|
|
WEB QQ的登录步骤与协议,需要的度娘下,很多。
转载说明来源:http://www.cnblogs.com/ryhan/p/4602762.html
我这实现是参考了度娘搜的 和自己抓包分析的。
目前实现了登录后的定向发消息功能。中间遇到很多坑,前前后后用了我两周时间,今天终于能发消息了,经过实际测试,能发中文、英文消息给指定好友、指定群组。
PS:
1.暂时对需要验证码图片下载与识别没做。
2.主要的难点在协议分析,及各种加密算法。我走的捷径,用控件执行JS脚本。
下面是脚本的执行日志截图:
我直接贴代码了。如果有疑问,或者需要交流的,回帖联系我吧。
一、主要代码(Py):
py:pyQQ.py
1 #!/usr/bin/env python
2 # -*- coding: utf-8 -*-
3
4 import requests
5 import json
6 import random
7 import re
8 from encryption import QJsMd5Rsa
9 from reqhash import QJsHash
10 import urllib
11
12
13 class WebQQ():
14
15 def __init__(self, user, pwd):
16 self.user = user
17 self.pwd = pwd
18 self.htp = requests.Session()
19
20 def __printlog(self, title, url, text, newcookies, allcookies, data=''):
21
22 print '步骤:', title
23 print '地址:', url
24 print '发送:', data
25 print '返回:', text
26
27 print '-' * 20, 'cookies', '-' * 20
28 print '新增:', newcookies
29 print '所有:', allcookies
30
31 print '*' * 49
32
33 def __checkVerify(self):
34
35 url = ('https://ssl.ptlogin2.qq.com/check?pt_tea=1&uin=%s&appid=501004106' % self.user
36 + '&r=%s' % str(random.random()))
37 r = self.htp.get(url)
38 self.__printlog('检查验证码', url, r.text, r.cookies, self.htp.cookies)
39
40 '''
41 r.text:
42
43 ptui_checkVC('0','!UCA','\x00\x00\x00\x00\x3a\x02\x14\xcc','8e3d94255c24398ca0efd3b19aebb1386d0ac31b8ca2266267e7f4436d94c6edfb2e8ec953bfb70d731c0efdca63dc030e8d1a120fa2a0b8','0');
44
45 参数 1:“0” 表示不需要验证码,但需要使用随后的缺省验证码来登录。“1” 表示需要验证码。
46 参数 2:如果以 “!” 开头则是传递给服务器的缺省验证码。
47 参数 3:QQ号码的十六进制格式。(登录加密时会用到)
48 参数4:登录参数的 pt_verifysession_v1
49 参数6:是否使用随机盐(pt.isRandSalt = c)
50
51 '''
52
53 pattern = re.compile("ptui_checkVC\('(.*)','(.*)','(.*)','(.*)','(.*)'\);")
54 checkdatas = pattern.search(r.text).groups()
55
56 self.needpic = checkdatas[0]
57 self.verifycode = checkdatas[1]
58 self.pt_verifysession_v1 = checkdatas[3]
59
60
61
62 # if self.checkdatas[0] == '1':
63 # print '需要处理密码问题'
64 # pass
65
66 def userLogin(self):
67
68 # 先搞验证码的问题
69 self.__checkVerify()
70
71 # 下面开始做密码加密运算,为登录做准备
72 rsapwd = QJsMd5Rsa.GetQQMd5Rsa(self.pwd, self.user, self.verifycode)
73 # print rsapwd
74
75 # 密码登录 需要替换4个参数 分别是u=%s&p=%s&verifycode=%s*****pt_verifysession_v1=%s
76 url = ('https://ssl.ptlogin2.qq.com/login?u=%s&p=%s&verifycode=%s&webqq_type=10&remember_uin=1&login2qq=1&aid=501004106' % (self.user, rsapwd, self.verifycode)
77 + '&u1=http%3A%2F%2Fw.qq.com%2Fproxy.html%3Flogin2qq%3D1%26webqq_type%3D10&h=1&ptredirect=0&ptlang=2052&daid=164'
78 + '&from_ui=1&pttype=1&dumy=&fp=loginerroralert&action=0-76-43894&mibao_css=m_webqq&t=3&g=1&js_type=0&js_ver=10126'
79 + '&login_sig=&pt_randsalt=0&pt_vcode_v1=0&pt_verifysession_v1=%s' % self.pt_verifysession_v1)
80 ref = ('https://ui.ptlogin2.qq.com/cgi-bin/login?daid=164&target=self&style=16&mibao_css=m_webqq&appid=501004106&enable_qlogin=0'
81 + '&no_verifyimg=1&s_url=http://w.qq.com/proxy.html&f_url=loginerroralert&strong_login=1&login_state=10&t=20131024001')
82 headers = {'Accept': 'application/javascript, */*;q=0.8', 'Referer':ref}
83
84 # 这个地方是GET登录
85 r = self.htp.get(url, headers=headers)
86 self.__printlog('GET登录', url, r.text, r.cookies, self.htp.cookies)
87
88 # 这个值后面需要用到(POST登录的时候)
89 self.ptwebqq = r.cookies['ptwebqq']
90 # print ptwebqq
91
92 # 获取密码登录后的回调地址
93 # text = '''ptuiCB('0','0','http://ptlogin4.web2.qq.com/check_sig?pttype=1&uin=973214924&service=login&nodirect=0&ptsigx=8be9168e06bf82a19e05108cdce9a5d351aea559057553e6482b68414b364ddc556d468bffedfc35df1f87bb6faca53161e109b1790ad236a36426f8b3d2b232&s_url=http%3A%2F%2Fw.qq.com%2Fproxy.html%3Flogin2qq%3D1%26webqq_type%3D10&f_url=&ptlang=2052&ptredirect=100&aid=501004106&daid=164&j_later=0&low_login_hour=0®master=0&pt_login_type=1&pt_aid=0&pt_aaid=0&pt_light=0&pt_3rd_aid=0','0','登录成功!', '旺旺雪饼');'''
94 pattern = re.compile("ptuiCB\('(.*)','(.*)','(.*)','(.*)','(.*)',\s+'(.*)'\);")
95 logindatas = pattern.search(r.text).groups()
96 # print logindatas
97
98
99 # 回调成功登录地址(拿到对应的cookies,POST登录的时候要)
100 url = logindatas[2]
101 r = self.htp.get(url, allow_redirects=False)
102 self.__printlog('回调登录返回的地址 拿Cookies', url, r.text, r.cookies, self.htp.cookies)
103
104
105 # Post Login登录
106 url = 'http://d.web2.qq.com/channel/login2'
107 datas = 'r={"ptwebqq":"%s","clientid":53999199,"psessionid":"","status":"online"}' % self.ptwebqq
108 ref = ('http://d.web2.qq.com/proxy.html?v=20130916001&callback=1&id=2')
109 # 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 1.1.4322; InfoPath.3)'\
110 # 这地方一直报错 500 ,尼玛!通过各种抓包对比发现是少了请求头 Content-Type: application/x-www-form-urlencoded
111 headers = {'Referer':ref, 'Content-Type': 'application/x-www-form-urlencoded'}
112
113 # POST登录 到这个地方为止 已经成功登录 ,下一步就是去拿好友列表了
114 r = self.htp.post(url, data=datas, headers=headers)
115 self.__printlog('POST登录', url, r.text, r.cookies, self.htp.cookies, datas)
116 # r.text
117 '''
118 {
119 "retcode":0,
120 "result":{
121 "uin":973214924,
122 "cip":1017527010,
123 "index":1075,
124 "port":58759,
125 "status":"online",
126 "vfwebqq":"500df48dc767afb6e82d850e795340b16a6e42542bc63890f80fb172c2f7c37b3ec41ad817ad4771",
127 "psessionid":"8368046764001d636f6e6e7365727665725f77656271714031302e3133392e372e31363400000b190000106e036e0400cc14023a6d0000000a4077494e50395a55474c6d00000028500df48dc767afb6e82d850e795340b16a6e42542bc63890f80fb172c2f7c37b3ec41ad817ad4771",
128 "user_state":0,
129 "f":0
130 }
131 }
132 '''
133 self.result = json.loads(r.text)
134 self.vfwebqq = self.result['result']['vfwebqq']
135 self.psessionid = self.result['result']['psessionid']
136
137 def getGroups(self):
138
139 # 获取群组列表
140 hashkey = QJsHash.GetQQHash(self.user, self.ptwebqq)
141 url = 'http://s.web2.qq.com/api/get_group_name_list_mask2'
142
143 datas = 'r={"vfwebqq":"%s","hash":"%s"}' % (self.vfwebqq, hashkey)
144 ref = 'http://s.web2.qq.com/proxy.html?v=20130916001&callback=1&id=1'
145 headers = {'Referer':ref, 'Content-Type': 'application/x-www-form-urlencoded'
146 , 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 1.1.4322; InfoPath.3)'
147 , 'Accept-Language': 'zh-CN,zh;q=0.8'
148 , 'Origin': 'http://s.web2.qq.com'}
149
150 # 去拿群组列表
151 r = self.htp.post(url, data=datas, headers=headers)
152 self.__printlog('获取群组列表', url, r.text, r.cookies, self.htp.cookies, datas)
153
154 self.groups = json.loads(r.text)
155
156 '''
157 {
158 "retcode":0,
159 "result":{
160 "gmasklist":[
161 ],
162 "gnamelist":[
163 {
164 "flag":17826817,
165 "name":"20班",
166 "gid":2019657155,
167 "code":707730478
168 },
169 {
170 "flag":1090520065,
171 "name":"低调点",
172 "gid":4242729568,
173 "code":3367636394
174 }
175 ],
176 "gmarklist":[
177 ]
178 }
179 }
180 '''
181 def getFriends(self):
182
183 # 获取好友列表
184 # hash算法 不对,一次哈希还不行。得到的值不对,拿不到好友列表
185 # 搞错对象,Hash用的是ptwebqq值
186 hashkey = QJsHash.GetQQHash(self.user, self.ptwebqq)
187 url = 'http://s.web2.qq.com/api/get_user_friends2'
188
189 # 获取自己的详细信息
190 datas = 'r={"vfwebqq":"%s","hash":"%s"}' % (self.vfwebqq, hashkey)
191 ref = 'http://s.web2.qq.com/proxy.html?v=20130916001&callback=1&id=1'
192 # 这地方一直报错 500 ,尼玛!通过各种抓包对比发现是少了请求头 Content-Type: application/x-www-form-urlencoded
193 headers = {'Referer':ref, 'Content-Type': 'application/x-www-form-urlencoded'
194 , 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 1.1.4322; InfoPath.3)'
195 , 'Accept-Language': 'zh-CN,zh;q=0.8'
196 , 'Origin': 'http://s.web2.qq.com'}
197
198 # 去拿好友列表了
199 r = self.htp.post(url, data=datas, headers=headers)
200 self.__printlog('获取好友列表', url, r.text, r.cookies, self.htp.cookies, datas)
201
202 self.friends = json.loads(r.text)
203
204 def sendGroupMsg(self, uin, msg, face=None):
205 '''
206 r=
207 {
208 "group_uin":4242729568,
209 "content":"["饿了",["font",{"name":"宋体","size":10,"style":[0,0,0],"color":"000000"}]]",
210 "face":774,
211 "clientid":53999199,
212 "msg_id":44050002,
213 "psessionid":"8368046764001d636f6e6e7365727665725f77656271714031302e3133392e372e31363400004881000010a5036e0400cc14023a6d0000000a40644f787a776b7454646d00000028b33a3a944975b00083704a7669f6f720d797f6eb2c8fd7df5ed4d17c98375e7b009e8b8d93bbe2fb"
214 }
215
216 '''
217 msg = urllib.quote(msg,":?=/")
218 datas = ('r={"group_uin":%s,' % uin +
219 u'"content":"[\\\"%s\\\",[\\\"font\\\",{\\\"name\\\":\\\"\\u5B8B\\u4F53\\\",\\\"size\\\":10,\\\"style\\\":[0,0,0],\\\"color\\\":\\\"000000\\\"}]]",' % msg +
220 '"face":774,' +
221 '"clientid":53999199,' +
222 '"msg_id":44050002,' +
223 '"psessionid":"%s"' % self.psessionid +
224 '}')
225
226 # 发送群组消息
227 url = 'http://d.web2.qq.com/channel/send_qun_msg2'
228
229 ref = 'http://d.web2.qq.com/proxy.html?v=20130916001&callback=1&id=2'
230 headers = {'Referer':ref
231 , 'Content-Type': 'application/x-www-form-urlencoded'
232 , 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 1.1.4322; InfoPath.3)'
233 # , 'Accept-Language': 'zh-CN,zh;q=0.8'
234 }
235
236 # 去拿群组列表
237 r = self.htp.post(url, data=datas, headers=headers)
238 self.__printlog('发送群组消息', url, r.text, r.cookies, self.htp.cookies, datas)
239
240
241 pass
242
243 def sendFriendMsg(self, uin, msg):
244 '''
245 r={
246 "to":3709697278
247 ,"content":"[\"给我自己发\",[\"font\",{\"name\":\"宋体\",\"size\":10,\"style\":[0,0,0],\"color\":\"000000\"}]]"
248 ,"face":774
249 ,"clientid":53999199
250 ,"msg_id":35090001
251 ,"psessionid":"8368046764001d636f6e6e7365727665725f77656271714031302e3133392e372e31363400004881000010a5036e0400cc14023a6d0000000a40644f787a776b7454646d00000028e8f2fd0393d150b2404a4d198f196be7132786a4e3fc28c6b4014b78bcd1eda6bad51ef92d5e0862"
252 }
253
254 '''
255 msg = urllib.quote(msg,":?=/")
256 datas = ('r={' +
257 '"to":%s' % uin +
258 ',"content":"[\\\"%s\\\",[\\\"font\\\",{\\\"name\\\":\\\"\u5B8B\u4F53\\\",\\\"size\\\":10,\\\"style\\\":[0,0,0],\\\"color\\\":\\\"000000\\\"}]]"' % msg +
259 ',"face":774' +
260 ',"clientid":53999199' +
261 ',"msg_id":35090001' +
262 ',"psessionid":"%s"' % self.psessionid +
263 '}')
264
265 url = 'http://d.web2.qq.com/channel/send_buddy_msg2'
266 ref = 'http://d.web2.qq.com/proxy.html?v=20130916001&callback=1&id=2'
267 headers = {'Referer':ref
268 , 'Content-Type': 'application/x-www-form-urlencoded'
269 , 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 1.1.4322; InfoPath.3)'
270 }
271
272 # 发消息给好友
273 r = self.htp.post(url, data=datas, headers=headers)
274 self.__printlog('发送好友消息', url, r.text, r.cookies, self.htp.cookies, datas)
275 pass
276
277 if __name__ == '__main__':
278
279 qq = WebQQ('这是帐号', '这是密码')
280 qq.userLogin()
281
282 qq.getGroups()
283 quin=qq.groups['result']['gnamelist'][1]['gid']
284 qq.sendGroupMsg(str(quin), '其实我是想写个聊天机器人的,不过有点高深,另外,登录验证码的破解逻辑,还没写')
285
286 qq.getFriends()
287 fuin = qq.friends['result']['info'][6]['uin']
288 print fuin
289 qq.sendFriendMsg(str(fuin), 'shen me qing kuang ')
View Code
二、哈希算法(Py与JS):
py:reqhash.py
1 #! /usr/bin/env python
2 # coding=utf-8
3
4
5 import win32com.server.util, win32com.client
6
7 # 以下代码解决输出乱码问题
8 import sys
9 # print sys.getdefaultencoding()
10 reload(sys)
11 sys.setdefaultencoding('utf8')
12 # print sys.getdefaultencoding()
13
14 class __PyWinQQJsHash:
15
16 def __init__(self):
17
18 js = win32com.client.Dispatch('MSScriptControl.ScriptControl')
19 js.Language = 'JavaScript'
20 js.AllowUI = True
21 js.AddCode(self.__readJsFile("jsfiles/reqHash.js"))
22 self.jsengine = js
23
24 def __readJsFile(self, filename):
25
26 fp = file(filename, 'r')
27 lines = ''
28 for line in fp:
29 lines += line
30 return lines
31
32 def __driveJsCode(self, func, paras):
33
34 if paras:
35 return self.jsengine.Run(func, paras[0], paras[1])
36 else:
37 return self.jsengine.Run(func)
38
39 def GetQQHash(self, qqnum, ptwebqq):
40 return self.__driveJsCode("GetQQHash", [qqnum, ptwebqq])
41
42
43 QJsHash = __PyWinQQJsHash()
View Code js:reqHash.js
1 function GetQQHash(x, K) {
2 x += "";
3 for (var N = [], T = 0; T < K.length; T++)
4 N[T % 4] ^= K.charCodeAt(T);
5 var U = ["EC", "OK"], V = [];
6 V[0] = x >> 24 & 255 ^ U[0].charCodeAt(0);
7 V[1] = x >> 16 & 255 ^ U[0].charCodeAt(1);
8 V[2] = x >> 8 & 255 ^ U[1].charCodeAt(0);
9 V[3] = x & 255 ^ U[1].charCodeAt(1);
10 U = [];
11 for (T = 0; T < 8; T++)
12 U[T] = T % 2 == 0 ? N[T >> 1] : V[T >> 1];
13 N = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F"];
14 V = "";
15 for (T = 0; T < U.length; T++) {
16 V += N[U[T] >> 4 & 15];
17 V += N[U[T] & 15]
18 }
19 return V
20 };
View Code
三、密码加密(Py与JS):
py:encryption.py
1 #! /usr/bin/env python
2 # coding=utf-8
3
4
5 import win32com.server.util, win32com.client
6 import json
7
8 # 以下代码解决输出乱码问题
9 import sys
10 from test.test_audioop import datas
11 # print sys.getdefaultencoding()
12 reload(sys)
13 sys.setdefaultencoding('utf8')
14 # print sys.getdefaultencoding()
15
16 class __PyWinQQJsMd5Rsa:
17
18 def __init__(self):
19
20 js = win32com.client.Dispatch('MSScriptControl.ScriptControl')
21 js.Language = 'JavaScript'
22 js.AllowUI = True
23 js.AddCode(self.__readJsFile("jsfiles/loginRsa.js"))
24 js.AddCode(self.__readJsFile("jsfiles/loginMd5.js"))
25 js.AddCode(self.__readJsFile("jsfiles/loginUtil.js"))
26 self.jsengine = js
27
28 def __readJsFile(self, filename):
29
30 fp = file(filename, 'r')
31 lines = ''
32 for line in fp:
33 lines += line
34 return lines
35
36 def __driveJsCode(self, func, paras):
37
38 if paras:
39 return self.jsengine.Run(func, paras[0], paras[1], paras[2])
40 else:
41 return self.jsengine.Run(func)
42
43 def GetQQMd5Rsa(self, password, salt, verifycode):
44 return self.__driveJsCode("GetQQMd5Rsa", [password, salt, verifycode])
45
46
47 QJsMd5Rsa = __PyWinQQJsMd5Rsa()
View Code js:loginUtil.js
1 function GetQQMd5Rsa(password, salt, verifycode) {
2
3 //return salt;
4 //return $.Encryption.getRSAEncryption(password, verifycode);
5 return $.Encryption.getEncryption(password,uin2hex(salt), verifycode);
6 // return typeof($.Encryption.getEncryption);
7 };
8
9 function uin2hex(str) {
10 var maxLength = 16;
11 var hex = parseInt(str).toString(16);
12 var len = hex.length;
13 for (var i = len; i < maxLength; i++) {
14 hex = '0' + hex
15 }
16 var arr = [];
17 for (var j = 0; j < maxLength; j += 2) {
18 arr.push('\\x' + hex.substr(j, 2))
19 }
20 var result = arr.join('');
21 eval('result="' + result + '"');
22 return result
23 }
View Code js:loginRsa.js
1 var window = {};
2 var navigator = {};
3 $ = {};
4 $pt = {}
5 window.$ = $;
6 window.$pt = $pt;
7
8
9 // var window = window || {};
10 // var navigator = navigator || {};
11 //
12 // $ = window.$ || {};
13 // $pt = window.$pt || {};
14
15
16 $.RSA = $pt.RSA = function() {
17 function g(z, t) {
18 return new ar(z, t)
19 }
20 function ah(aA, aB) {
21 var t = "";
22 var z = 0;
23 while (z + aB < aA.length) {
24 t += aA.substring(z, z + aB) + "\n";
25 z += aB
26 }
27 return t + aA.substring(z, aA.length)
28 }
29 function r(t) {
30 if (t < 16) {
31 return "0" + t.toString(16)
32 } else {
33 return t.toString(16)
34 }
35 }
36 function af(aB, aE) {
37 if (aE < aB.length + 11) {
38 uv_alert("Message too long for RSA");
39 return null
40 }
41 var aD = new Array();
42 var aA = aB.length - 1;
43 while (aA >= 0 && aE > 0) {
44 var aC = aB.charCodeAt(aA--);
45 aD[--aE] = aC
46 }
47 aD[--aE] = 0;
48 var z = new ad();
49 var t = new Array();
50 while (aE > 2) {
51 t[0] = 0;
52 while (t[0] == 0) {
53 z.nextBytes(t)
54 }
55 aD[--aE] = t[0]
56 }
57 aD[--aE] = 2;
58 aD[--aE] = 0;
59 return new ar(aD)
60 }
61 function L() {
62 this.n = null;
63 this.e = 0;
64 this.d = null;
65 this.p = null;
66 this.q = null;
67 this.dmp1 = null;
68 this.dmq1 = null;
69 this.coeff = null
70 }
71 function o(z, t) {
72 if (z != null && t != null && z.length > 0 && t.length > 0) {
73 this.n = g(z, 16);
74 this.e = parseInt(t, 16)
75 } else {
76 uv_alert("Invalid RSA public key")
77 }
78 }
79 function W(t) {
80 return t.modPowInt(this.e, this.n)
81 }
82 function p(aA) {
83 var t = af(aA, (this.n.bitLength() + 7) >> 3);
84 if (t == null) {
85 return null
86 }
87 var aB = this.doPublic(t);
88 if (aB == null) {
89 return null
90 }
91 var z = aB.toString(16);
92 if ((z.length & 1) == 0) {
93 return z
94 } else {
95 return "0" + z
96 }
97 }
98 L.prototype.doPublic = W;
99 L.prototype.setPublic = o;
100 L.prototype.encrypt = p;
101 var aw;
102 var ai = 244837814094590;
103 var Z = ((ai & 16777215) == 15715070);
104 function ar(z, t, aA) {
105 if (z != null) {
106 if ("number" == typeof z) {
107 this.fromNumber(z, t, aA)
108 } else {
109 if (t == null && "string" != typeof z) {
110 this.fromString(z, 256)
111 } else {
112 this.fromString(z, t)
113 }
114 }
115 }
116 }
117 function h() {
118 return new ar(null)
119 }
120 function b(aC, t, z, aB, aE, aD) {
121 while (--aD >= 0) {
122 var aA = t * this[aC++] + z[aB] + aE;
123 aE = Math.floor(aA / 67108864);
124 z[aB++] = aA & 67108863
125 }
126 return aE
127 }
128 function ay(aC, aH, aI, aB, aF, t) {
129 var aE = aH & 32767,
130 aG = aH >> 15;
131 while (--t >= 0) {
132 var aA = this[aC] & 32767;
133 var aD = this[aC++] >> 15;
134 var z = aG * aA + aD * aE;
135 aA = aE * aA + ((z & 32767) << 15) + aI[aB] + (aF & 1073741823);
136 aF = (aA >>> 30) + (z >>> 15) + aG * aD + (aF >>> 30);
137 aI[aB++] = aA & 1073741823
138 }
139 return aF
140 }
141 function ax(aC, aH, aI, aB, aF, t) {
142 var aE = aH & 16383,
143 aG = aH >> 14;
144 while (--t >= 0) {
145 var aA = this[aC] & 16383;
146 var aD = this[aC++] >> 14;
147 var z = aG * aA + aD * aE;
148 aA = aE * aA + ((z & 16383) << 14) + aI[aB] + aF;
149 aF = (aA >> 28) + (z >> 14) + aG * aD;
150 aI[aB++] = aA & 268435455
151 }
152 return aF
153 }
154 if (Z && (navigator.appName == "Microsoft Internet Explorer")) {
155 ar.prototype.am = ay;
156 aw = 30
157 } else {
158 if (Z && (navigator.appName != "Netscape")) {
159 ar.prototype.am = b;
160 aw = 26
161 } else {
162 ar.prototype.am = ax;
163 aw = 28
164 }
165 }
166 ar.prototype.DB = aw;
167 ar.prototype.DM = ((1 << aw) - 1);
168 ar.prototype.DV = (1 << aw);
169 var aa = 52;
170 ar.prototype.FV = Math.pow(2, aa);
171 ar.prototype.F1 = aa - aw;
172 ar.prototype.F2 = 2 * aw - aa;
173 var ae = "0123456789abcdefghijklmnopqrstuvwxyz";
174 var ag = new Array();
175 var ap, v;
176 ap = "0".charCodeAt(0);
177 for (v = 0; v <= 9; ++v) {
178 ag[ap++] = v
179 }
180 ap = "a".charCodeAt(0);
181 for (v = 10; v < 36; ++v) {
182 ag[ap++] = v
183 }
184 ap = "A".charCodeAt(0);
185 for (v = 10; v < 36; ++v) {
186 ag[ap++] = v
187 }
188 function az(t) {
189 return ae.charAt(t)
190 }
191 function A(z, t) {
192 var aA = ag[z.charCodeAt(t)];
193 return (aA == null) ? -1 : aA
194 }
195 function Y(z) {
196 for (var t = this.t - 1; t >= 0; --t) {
197 z[t] = this[t]
198 }
199 z.t = this.t;
200 z.s = this.s
201 }
202 function n(t) {
203 this.t = 1;
204 this.s = (t < 0) ? -1 : 0;
205 if (t > 0) {
206 this[0] = t
207 } else {
208 if (t < -1) {
209 this[0] = t + DV
210 } else {
211 this.t = 0
212 }
213 }
214 }
215 function c(t) {
216 var z = h();
217 z.fromInt(t);
218 return z
219 }
220 function w(aE, z) {
221 var aB;
222 if (z == 16) {
223 aB = 4
224 } else {
225 if (z == 8) {
226 aB = 3
227 } else {
228 if (z == 256) {
229 aB = 8
230 } else {
231 if (z == 2) {
232 aB = 1
233 } else {
234 if (z == 32) {
235 aB = 5
236 } else {
237 if (z == 4) {
238 aB = 2
239 } else {
240 this.fromRadix(aE, z);
241 return
242 }
243 }
244 }
245 }
246 }
247 }
248 this.t = 0;
249 this.s = 0;
250 var aD = aE.length,
251 aA = false,
252 aC = 0;
253 while (--aD >= 0) {
254 var t = (aB == 8) ? aE[aD] & 255 : A(aE, aD);
255 if (t < 0) {
256 if (aE.charAt(aD) == "-") {
257 aA = true
258 }
259 continue
260 }
261 aA = false;
262 if (aC == 0) {
263 this[this.t++] = t
264 } else {
265 if (aC + aB > this.DB) {
266 this[this.t - 1] |= (t & ((1 << (this.DB - aC)) - 1)) << aC;
267 this[this.t++] = (t >> (this.DB - aC))
268 } else {
269 this[this.t - 1] |= t << aC
270 }
271 }
272 aC += aB;
273 if (aC >= this.DB) {
274 aC -= this.DB
275 }
276 }
277 if (aB == 8 && (aE[0] & 128) != 0) {
278 this.s = -1;
279 if (aC > 0) {
280 this[this.t - 1] |= ((1 << (this.DB - aC)) - 1) << aC
281 }
282 }
283 this.clamp();
284 if (aA) {
285 ar.ZERO.subTo(this, this)
286 }
287 }
288 function O() {
289 var t = this.s & this.DM;
290 while (this.t > 0 && this[this.t - 1] == t) {--this.t
291 }
292 }
293 function q(z) {
294 if (this.s < 0) {
295 return "-" + this.negate().toString(z)
296 }
297 var aA;
298 if (z == 16) {
299 aA = 4
300 } else {
301 if (z == 8) {
302 aA = 3
303 } else {
304 if (z == 2) {
305 aA = 1
306 } else {
307 if (z == 32) {
308 aA = 5
309 } else {
310 if (z == 4) {
311 aA = 2
312 } else {
313 return this.toRadix(z)
314 }
315 }
316 }
317 }
318 }
319 var aC = (1 << aA) - 1,
320 aF,
321 t = false,
322 aD = "",
323 aB = this.t;
324 var aE = this.DB - (aB * this.DB) % aA;
325 if (aB-->0) {
326 if (aE < this.DB && (aF = this[aB] >> aE) > 0) {
327 t = true;
328 aD = az(aF)
329 }
330 while (aB >= 0) {
331 if (aE < aA) {
332 aF = (this[aB] & ((1 << aE) - 1)) << (aA - aE);
333 aF |= this[--aB] >> (aE += this.DB - aA)
334 } else {
335 aF = (this[aB] >> (aE -= aA)) & aC;
336 if (aE <= 0) {
337 aE += this.DB; --aB
338 }
339 }
340 if (aF > 0) {
341 t = true
342 }
343 if (t) {
344 aD += az(aF)
345 }
346 }
347 }
348 return t ? aD: "0"
349 }
350 function R() {
351 var t = h();
352 ar.ZERO.subTo(this, t);
353 return t
354 }
355 function al() {
356 return (this.s < 0) ? this.negate() : this
357 }
358 function G(t) {
359 var aA = this.s - t.s;
360 if (aA != 0) {
361 return aA
362 }
363 var z = this.t;
364 aA = z - t.t;
365 if (aA != 0) {
366 return aA
367 }
368 while (--z >= 0) {
369 if ((aA = this[z] - t[z]) != 0) {
370 return aA
371 }
372 }
373 return 0
374 }
375 function j(z) {
376 var aB = 1,
377 aA;
378 if ((aA = z >>> 16) != 0) {
379 z = aA;
380 aB += 16
381 }
382 if ((aA = z >> 8) != 0) {
383 z = aA;
384 aB += 8
385 }
386 if ((aA = z >> 4) != 0) {
387 z = aA;
388 aB += 4
389 }
390 if ((aA = z >> 2) != 0) {
391 z = aA;
392 aB += 2
393 }
394 if ((aA = z >> 1) != 0) {
395 z = aA;
396 aB += 1
397 }
398 return aB
399 }
400 function u() {
401 if (this.t <= 0) {
402 return 0
403 }
404 return this.DB * (this.t - 1) + j(this[this.t - 1] ^ (this.s & this.DM))
405 }
406 function aq(aA, z) {
407 var t;
408 for (t = this.t - 1; t >= 0; --t) {
409 z[t + aA] = this[t]
410 }
411 for (t = aA - 1; t >= 0; --t) {
412 z[t] = 0
413 }
414 z.t = this.t + aA;
415 z.s = this.s
416 }
417 function X(aA, z) {
418 for (var t = aA; t < this.t; ++t) {
419 z[t - aA] = this[t]
420 }
421 z.t = Math.max(this.t - aA, 0);
422 z.s = this.s
423 }
424 function s(aF, aB) {
425 var z = aF % this.DB;
426 var t = this.DB - z;
427 var aD = (1 << t) - 1;
428 var aC = Math.floor(aF / this.DB),
429 aE = (this.s << z) & this.DM,
430 aA;
431 for (aA = this.t - 1; aA >= 0; --aA) {
432 aB[aA + aC + 1] = (this[aA] >> t) | aE;
433 aE = (this[aA] & aD) << z
434 }
435 for (aA = aC - 1; aA >= 0; --aA) {
436 aB[aA] = 0
437 }
438 aB[aC] = aE;
439 aB.t = this.t + aC + 1;
440 aB.s = this.s;
441 aB.clamp()
442 }
443 function l(aE, aB) {
444 aB.s = this.s;
445 var aC = Math.floor(aE / this.DB);
446 if (aC >= this.t) {
447 aB.t = 0;
448 return
449 }
450 var z = aE % this.DB;
451 var t = this.DB - z;
452 var aD = (1 << z) - 1;
453 aB[0] = this[aC] >> z;
454 for (var aA = aC + 1; aA < this.t; ++aA) {
455 aB[aA - aC - 1] |= (this[aA] & aD) << t;
456 aB[aA - aC] = this[aA] >> z
457 }
458 if (z > 0) {
459 aB[this.t - aC - 1] |= (this.s & aD) << t
460 }
461 aB.t = this.t - aC;
462 aB.clamp()
463 }
464 function ab(z, aB) {
465 var aA = 0,
466 aC = 0,
467 t = Math.min(z.t, this.t);
468 while (aA < t) {
469 aC += this[aA] - z[aA];
470 aB[aA++] = aC & this.DM;
471 aC >>= this.DB
472 }
473 if (z.t < this.t) {
474 aC -= z.s;
475 while (aA < this.t) {
476 aC += this[aA];
477 aB[aA++] = aC & this.DM;
478 aC >>= this.DB
479 }
480 aC += this.s
481 } else {
482 aC += this.s;
483 while (aA < z.t) {
484 aC -= z[aA];
485 aB[aA++] = aC & this.DM;
486 aC >>= this.DB
487 }
488 aC -= z.s
489 }
490 aB.s = (aC < 0) ? -1 : 0;
491 if (aC < -1) {
492 aB[aA++] = this.DV + aC
493 } else {
494 if (aC > 0) {
495 aB[aA++] = aC
496 }
497 }
498 aB.t = aA;
499 aB.clamp()
500 }
501 function D(z, aB) {
502 var t = this.abs(),
503 aC = z.abs();
504 var aA = t.t;
505 aB.t = aA + aC.t;
506 while (--aA >= 0) {
507 aB[aA] = 0
508 }
509 for (aA = 0; aA < aC.t; ++aA) {
510 aB[aA + t.t] = t.am(0, aC[aA], aB, aA, 0, t.t)
511 }
512 aB.s = 0;
513 aB.clamp();
514 if (this.s != z.s) {
515 ar.ZERO.subTo(aB, aB)
516 }
517 }
518 function Q(aA) {
519 var t = this.abs();
520 var z = aA.t = 2 * t.t;
521 while (--z >= 0) {
522 aA[z] = 0
523 }
524 for (z = 0; z < t.t - 1; ++z) {
525 var aB = t.am(z, t[z], aA, 2 * z, 0, 1);
526 if ((aA[z + t.t] += t.am(z + 1, 2 * t[z], aA, 2 * z + 1, aB, t.t - z - 1)) >= t.DV) {
527 aA[z + t.t] -= t.DV;
528 aA[z + t.t + 1] = 1
529 }
530 }
531 if (aA.t > 0) {
532 aA[aA.t - 1] += t.am(z, t[z], aA, 2 * z, 0, 1)
533 }
534 aA.s = 0;
535 aA.clamp()
536 }
537 function E(aI, aF, aE) {
538 var aO = aI.abs();
539 if (aO.t <= 0) {
540 return
541 }
542 var aG = this.abs();
543 if (aG.t < aO.t) {
544 if (aF != null) {
545 aF.fromInt(0)
546 }
547 if (aE != null) {
548 this.copyTo(aE)
549 }
550 return
551 }
552 if (aE == null) {
553 aE = h()
554 }
555 var aC = h(),
556 z = this.s,
557 aH = aI.s;
558 var aN = this.DB - j(aO[aO.t - 1]);
559 if (aN > 0) {
560 aO.lShiftTo(aN, aC);
561 aG.lShiftTo(aN, aE)
562 } else {
563 aO.copyTo(aC);
564 aG.copyTo(aE)
565 }
566 var aK = aC.t;
567 var aA = aC[aK - 1];
568 if (aA == 0) {
569 return
570 }
571 var aJ = aA * (1 << this.F1) + ((aK > 1) ? aC[aK - 2] >> this.F2: 0);
572 var aR = this.FV / aJ,
573 aQ = (1 << this.F1) / aJ,
574 aP = 1 << this.F2;
575 var aM = aE.t,
576 aL = aM - aK,
577 aD = (aF == null) ? h() : aF;
578 aC.dlShiftTo(aL, aD);
579 if (aE.compareTo(aD) >= 0) {
580 aE[aE.t++] = 1;
581 aE.subTo(aD, aE)
582 }
583 ar.ONE.dlShiftTo(aK, aD);
584 aD.subTo(aC, aC);
585 while (aC.t < aK) {
586 aC[aC.t++] = 0
587 }
588 while (--aL >= 0) {
589 var aB = (aE[--aM] == aA) ? this.DM: Math.floor(aE[aM] * aR + (aE[aM - 1] + aP) * aQ);
590 if ((aE[aM] += aC.am(0, aB, aE, aL, 0, aK)) < aB) {
591 aC.dlShiftTo(aL, aD);
592 aE.subTo(aD, aE);
593 while (aE[aM] < --aB) {
594 aE.subTo(aD, aE)
595 }
596 }
597 }
598 if (aF != null) {
599 aE.drShiftTo(aK, aF);
600 if (z != aH) {
601 ar.ZERO.subTo(aF, aF)
602 }
603 }
604 aE.t = aK;
605 aE.clamp();
606 if (aN > 0) {
607 aE.rShiftTo(aN, aE)
608 }
609 if (z < 0) {
610 ar.ZERO.subTo(aE, aE)
611 }
612 }
613 function N(t) {
614 var z = h();
615 this.abs().divRemTo(t, null, z);
616 if (this.s < 0 && z.compareTo(ar.ZERO) > 0) {
617 t.subTo(z, z)
618 }
619 return z
620 }
621 function K(t) {
622 this.m = t
623 }
624 function V(t) {
625 if (t.s < 0 || t.compareTo(this.m) >= 0) {
626 return t.mod(this.m)
627 } else {
628 return t
629 }
630 }
631 function ak(t) {
632 return t
633 }
634 function J(t) {
635 t.divRemTo(this.m, null, t)
636 }
637 function H(t, aA, z) {
638 t.multiplyTo(aA, z);
639 this.reduce(z)
640 }
641 function au(t, z) {
642 t.squareTo(z);
643 this.reduce(z)
644 }
645 K.prototype.convert = V;
646 K.prototype.revert = ak;
647 K.prototype.reduce = J;
648 K.prototype.mulTo = H;
649 K.prototype.sqrTo = au;
650 function B() {
651 if (this.t < 1) {
652 return 0
653 }
654 var t = this[0];
655 if ((t & 1) == 0) {
656 return 0
657 }
658 var z = t & 3;
659 z = (z * (2 - (t & 15) * z)) & 15;
660 z = (z * (2 - (t & 255) * z)) & 255;
661 z = (z * (2 - (((t & 65535) * z) & 65535))) & 65535;
662 z = (z * (2 - t * z % this.DV)) % this.DV;
663 return (z > 0) ? this.DV - z: -z
664 }
665 function f(t) {
666 this.m = t;
667 this.mp = t.invDigit();
668 this.mpl = this.mp & 32767;
669 this.mph = this.mp >> 15;
670 this.um = (1 << (t.DB - 15)) - 1;
671 this.mt2 = 2 * t.t
672 }
673 function aj(t) {
674 var z = h();
675 t.abs().dlShiftTo(this.m.t, z);
676 z.divRemTo(this.m, null, z);
677 if (t.s < 0 && z.compareTo(ar.ZERO) > 0) {
678 this.m.subTo(z, z)
679 }
680 return z
681 }
682 function at(t) {
683 var z = h();
684 t.copyTo(z);
685 this.reduce(z);
686 return z
687 }
688 function P(t) {
689 while (t.t <= this.mt2) {
690 t[t.t++] = 0
691 }
692 for (var aA = 0; aA < this.m.t; ++aA) {
693 var z = t[aA] & 32767;
694 var aB = (z * this.mpl + (((z * this.mph + (t[aA] >> 15) * this.mpl) & this.um) << 15)) & t.DM;
695 z = aA + this.m.t;
696 t[z] += this.m.am(0, aB, t, aA, 0, this.m.t);
697 while (t[z] >= t.DV) {
698 t[z] -= t.DV;
699 t[++z]++
700 }
701 }
702 t.clamp();
703 t.drShiftTo(this.m.t, t);
704 if (t.compareTo(this.m) >= 0) {
705 t.subTo(this.m, t)
706 }
707 }
708 function am(t, z) {
709 t.squareTo(z);
710 this.reduce(z)
711 }
712 function y(t, aA, z) {
713 t.multiplyTo(aA, z);
714 this.reduce(z)
715 }
716 f.prototype.convert = aj;
717 f.prototype.revert = at;
718 f.prototype.reduce = P;
719 f.prototype.mulTo = y;
720 f.prototype.sqrTo = am;
721 function i() {
722 return ((this.t > 0) ? (this[0] & 1) : this.s) == 0
723 }
724 function x(aF, aG) {
725 if (aF > 4294967295 || aF < 1) {
726 return ar.ONE
727 }
728 var aE = h(),
729 aA = h(),
730 aD = aG.convert(this),
731 aC = j(aF) - 1;
732 aD.copyTo(aE);
733 while (--aC >= 0) {
734 aG.sqrTo(aE, aA);
735 if ((aF & (1 << aC)) > 0) {
736 aG.mulTo(aA, aD, aE)
737 } else {
738 var aB = aE;
739 aE = aA;
740 aA = aB
741 }
742 }
743 return aG.revert(aE)
744 }
745 function an(aA, t) {
746 var aB;
747 if (aA < 256 || t.isEven()) {
748 aB = new K(t)
749 } else {
750 aB = new f(t)
751 }
752 return this.exp(aA, aB)
753 }
754 ar.prototype.copyTo = Y;
755 ar.prototype.fromInt = n;
756 ar.prototype.fromString = w;
757 ar.prototype.clamp = O;
758 ar.prototype.dlShiftTo = aq;
759 ar.prototype.drShiftTo = X;
760 ar.prototype.lShiftTo = s;
761 ar.prototype.rShiftTo = l;
762 ar.prototype.subTo = ab;
763 ar.prototype.multiplyTo = D;
764 ar.prototype.squareTo = Q;
765 ar.prototype.divRemTo = E;
766 ar.prototype.invDigit = B;
767 ar.prototype.isEven = i;
768 ar.prototype.exp = x;
769 ar.prototype.toString = q;
770 ar.prototype.negate = R;
771 ar.prototype.abs = al;
772 ar.prototype.compareTo = G;
773 ar.prototype.bitLength = u;
774 ar.prototype.mod = N;
775 ar.prototype.modPowInt = an;
776 ar.ZERO = c(0);
777 ar.ONE = c(1);
778 var m;
779 var U;
780 var ac;
781 function d(t) {
782 U[ac++] ^= t & 255;
783 U[ac++] ^= (t >> 8) & 255;
784 U[ac++] ^= (t >> 16) & 255;
785 U[ac++] ^= (t >> 24) & 255;
786 if (ac >= M) {
787 ac -= M
788 }
789 }
790 function T() {
791 d(new Date().getTime())
792 }
793 if (U == null) {
794 U = new Array();
795 ac = 0;
796 var I;
797 if (navigator.appName == "Netscape" && navigator.appVersion < "5" && window.crypto && window.crypto.random) {
798 var F = window.crypto.random(32);
799 for (I = 0; I < F.length; ++I) {
800 U[ac++] = F.charCodeAt(I) & 255
801 }
802 }
803 while (ac < M) {
804 I = Math.floor(65536 * Math.random());
805 U[ac++] = I >>> 8;
806 U[ac++] = I & 255
807 }
808 ac = 0;
809 T()
810 }
811 function C() {
812 if (m == null) {
813 T();
814 m = ao();
815 m.init(U);
816 for (ac = 0; ac < U.length; ++ac) {
817 U[ac] = 0
818 }
819 ac = 0
820 }
821 return m.next()
822 }
823 function av(z) {
824 var t;
825 for (t = 0; t < z.length; ++t) {
826 z[t] = C()
827 }
828 }
829 function ad() {}
830 ad.prototype.nextBytes = av;
831 function k() {
832 this.i = 0;
833 this.j = 0;
834 this.S = new Array()
835 }
836 function e(aC) {
837 var aB, z, aA;
838 for (aB = 0; aB < 256; ++aB) {
839 this.S[aB] = aB
840 }
841 z = 0;
842 for (aB = 0; aB < 256; ++aB) {
843 z = (z + this.S[aB] + aC[aB % aC.length]) & 255;
844 aA = this.S[aB];
845 this.S[aB] = this.S[z];
846 this.S[z] = aA
847 }
848 this.i = 0;
849 this.j = 0
850 }
851 function a() {
852 var z;
853 this.i = (this.i + 1) & 255;
854 this.j = (this.j + this.S[this.i]) & 255;
855 z = this.S[this.i];
856 this.S[this.i] = this.S[this.j];
857 this.S[this.j] = z;
858 return this.S[(z + this.S[this.i]) & 255]
859 }
860 k.prototype.init = e;
861 k.prototype.next = a;
862 function ao() {
863 return new k()
864 }
865 var M = 256;
866 function S(aB, aA, z) {
867 aA = "F20CE00BAE5361F8FA3AE9CEFA495362FF7DA1BA628F64A347F0A8C012BF0B254A30CD92ABFFE7A6EE0DC424CB6166F8819EFA5BCCB20EDFB4AD02E412CCF579B1CA711D55B8B0B3AEB60153D5E0693A2A86F3167D7847A0CB8B00004716A9095D9BADC977CBB804DBDCBA6029A9710869A453F27DFDDF83C016D928B3CBF4C7";
868 z = "3";
869 var t = new L();
870 t.setPublic(aA, z);
871 return t.encrypt(aB)
872 }
873 return {
874 rsa_encrypt: S
875 }
876 } ();
877
878 (function(r) {
879 var s = "",
880 a = 0,
881 g = [],
882 x = [],
883 y = 0,
884 u = 0,
885 m = [],
886 t = [],
887 n = true;
888 function e() {
889 return Math.round(Math.random() * 4294967295)
890 }
891 function i(C, D, z) {
892 if (!z || z > 4) {
893 z = 4
894 }
895 var A = 0;
896 for (var B = D; B < D + z; B++) {
897 A <<= 8;
898 A |= C[B]
899 }
900 return (A & 4294967295) >>> 0
901 }
902 function b(A, B, z) {
903 A[B + 3] = (z >> 0) & 255;
904 A[B + 2] = (z >> 8) & 255;
905 A[B + 1] = (z >> 16) & 255;
906 A[B + 0] = (z >> 24) & 255
907 }
908 function w(C) {
909 if (!C) {
910 return ""
911 }
912 var z = "";
913 for (var A = 0; A < C.length; A++) {
914 var B = Number(C[A]).toString(16);
915 if (B.length == 1) {
916 B = "0" + B
917 }
918 z += B
919 }
920 return z
921 }
922 function v(A) {
923 var B = "";
924 for (var z = 0; z < A.length; z += 2) {
925 B += String.fromCharCode(parseInt(A.substr(z, 2), 16))
926 }
927 return B
928 }
929 function c(C, z) {
930 if (!C) {
931 return ""
932 }
933 if (z) {
934 C = k(C)
935 }
936 var B = [];
937 for (var A = 0; A < C.length; A++) {
938 B[A] = C.charCodeAt(A)
939 }
940 return w(B)
941 }
942 function k(C) {
943 var B, D, A = [],
944 z = C.length;
945 for (B = 0; B < z; B++) {
946 D = C.charCodeAt(B);
947 if (D > 0 && D <= 127) {
948 A.push(C.charAt(B))
949 } else {
950 if (D >= 128 && D <= 2047) {
951 A.push(String.fromCharCode(192 | ((D >> 6) & 31)), String.fromCharCode(128 | (D & 63)))
952 } else {
953 if (D >= 2048 && D <= 65535) {
954 A.push(String.fromCharCode(224 | ((D >> 12) & 15)), String.fromCharCode(128 | ((D >> 6) & 63)), String.fromCharCode(128 | (D & 63)))
955 }
956 }
957 }
958 }
959 return A.join("")
960 }
961 function h(B) {
962 g = new Array(8);
963 x = new Array(8);
964 y = u = 0;
965 n = true;
966 a = 0;
967 var z = B.length;
968 var C = 0;
969 a = (z + 10) % 8;
970 if (a != 0) {
971 a = 8 - a
972 }
973 m = new Array(z + a + 10);
974 g[0] = ((e() & 248) | a) & 255;
975 for (var A = 1; A <= a; A++) {
976 g[A] = e() & 255
977 }
978 a++;
979 for (var A = 0; A < 8; A++) {
980 x[A] = 0
981 }
982 C = 1;
983 while (C <= 2) {
984 if (a < 8) {
985 g[a++] = e() & 255;
986 C++
987 }
988 if (a == 8) {
989 p()
990 }
991 }
992 var A = 0;
993 while (z > 0) {
994 if (a < 8) {
995 g[a++] = B[A++];
996 z--
997 }
998 if (a == 8) {
999 p()
1000 }
1001 }
1002 C = 1;
1003 while (C <= 7) {
1004 if (a < 8) {
1005 g[a++] = 0;
1006 C++
1007 }
1008 if (a == 8) {
1009 p()
1010 }
1011 }
1012 return m
1013 }
1014 function q(D) {
1015 var C = 0;
1016 var A = new Array(8);
1017 var z = D.length;
1018 t = D;
1019 if (z % 8 != 0 || z < 16) {
1020 return null
1021 }
1022 x = l(D);
1023 a = x[0] & 7;
1024 C = z - a - 10;
1025 if (C < 0) {
1026 return null
1027 }
1028 for (var B = 0; B < A.length; B++) {
1029 A[B] = 0
1030 }
1031 m = new Array(C);
1032 u = 0;
1033 y = 8;
1034 a++;
1035 var E = 1;
1036 while (E <= 2) {
1037 if (a < 8) {
1038 a++;
1039 E++
1040 }
1041 if (a == 8) {
1042 A = D;
1043 if (!f()) {
1044 return null
1045 }
1046 }
1047 }
1048 var B = 0;
1049 while (C != 0) {
1050 if (a < 8) {
1051 m[B] = (A[u + a] ^ x[a]) & 255;
1052 B++;
1053 C--;
1054 a++
1055 }
1056 if (a == 8) {
1057 A = D;
1058 u = y - 8;
1059 if (!f()) {
1060 return null
1061 }
1062 }
1063 }
1064 for (E = 1; E < 8; E++) {
1065 if (a < 8) {
1066 if ((A[u + a] ^ x[a]) != 0) {
1067 return null
1068 }
1069 a++
1070 }
1071 if (a == 8) {
1072 A = D;
1073 u = y;
1074 if (!f()) {
1075 return null
1076 }
1077 }
1078 }
1079 return m
1080 }
1081 function p() {
1082 for (var z = 0; z < 8; z++) {
1083 if (n) {
1084 g[z] ^= x[z]
1085 } else {
1086 g[z] ^= m[u + z]
1087 }
1088 }
1089 var A = j(g);
1090 for (var z = 0; z < 8; z++) {
1091 m[y + z] = A[z] ^ x[z];
1092 x[z] = g[z]
1093 }
1094 u = y;
1095 y += 8;
1096 a = 0;
1097 n = false
1098 }
1099 function j(A) {
1100 var B = 16;
1101 var G = i(A, 0, 4);
1102 var F = i(A, 4, 4);
1103 var I = i(s, 0, 4);
1104 var H = i(s, 4, 4);
1105 var E = i(s, 8, 4);
1106 var D = i(s, 12, 4);
1107 var C = 0;
1108 var J = 2654435769 >>> 0;
1109 while (B-->0) {
1110 C += J;
1111 C = (C & 4294967295) >>> 0;
1112 G += ((F << 4) + I) ^ (F + C) ^ ((F >>> 5) + H);
1113 G = (G & 4294967295) >>> 0;
1114 F += ((G << 4) + E) ^ (G + C) ^ ((G >>> 5) + D);
1115 F = (F & 4294967295) >>> 0
1116 }
1117 var K = new Array(8);
1118 b(K, 0, G);
1119 b(K, 4, F);
1120 return K
1121 }
1122 function l(A) {
1123 var B = 16;
1124 var G = i(A, 0, 4);
1125 var F = i(A, 4, 4);
1126 var I = i(s, 0, 4);
1127 var H = i(s, 4, 4);
1128 var E = i(s, 8, 4);
1129 var D = i(s, 12, 4);
1130 var C = 3816266640 >>> 0;
1131 var J = 2654435769 >>> 0;
1132 while (B-->0) {
1133 F -= ((G << 4) + E) ^ (G + C) ^ ((G >>> 5) + D);
1134 F = (F & 4294967295) >>> 0;
1135 G -= ((F << 4) + I) ^ (F + C) ^ ((F >>> 5) + H);
1136 G = (G & 4294967295) >>> 0;
1137 C -= J;
1138 C = (C & 4294967295) >>> 0
1139 }
1140 var K = new Array(8);
1141 b(K, 0, G);
1142 b(K, 4, F);
1143 return K
1144 }
1145 function f() {
1146 var z = t.length;
1147 for (var A = 0; A < 8; A++) {
1148 x[A] ^= t[y + A]
1149 }
1150 x = l(x);
1151 y += 8;
1152 a = 0;
1153 return true
1154 }
1155 function o(D, C) {
1156 var B = [];
1157 if (C) {
1158 for (var A = 0; A < D.length; A++) {
1159 B[A] = D.charCodeAt(A) & 255
1160 }
1161 } else {
1162 var z = 0;
1163 for (var A = 0; A < D.length; A += 2) {
1164 B[z++] = parseInt(D.substr(A, 2), 16)
1165 }
1166 }
1167 return B
1168 }
1169 r.TEA = {
1170 encrypt: function(C, B) {
1171 var A = o(C, B);
1172 var z = h(A);
1173 return w(z)
1174 },
1175 enAsBase64: function(E, D) {
1176 var C = o(E, D);
1177 var B = h(C);
1178 var z = "";
1179 for (var A = 0; A < B.length; A++) {
1180 z += String.fromCharCode(B[A])
1181 }
1182 return btoa(z)
1183 },
1184 decrypt: function(B) {
1185 var A = o(B, false);
1186 var z = q(A);
1187 return w(z)
1188 },
1189 initkey: function(z, A) {
1190 s = o(z, A)
1191 },
1192 bytesToStr: v,
1193 strToBytes: c,
1194 bytesInStr: w,
1195 dataFromStr: o
1196 };
1197 var d = {};
1198 d.PADCHAR = "=";
1199 d.ALPHA = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
1200 d.getbyte = function(B, A) {
1201 var z = B.charCodeAt(A);
1202 if (z > 255) {
1203 throw "INVALID_CHARACTER_ERR: DOM Exception 5"
1204 }
1205 return z
1206 };
1207 d.encode = function(D) {
1208 if (arguments.length != 1) {
1209 throw "SyntaxError: Not enough arguments"
1210 }
1211 var A = d.PADCHAR;
1212 var F = d.ALPHA;
1213 var E = d.getbyte;
1214 var C, G;
1215 var z = [];
1216 D = "" + D;
1217 var B = D.length - D.length % 3;
1218 if (D.length == 0) {
1219 return D
1220 }
1221 for (C = 0; C < B; C += 3) {
1222 G = (E(D, C) << 16) | (E(D, C + 1) << 8) | E(D, C + 2);
1223 z.push(F.charAt(G >> 18));
1224 z.push(F.charAt((G >> 12) & 63));
1225 z.push(F.charAt((G >> 6) & 63));
1226 z.push(F.charAt(G & 63))
1227 }
1228 switch (D.length - B) {
1229 case 1:
1230 G = E(D, C) << 16;
1231 z.push(F.charAt(G >> 18) + F.charAt((G >> 12) & 63) + A + A);
1232 break;
1233 case 2:
1234 G = (E(D, C) << 16) | (E(D, C + 1) << 8);
1235 z.push(F.charAt(G >> 18) + F.charAt((G >> 12) & 63) + F.charAt((G >> 6) & 63) + A);
1236 break
1237 }
1238 return z.join("")
1239 };
1240 if (!window.btoa) {
1241 window.btoa = d.encode
1242 }
1243 })(window);
1244
1245 //跟踪JS代码 发现 这地方需要全局声明(浏览器下这些对象默认是在window下de)
1246 TEA=window.TEA;
1247 btoa= window.btoa;
View Code js:loginMd5.js
1 //var window = window || {};
2 //var navigator = navigator|| {};
3 //
4 //$ = window.$ || {};
5 //$pt = window.$pt || {};
6
7 $.Encryption = $pt.Encryption = function() {
8 var hexcase = 1;
9 var b64pad = "";
10 var chrsz = 8;
11 var mode = 32;
12 function md5(s) {
13 return hex_md5(s)
14 }
15 function hex_md5(s) {
16 return binl2hex(core_md5(str2binl(s), s.length * chrsz))
17 }
18 function str_md5(s) {
19 return binl2str(core_md5(str2binl(s), s.length * chrsz))
20 }
21 function hex_hmac_md5(key, data) {
22 return binl2hex(core_hmac_md5(key, data))
23 }
24 function b64_hmac_md5(key, data) {
25 return binl2b64(core_hmac_md5(key, data))
26 }
27 function str_hmac_md5(key, data) {
28 return binl2str(core_hmac_md5(key, data))
29 }
30 function core_md5(x, len) {
31 x[len >> 5] |= 128 << ((len) % 32);
32 x[(((len + 64) >>> 9) << 4) + 14] = len;
33 var a = 1732584193;
34 var b = -271733879;
35 var c = -1732584194;
36 var d = 271733878;
37 for (var i = 0; i < x.length; i += 16) {
38 var olda = a;
39 var oldb = b;
40 var oldc = c;
41 var oldd = d;
42 a = md5_ff(a, b, c, d, x[i + 0], 7, -680876936);
43 d = md5_ff(d, a, b, c, x[i + 1], 12, -389564586);
44 c = md5_ff(c, d, a, b, x[i + 2], 17, 606105819);
45 b = md5_ff(b, c, d, a, x[i + 3], 22, -1044525330);
46 a = md5_ff(a, b, c, d, x[i + 4], 7, -176418897);
47 d = md5_ff(d, a, b, c, x[i + 5], 12, 1200080426);
48 c = md5_ff(c, d, a, b, x[i + 6], 17, -1473231341);
49 b = md5_ff(b, c, d, a, x[i + 7], 22, -45705983);
50 a = md5_ff(a, b, c, d, x[i + 8], 7, 1770035416);
51 d = md5_ff(d, a, b, c, x[i + 9], 12, -1958414417);
52 c = md5_ff(c, d, a, b, x[i + 10], 17, -42063);
53 b = md5_ff(b, c, d, a, x[i + 11], 22, -1990404162);
54 a = md5_ff(a, b, c, d, x[i + 12], 7, 1804603682);
55 d = md5_ff(d, a, b, c, x[i + 13], 12, -40341101);
56 c = md5_ff(c, d, a, b, x[i + 14], 17, -1502002290);
57 b = md5_ff(b, c, d, a, x[i + 15], 22, 1236535329);
58 a = md5_gg(a, b, c, d, x[i + 1], 5, -165796510);
59 d = md5_gg(d, a, b, c, x[i + 6], 9, -1069501632);
60 c = md5_gg(c, d, a, b, x[i + 11], 14, 643717713);
61 b = md5_gg(b, c, d, a, x[i + 0], 20, -373897302);
62 a = md5_gg(a, b, c, d, x[i + 5], 5, -701558691);
63 d = md5_gg(d, a, b, c, x[i + 10], 9, 38016083);
64 c = md5_gg(c, d, a, b, x[i + 15], 14, -660478335);
65 b = md5_gg(b, c, d, a, x[i + 4], 20, -405537848);
66 a = md5_gg(a, b, c, d, x[i + 9], 5, 568446438);
67 d = md5_gg(d, a, b, c, x[i + 14], 9, -1019803690);
68 c = md5_gg(c, d, a, b, x[i + 3], 14, -187363961);
69 b = md5_gg(b, c, d, a, x[i + 8], 20, 1163531501);
70 a = md5_gg(a, b, c, d, x[i + 13], 5, -1444681467);
71 d = md5_gg(d, a, b, c, x[i + 2], 9, -51403784);
72 c = md5_gg(c, d, a, b, x[i + 7], 14, 1735328473);
73 b = md5_gg(b, c, d, a, x[i + 12], 20, -1926607734);
74 a = md5_hh(a, b, c, d, x[i + 5], 4, -378558);
75 d = md5_hh(d, a, b, c, x[i + 8], 11, -2022574463);
76 c = md5_hh(c, d, a, b, x[i + 11], 16, 1839030562);
77 b = md5_hh(b, c, d, a, x[i + 14], 23, -35309556);
78 a = md5_hh(a, b, c, d, x[i + 1], 4, -1530992060);
79 d = md5_hh(d, a, b, c, x[i + 4], 11, 1272893353);
80 c = md5_hh(c, d, a, b, x[i + 7], 16, -155497632);
81 b = md5_hh(b, c, d, a, x[i + 10], 23, -1094730640);
82 a = md5_hh(a, b, c, d, x[i + 13], 4, 681279174);
83 d = md5_hh(d, a, b, c, x[i + 0], 11, -358537222);
84 c = md5_hh(c, d, a, b, x[i + 3], 16, -722521979);
85 b = md5_hh(b, c, d, a, x[i + 6], 23, 76029189);
86 a = md5_hh(a, b, c, d, x[i + 9], 4, -640364487);
87 d = md5_hh(d, a, b, c, x[i + 12], 11, -421815835);
88 c = md5_hh(c, d, a, b, x[i + 15], 16, 530742520);
89 b = md5_hh(b, c, d, a, x[i + 2], 23, -995338651);
90 a = md5_ii(a, b, c, d, x[i + 0], 6, -198630844);
91 d = md5_ii(d, a, b, c, x[i + 7], 10, 1126891415);
92 c = md5_ii(c, d, a, b, x[i + 14], 15, -1416354905);
93 b = md5_ii(b, c, d, a, x[i + 5], 21, -57434055);
94 a = md5_ii(a, b, c, d, x[i + 12], 6, 1700485571);
95 d = md5_ii(d, a, b, c, x[i + 3], 10, -1894986606);
96 c = md5_ii(c, d, a, b, x[i + 10], 15, -1051523);
97 b = md5_ii(b, c, d, a, x[i + 1], 21, -2054922799);
98 a = md5_ii(a, b, c, d, x[i + 8], 6, 1873313359);
99 d = md5_ii(d, a, b, c, x[i + 15], 10, -30611744);
100 c = md5_ii(c, d, a, b, x[i + 6], 15, -1560198380);
101 b = md5_ii(b, c, d, a, x[i + 13], 21, 1309151649);
102 a = md5_ii(a, b, c, d, x[i + 4], 6, -145523070);
103 d = md5_ii(d, a, b, c, x[i + 11], 10, -1120210379);
104 c = md5_ii(c, d, a, b, x[i + 2], 15, 718787259);
105 b = md5_ii(b, c, d, a, x[i + 9], 21, -343485551);
106 a = safe_add(a, olda);
107 b = safe_add(b, oldb);
108 c = safe_add(c, oldc);
109 d = safe_add(d, oldd)
110 }
111 if (mode == 16) {
112 return Array(b, c)
113 } else {
114 return Array(a, b, c, d)
115 }
116 }
117 function md5_cmn(q, a, b, x, s, t) {
118 return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s), b)
119 }
120 function md5_ff(a, b, c, d, x, s, t) {
121 return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t)
122 }
123 function md5_gg(a, b, c, d, x, s, t) {
124 return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t)
125 }
126 function md5_hh(a, b, c, d, x, s, t) {
127 return md5_cmn(b ^ c ^ d, a, b, x, s, t)
128 }
129 function md5_ii(a, b, c, d, x, s, t) {
130 return md5_cmn(c ^ (b | (~d)), a, b, x, s, t)
131 }
132 function core_hmac_md5(key, data) {
133 var bkey = str2binl(key);
134 if (bkey.length > 16) {
135 bkey = core_md5(bkey, key.length * chrsz)
136 }
137 var ipad = Array(16),
138 opad = Array(16);
139 for (var i = 0; i < 16; i++) {
140 ipad = bkey ^ 909522486;
141 opad = bkey ^ 1549556828
142 }
143 var hash = core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz);
144 return core_md5(opad.concat(hash), 512 + 128)
145 }
146 function safe_add(x, y) {
147 var lsw = (x & 65535) + (y & 65535);
148 var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
149 return (msw << 16) | (lsw & 65535)
150 }
151 function bit_rol(num, cnt) {
152 return (num << cnt) | (num >>> (32 - cnt))
153 }
154 function str2binl(str) {
155 var bin = Array();
156 var mask = (1 << chrsz) - 1;
157 for (var i = 0; i < str.length * chrsz; i += chrsz) {
158 bin[i >> 5] |= (str.charCodeAt(i / chrsz) & mask) << (i % 32)
159 }
160 return bin
161 }
162 function binl2str(bin) {
163 var str = "";
164 var mask = (1 << chrsz) - 1;
165 for (var i = 0; i < bin.length * 32; i += chrsz) {
166 str += String.fromCharCode((bin[i >> 5] >>> (i % 32)) & mask)
167 }
168 return str
169 }
170 function binl2hex(binarray) {
171 var hex_tab = hexcase ? "0123456789ABCDEF": "0123456789abcdef";
172 var str = "";
173 for (var i = 0; i < binarray.length * 4; i++) {
174 str += hex_tab.charAt((binarray[i >> 2] >> ((i % 4) * 8 + 4)) & 15) + hex_tab.charAt((binarray[i >> 2] >> ((i % 4) * 8)) & 15)
175 }
176 return str
177 }
178 function binl2b64(binarray) {
179 var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
180 var str = "";
181 for (var i = 0; i < binarray.length * 4; i += 3) {
182 var triplet = (((binarray[i >> 2] >> 8 * (i % 4)) & 255) << 16) | (((binarray[i + 1 >> 2] >> 8 * ((i + 1) % 4)) & 255) << 8) | ((binarray[i + 2 >> 2] >> 8 * ((i + 2) % 4)) & 255);
183 for (var j = 0; j < 4; j++) {
184 if (i * 8 + j * 6 > binarray.length * 32) {
185 str += b64pad
186 } else {
187 str += tab.charAt((triplet >> 6 * (3 - j)) & 63)
188 }
189 }
190 }
191 return str
192 }
193 function hexchar2bin(str) {
194 var arr = [];
195 for (var i = 0; i < str.length; i = i + 2) {
196 arr.push("\\x" + str.substr(i, 2))
197 }
198 arr = arr.join("");
199 eval("var temp = '" + arr + "'");
200 return temp
201 }
202 function __monitor(mid, probability) {
203 if (Math.random() > (probability || 1)) {
204 return
205 }
206 try {
207 var url = location.protocol + "//ui.ptlogin2.qq.com/cgi-bin/report?id=" + mid;
208 var s = document.createElement("img");
209 s.src = url
210 } catch(e) {}
211 }
212 function getEncryption(password, salt, vcode, isMd5) {
213 vcode = vcode || "";
214 password = password || "";
215 var md5Pwd = isMd5 ? password: md5(password),
216 h1 = hexchar2bin(md5Pwd),
217 s2 = md5(h1 + salt),
218 rsaH1 = $pt.RSA.rsa_encrypt(h1),
219 rsaH1Len = (rsaH1.length / 2).toString(16),
220 hexVcode = TEA.strToBytes(vcode.toUpperCase(), true),
221 vcodeLen = Number(hexVcode.length / 2).toString(16);
222 while (vcodeLen.length < 4) {
223 vcodeLen = "0" + vcodeLen
224 }
225 while (rsaH1Len.length < 4) {
226 rsaH1Len = "0" + rsaH1Len
227 }
228 TEA.initkey(s2);
229 var saltPwd = TEA.enAsBase64(rsaH1Len + rsaH1 + TEA.strToBytes(salt) + vcodeLen + hexVcode);
230 TEA.initkey("");
231 // setTimeout(function() {
232 // __monitor(488358, 1)
233 // },
234 // 0);
235 return saltPwd.replace(/[\/\+=]/g,
236 function(a) {
237 return {
238 "/": "-",
239 "+": "*",
240 "=": "_"
241 } [a]
242 })
243 }
244 function getRSAEncryption(password, vcode, isMd5) {
245 var str1 = isMd5 ? password: md5(password);
246 var str2 = str1 + vcode.toUpperCase();
247 var str3 = $.RSA.rsa_encrypt(str2);
248 return str3
249 }
250 return {
251 getEncryption: getEncryption,
252 getRSAEncryption: getRSAEncryption,
253 md5: md5
254 }
255 } ();
View Code |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-12-1 15:34:13
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡