穷举法破解QQ坦白说

2018年08月12日 1339点热度 1人点赞 0条评论

[title]功能[/title]

根据QQ坦白说的提示,找出匿名人的真实身份

[title]原理[/title]

使用QQ空间的接口获取所有好友基本信息

php curl

[title]结果[/title]

[title]需要[/title]

QQ空间网页版中你的cookie和g_tk

[title]源码[/title]

<?php
/**
 * Author: kamino
 * CreateTime: 2018/8/11,上午 11:39
 * Description:
 * Version:
 */

error_reporting( 0 );

class fuckTbs {
	public $cookie = "";
	public $gtk = "";
	public $qq = "";
	private $friendList = array();
	private $constellation = [
		'白羊座',
		'金牛座',
		'双子座',
		'巨蟹座',
		'狮子座',
		'处女座',
		'天秤座',
		'天蝎座',
		'射手座',
		'摩羯座',
		'水瓶座',
		'双鱼座'
	];
	private $sex = [ null, '男', '女' ];


	function __construct( $qq, $cookie, $gtk ) {
		$this->qq     = $qq;
		$this->cookie = $cookie;
		$this->gtk    = $gtk;
	}

	function curlRequest( $url, $cookie = "" ) {

		$curl = curl_init();

		curl_setopt_array( $curl, array(
			CURLOPT_URL            => $url,
			CURLOPT_RETURNTRANSFER => true,
			CURLOPT_ENCODING       => "",
			CURLOPT_MAXREDIRS      => 10,
			CURLOPT_TIMEOUT        => 15,
			CURLOPT_HTTP_VERSION   => CURL_HTTP_VERSION_1_1,
			CURLOPT_CUSTOMREQUEST  => "GET",
			CURLOPT_HTTPHEADER     => array(
				"User-Agent: Mozilla/5.0(Macintosh;U;IntelMacOSX10_6_8;en-us)AppleWebKit/534.50(KHTML,likeGecko)Version/5.1Safari/534.50",
				"Cookie: " . $cookie
			),
			CURLOPT_SSL_VERIFYHOST => false,
			CURLOPT_SSL_VERIFYPEER => false
		) );

		$response = curl_exec( $curl );
		$err      = curl_error( $curl );

		curl_close( $curl );

		if ( $err ) {
			echo $err . PHP_EOL;
			//exit( 0 );
		}

		return $response;
	}

	function getFriendList() {
		$url = "https://h5.qzone.qq.com/proxy/domain/r.qzone.qq.com/cgi-bin/tfriend/friend_show_qqfriends.cgi?uin={$this->qq}&g_tk={$this->gtk}";
		$arr = json_decode( str_replace( [
			");",
			"_Callback("
		], "", $this->curlRequest( $url, $this->cookie ) ), true );
		foreach ( $arr["items"] as $item ) {
			$this->friendList[] = array( 'qq' => $item['uin'], 'name' => $item['name'], 'remark' => $item['remark'] );
		}
	}

	function output() {
		echo "<table width=\"100%\" border=\"1\"><tr><th>ID</th><th>QQ</th><th>昵称</th><th>备注</th><th>性别</th><th>星座</th><th>年龄</th><th>好友时间</th><th>现居地</th><th>故乡</th><th>现居地2</th></tr>";
		foreach ( $this->friendList as $id => $friend ) {
			$url = "https://user.qzone.qq.com/proxy/domain/r.qzone.qq.com/cgi-bin/friendship/cgi_friendship?activeuin={$this->qq}&passiveuin={$friend['qq']}&situation=1&isCalendar=1&g_tk={$this->gtk}";
			$arr = json_decode( str_replace( [
				");",
				"_Callback("
			], "", $this->curlRequest( $url, $this->cookie ) ), true );

			$url2 = "https://h5.qzone.qq.com/proxy/domain/base.qzone.qq.com/cgi-bin/user/cgi_userinfo_get_all?uin={$friend['qq']}&vuin={$this->qq}&fupdate=1&g_tk={$this->gtk}";
			$arr2 = json_decode( str_replace( [
				"_Callback(",
				");"
			], "", $this->curlRequest( $url2, $this->cookie ) ), true );

			$_friendList = array(
				'qq'         => $friend['qq'],
				'name'       => $friend['name'],
				'remark'     => $friend['remark'],
				'sex'        => $this->sex[ $arr2["data"]['sex'] ],
				'astro'      => $this->constellation[ $arr2["data"]['constellation'] ],
				'age'        => $arr2['data']['age'],
				'friendtime' => intval( ( time() - $arr["data"]["addFriendTime"] ) / 86400 ),
				'live'       => $arr2['data']['province'] . $arr2['data']['city'],
				'home'       => $arr2['data']['hp'] . $arr2['data']['hc'],
				'location'   => $arr['data']['weather']['city'],
			);
			echo "<tr><td>{$id}</td>";
			foreach ( $_friendList as $item ) {
				echo "<td>{$item}</td>";
			}
			echo "</tr>";
			sleep( 1 );

		}
		echo "</table>";
	}

	function test() {
		ob_start();
		$this->getFriendList();
		$this->output();
		$html = ob_get_contents();
		if ( file_put_contents( "out.html", $html ) ) {
			echo "finish";
		} else {
			echo "fail";
		}
	}


}

$cookie = "";
$gtk    = "";
$qq     = "";

$f = new fuckTbs( $qq, $cookie, $gtk );

$f->test();

 

AIKAMINO

暂无