分类目录归档:未分类

微信小游戏“跳一跳”刷分代码

目前为止有效的代码。

可以看出,可能未来会加服务器端的验证,
根据客户端传来的seed,重新模拟一遍以确定是不是正确数据。
在此之前,这个代码还是可以跑的。

运行在 Python3 + pycryptodome 环境下。需要先抓包确定你的 session_id 然后填进代码里。

import requests, json, base64, random, time
from Crypto.Cipher import AES

session_id = "___your_weixin_session_id_here___"
score = 10000

game_data = dict(seed=int(time.time()*1000), action=[], musicList=[], touchList=[], version=1)
start = 0
for i in range(score+1):
    interval = random.randrange(40, 100)
    press = random.randrange(interval)
    start += interval
    game_data['action'].append([press*0.01, start*0.01, False])
    game_data['musicList'].append(False)
    game_data['touchList'].append((276+random.randrange(50), 298+random.randrange(50)))

action_data = {
    "score": score,
    "times": start+5,
    "game_data": json.dumps(game_data, separators=(',',':'))
}

aes_key = session_id[0:16].encode()
cipher = AES.new(aes_key, AES.MODE_CBC, aes_key)

str_action_data = json.dumps(action_data).encode()
length = 16 - (len(str_action_data) % 16)
str_action_data += bytes([length])*length

cipher_action_data = base64.b64encode(cipher.encrypt(str_action_data)).decode()

post_data = {
    "base_req": {
        "session_id": session_id,
        "fast": 1,
    },
    "action_data": cipher_action_data
}

headers = {
    "charset": "utf-8",
    "Accept-Encoding": "gzip",
    "referer": "https://servicewechat.com/wx7c8d593b2c3a7703/3/page-frame.html",
    "content-type": "application/json",
    "User-Agent": "MicroMessenger/6.6.1.1200(0x26060130) NetType/WIFI Language/zh_CN",
    "Content-Length": "0",
    "Host": "mp.weixin.qq.com",
    "Connection": "Keep-Alive"
}

url = "https://mp.weixin.qq.com/wxagame/wxagame_settlement"

response = requests.post(url, json=post_data, headers=headers)
print(json.loads(response.text))

关于如何抓包的简单流程:(iOS手机)

  • iOS上跑着微信,同时有一台电脑,电脑安装 burpsuite
  • 启动 burpsuite,配置好端口
  • 手机打开浏览器访问电脑 burpsuite页面,下载安装SSL证书
  • 通用->关于本机->证书信任设置->打开PortSwiggerCA (iOS 11以后)
  • 手机配置网络,选择用代理,地址和端口填电脑的
  • 启动微信小程序,这时候可以看到抓到的 HTTPS包,取出里面的 session_id