ap++] = v 187 } 188 function az(t) { 189 return ae.charAt(t) 190 } 191 function A(z, t) { 192 var aA = ag[z.charCodeAt(t)]; 193 return (aA == null) ? -1 : aA 194 } 195 function Y(z) { 196 for (var t = this.t - 1; t >= 0; --t) { 197 z[t] = this[t] 198 } 199 z.t = this.t; 200 z.s = this.s 201 } 202 function n(t) { 203 this.t = 1; 204 this.s = (t < 0) ? -1 : 0; 205 if (t > 0) { 206 this[0] = t 207 } else { 208 if (t < -1) { 209 this[0] = t + DV 210 } else { 211 this.t = 0 212 } 213 } 214 } 215 function c(t) { 216 var z = h(); 217 z.fromInt(t); 218 return z 219 } 220 function w(aE, z) { 221 var aB; 222 if (z == 16) { 223 aB = 4 224 } else { 225 if (z == 8) { 226 aB = 3 227 } else { 228 if (z == 256) { 229 aB = 8 230 } else { 231 if (z == 2) { 232 aB = 1 233 } else { 234 if (z == 32) { 235 aB = 5 236 } else { 237 if (z == 4) { 238 aB = 2 239 } else { 240 this.fromRadix(aE, z); 241 return 242 } 243 } 244 } 245 } 246 } 247 } 248 this.t = 0; 249 this.s = 0; 250 var aD = aE.length, 251 aA = false, 252 aC = 0; 253 while (--aD >= 0) { 254 var t = (aB == 8) ? aE[aD] & 255 : A(aE, aD); 255 if (t < 0) { 256 if (aE.charAt(aD) == "-") { 257 aA = true 258 } 259 continue 260 } 261 aA = false; 262 if (aC == 0) { 263 this[this.t++] = t 264 } else { 265 if (aC + aB > this.DB) { 266 this[this.t - 1] |= (t & ((1 << (this.DB - aC)) - 1)) << aC; 267 this[this.t++] = (t >> (this.DB - aC)) 268 } else { 269 this[this.t - 1] |= t << aC 270 } 271 } 272 aC += aB; 273 if (aC >= this.DB) { 274 aC -= this.DB 275 } 276 } 277 if (aB == 8 && (aE[0] & 128) != 0) { 278 this.s = -1; 279 if (aC > 0) { 280 this[this.t - 1] |= ((1 << (this.DB - aC)) - 1) << aC 281 } 282 } 283 this.clamp(); 284 if (aA) { 285 ar.ZERO.subTo(this, this) 286 } 287 } 288 function O() { 289 var t = this.s & this.DM; 290 while (this.t > 0 && this[this.t - 1] == t) {--this.t 291 } 292 } 293 function q(z) { 294 if (this.s < 0) { 295 return "-" + this.negate().toString(z) 296 } 297 var aA; 298 if (z == 16) { 299 aA = 4 300 } else { 301 if (z == 8) { 302 aA = 3 303 } else { 304 if (z == 2) { 305 aA = 1 306 } else { 307 if (z == 32) { 308 aA = 5 309 } else { 310 if (z == 4) { 311 aA = 2 312 } else { 313 return this.toRadix(z) 314 } 315 } 316 } 317 } 318 } 319 var aC = (1 << aA) - 1, 320 aF, 321 t = false, 322 aD = "", 323 aB = this.t; 324 var aE = this.DB - (aB * this.DB) % aA; 325 if (aB-->0) { 326 if (aE < this.DB && (aF = this[aB] >> aE) > 0) { 327 t = true; 328 aD = az(aF) 329 } 330 while (aB >= 0) { 331 if (aE < aA) { 332 aF = (this[aB] & ((1 << aE) - 1)) << (aA - aE); 333 aF |= this[--aB] >> (aE += this.DB - aA) 334 } else { 335 aF = (this[aB] >> (aE -= aA)) & aC; 336 if (aE <= 0) { 337 aE += this.DB; --aB 338 } 339 } 340 if (aF > 0) { 341 t = true 342 } 343 if (t) { 344 aD += az(aF) 345 } 346 } 347 } 348 return t ? aD: "0" 349 } 350 function R() { 351 var t = h(); 352 ar.ZERO.subTo(this, t); 353 return t 354 } 355 function al() { 356 return (this.s < 0) ? this.negate() : this 357 } 358 function G(t) { 359 var aA = this.s - t.s; 360 if (aA != 0) { 361 return aA 362 } 363 var z = this.t; 364 aA = z - t.t; 365 if (aA != 0) { 366 return aA 367 } 368 while (--z >= 0) { 369 if ((aA = this[z] - t[z]) != 0) { 370 return aA 371 } 372 } 373 return 0 374 } 375 function j(z) { 376 var aB = 1, 377 aA; 378 if ((aA = z >>> 16) != 0) { 379 z = aA; 380 aB += 16 381 } 382 if ((aA = z >> 8) != 0) { 383 z = aA; 384 aB += 8 385 } 386 if ((aA = z >> 4) != 0) { 387 z = aA; 388 aB += 4 389 } 390 if ((aA = z >> 2) != 0) { 391 z = aA; 392 aB += 2 393 } 394 if ((aA = z >> 1) != 0) { 395 z = aA; 396 aB += 1 397 } 398 return aB 399 } 400 function u() { 401 if (this.t <= 0) { 402 return 0 403 } 404 return this.DB * (this.t - 1) + j(this[this.t - 1] ^ (this.s & this.DM)) 405 } 406 function aq(aA, z) { 407 var t; 408 for (t = this.t - 1; t >= 0; --t) { 409 z[t + aA] = this[t] 410 } 411 for (t = aA - 1; t >= 0; --t) { 412 z[t] = 0 413 } 414 z.t = this.t + aA; 415 z.s = this.s 416 } 417 function X(aA, z) { 418 for (var t = aA; t < this.t; ++t) { 419 z[t - aA] = this[t] 420 } 421 z.t = Math.max(this.t - aA, 0); 422 z.s = this.s 423 } 424 function s(aF, aB) { 425 var z = aF % this.DB; 426 var t = this.DB - z; 427 var aD = (1 << t) - 1; 428 var aC = Math.floor(aF / this.DB), 429 aE = (this.s << z) & this.DM, 430 aA; 431 for (aA = this.t - 1; aA >= 0; --aA) { 432 aB[aA + aC + 1] = (this[aA] >> t) | aE; 433 aE = (this[aA] & aD) << z 434 } 435 for (aA = aC - 1; aA >= 0; --aA) { 436 aB[aA] = 0 437 } 438 aB[aC] = aE; 439 aB.t = this.t + aC + 1; 440 aB.s = this.s; 441 aB.clamp() 442 } 443 function l(aE, aB) { 444 aB.s = this.s; 445 var aC = Math.floor(aE / this.DB); 446 if (aC >= this.t) { 447 aB.t = 0; 448 return 449 } 450 var z = aE % this.DB; 451 var t = this.DB - z; 452 var aD = (1 << z) - 1; 453 aB[0] = this[aC] >> z; 454 for (var aA = aC + 1; aA < this.t; ++aA) { 455 aB[aA - aC - 1] |= (this[aA] & aD) << t; 456 aB[aA - aC] = this[aA] >> z 457 } 458 if (z > 0) { 459 aB[this.t - aC - 1] |= (this.s & aD) << t 460 } 461 aB.t = this.t - aC; 462 aB.clamp() 463 } 464 function ab(z, aB) { 465 var aA = 0, 466 aC = 0, 467 t = Math.min(z.t, this.t); 468 while (aA < t) { 469 aC += this[aA] - z[aA]; 470 aB[aA++] = aC & this.DM; 471 aC >>= this.DB 472 } 473 if (z.t < this.t) { 474 aC -= z.s; 475 while (aA < this.t) { 476 aC += this[aA]; 477 aB[aA++] = aC & this.DM; 478 aC >>= this.DB 479 } 480 aC += this.s 481 } else { 482 aC += this.s; 483 while (aA < z.t) { 484 aC -= z[aA]; 485 aB[aA++] = aC & this.DM; 486 aC >>= this.DB 487 } 488 aC -= z.s 489 } 490 aB.s = (aC < 0) ? -1 : 0; 491 if (aC < -1) { 492 aB[aA++] = this.DV + aC 493 } else { 494 if (aC > 0) { 495 aB[aA++] = aC 496 } 497 } 498 aB.t = aA; 499 aB.clamp() 500 } 501 function D(z, aB) { 502 var t = this.abs(), 503 aC = z.abs(); 504 var aA = t.t; 505 aB.t = aA + aC.t; 506 while (--aA >= 0) { 507 aB[aA] = 0 508 } 509 for (aA = 0; aA < aC.t; ++aA) { 510 aB[aA + t.t] = t.am(0, aC[aA], aB, aA, 0, t.t) 511 } 512 aB.s = 0; 513 aB.clamp(); 514 if (this.s != z.s) { 515 ar.ZERO.subTo(aB, aB) 516 } 517 } 518 function Q(aA) { 519 var t = this.abs(); 520 var z = aA.t = 2 * t.t; 521 while (--z >= 0) { 522 aA[z] = 0 523 } 524 for (z = 0; z < t.t - 1; ++z) { 525 var aB = t.am(z, t[z], aA, 2 * z, 0, 1); 526 if ((aA[z + t.t] += t.am(z + 1, 2 * t[z], aA, 2 * z + 1, aB, t.t - z - 1)) >= t.DV) { 527 aA[z + t.t] -= t.DV; 528 aA[z + t.t + 1] = 1 529 } 530 } 531 if (aA.t > 0) { 532 aA[aA.t - 1] += t.am(z, t[z], aA, 2 * z, 0, 1) 533 } 534 aA.s = 0; 535 aA.clamp() 536 } 537 function E(aI, aF, aE) { 538 var aO = aI.abs(); 539 if (aO.t <= 0) { 540 return 541 } 542 var aG = this.abs(); 543 if (aG.t < aO.t) { 544 if (aF != null) { 545 aF.fromInt(0) 546 } 547 if (aE != null) { 548 this.copyTo(aE) 549 } 550 return 551 } 552 if (aE == null) { 553 aE = h() 554 } 555 var aC = h(), 556 z = this.s, 557 aH = aI.s; 558 var aN = this.DB - j(aO[aO.t - 1]); 559 if (aN > 0) { 560 aO.lShiftTo(aN, aC); 561 aG.lShiftTo(aN, aE) 562 } else { 563 aO.copyTo(aC); 564 aG.copyTo(aE) 565 } 566 var aK = aC.t; 567 var aA = aC[aK - 1]; 568 if (aA == 0) { 569 return 570 } 571 var aJ = aA * (1 << this.F1) + ((aK > 1) ? aC[aK - 2] >> this.F2: 0); 572 var aR = this.FV / aJ, 573 aQ = (1 << this.F1) / aJ, 574 aP = 1 << this.F2; 575 var aM = aE.t, 576 aL = aM - aK, 577 aD = (aF == null) ? h() : aF; 578 aC.dlShiftTo(aL, aD); 579 if (aE.compareTo(aD) >= 0) { 580 aE[aE.t++] = 1; 581 aE.subTo(aD, aE) 582 } 583 ar.ONE.dlShiftTo(aK, aD); 584 aD.subTo(aC, aC); 585 while (aC.t < aK) { 586 aC[aC.t++] = 0 587 } 588 while (--aL >= 0) { 589 var aB = (aE[--aM] == aA) ? this.DM: Math.floor(aE[aM] * aR + (aE[aM - 1] + aP) * aQ); 590 if ((aE[aM] += aC.am(0, aB, aE, aL, 0, aK)) < aB) { 591 aC.dlShiftTo(aL, aD); 592 aE.subTo(aD, aE); 593 while (aE[aM] < --aB) { 594 aE.subTo(aD, aE) 595 } 596 } 597 } 598 if (aF != null) { 599 aE.drShiftTo(aK, aF); 600 if (z != aH) { 601 ar.ZERO.subTo(aF, aF) 602 } 603 } 604 aE.t = aK; 605 aE.clamp(); 606 if (aN > 0) { 607 aE.rShiftTo(aN, aE) 608 } 609 if (z < 0) { 610 ar.ZERO.subTo(aE, aE) 611 } 612 } 613 function N(t) { 614 var z = h(); 615 this.abs().divRemTo(t, null, z); 616 if (this.s < 0 && z.compareTo(ar.ZERO) > 0) { 617 t.subTo(z, z) 618 } 619 return z 620 } 621 function K(t) { 622 this.m = t 623 } 624 function V(t) { 625 if (t.s < 0 || t.compareTo(this.m) >= 0) { 626 return t.mod(this.m) 627 } else { 628 return t 629 } 630 } 631 function ak(t) { 632 return t 633 } 634 function J(t) { 635 t.divRemTo(this.m, null, t) 636 } 637 function H(t, aA, z) { 638 t.multiplyTo(aA, z); 639 this.reduce(z) 640 } 641 function au(t, z) { 642 t.squareTo(z); 643 this.reduce(z) 644 } 645 K.prototype.convert = V; 646 K.prototype.revert = ak; 647 K.prototype.reduce = J; 648 K.prototype.mulTo = H; 649 K.prototype.sqrTo = au; 650 function B() { 651 if (this.t < 1) { 652 return 0 653 } 654 var t = this[0]; 655 if ((t & 1) == 0) { 656 return 0 657 } 658 var z = t & 3; 659 z = (z * (2 - (t & 15) * z)) & 15; 660 z = (z * (2 - (t & 255) * z)) & 255; 661 z = (z * (2 - (((t & 65535) * z) & 65535))) & 65535; 662 z = (z * (2 - t * z % this.DV)) % this.DV; 663 return (z > 0) ? this.DV - z: -z 664 } 665 function f(t) { 666 this.m = t; 667 this.mp = t.invDigit(); 668 this.mpl = this.mp & 32767; 669 this.mph = this.mp >> 15; 670 this.um = (1 << (t.DB - 15)) - 1; 671 this.mt2 = 2 * t.t 672 } 673 function aj(t) { 674 var z = h(); 675 t.abs().dlShiftTo(this.m.t, z); 676 z.divRemTo(this.m, null, z); 677 if (t.s < 0 && z.compareTo(ar.ZERO) > 0) { 678 this.m.subTo(z, z) 679 } 680 return z 681 } 682 function at(t) { 683 var z = h(); 684 t.copyTo(z); 685 this.reduce(z); 686 return z 687 } 688 function P(t) { 689 while (t.t <= this.mt2) { 690 t[t.t++] = 0 691 } 692 for (var aA = 0; aA < this.m.t; ++aA) { 693 var z = t[aA] & 32767; 694 var aB = (z * this.mpl + (((z * this.mph + (t[aA] >> 15) * this.mpl) & this.um) << 15)) & t.DM; 695 z = aA + this.m.t; 696 t[z] += this.m.am(0, aB, t, aA, 0, this.m.t); 697 while (t[z] >= t.DV) { 698 t[z] -= t.DV; 699 t[++z]++ 700 } 701 } 702 t.clamp(); 703 t.drShiftTo(this.m.t, t); 704 if (t.compareTo(this.m) >= 0) { 705 t.subTo(this.m, t) 706 } 707 } 708 function am(t, z) { 709 t.squareTo(z); 710 this.reduce(z) 711 } 712 function y(t, aA, z) { 713 t.multiplyTo(aA, z); 714 this.reduce(z) 715 } 716 f.prototype.convert = aj; 717 f.prototype.revert = at; 718 f.prototype.reduce = P; 719 f.prototype.mulTo = y; 720 f.prototype.sqrTo = am; 721 function i() { 722 return ((this.t > 0) ? (this[0] & 1) : this.s) == 0 723 } 724 function x(aF, aG) { 725 if (aF > 4294967295 || aF < 1) { 726 return ar.ONE 727 } 728 var aE = h(), 729 aA = h(), 730 aD = aG.convert(this), 731 aC = j(aF) - 1; 732 aD.copyTo(aE); 733 while (--aC >= 0) { 734 aG.sqrTo(aE, aA); 735 if ((aF & (1 << aC)) > 0) { 736 aG.mulTo(aA, aD, aE) 737 } else { 738 var aB = aE; 739 aE = aA; 740 aA = aB 741 } 742 } 743 return aG.revert(aE) 744 } 745 function an(aA, t) { 746 var aB; 747 if (aA < 256 || t.isEven()) { 748 aB = new K(t) 749 } else { 750 aB = new f(t) 751 } 752 return this.exp(aA, aB) 753 } 754 ar.prototype.copyTo = Y; 755 ar.prototype.fromInt = n; 756 ar.prototype.fromString = w; 757 ar.prototype.clamp = O; 758 ar.prototype.dlShiftTo = aq; 759 ar.prototype.drShiftTo = X; 760 ar.prototype.lShiftTo = s; 761 ar.prototype.rShiftTo = l; 762 ar.prototype.subTo = ab; 763 ar.prototype.multiplyTo = D; 764 ar.prototype.squareTo = Q; 765 ar.prototype.divRemTo = E; 766 ar.prototype.invDigit = B; 767 ar.prototype.isEven = i; 768 ar.prototype.exp = x; 769 ar.prototype.toString = q; 770 ar.prototype.negate = R; 771 ar.prototype.abs = al; 772 ar.prototype.compareTo = G; 773 ar.prototype.bitLength = u; 774 ar.prototype.mod = N; 775 ar.prototype.modPowInt = an; 776 ar.ZERO = c(0); 777 ar.ONE = c(1); 778 var m; 779 var U; 780 var ac; 781 function d(t) { 782 U[ac++] ^= t & 255; 783 U[ac++] ^= (t >> 8) & 255; 784 U[ac++] ^= (t >> 16) & 255; 785 U[ac++] ^= (t >> 24) & 255; 786 if (ac >= M) { 787 ac -= M 788 } 789 } 790 function T() { 791 d(new Date().getTime()) 792 } 793 if (U == null) { 794 U = new Array(); 795 ac = 0; 796 var I; 797 if (navigator.appName == "Netscape" && navigator.appVersion < "5" && window.crypto && window.crypto.random) { 798 var F = window.crypto.random(32); 799 for (I = 0; I < F.length; ++I) { 800 U[ac++] = F.charCodeAt(I) & 255 801 } 802 } 803 while (ac < M) { 804 I = Math.floor(65536 * Math.random()); 805 U[ac++] = I >>> 8; 806 U[ac++] = I & 255 807 } 808 ac = 0; 809 T() 810 } 811 function C() { 812 if (m == null) { 813 T(); 814 m = ao(); 815 m.init(U); 816 for (ac = 0; ac < U.length; ++ac) { 817 U[ac] = 0 818 } 819 ac = 0 820 } 821 return m.next() 822 } 823 function av(z) { 824 var t; 825 for (t = 0; t < z.length; ++t) { 826 z[t] = C() 827 } 828 } 829 function ad() {} 830 ad.prototype.nextBytes = av; 831 function k() { 832 this.i = 0; 833 this.j = 0; 834 this.S = new Array() 835 } 836 function e(aC) { 837 var aB, z, aA; 838 for (aB = 0; aB < 256; ++aB) { 839 this.S[aB] = aB 840 } 841 z = 0; 842 for (aB = 0; aB < 256; ++aB) { 843 z = (z + this.S[aB] + aC[aB % aC.length]) & 255; 844 aA = this.S[aB]; 845 this.S[aB] = this.S[z]; 846 this.S[z] = aA 847 } 848 this.i = 0; 849 this.j = 0 850 } 851 function a() { 852 var z; 853 this.i = (this.i + 1) & 255; 854 this.j = (this.j + this.S[this.i]) & 255; 855 z = this.S[this.i]; 856 this.S[this.i] = this.S[this.j]; 857 this.S[this.j] = z; 858 return this.S[(z + this.S[this.i]) & 255] 859 } 860 k.prototype.init = e; 861 k.prototype.next = a; 862 function ao() { 863 return new k() 864 } 865 var M = 256; 866 function S(aB, aA, z) { 867 aA = "F20CE00BAE5361F8FA3AE9CEFA495362FF7DA1BA628F64A347F0A8C012BF0B254A30CD92ABFFE7A6EE0DC424CB6166F8819EFA5BCCB20EDFB4AD02E412CCF579B1CA711D55B8B0B3AEB60153D5E0693A2A86F3167D7847A0CB8B00004716A9095D9BADC977CBB804DBDCBA6029A9710869A453F27DFDDF83C016D928B3CBF4C7"; 868 z = "3"; 869 var t = new L(); 870 t.setPublic(aA, z); 871 return t.encrypt(aB) 872 } 873 return { 874 rsa_encrypt: S 875 } 876 } (); 877 878 (function(r) { 879 var s = "", 880 a = 0, 881 g = [], 882 x = [], 883 y = 0, 884 u = 0, 885 m = [], 886 t = [], 887 n = true; 888 function e() { 889 return Math.round(Math.random() * 4294967295) 890 } 891 function i(C, D, z) { 892 if (!z || z > 4) { 893 z = 4 894 } 895 var A = 0; 896 for (var B = D; B < D + z; B++) { 897 A <<= 8; 898 A |= C[B] 899 } 900 return (A & 4294967295) >>> 0 901 } 902 function b(A, B, z) { 903 A[B + 3] = (z >> 0) & 255; 904 A[B + 2] = (z >> 8) & 255; 905 A[B + 1] = (z >> 16) & 255; 906 A[B + 0] = (z >> 24) & 255 907 } 908 function w(C) { 909 if (!C) { 910 return "" 911 } 912 var z = ""; 913 for (var A = 0; A < C.length; A++) { 914 var B = Number(C[A]).toString(16); 915 if (B.length == 1) { 916 B = "0" + B 917 } 918 z += B 919 } 920 return z 921 } 922 function v(A) { 923 var B = ""; 924 for (var z = 0; z < A.length; z += 2) { 925 B += String.fromCharCode(parseInt(A.substr(z, 2), 16)) 926 } 927 return B 928 } 929 function c(C, z) { 930 if (!C) { 931 return "" 932 } 933 if (z) { 934 C = k(C) 935 } 936 var B = []; 937 for (var A = 0; A < C.length; A++) { 938 B[A] = C.charCodeAt(A) 939 } 940 return w(B) 941 } 942 function k(C) { 943 var B, D, A = [], 944 z = C.length; 945 for (B = 0; B < z; B++) { 946 D = C.charCodeAt(B); 947 if (D > 0 && D <= 127) { 948 A.push(C.charAt(B)) 949 } else { 950 if (D >= 128 && D <= 2047) { 951 A.push(String.fromCharCode(192 | ((D >> 6) & 31)), String.fromCharCode(128 | (D & 63))) 952 } else { 953 if (D >= 2048 && D <= 65535) { 954 A.push(String.fromCharCode(224 | ((D >> 12) & 15)), String.fromCharCode(128 | ((D >> 6) & 63)), String.fromCharCode(128 | (D & 63))) 955 } 956 } 957 } 958 } 959 return A.join("") 960 } 961 function h(B) { 962 g = new Array(8); 963 x = new Array(8); 964 y = u = 0; 965 n = true; 966 a = 0; 967 var z = B.length; 968 var C = 0; 969 a = (z + 10) % 8; 970 if (a != 0) { 971 a = 8 - a 972 } 973 m = new Array(z + a + 10); 974 g[0] = ((e() & 248) | a) & 255; 975 for (var A = 1; A <= a; A++) { 976 g[A] = e() & 255 977 } 978 a++; 979 for (var A = 0; A < 8; A++) { 980 x[A] = 0 981 } 982 C = 1; 983 while (C <= 2) { 984 if (a < 8) { 985 g[a++] = e() & 255; 986 C++ 987 } 988 if (a == 8) { 989 p() 990 } 991 } 992 var A = 0; 993 while (z > 0) { 994 if (a < 8) { 995 g[a++] = B[A++]; 996 z-- 997 } 998 if (a == 8) { 999 p() 1000 } 1001 } 1002 C = 1; 1003 while (C <= 7) { 1004 if (a < 8) { 1005 g[a++] = 0; 1006 C++ 1007 } 1008 if (a == 8) { 1009 p() 1010 } 1011 } 1012 return m 1013 } 1014 function q(D) { 1015 var C = 0; 1016 var A = new Array(8); 1017 var z = D.length; 1018 t = D; 1019 if (z % 8 != 0 || z < 16) { 1020 return null 1021 } 1022 x = l(D); 1023 a = x[0] & 7; 1024 C = z - a - 10; 1025 if (C < 0) { 1026 return null 1027 } 1028 for (var B = 0; B < A.length; B++) { 1029 A[B] = 0 1030 } 1031 m = new Array(C); 1032 u = 0; 1033 y = 8; 1034 a++; 1035 var E = 1; 1036 while (E <= 2) { 1037 if (a < 8) { 1038 a++; 1039 E++ 1040 } 1041 if (a == 8) { 1042 A = D; 1043 if (!f()) { 1044 return null 1045 } 1046 } 1047 } 1048 var B = 0; 1049 while (C != 0) { 1050 if (a < 8) { 1051 m[B] = (A[u + a] ^ x[a]) & 255; 1052 B++; 1053 C--; 1054 a++ 1055 } 1056 if (a == 8) { 1057 A = D; 1058 u = y - 8; 1059 if (!f()) { 1060 return null 1061 } 1062 } 1063 } 1064 for (E = 1; E < 8; E++) { 1065 if (a < 8) { 1066 if ((A[u + a] ^ x[a]) != 0) { 1067 return null 1068 } 1069 a++ 1070 } 1071 if (a == 8) { 1072 A = D; 1073 u = y; 1074 if (!f()) { 1075 return null 1076 } 1077 } 1078 } 1079 return m 1080 } 1081 function p() { 1082 for (var z = 0; z < 8; z++) { 1083 if (n) { 1084 g[z] ^= x[z] 1085 } else { 1086 g[z] ^= m[u + z] 1087 } 1088 } 1089 var A = j(g); 1090 for (var z = 0; z < 8; z++) { 1091 m[y + z] = A[z] ^ x[z]; 1092 x[z] = g[z] 1093 } 1094 u = y; 1095 y += 8; 1096 a = 0; 1097 n = false 1098 } 1099 function j(A) { 1100 var B = 16; 1101 var G = i(A, 0, 4); 1102 var F = i(A, 4, 4); 1103 var I = i(s, 0, 4); 1104 var H = i(s, 4, 4); 1105 var E = i(s, 8, 4); 1106 var D = i(s, 12, 4); 1107 var C = 0; 1108 var J = 2654435769 >>> 0; 1109 while (B-->0) { 1110 C += J; 1111 C = (C & 4294967295) >>> 0; 1112 G += ((F << 4) + I) ^ (F + C) ^ ((F >>> 5) + H); 1113 G = (G & 4294967295) >>> 0; 1114 F += ((G << 4) + E) ^ (G + C) ^ ((G >>> 5) + D); 1115 F = (F & 4294967295) >>> 0 1116 } 1117 var K = new Array(8); 1118 b(K, 0, G); 1119 b(K, 4, F); 1120 return K 1121 } 1122 function l(A) { 1123 var B = 16; 1124 var G = i(A, 0, 4); 1125 var F = i(A, 4, 4); 1126 var I = i(s, 0, 4); 1127 var H = i(s, 4, 4); 1128 var E = i(s, 8, 4); 1129 var D = i(s, 12, 4); 1130 var C = 3816266640 >>> 0; 1131 var J = 2654435769 >>> 0; 1132 while (B-->0) { 1133 F -= ((G << 4) + E) ^ (G + C) ^ ((G >>> 5) + D); 1134 F = (F & 4294967295) >>> 0; 1135 G -= ((F << 4) + I) ^ (F + C) ^ ((F >>> 5) + H); 1136 G = (G & 4294967295) >>> 0; 1137 C -= J; 1138 C = (C & 4294967295) >>> 0 1139 } 1140 var K = new Array(8); 1141 b(K, 0, G); 1142 b(K, 4, F); 1143 return K 1144 } 1145 function f() { 1146 var z = t.length; 1147 for (var A = 0; A < 8; A++) { 1148 x[A] ^= t[y + A] 1149 } 1150 x = l(x); 1151 y += 8; 1152 a = 0; 1153 return true 1154 } 1155 function o(D, C) { 1156 var B = []; 1157 if (C) { 1158 for (var A = 0; A < D.length; A++) { 1159 B[A] = D.charCodeAt(A) & 255 1160 } 1161 } else { 1162 var z = 0; 1163 for (var A = 0; A < D.length; A += 2) { 1164 B[z++] = parseInt(D.substr(A, 2), 16) 1165 } 1166 } 1167 return B 1168 } 1169 r.TEA = { 1170 encrypt: function(C, B) { 1171 var A = o(C, B); 1172 var z = h(A); 1173 return w(z) 1174 }, 1175 enAsBase64: function(E, D) { 1176 var C = o(E, D); 1177 var B = h(C); 1178 var z = ""; 1179 for (var A = 0; A < B.length; A++) { 1180 z += String.fromCharCode(B[A]) 1181 } 1182 return btoa(z) 1183 }, 1184 decrypt: function(B) { 1185 var A = o(B, false); 1186 var z = q(A); 1187 return w(z) 1188 }, 1189 initkey: function(z, A) { 1190 s = o(z, A) 1191 }, 1192 bytesToStr: v, 1193 strToBytes: c, 1194 bytesInStr: w, 1195 dataFromStr: o 1196 }; 1197 var d = {}; 1198 d.PADCHAR = "="; 1199 d.ALPHA = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 1200 d.getbyte = function(B, A) { 1201 var z = B.charCodeAt(A); 1202 if (z > 255) { 1203 throw "INVALID_CHARACTER_ERR: DOM Exception 5" 1204 } 1205 return z 1206 }; 1207 d.encode = function(D) { 1208 if (arguments.length != 1) { 1209 throw "SyntaxError: Not enough arguments" 1210 } 1211 var A = d.PADCHAR; 1212 var F = d.ALPHA; 1213 var E = d.getbyte; 1214 var C, G; 1215 var z = []; 1216 D = "" + D; 1217 var B = D.length - D.length % 3; 1218 if (D.length == 0) { 1219 return D 1220 } 1221 for (C = 0; C < B; C += 3) { 1222 G = (E(D, C) << 16) | (E(D, C + 1) << 8) | E(D, C + 2); 1223 z.push(F.charAt(G >> 18)); 1224 z.push(F.charAt((G >> 12) & 63)); 1225 z.push(F.charAt((G >> 6) & 63)); 1226 z.push(F.charAt(G & 63)) 1227 } 1228 switch (D.length - B) { 1229 case 1: 1230 G = E(D, C) << 16; 1231 z.push(F.charAt(G >> 18) + F.charAt((G >> 12) & 63) + A + A); 1232 break; 1233 case 2: 1234 G = (E(D, C) << 16) | (E(D, C + 1) << 8); 1235 z.push(F.charAt(G >> 18) + F.charAt((G >> 12) & 63) + F.charAt((G >> 6) & 63) + A); 1236 break 1237 } 1238 return z.join("") 1239 }; 1240 if (!window.btoa) { 1241 window.btoa = d.encode 1242 } 1243 })(window); 1244 1245 //跟踪JS代码 发现 这地方需要全局声明(浏览器下这些对象默认是在window下de) 1246 TEA=window.TEA; 1247 btoa= window.btoa;
js:loginMd5.js
1 //var window = window || {}; 2 //var navigator = navigator|| {}; 3 // 4 //$ = window.$ || {}; 5 //$pt = window.$pt || {}; 6 7 $.Encryption = $pt.Encryption = function() { 8 var hexcase = 1; 9 var b64pad = ""; 10 var chrsz = 8; 11 var mode = 32; 12 function md5(s) { 13 return hex_md5(s) 14 } 15 function hex_md5(s) { 16 return binl2hex(core_md5(str2binl(s), s.length * chrsz)) 17 } 18 function str_md5(s) { 19 return binl2str(core_md5(str2binl(s), s.length * chrsz)) 20 } 21 function hex_hmac_md5(key, data) { 22 return binl2hex(core_hmac_md5(key, data)) 23 } 24 function b64_hmac_md5(key, data) { 25 return binl2b64(core_hmac_md5(key, data)) 26 } 27 function str_hmac_md5(key, data) { 28 return binl2str(core_hmac_md5(key, data)) 29 } 30 function core_md5(x, len) { 31 x[len >> 5] |= 128 << ((len) % 32); 32 x[(((len + 64) >>> 9) << 4) + 14] = len; 33 var a = 1732584193; 34 var b = -271733879; 35 var c = -1732584194; 36 var d = 271733878; 37 for (var i = 0; i < x.length; i += 16) { 38 var olda = a; 39 var oldb = b; 40 var oldc = c; 41 var oldd = d; 42 a = md5_ff(a, b, c, d, x[i + 0], 7, -680876936); 43 d = md5_ff(d, a, b, c, x[i + 1], 12, -389564586); 44 c = md5_ff(c, d, a, b, x[i + 2], 17, 606105819); 45 b = md5_ff(b, c, d, a, x[i + 3], 22, -1044525330); 46 a = md5_ff(a, b, c, d, x[i + 4], 7, -176418897); 47 d = md5_ff(d, a, b, c, x[i + 5], 12, 1200080426); 48 c = md5_ff(c, d, a, b, x[i + 6], 17, -1473231341); 49 b = md5_ff(b, c, d, a, x[i + 7], 22, -45705983); 50 a = md5_ff(a, b, c, d, x[i + 8], 7, 1770035416); 51 d = md5_ff(d, a, b, c, x[i + 9], 12, -1958414417); 52 c = md5_ff(c, d, a, b, x[i + 10], 17, -42063); 53 b = md5_ff(b, c, d, a, x[i + 11], 22, -1990404162); 54 a = md5_ff(a, b, c, d, x[i + 12], 7, 1804603682); 55 d = md5_ff(d, a, b, c, x[i + 13], 12, -40341101); 56 c = md5_ff(c, d, a, b, x[i + 14], 17, -1502002290); 57 b = md5_ff(b, c, d, a, x[i + 15], 22, 1236535329); 58 a = md5_gg(a, b, c, d, x[i + 1], 5, -165796510); 59 d = md5_gg(d, a, b, c, x[i + 6], 9, -1069501632); 60 c = md5_gg(c, d, a, b, x[i + 11], 14, 643717713); 61 b = md5_gg(b, c, d, a, x[i + 0], 20, -373897302); 62 a = md5_gg(a, b, c, d, x[i + 5], 5, -701558691); 63 d = md5_gg(d, a, b, c, x[i + 10], 9, 38016083); 64 c = md5_gg(c, d, a, b, x[i + 15], 14, -660478335); 65 b = md5_gg(b, c, d, a, x[i + 4], 20, -405537848); 66 a = md5_gg(a, b, c, d, x[i + 9], 5, 568446438); 67 d = md5_gg(d, a, b, c, x[i + 14], 9, -1019803690); 68 c = md5_gg(c, d, a, b, x[i + 3], 14, -187363961); 69 b = md5_gg(b, c, d, a, x[i + 8], 20, 1163531501); 70 a = md5_gg(a, b, c, d, x[i + 13], 5, -1444681467); 71 d = md5_gg(d, a, b, c, x[i + 2], 9, -51403784); 72 c = md5_gg(c, d, a, b, x[i + 7], 14, 1735328473); 73 b = md5_gg(b, c, d, a, x[i + 12], 20, -1926607734); 74 a = md5_hh(a, b, c, d, x[i + 5], 4, -378558); 75 d = md5_hh(d, a, b, c, x[i + 8], 11, -2022574463); 76 c = md5_hh(c, d, a, b, x[i + 11], 16, 1839030562); 77 b = md5_hh(b, c, d, a, x[i + 14], 23, -35309556); 78 a = md5_hh(a, b, c, d, x[i + 1], 4, -1530992060); 79 d = md5_hh(d, a, b, c, x[i + 4], 11, 1272893353); 80 c = md5_hh(c, d, a, b, x[i + 7], 16, -155497632); 81 b = md5_hh(b, c, d, a, x[i + 10], 23, -1094730640); 82 a = md5_hh(a, b, c, d, x[i + 13], 4, 681279174); 83 d = md5_hh(d, a, b, c, x[i + 0], 11, -358537222); 84 c = md5_hh(c, d, a, b, x[i + 3], 16, -722521979); 85 b = md5_hh(b, c, d, a, x[i + 6], 23, 76029189); 86 a = md5_hh(a, b, c, d, x[i + 9], 4, -640364487); 87 d = md5_hh(d, a, b, c, x[i + 12], 11, -421815835); 88 c = md5_hh(c, d, a, b, x[i + 15], 16, 530742520); 89 b = md5_hh(b, c, d, a, x[i + 2], 23, -995338651); 90 a = md5_ii(a, b, c, d, x[i + 0], 6, -198630844); 91 d = md5_ii(d, a, b, c, x[i + 7], 10, 1126891415); 92 c = md5_ii(c, d, a, b, x[i + 14], 15, -1416354905); 93 b = md5_ii(b, c, d, a, x[i + 5], 21, -57434055); 94 a = md5_ii(a, b, c, d, x[i + 12], 6, 1700485571); 95 d = md5_ii(d, a, b, c, x[i + 3], 10, -1894986606); 96 c = md5_ii(c, d, a, b, x[i + 10], 15, -1051523); 97 b = md5_ii(b, c, d, a, x[i + 1], 21, -2054922799); 98 a = md5_ii(a, b, c, d, x[i + 8], 6, 1873313359); 99 d = md5_ii(d, a, b, c, x[i + 15], 10, -30611744); 100 c = md5_ii(c, d, a, b, x[i + 6], 15, -1560198380); 101 b = md5_ii(b, c, d, a, x[i + 13], 21, 1309151649); 102 a = md5_ii(a, b, c, d, x[i + 4], 6, -145523070); 103 d = md5_ii(d, a, b, c, x[i + 11], 10, -1120210379); 104 c = md5_ii(c, d, a, b, x[i + 2], 15, 718787259); 105 b = md5_ii(b, c, d, a, x[i + 9], 21, -343485551); 106 a = safe_add(a, olda); 107 b = safe_add(b, oldb); 108 c = safe_add(c, oldc); 109 d = safe_add(d, oldd) 110 } 111 if (mode == 16) { 112 return Array(b, c) 113 } else { 114 return Array(a, b, c, d) 115 } 116 } 117 function md5_cmn(q, a, b, x, s, t) { 118 return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s), b) 119 } 120 function md5_ff(a, b, c, d, x, s, t) { 121 return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t) 122 } 123 function md5_gg(a, b, c, d, x, s, t) { 124 return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t) 125 } 126 function md5_hh(a, b, c, d, x, s, t) { 127 return md5_cmn(b ^ c ^ d, a, b, x, s, t) 128 } 129 function md5_ii(a, b, c, d, x, s, t) { 130 return md5_cmn(c ^ (b | (~d)), a, b, x, s, t) 131 } 132 function core_hmac_md5(key, data) { 133 var bkey = str2binl(key); 134 if (bkey.length > 16) { 135 bkey = core_md5(bkey, key.length * chrsz) 136 } 137 var ipad = Array(16), 138 opad = Array(16); 139 for (var i = 0; i < 16; i++) { 140 ipad[i] = bkey[i] ^ 909522486; 141 opad[i] = bkey[i] ^ 1549556828 142 } 143 var hash = core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz); 144 return core_md5(opad.concat(hash), 512 + 128) 145 } 146 function safe_add(x, y) { 147 var lsw = (x & 65535) + (y & 65535); 148 var msw = (x >> 16) + (y >> 16) + (lsw >> 16); 149 return (msw << 16) | (lsw & 65535) 150 } 151 function bit_rol(num, cnt) { 152 return (num << cnt) | (num >>> (32 - cnt)) 153 } 154 function str2binl(str) { 155 var bin = Array(); 156 var mask = (1 << chrsz) - 1; 157 for (var i = 0; i < str.length * chrsz; i += chrsz) { 158 bin[i >> 5] |= (str.charCodeAt(i / chrsz) & mask) << (i % 32) 159 } 160 return bin 161 } 162 function binl2str(bin) { 163 var str = ""; 164 var mask = (1 << chrsz) - 1; 165 for (var i = 0; i < bin.length * 32; i += chrsz) { 166 str += String.fromCharCode((bin[i >> 5] >>> (i % 32)) & mask) 167 } 168 return str 169 } 170 function binl2hex(binarray) { 171 var hex_tab = hexcase ? "0123456789ABCDEF": "0123456789abcdef"; 172 var str = ""; 173 for (var i = 0; i < binarray.length * 4; i++) { 174 str += hex_tab.charAt((binarray[i >> 2] >> ((i % 4) * 8 + 4)) & 15) + hex_tab.charAt((binarray[i >> 2] >> ((i % 4) * 8)) & 15) 175 } 176 return str 177 } 178 function binl2b64(binarray) { 179 var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 180 var str = ""; 181 for (var i = 0; i < binarray.length * 4; i += 3) { 182 var triplet = (((binarray[i >> 2] >> 8 * (i % 4)) & 255) << 16) | (((binarray[i + 1 >> 2] >> 8 * ((i + 1) % 4)) & 255) << 8) | ((binarray[i + 2 >> 2] >> 8 * ((i + 2) % 4)) & 255); 183 for (var j = 0; j < 4; j++) { 184 if (i * 8 + j * 6 > binarray.length * 32) { 185 str += b64pad 186 } else { 187 str += tab.charAt((triplet >> 6 * (3 - j)) & 63) 188 } 189 } 190 } 191 return str 192 } 193 function hexchar2bin(str) { 194 var arr = []; 195 for (var i = 0; i < str.length; i = i + 2) { 196 arr.push("\\x" + str.substr(i, 2)) 197 } 198 arr = arr.join(""); 199 eval("var temp = '" + arr + "'"); 200 return temp 201 } 202 function __monitor(mid, probability) { 203 if (Math.random() > (probability || 1)) { 204 return 205 } 206 try { 207 var url = location.protocol + "//ui.ptlogin2.qq.com/cgi-bin/report?id=" + mid; 208 var s = document.createElement("img"); 209 s.src = url 210 } catch(e) {} 211 } 212 function getEncryption(password, salt, vcode, isMd5) { 213 vcode = vcode || ""; 214 password = password || ""; 215 var md5Pwd = isMd5 ? password: md5(password), 216 h1 = hexchar2bin(md5Pwd), 217 s2 = md5(h1 + salt), 218 rsaH1 = $pt.RSA.rsa_encrypt(h1), 219 rsaH1Len = (rsaH1.length / 2).toString(16), 220 hexVcode = TEA.strToBytes(vcode.toUpperCase(), true), 221 vcodeLen = Number(hexVcode.length / 2).toString(16); 222 while (vcodeLen.length < 4) { 223 vcodeLen = "0" + vcodeLen 224 } 225 while (rsaH1Len.length < 4) { 226 rsaH1Len = "0" + rsaH1Len 227 } 228 TEA.initkey(s2); 229 var saltPwd = TEA.enAsBase64(rsaH1Len + rsaH1 + TEA.strToBytes(salt) + vcodeLen + hexVcode); 230 TEA.initkey(""); 231 // setTimeout(function() { 232 // __monitor(488358, 1) 233 // }, 234 // 0); 235 return saltPwd.replace(/[\/\+=]/g, 236 function(a) { 237 return { 238 "/": "-", 239 "+": "*", 240 "=": "_" 241 } [a] 242 }) 243 } 244 function getRSAEncryption(password, vcode, isMd5) { 245 var str1 = isMd5 ? password: md5(password); 246 var str2 = str1 + vcode.toUpperCase(); 247 var str3 = $.RSA.rsa_encrypt(str2); 248 return str3 249 } 250 return { 251 getEncryption: getEncryption, 252 getRSAEncryption: getRSAEncryption, 253 md5: md5 254 } 255 } ();
