Closed fffonion closed 6 years ago
yezz5
commented
7 years ago 2017-07-01 09:28:15 115.228.. 浙江省- 迅雷上网加速器android f0a
2017-07-01 09:12:27 115.228.. 浙江省- 迅雷上网加速器android f0a 反馈
2017-07-01 08:56:39 115.228.. 浙江省- 迅雷上网加速器android f0a***
查看了迅雷安全中心,有上线记录但无法加速。
supppig
commented
7 years ago 原来合并了issue啊。。。那我就发到这里吧。。。 导致各种协议错误的,其实不是这个程序的锅,而是hiboy大大的老毛子脚本存在问题。
启动迅雷快鸟的脚本参看: https://github.com/hiboyhiboy/opt-script/blob/master/script/Sh48_Fast_Dick.sh
其中FastDick_keep的过程: FastDick_keep () { logger -t "【迅雷快鸟】" "守护进程启动" while true; do sleep 948 eval $(ps -w | grep "/opt/FastDick/swjsq" | grep -v grep | awk '{print "kill "$1";";}') killall FastDick_script.sh killall -9 FastDick_script.sh /etc/storage/FastDick_script.sh & done } 作为一个守护进程,每隔16分钟,杀一次快鸟进程。导致快鸟需要重新登陆。短时间内累积的登陆次数过多,所以就被迅雷暂时封号了。
其实解决方法,我已经在论坛上说过了。 http://www.right.com.cn/forum/thread-216528-1-1.html 8楼已经给了临时解决办法,目前我就是用这个办法运行着脚本,效果非常棒! 遗憾的是hiboy大大现在还没把脚本改过来,导致论坛上一堆人说迅雷快鸟用不了了。
小声:其实我改了keepalive的时间为290秒,1.5小时重新登陆,因为默认的时间会出现加速失败的情况(原因未知,就是有时候发现加速失效了)。
fffonion
commented
7 years ago @supppig 感谢,我贴到Readme里
h2ch
commented
7 years ago 新版潘多拉使用python,用swjsq.py启动加速,切换到后台运行后,一段时间后,python ./swjsq.py进程会消失
fffonion
commented
7 years ago @caiy92 建议前台运行或者nohup python ./swjsq.py 2>&1 > swjsq.log &看一下是什么原因导致退出的
keykin
commented
6 years ago 快鸟登录协议又更新了,请问登录接口和参数是怎么获取到的呢?
fffonion
commented
6 years ago @keykin 登录协议是迅雷的,和快鸟没关系。登录相关的实现加壳了,需要一个脱壳大牛的帮助
keykin
commented
6 years ago @fffonion 以前是哪位大牛支撑的呢?现在还能继续玩耍吗?
fffonion
commented
6 years ago @keykin 之前的协议木有壳 On Fri, Jan 19, 2018 at 1:55 AM keykin notifications@github.com wrote:
@fffonion https://github.com/fffonion 以前是哪位大牛支撑的呢?现在还能继续玩耍吗?
— You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/fffonion/Xunlei-Fastdick/issues/97#issuecomment-358882357, or mute the thread https://github.com/notifications/unsubscribe-auth/ACCVlZfovRDjoe34lY_Md1Y7pUQ6PzWBks5tMDxGgaJpZM4OFXNm .
xsm1997
commented
6 years ago 今天用不了了,提示协议不合法。
Lonlykids
commented
6 years ago 是安卓的APK加了壳吗.?
fffonion
commented
6 years ago @Lonlykids 是的 On Fri, Jan 19, 2018 at 12:11 PM Lonlykids notifications@github.com wrote:
是安卓的APK加了壳吗.?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/fffonion/Xunlei-Fastdick/issues/97#issuecomment-359030266, or mute the thread https://github.com/notifications/unsubscribe-auth/ACCVlZkQHAZIvIEMb-t1zg04cG9aMq7eks5tMMzYgaJpZM4OFXNm .
Lonlykids
commented
6 years ago @fffonion http://dev.open-api-auth.xunlei.com/platform?m=Developer&op=docPage 看了一下..iOS端是用这个协议登陆的..应该有切入点.?
fffonion
commented
6 years ago @lonlykids interesting,欢迎pr :smile: @zxc14236 协议非法是没法获得session的,后面的提速步骤没有执行
sensec
commented
6 years ago 现在的问题是新版本协议因为没有快鸟用来生成设备签名的算法,登录不了快鸟帐号。其它的我看了一下,跟原来都差不多的。 我现在的临时办法是手机抓包获取peerID和devicesign,然后路由器就用这两个参数登录,各位可以考虑用这个办法先解自己的燃眉之急。 另外吐槽一下迅雷,新协议的用户密码竟然是明文传输,这届的程序员不行啊。。。
Lonlykids
commented
6 years ago @sensec SessionID会过期的吖...过期了后你还不是要重新抓包.?
sensec
commented
6 years ago @lonlykids peerID和devicesign对于每个设备都是独有的,迅雷以此分辨用户是否在多个设备登录,在原来的108版本协议中这两个参数以网卡MAC地址为基础生成,算法各软件里都有。目前用的协议版本是200,算法换掉了,没有合法的devicesign就无法登录。 SessionID是登录之后迅雷服务器返回的,然后提交给ISP服务器作提速帐号验证,所以过期后重新向迅雷服务器登录一下就有新SessionID。
Lonlykids
commented
6 years ago @sensec 噢..是喔..顺序搞反了.
shiwentao1994
commented
6 years ago @sensec 请教下获得了peerID和devicesign后在路由器上怎么操作?
fffonion
commented
6 years ago @sensec 108协议的devicesign是这样生成的
sign = div.协议版本.device_id + md5(sha1(packageName + businessType + md5(GUID)))其中device_id可以随机生成,GUID是一个和协议相关的值,另外的变量都是已知的 我猜这个算法没变或者差不多,关键是需要这个GUID
zxc14236
commented
6 years ago 疑似找到办法,安卓4.4.4安装apk抓包的地址为https://mobile-login.xunlei.com:443/login,密码明文传输的 贴上抓包的结果,部分被我删掉 {"verifyCode":"","isCompressed":"0","OSVersion":"4.4.4","deviceModel":"HM 1S","businessType":"68","passWord":"明文密码","sdkVersion":"177662","appName":"ANDROID-com.xunlei.vip.swjsq","platformVersion":"2","devicesign":"删掉","verifyKey":"","protocolVersion":"200","deviceName":"Xiaomi Hm 1S","userName":"用户名","sequenceNo":"1000010","peerID":"删掉","clientVersion":"2.4.1.3"} 另外替换原来生成的脚本中的登陆参数可以正常使用
sensec
commented
6 years ago @fffonion 是的,packageName和businessType这次都没变,结果变了只能说明迅雷改了算法或者换掉了GUID。hash后值不可逆,所以我们无法推算出原因,唯一的办法就是破解得到源码。
@zxc14236 这个没用。要得到这个返回值,你首先需要向服务器发送合法的devicesign。现在的问题是我们无法生成符合迅雷算法的devicesign,只能通过抓包获取固定值,即是无法通用只能给自己用。
再次吐槽迅雷明文传输密码。 以前迅雷的做法是先将密码计算hash,再用RSA公钥进行加密,到了服务器端用私钥解密得到密码hash值,然后与数据库里的hash值比对就好。这样保证了传输过程的安全,就算私钥泄露或者服务器被黑也只能得到一堆hash值,无法还原出密码原文。 而现在,抓包后简直亮瞎眼,明文传输密码。。。虽然用了SSL保证传输层安全,不过一个中间人攻击就玩完。而且从这点来看,有理由怀疑迅雷服务器中存储的也是密码原文,一旦被黑后果可想而知。。。所以建议大家把迅雷密码单独设置,千万不要跟其它网站/服务的密码相同。
sensec
commented
6 years ago @shiwentao1994 修改你用的程序源码,peerID和devicesign不要自动生成,直接用你抓包获取的来替换,另外发送的数据包也要根据新版本的格式改一下。提醒,现在POST用的JSON全部都是字符串类型,如果还用原来的整数类型会导致登录失败。
xiejinpeng007
commented
6 years ago @sensec
不会 Python
看了下源码,好像只有 _payload 这个 JSON 需要改成字符串对吗?
能不能大概给个 sample ?
Iy204
commented
6 years ago @sensec 临时的解决方法就是自己抓包获取 peerID 和 devicesign ? 抓包的教程倒是很多,可是生成脚本就不会改了,可以放个修改完成以后的么。直接告诉我们替换哪里。
171957200
commented
6 years ago 自己改完全脚本看不懂,抓包会抓,然后要改脚本传路由就不会了
zxc14236
commented
6 years ago https://mobile-login.xunlei.com:443/login 向这里发送登陆请求,分别从不同手机上测试抓包发现peerID的变动没有影响,主要是devicesign,devicesign 不对就登陆不上了
imshell8
commented
6 years ago 我好像不是个别现象,是好多人了?是协议K了吗
Lonlykids
commented
6 years ago @imshell8 是的.你猜對了.~
imshell8
commented
6 years ago @Lonlykids 电脑端是可以,唯独python @fffonion
xiejinpeng007
commented
6 years ago @imshell8 PC端是官方应用当然可以,这个是第三方脚本啊.
sensec
commented
6 years ago https://github.com/sensec/luci-app-xlnetacc 纯shell脚本,临时救急用,1.0.3是针对新协议的,需要抓包然后在LUCI界面填写那两个参数。 1.0.3源码在test-200分支。
lphgor
commented
6 years ago @fffonion 剩下的交给你了
hashlib.sha1(("%scom.xunlei.vip.swjsq68c7f21687eed3cdb400ca11fc2263c998" % fake_device_id).encode('utf-8'))
fffonion
commented
6 years ago @lphgor 感谢,md5能跑通,对应protocolVersion是111
但是我测试的几个账号都会100%弹验证码,不知道是不是111的协议被特殊关照了
待我想想有啥解决办法
另外能透露一下脱壳大法吗 
fffonion
commented
6 years ago @zxc14236 能贴一下你的apk吗,我从官网下载的安卓版本协议是111不是200
Iy204
commented
6 years ago 在酷安下的 协议就是200 版本2.4.1.3
fffonion
commented
6 years ago @ly204 ok
sensec
commented
6 years ago @lphgor 有救了,感谢!
lphgor
commented
6 years ago 我来提供几个200协议的抓包数据,希望能有所帮助。
用户名、明文密码登录:
POST /login HTTP/1.1
Content-Length: 467
Host: mobile-login.xunlei.com:443
Connection: close
User-Agent: android-async-http/xl-acc-sdk/version-2.1.1.177662
Accept-Encoding: gzip, deflate
{"protocolVersion":"200","sequenceNo":"1000001","platformVersion":"2","isCompressed":"0","businessType":"68","clientVersion":"2.4.1.3","peerID":"************004V","appName":"ANDROID-com.xunlei.vip.swjsq","sdkVersion":"177662","devicesign":"div101.****************************************************************","deviceModel":"ONEPLUS A5000","deviceName":"Oneplus A5000","OSVersion":"7.1.1","userName":"********","passWord":"********","verifyKey":"","verifyCode":""}登录以后可以得到 loginkey,可以通过 userID 和 loginkey 方式登录,不知道有没有用:
POST /loginkey HTTP/1.1
Content-Length: 529
Host: mobile-login.xunlei.com:443
Connection: close
User-Agent: android-async-http/xl-acc-sdk/version-2.1.1.177662
Accept-Encoding: gzip, deflate
{"protocolVersion":"200","sequenceNo":"1000001","platformVersion":"2","isCompressed":"0","businessType":"68","clientVersion":"2.4.1.3","peerID":"************004V","appName":"ANDROID-com.xunlei.vip.swjsq","sdkVersion":"177662","devicesign":"div101.****************************************************************","deviceModel":"ONEPLUS A5000","deviceName":"Oneplus A5000","OSVersion":"7.1.1","userName":"********","loginKey":"lk10.************************************************************************************************"}还有上下行会员信息:
POST /getuserinfo HTTP/1.1
Content-Length: 472
Host: mobile-login.xunlei.com:443
Connection: close
User-Agent: android-async-http/xl-acc-sdk/version-2.1.1.177662
Accept-Encoding: gzip, deflate
{"protocolVersion":"200","sequenceNo":"1000002","platformVersion":"2","isCompressed":"0","businessType":"68","clientVersion":"2.4.1.3","peerID":"************004V","appName":"ANDROID-com.xunlei.vip.swjsq","sdkVersion":"177662","devicesign":"div101.****************************************************************","deviceModel":"ONEPLUS A5000","deviceName":"Oneplus A5000","OSVersion":"7.1.1","userID":"********","sessionID":"********************************","vasid":"14"}POST /getuserinfo HTTP/1.1
Content-Length: 472
Host: mobile-login.xunlei.com:443
Connection: close
User-Agent: android-async-http/xl-acc-sdk/version-2.1.1.177662
Accept-Encoding: gzip, deflate
{"protocolVersion":"200","sequenceNo":"1000003","platformVersion":"2","isCompressed":"0","businessType":"68","clientVersion":"2.4.1.3","peerID":"************004V","appName":"ANDROID-com.xunlei.vip.swjsq","sdkVersion":"177662","devicesign":"div101.****************************************************************","deviceModel":"ONEPLUS A5000","deviceName":"Oneplus A5000","OSVersion":"7.1.1","userID":"********","sessionID":"********************************","vasid":"33"}device_sign改为这样
device_sign = "div101.%s%s" % (fake_device_id, hashlib.md5( hashlib.sha1(("%scom.xunlei.vip.swjsq68c7f21687eed3cdb400ca11fc2263c998" % fake_device_id).encode('utf-8')) .hexdigest().encode('utf-8')
payload改为这样
_payload = { "verifyCode":"", "isCompressed":"0", "OSVersion":"4.4.4", "deviceModel":"HM 1S", "businessType":"68", "passWord":pwd, "sdkVersion":"177662", "appName":"ANDROID-com.xunlei.vip.swjsq", "platformVersion":"2", "devicesign":device_sign, "verifyKey":"", "protocolVersion":"200", "deviceName":"Xiaomi Hm 1S", "userName":uname, "sequenceNo":"1000010", "peerID":self.mac, "clientVersion":"2.4.1.3" }
另外登陆接口改为https://mobile-login.xunlei.com:443/login
密码直接明文即可,这样可以正常登陆了
登陆成功返回的数据如下
{"loginKey":"xxxxxxxxxxx","sessionID":"xxxxxxx","platformVersion":"2","userID":"xxxxx","nickName":"xxxx","vipList":[{"payId":"0","isYear":"0","expireDate":"----","vipGrow":"0","vasid":"2","vipLevel":"0","vasType":"0","isVip":"0","payName":"----"}],"isCompressed":"0","timestamp":"15165494xx","errorCode":"0","account":"82xx","sequenceNo":"1000010","protocolVersion":"200","userNewNo":"1082101xx","secureKey":"xxxxx","userName":""}
貌似官网下载的第一次登陆需要验证码(腾X加固),酷安下载却是X60加固。
fffonion
commented
6 years ago 感谢各位云抓包,稍后更新:smile:
fffonion
commented
6 years ago 已更新py和wget脚本
Lonlykids
commented
6 years ago 关于用 Padavan 或者老毛子固件的朋友们 . 如果需要实时看到运行信息.可以把生成的sh文件里面的
log () {
echo date +%X 2>/dev/null $@
}
改成
log () {
logger -t "FastD1ck" "$@"
}
这样.就可以在路由器的系统日志那看到相关信息了.如果遇到Bug等的.可以反馈相关信息
Iy204
commented
6 years ago 16:55:56 Login xunlei succeeded 16:55:56 Expire date for upstream acceleration: 20180426 16:55:57 Initializing upgrade 16:55:57 Upstream error 722: bind conflicted(checked by req acc). 登录成功了好像也加速了 不过这个error是什么? 我只有上行提速会员。
Lonlykids
commented
6 years ago @Iy204 现在快Dick会员要绑宽带帐号了.你检查下你帐号绑定了哪个宽带帐号.是不是和目前的宽带帐号一致.如果是..建议重启光猫试试~~
Iy204
commented
6 years ago @Lonlykids 还是一样,好象是因为我只买了上行加速的原因?在官方PC客户端里,绑定宽带账户只是一段说明。没有绑定解绑的地方。
Huozhangqi
commented
6 years ago @fffonion 更新脚本后报错,上个版本没有这个问题
Traceback (most recent call last): File "E:\FilesArchived\Xunlei-Fastdick-master\swjsq.py", line 787, in
ins.run(uid, pwd) File "E:\FilesArchived\Xunlei-Fastdick-master\swjsq.py", line 326, in run dt = self.login_xunlei(uname, pwd) File "E:\FilesArchived\Xunlei-Fastdick-master\swjsq.py", line 240, in login_xunlei ct = http_req('https://mobile-login.xunlei.com:443/login', body=json.dumps(_payload), headers=header_xl, encoding='utf-8') File "C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python36_64\lib\json__init.py", line 231, in dumps return _default_encoder.encode(obj) File "C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python36_64\lib\json\encoder.py", line 199, in encode chunks = self.iterencode(o, _one_shot=True) File "C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python36_64\lib\json\encoder.py", line 257, in iterencode return _iterencode(o, 0) File "C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python36_64\lib\json\encoder.py", line 180, in default o.class.name__) TypeError: Object of type 'bytes' is not JSON serializable
Lonlykids
commented
6 years ago @hhyzz Python换成27版本试试.?
happyskey
commented
6 years ago 无法安装Python的路由器版本 https://github.com/fffonion/Xunlei-Fastdick/raw/master/swjsq.py
运行时报错:
F:\swjsq>python swjsq.py
Traceback (most recent call last):
File "swjsq.py", line 787, in
Huozhangqi
commented
6 years ago @happyskey @Lonlykids 测试python2.7版本正常
这个issue集中讨论108协议无法登录或者登录几次之后失败 以及更新新协议的开发进度