From 6ba8bb933f8d2743910c0f81e49b39181f275031 Mon Sep 17 00:00:00 2001 From: Mrs4s <1844812067@qq.com> Date: Mon, 25 Jan 2021 03:49:14 +0800 Subject: [PATCH] fix skey refresh. --- client/builders.go | 20 ++++++++++++-------- client/client.go | 6 +++++- client/decoders.go | 14 ++++++++++++-- client/tlv_decoders.go | 7 +++++++ protocol/tlv/t400.go | 24 ++++++++++++++++++++++++ 5 files changed, 60 insertions(+), 11 deletions(-) create mode 100644 protocol/tlv/t400.go diff --git a/client/builders.go b/client/builders.go index 67440637..ef11bf4c 100644 --- a/client/builders.go +++ b/client/builders.go @@ -1,7 +1,6 @@ package client import ( - "crypto/md5" "encoding/hex" "fmt" "github.com/Mrs4s/MiraiGo/client/pb/profilecard" @@ -97,7 +96,7 @@ func (c *QQClient) buildLoginPacket() (uint16, []byte) { return seq, packet } -func (c *QQClient) buildDeviceLockLoginPacket(t402 []byte) (uint16, []byte) { +func (c *QQClient) buildDeviceLockLoginPacket() (uint16, []byte) { seq := c.nextSeq() req := packets.BuildOicqRequestPacket(c.Uin, 0x0810, crypto.ECDH, c.RandomKey, func(w *binary.Writer) { w.WriteUInt16(20) @@ -106,8 +105,7 @@ func (c *QQClient) buildDeviceLockLoginPacket(t402 []byte) (uint16, []byte) { w.Write(tlv.T8(2052)) w.Write(tlv.T104(c.t104)) w.Write(tlv.T116(c.version.MiscBitmap, c.version.SubSigmap)) - h := md5.Sum(append(append(SystemDeviceInfo.Guid, []byte("stMNokHgxZUGhsYp")...), t402...)) - w.Write(tlv.T401(h[:])) + w.Write(tlv.T401(c.g)) }) sso := packets.BuildSsoPacket(seq, c.version.AppId, "wtlogin.login", SystemDeviceInfo.IMEI, []byte{}, c.OutGoingPacketSessionId, req, c.ksid) packet := packets.BuildLoginPacket(c.Uin, 2, make([]byte, 16), sso, []byte{}) @@ -159,8 +157,7 @@ func (c *QQClient) buildSMSCodeSubmitPacket(code string) (uint16, []byte) { w.Write(tlv.T116(c.version.MiscBitmap, c.version.SubSigmap)) w.Write(tlv.T174(c.t174)) w.Write(tlv.T17C(code)) - h := md5.Sum(append(append(SystemDeviceInfo.Guid, []byte("12 34567890123456")...), c.t402...)) - w.Write(tlv.T401(h[:])) + w.Write(tlv.T401(c.g)) w.Write(tlv.T198()) }) sso := packets.BuildSsoPacket(seq, c.version.AppId, "wtlogin.login", SystemDeviceInfo.IMEI, []byte{}, c.OutGoingPacketSessionId, req, c.ksid) @@ -188,11 +185,14 @@ func (c *QQClient) buildRequestTgtgtNopicsigPacket() (uint16, []byte) { seq := c.nextSeq() req := packets.BuildOicqRequestPacket(c.Uin, 0x0810, crypto.NewEncryptSession(c.sigInfo.t133), c.sigInfo.wtSessionTicketKey, func(w *binary.Writer) { w.WriteUInt16(15) - w.WriteUInt16(21) + w.WriteUInt16(24) w.Write(tlv.T18(16, uint32(c.Uin))) w.Write(tlv.T1(uint32(c.Uin), SystemDeviceInfo.IpAddress)) - w.Write(tlv.T106(uint32(c.Uin), 0, c.version.AppId, c.version.SSOVersion, c.PasswordMd5, true, SystemDeviceInfo.Guid, SystemDeviceInfo.TgtgtKey, 1)) + w.Write(binary.NewWriterF(func(w *binary.Writer) { + w.WriteUInt16(0x106) + w.WriteTlv(c.sigInfo.encryptedA1) + })) w.Write(tlv.T116(c.version.MiscBitmap, c.version.SubSigmap)) w.Write(tlv.T100(c.version.SSOVersion, 2, c.version.MainSigMap)) w.Write(tlv.T107(0)) @@ -222,11 +222,15 @@ func (c *QQClient) buildRequestTgtgtNopicsigPacket() (uint16, []byte) { })) w.Write(tlv.T147(16, []byte(c.version.SortVersionName), c.version.ApkSign)) w.Write(tlv.T177(c.version.BuildTime, c.version.SdkVersion)) + w.Write(tlv.T400(c.g, c.Uin, SystemDeviceInfo.Guid, []byte("stMNokHgxZUGhsYp"), 1, 16, c.t403)) w.Write(tlv.T187(SystemDeviceInfo.MacAddress)) w.Write(tlv.T188(SystemDeviceInfo.AndroidId)) w.Write(tlv.T194(SystemDeviceInfo.IMSIMd5)) w.Write(tlv.T202(SystemDeviceInfo.WifiBSSID, SystemDeviceInfo.WifiSSID)) w.Write(tlv.T516()) + w.Write(tlv.T521()) + w.Write(tlv.T525(tlv.T536([]byte{0x01, 0x00}))) + }) packet := packets.BuildUniPacket(c.Uin, seq, "wtlogin.exchange_emp", 2, c.OutGoingPacketSessionId, []byte{}, make([]byte, 16), req) return seq, packet diff --git a/client/client.go b/client/client.go index 74a16c83..8f9b7811 100644 --- a/client/client.go +++ b/client/client.go @@ -63,7 +63,9 @@ type QQClient struct { ksid []byte t104 []byte t174 []byte - t402 []byte // only for sms + g []byte + t402 []byte + t403 []byte t150 []byte t149 []byte t528 []byte @@ -104,6 +106,8 @@ type loginSigInfo struct { srmToken []byte // study room manager | 0x16a t133 []byte + randSeed []byte + encryptedA1 []byte userStKey []byte userStWebSig []byte sKey []byte diff --git a/client/decoders.go b/client/decoders.go index dbf6acaa..e42ed6cf 100644 --- a/client/decoders.go +++ b/client/decoders.go @@ -1,6 +1,7 @@ package client import ( + "crypto/md5" "encoding/hex" "fmt" "github.com/Mrs4s/MiraiGo/client/pb/cmd0x6ff" @@ -38,6 +39,11 @@ func decodeLoginResponse(c *QQClient, _ uint16, payload []byte) (interface{}, er t := reader.ReadByte() reader.ReadUInt16() m := reader.ReadTlvMap(2) + if m.Exists(0x402) { + c.t402 = m[0x402] + h := md5.Sum(append(append(SystemDeviceInfo.Guid, []byte("stMNokHgxZUGhsYp")...), c.t402...)) + c.g = h[:] + } if t == 0 { // login success if t150, ok := m[0x150]; ok { c.t150 = t150 @@ -45,6 +51,9 @@ func decodeLoginResponse(c *QQClient, _ uint16, payload []byte) (interface{}, er if t161, ok := m[0x161]; ok { c.decodeT161(t161) } + if m.Exists(0x403) { + c.t403 = m[0x403] + } c.decodeT119(m[0x119]) return LoginResponse{ Success: true, @@ -90,7 +99,7 @@ func decodeLoginResponse(c *QQClient, _ uint16, payload []byte) (interface{}, er if t174, ok := m[0x174]; ok { // 短信验证 c.t104 = m[0x104] c.t174 = t174 - c.t402 = m[0x402] + c.t403 = m[0x403] phone := func() string { r := binary.NewReader(m[0x178]) return r.ReadStringLimit(int(r.ReadInt32())) @@ -139,7 +148,8 @@ func decodeLoginResponse(c *QQClient, _ uint16, payload []byte) (interface{}, er if t == 204 { c.t104 = m[0x104] - return c.sendAndWait(c.buildDeviceLockLoginPacket(m[0x402])) + c.t403 = m[0x403] + return c.sendAndWait(c.buildDeviceLockLoginPacket()) } // drive lock if t149, ok := m[0x149]; ok { diff --git a/client/tlv_decoders.go b/client/tlv_decoders.go index 849cb3df..b1e0e296 100644 --- a/client/tlv_decoders.go +++ b/client/tlv_decoders.go @@ -1,6 +1,7 @@ package client import ( + "crypto/md5" "fmt" "time" @@ -86,6 +87,7 @@ func (c *QQClient) decodeT119(data []byte) { loginBitmap: 0, srmToken: m[0x16a], t133: m[0x133], + encryptedA1: m[0x106], tgt: m[0x10a], tgtKey: m[0x10d], userStKey: m[0x10e], @@ -100,6 +102,11 @@ func (c *QQClient) decodeT119(data []byte) { psKeyMap: psKeyMap, pt4TokenMap: pt4TokenMap, } + key := md5.Sum(append(append(c.PasswordMd5[:], []byte{0x00, 0x00, 0x00, 0x00}...), binary.NewWriterF(func(w *binary.Writer) { w.WriteUInt32(uint32(c.Uin)) })...)) + decrypted := binary.NewTeaCipher(key[:]).Decrypt(c.sigInfo.encryptedA1) + dr := binary.NewReader(decrypted) + dr.ReadBytes(51) + SystemDeviceInfo.TgtgtKey = dr.ReadBytes(16) c.Nickname = nick c.Age = age c.Gender = gender diff --git a/protocol/tlv/t400.go b/protocol/tlv/t400.go new file mode 100644 index 00000000..c008e730 --- /dev/null +++ b/protocol/tlv/t400.go @@ -0,0 +1,24 @@ +package tlv + +import ( + "github.com/Mrs4s/MiraiGo/binary" + "time" +) + +func T400(g []byte, uin int64, guid, dpwd []byte, j2, j3 int64, randSeed []byte) []byte { + return binary.NewWriterF(func(w *binary.Writer) { + w.WriteUInt16(0x400) + w.WriteTlv(binary.NewWriterF(func(w *binary.Writer) { + w.EncryptAndWrite(g, binary.NewWriterF(func(w *binary.Writer) { + w.WriteUInt16(1) // version + w.WriteUInt64(uint64(uin)) + w.Write(guid) + w.Write(dpwd) + w.WriteUInt32(uint32(j2)) + w.WriteUInt32(uint32(j3)) + w.WriteUInt32(uint32(time.Now().Unix())) + w.Write(randSeed) + })) + })) + }) +}