fix skey refresh.

2025-05-04 11:07:40 +08:00 · 2021-01-25 03:49:14 +08:00 · 2021-01-25 03:49:14 +08:00 · 6ba8bb933f
commit 6ba8bb933f
parent 9549a32d95
5 changed files with 60 additions and 11 deletions
--- a/client/builders.go
+++ b/client/builders.go
@ -1,7 +1,6 @@
 package client
 import (
 	"crypto/md5"
 	"encoding/hex"
 	"fmt"
 	"github.com/Mrs4s/MiraiGo/client/pb/profilecard"
@ -97,7 +96,7 @@ func (c *QQClient) buildLoginPacket() (uint16, []byte) {
 	return seq, packet
 }
-func (c *QQClient) buildDeviceLockLoginPacket(t402 []byte) (uint16, []byte) {
+func (c *QQClient) buildDeviceLockLoginPacket() (uint16, []byte) {
 	seq := c.nextSeq()
 	req := packets.BuildOicqRequestPacket(c.Uin, 0x0810, crypto.ECDH, c.RandomKey, func(w *binary.Writer) {
 		w.WriteUInt16(20)
@ -106,8 +105,7 @@ func (c *QQClient) buildDeviceLockLoginPacket(t402 []byte) (uint16, []byte) {
 		w.Write(tlv.T8(2052))
 		w.Write(tlv.T104(c.t104))
 		w.Write(tlv.T116(c.version.MiscBitmap, c.version.SubSigmap))
-		h := md5.Sum(append(append(SystemDeviceInfo.Guid, []byte("stMNokHgxZUGhsYp")...), t402...))
+		w.Write(tlv.T401(c.g))
 		w.Write(tlv.T401(h[:]))
 	})
 	sso := packets.BuildSsoPacket(seq, c.version.AppId, "wtlogin.login", SystemDeviceInfo.IMEI, []byte{}, c.OutGoingPacketSessionId, req, c.ksid)
 	packet := packets.BuildLoginPacket(c.Uin, 2, make([]byte, 16), sso, []byte{})
@ -159,8 +157,7 @@ func (c *QQClient) buildSMSCodeSubmitPacket(code string) (uint16, []byte) {
 		w.Write(tlv.T116(c.version.MiscBitmap, c.version.SubSigmap))
 		w.Write(tlv.T174(c.t174))
 		w.Write(tlv.T17C(code))
-		h := md5.Sum(append(append(SystemDeviceInfo.Guid, []byte("12 34567890123456")...), c.t402...))
+		w.Write(tlv.T401(c.g))
 		w.Write(tlv.T401(h[:]))
 		w.Write(tlv.T198())
 	})
 	sso := packets.BuildSsoPacket(seq, c.version.AppId, "wtlogin.login", SystemDeviceInfo.IMEI, []byte{}, c.OutGoingPacketSessionId, req, c.ksid)
@ -188,11 +185,14 @@ func (c *QQClient) buildRequestTgtgtNopicsigPacket() (uint16, []byte) {
 	seq := c.nextSeq()
 	req := packets.BuildOicqRequestPacket(c.Uin, 0x0810, crypto.NewEncryptSession(c.sigInfo.t133), c.sigInfo.wtSessionTicketKey, func(w *binary.Writer) {
 		w.WriteUInt16(15)
-		w.WriteUInt16(21)
+		w.WriteUInt16(24)
 		w.Write(tlv.T18(16, uint32(c.Uin)))
 		w.Write(tlv.T1(uint32(c.Uin), SystemDeviceInfo.IpAddress))
-		w.Write(tlv.T106(uint32(c.Uin), 0, c.version.AppId, c.version.SSOVersion, c.PasswordMd5, true, SystemDeviceInfo.Guid, SystemDeviceInfo.TgtgtKey, 1))
+		w.Write(binary.NewWriterF(func(w *binary.Writer) {
 			w.WriteUInt16(0x106)
 			w.WriteTlv(c.sigInfo.encryptedA1)
 		}))
 		w.Write(tlv.T116(c.version.MiscBitmap, c.version.SubSigmap))
 		w.Write(tlv.T100(c.version.SSOVersion, 2, c.version.MainSigMap))
 		w.Write(tlv.T107(0))
@ -222,11 +222,15 @@ func (c *QQClient) buildRequestTgtgtNopicsigPacket() (uint16, []byte) {
 		}))
 		w.Write(tlv.T147(16, []byte(c.version.SortVersionName), c.version.ApkSign))
 		w.Write(tlv.T177(c.version.BuildTime, c.version.SdkVersion))
 		w.Write(tlv.T400(c.g, c.Uin, SystemDeviceInfo.Guid, []byte("stMNokHgxZUGhsYp"), 1, 16, c.t403))
 		w.Write(tlv.T187(SystemDeviceInfo.MacAddress))
 		w.Write(tlv.T188(SystemDeviceInfo.AndroidId))
 		w.Write(tlv.T194(SystemDeviceInfo.IMSIMd5))
 		w.Write(tlv.T202(SystemDeviceInfo.WifiBSSID, SystemDeviceInfo.WifiSSID))
 		w.Write(tlv.T516())
 		w.Write(tlv.T521())
 		w.Write(tlv.T525(tlv.T536([]byte{0x01, 0x00})))
 	})
 	packet := packets.BuildUniPacket(c.Uin, seq, "wtlogin.exchange_emp", 2, c.OutGoingPacketSessionId, []byte{}, make([]byte, 16), req)
 	return seq, packet
--- a/client/client.go
+++ b/client/client.go
@ -63,7 +63,9 @@ type QQClient struct {
 	ksid             []byte
 	t104             []byte
 	t174             []byte
-	t402             []byte // only for sms
+	g                []byte
 	t402             []byte
 	t403             []byte
 	t150             []byte
 	t149             []byte
 	t528             []byte
@ -104,6 +106,8 @@ type loginSigInfo struct {
 	srmToken           []byte // study room manager | 0x16a
 	t133               []byte
 	randSeed           []byte
 	encryptedA1        []byte
 	userStKey          []byte
 	userStWebSig       []byte
 	sKey               []byte
--- a/client/decoders.go
+++ b/client/decoders.go
@ -1,6 +1,7 @@
 package client
 import (
 	"crypto/md5"
 	"encoding/hex"
 	"fmt"
 	"github.com/Mrs4s/MiraiGo/client/pb/cmd0x6ff"
@ -38,6 +39,11 @@ func decodeLoginResponse(c *QQClient, _ uint16, payload []byte) (interface{}, er
 	t := reader.ReadByte()
 	reader.ReadUInt16()
 	m := reader.ReadTlvMap(2)
 	if m.Exists(0x402) {
 		c.t402 = m[0x402]
 		h := md5.Sum(append(append(SystemDeviceInfo.Guid, []byte("stMNokHgxZUGhsYp")...), c.t402...))
 		c.g = h[:]
 	}
 	if t == 0 { // login success
 		if t150, ok := m[0x150]; ok {
 			c.t150 = t150
@ -45,6 +51,9 @@ func decodeLoginResponse(c *QQClient, _ uint16, payload []byte) (interface{}, er
 		if t161, ok := m[0x161]; ok {
 			c.decodeT161(t161)
 		}
 		if m.Exists(0x403) {
 			c.t403 = m[0x403]
 		}
 		c.decodeT119(m[0x119])
 		return LoginResponse{
 			Success: true,
@ -90,7 +99,7 @@ func decodeLoginResponse(c *QQClient, _ uint16, payload []byte) (interface{}, er
 		if t174, ok := m[0x174]; ok { // 短信验证
 			c.t104 = m[0x104]
 			c.t174 = t174
-			c.t402 = m[0x402]
+			c.t403 = m[0x403]
 			phone := func() string {
 				r := binary.NewReader(m[0x178])
 				return r.ReadStringLimit(int(r.ReadInt32()))
@ -139,7 +148,8 @@ func decodeLoginResponse(c *QQClient, _ uint16, payload []byte) (interface{}, er
 	if t == 204 {
 		c.t104 = m[0x104]
-		return c.sendAndWait(c.buildDeviceLockLoginPacket(m[0x402]))
+		c.t403 = m[0x403]
 		return c.sendAndWait(c.buildDeviceLockLoginPacket())
 	} // drive lock
 	if t149, ok := m[0x149]; ok {
--- a/client/tlv_decoders.go
+++ b/client/tlv_decoders.go
@ -1,6 +1,7 @@
 package client
 import (
 	"crypto/md5"
 	"fmt"
 	"time"
@ -86,6 +87,7 @@ func (c *QQClient) decodeT119(data []byte) {
 		loginBitmap:        0,
 		srmToken:           m[0x16a],
 		t133:               m[0x133],
 		encryptedA1:        m[0x106],
 		tgt:                m[0x10a],
 		tgtKey:             m[0x10d],
 		userStKey:          m[0x10e],
@ -100,6 +102,11 @@ func (c *QQClient) decodeT119(data []byte) {
 		psKeyMap:    psKeyMap,
 		pt4TokenMap: pt4TokenMap,
 	}
 	key := md5.Sum(append(append(c.PasswordMd5[:], []byte{0x00, 0x00, 0x00, 0x00}...), binary.NewWriterF(func(w *binary.Writer) { w.WriteUInt32(uint32(c.Uin)) })...))
 	decrypted := binary.NewTeaCipher(key[:]).Decrypt(c.sigInfo.encryptedA1)
 	dr := binary.NewReader(decrypted)
 	dr.ReadBytes(51)
 	SystemDeviceInfo.TgtgtKey = dr.ReadBytes(16)
 	c.Nickname = nick
 	c.Age = age
 	c.Gender = gender
--- a/protocol/tlv/t400.go
+++ b/protocol/tlv/t400.go
@ -0,0 +1,24 @@
 package tlv
 import (
 	"github.com/Mrs4s/MiraiGo/binary"
 	"time"
 )
 func T400(g []byte, uin int64, guid, dpwd []byte, j2, j3 int64, randSeed []byte) []byte {
 	return binary.NewWriterF(func(w *binary.Writer) {
 		w.WriteUInt16(0x400)
 		w.WriteTlv(binary.NewWriterF(func(w *binary.Writer) {
 			w.EncryptAndWrite(g, binary.NewWriterF(func(w *binary.Writer) {
 				w.WriteUInt16(1) // version
 				w.WriteUInt64(uint64(uin))
 				w.Write(guid)
 				w.Write(dpwd)
 				w.WriteUInt32(uint32(j2))
 				w.WriteUInt32(uint32(j3))
 				w.WriteUInt32(uint32(time.Now().Unix()))
 				w.Write(randSeed)
 			}))
 		}))
 	})
 }