OK啊,又来“业绩”了啊
今天来玩玩骗子软件,是群里某个人端午正无聊的时候有个女骗子在B站私信主动找茬来的
果然是嘿壳群,真什么都有

然后可以把接口拆出来放自己软件上,就可以实现白嫖骗子服务器给自己提供聊天室服务
哈哈哈,这何尝不是一种NTR

首次打开app时

不知道干啥的请求

首先POST请求了一个url:
https://android.bugly.qq.com/rqd/async?aid=e857ee17-622e-439c-a58f-4acd3f95de0c
Request Headers

key value
wup_version 3.0
strategylastUpdateTime 0
appVer 108.6.8
bundleId hjgfjmg.fastrethDblcjology.hkfgdgRhk
sdkVer 4.1.9.3-4.1.9.3
tls 1
prodId ca4dcac538
cmd 840
platformId 1
A37 WIFI
A38 WIFI
Content-Type application/x-www-form-urlencoded
User-Agent Dalvik/2.1.0 (Linux; U; Android 10; CDY-AN00 Build/HUAWEICDY-AN00)
Host android.bugly.qq.com
Connection Keep-Alive
Accept-Encoding gzip
Content-Length 581

Requset Body

1
1F 8B 8 0 0 0 0 0 0 0 8D 52 3D 6F D3 40 18 3E C7 C5 4D D3 48 4D 29 1C 13 A2 43 29 3 B5 7B E7 3B 9F 6D 89 1 AB 6E 69 6 DA AA 40 B 53 E4 8F 73 BE 1C 1B 12 A7 A8 12 48 4C C A8 B B F0 F A8 C4 80 58 58 18 F8 3 CC CC 2C 14 76 24 CF 5C 4A 2 54 2 35 CB 3D EF A3 7B 3F 9F F7 5 40 7E 57 91 97 AE 5D 97 76 A6 B6 1F 84 B7 78 77 8F 77 A3 89 DE 7E 12 3C 6 92 7C 50 4 92 A2 84 3C F3 9A F1 45 C1 1F 95 80 4 4B 81 47 C3 C0 B C 62 2D 2E 34 5A F5 A8 D5 A9 6B 91 D7 CB BA 3C 6B B8 7E 1C B4 D2 38 AD EF 6B 8D 76 54 F EB DB 8D 36 9B C4 C8 D2 98 66 ED CC 50 D 6B B6 46 D4 21 7A F2 BA 28 23 7D 11 59 C7 CA B4 38 EF DB 34 64 9C 51 DD F 22 AA DB A1 17 88 7 31 6E 12 C6 22 14 71 1B 48 25 19 0 E9 E5 D5 CB 57 70 45 5A 9C EC 27 ED 24 7D 98 B0 B1 F2 AF 2D D8 14 13 1B E9 81 4A 75 62 A8 D4 67 9E EA 1B 21 51 FD 30 B4 4C 4B D7 C3 80 9A 77 41 51 29 AD 20 5A 73 B6 B6 6A 55 F7 6F 41 14 D9 21 C 4E 64 DD 3E 57 E4 35 8C A0 84 4 22 32 44 7D 88 C6 10 29 1C AB E0 C0 95 C1 D1 28 11 B8 2F 4D AF 83 B2 52 70 30 2C 99 36 31 10 42 86 C9 4 D7 4F 70 D9 D1 29 9C 73 92 B0 9B 36 C3 79 8C 96 62 BE C7 E3 79 DD 16 3F 98 C0 33 91 17 F7 F8 7F 27 29 38 6 9C F2 BA 1D 46 D5 3D CB 13 94 41 30 8 34 4 14 1C F3 17 31 61 19 63 53 54 24 84 52 46 7 8D DA 50 16 EB 1E 58 16 1C 2D FE 69 71 C5 BD A7 3A 1B 8 BD F8 57 3F 87 60 4A 29 B8 F4 58 14 47 67 F0 D2 7A DF DB E5 CD E5 D5 9B 9B B7 AB 9B 1B CB AB 9D 34 6B A6 C9 9D 6A D 13 D 69 3 E9 B0 3E EA 5F D8 78 A4 F8 D A1 38 18 80 71 DC 1E FB E3 E4 B0 DF 3 17 5C 2 CB 5F 3F BE F9 FE F6 C3 B7 D7 CF 8F 9E 3D 79 3F D6 12 3E 7D 9E D D2 8E 96 F1 24 E0 49 A6 F9 FD 7A BC 7F 74 EA 3D E6 33 13 BB D5 B5 EA 8F CA F0 26 DD 7C 16 E4 67 41 3E 7 F2 73 20 3F 7F 7A 3C 3C 8E CF 2F 80 E9 83 57 E5 C3 F2 4F B3 18 35 3D B1 3 0 0

Response Headers

key value
Date Sun, 01 Jun 2025 10:59:05 GMT
Content-Length 308
Connection keep-alive
Server Resin/4.0.27
Cache-Control private
Bugly-Version bugly/1.0
status 0
Set-Cookie JSESSIONID=aaagupyC3yaW_fTQsjRCz; path=/

Response Body

1
0 0 1 34 10 3 2C 3C 40 1 56 C 75 70 6C 6F 61 64 53 65 72 76 65 72 66 9 61 6E 61 6C 79 74 69 63 73 7D 0 1 1 7 8 0 1 6 6 64 65 74 61 69 6C 1D 0 1 0 F7 A C 11 1 FE 2D 0 1 0 D0 0 1 10 1 20 1 36 0 46 0 5A 6 8 2A 5E 40 4B 23 4B 40 21 16 8 53 28 40 4C 40 4C 40 29 B 68 0 12 6 3 42 31 30 16 4 31 30 32 34 6 3 42 31 31 16 1 31 6 3 42 31 32 16 1 30 6 3 42 31 33 16 1 30 6 3 42 31 34 16 1 30 6 3 42 32 35 16 1 31 6 3 42 31 35 16 1 30 6 3 42 32 36 16 D 31 34 34 36 33 33 37 38 30 30 30 30 30 6 3 42 31 36 16 1 30 6 2 42 31 16 1 31 6 2 42 32 16 1 31 6 2 42 33 16 4 32 35 30 30 6 2 42 34 16 2 37 30 6 2 42 35 16 1 38 6 2 42 36 16 3 32 35 36 6 2 42 37 16 2 31 30 6 2 42 38 16 3 35 31 32 6 2 42 39 16 2 31 35 73 0 0 1 96 CE 64 B6 88 86 0 96 0 36 D 31 31 32 2E 37 2E 31 38 35 2E 32 31 37 43 0 0 1 97 2B 25 2A B5 56 0 66 0 B 8C 98 C A8 C

不明所以,不知所谓。唯一有意思的是,这个域名竟然是QQ的

另一个不知所谓的请求

GET方法请求:
http://121.62.29.205:60777/jmsit612amdq/ybzkt612dDYxMg==
Request Headers

key value
Host 121.62.29.205:60777
Connection Keep-Alive
Accept-Encoding gzip
User-Agent okhttp/4.10.0

Response Headers

key value
Server nginx/1.20.1
Date Sun, 01 Jun 2025 10:59:08 GMT
Content-Type application/octet-stream
Content-Length 90
Connection keep-alive
Accept-Ranges bytes
ETag “374167534b1687c6a0e4b1077400db30”
Last-Modified Tue, 27 May 2025 11:00:32 GMT
Strict-Transport-Security max-age=31536000; includeSubDomains
Vary Origin
Vary Accept-Encoding
X-Amz-Id-2 87ef3db1a67a60b69bcfee10c0874f8a253fc9bc1bf4e58d7314742c975c4eb6
X-Amz-Request-Id 1844E6188C37C6E2
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block
Expires Sun, 01 Jun 2025 10:59:08 GMT
Cache-Control max-age=0

Response Body

1
RaHR0cHM6Ly9jaGVuZmRhZmR0NjEycS52Z3F4cHIuY258aHR0cHM6Ly9jaGVuZmRhZmR0NjEydy52Z3F4cHIuY24=B

这么长的返回头部也真是绝了,然后也不知道这里是干啥的
然后下面就比较关键的了

登录初始化包

依然是GET请求,用以实现登录前云端向客户端传递操作时所需要的参数
https://chenfdafdt612q.vgqxpr.cn/api/login/main
Request Headers

key value
X-App-Identifier 3dDYxMmFwcA==4
Proxy-Authorization 1dDYxMg==2
Accept-site
Host chenfdafdt612q.vgqxpr.cn
Connection-Type keep-alive
Accept-Encoding gzip
User-Agent okhttp/4.10.0

请求头能一样的尽量一样吧,这链接有验证。如果浏览器直接访问的话会因为某些验证对不上导致被重定向
Response Body

key value
Date Sun, 01 Jun 2025 10:59:08 GMT
Content-Type application/json
Content-Length 1329
Connection keep-alive
Access-Control-Allow-Origin *
Access-Control-Allow-Credentials true
Access-Control-Allow-Headers *
Trace-Id 7271e4a43b50fe9d
Content-Encoding gzip
Server cdnwaf
X-Cache-Status MISS

Response Body

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
{
  "code": 200,
  "message": "操作成功",
  "data": {
    "yk": "3ee3YSm3DDSLx9REkhPR3w==",
    "enable_wallet": "0",
    "enable_register": "1",
    "enable_sms_register": 0,
    "is_open_code": "0",
    "required_invite": "0",
    "search_mode": "2",
    "add_friend_mode": "2",
    "enable_redpack": 0,
    "enable_team_redpack": 0,
    "redpack_amount_limit_min": "10",
    "redpack_amount_limit_max": "9999",
    "redpack_team_amount_limit_max": "100000",
    "redpack_team_amount_limit_min": "10",
    "enable_sign_activity": "0",
    "allow_team_members_exit": "1",
    "allow_pass_user_to_admin": "0",
    "allow_pass_admin_to_user": "0",
    "customer_service": "https://www.alipay.com",
    "allow_search_team_id": "0",
    "nickname_model": "0",
    "reg_nickname_blacklist": [
      "托",
      "导师",
      "财务",
      "客服",
      "骗子"
    ],
    "enable_prohibit_delect_friends": "1",
    "show_team_invite_msg": "0",
    "enable_members_profile_button": "0",
    "enable_recall_button": "1",
    "allow_team_user_visit_teaminfo": "1",
    "show_team_members_administration": "0",
    "enable_voice_button": "0",
    "enable_video_button": "0",
    "show_red_packet_details": "0",
    "word_filter": [
      "草你妈",
      "诈骗"
    ],
    "show_profile_sign": "1",
    "enable_limit_repeat_input": "0",
    "enable_limit_repeat_rule": {
      "repeat_msg_interval": "6",
      "msg_interval": "6",
      "msg_word_limit": "0"
    },
    "enable_pop_time": "0",
    "pop_time_rule": {
      "start_time": 1659283200,
      "end_time": 1727625600,
      "pop_announcement": "欢迎光临本平台!\n一起发财!@\n尊敬的用户,\n欢迎光临本平台!\n一起发财!@\n尊敬的用户,\n欢迎光临本平台!\n一起发财!@\n尊敬的用户,\n欢迎光临本平台!\n一起发财!@尊敬的用户,\n欢迎光临本平台!\n一起发财!@"
    },
    "app_id": "eus89QB4pT/IfflBgrNu4w==",
    "app_certificate": "l+BWPmbY7+QYskult7XcQQ==",
    "is_maintain": 0,
    "maintain_con": "网址更新, 请稍后",
    "encrypt_status": "0",
    "transfer_status": 0,
    "transfer_rule": {
      "transfer_day_count_limit": "10000",
      "transfer_day_limit": "10000",
      "transfer_once_max_limit": "100",
      "transfer_once_min_limit": "10"
    },
    "show_profile_id": "0",
    "enable_online_status": "1",
    "enable_history_msg_button": "1",
    "msg_block_interval": "600",
    "show_team_members": "0",
    "show_team_id": "0",
    "show_team_members_bot_count": "0",
    "show_team_members_bot_count_num": "3000",
    "show_team_members_count": "0",
    "allow_team_owner_clear_msg": "1",
    "enable_msg_read_status": "1",
    "is_business_card": "1",
    "official_introduction": "使用人工充值笔笔充值送2%《单笔充值最高限额5w》\n        支持支付宝,银行卡转账,微信,云闪付,花呗;\n        安全,稳定,请耐心充值,百分百成功,秒到账:\n        如遇客服发送其他平台,向客服举报,经核实奖励3000元!",
    "command": 0,
    "turntable_set": "0",
    "turntable_url": "http://www.baidu.com/",
    "game_domain": 0,
    "admin_delete_friend": "1",
    "group_word_filter": [
      ""
    ],
    "local_ip": "112.7.185.217",
    "site": "",
    "user_delete": "0"
  },
  "request_id": ""
}

注:这个返回结果是进行格式化以方便阅读后的结果。实际应为压缩后的json
难绷骗子把草泥马诈骗放到过滤词列表里,但是他没想到除了这两个词以外还能有不少词可以形容相同意思(哈哈)
如果要利用骗子服务器来组建自己的聊天室的话,虽然用不到这些东西,但是最好象征性的请求一下。防止骗子分析被发现利用

检查更新

是的,这破玩意儿竟然还有版本控制,真意想不到
为了方便表述(才不是因为我懒得写这么多表格),我直接采用纯文本方式表述(这可轻松多了哈哈)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Request
POST https://chenfdafdt612q.vgqxpr.cn/api/login/checkupdate HTTP/1.1
X-App-Identifier: 3dDYxMmFwcA==4
Proxy-Authorization: 1dDYxMg==2
versionName: 108.6.8
Authorization: Bearer
Accept-platform: android
Accept-version: 3
Accept-site: 
Accept-language: zh-cn
Content-Type: application/x-www-form-urlencoded
Content-Length: 22
Host: chenfdafdt612q.vgqxpr.cn
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/4.10.0


os=android&version=108
--------------------------------------------------------

Response
HTTP/1.1 200
Date: Sun, 01 Jun 2025 10:59:09 GMT
Content-Type: application/json
Content-Length: 90
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Trace-Id: c98f75a71057b66f
Content-Encoding: gzip
Server: cdnwaf
X-Cache-Status: MISS

{"code":403,"message":"已经是最新版","data":[],"request_id":""}

不愧是我,找了个节省工作量的好方法

账号管理

账号注册

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Request
POST https://chenfdafdt612q.vgqxpr.cn/api/login/register HTTP/1.1
X-App-Identifier: 3dDYxMmFwcA==4
Proxy-Authorization: 1dDYxMg==2
versionName: 108.6.8
Authorization: Bearer
Accept-platform: android
Accept-version: 3
Accept-site: 
Accept-language: zh-cn
Content-Type: application/x-www-form-urlencoded
Content-Length: 127
Host: chenfdafdt612q.vgqxpr.cn
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/4.10.0


password=114517&code=&repassword=114517&nickname=%E6%88%91%E6%98%AF%E6%98%B5%E7%A7%B0&verify=&invite=&verify_id=&account=114517
--------------------------------------------------------

Response
HTTP/1.1 200
Date: Sun, 01 Jun 2025 13:08:29 GMT
Content-Type: application/json
Content-Length: 84
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Trace-Id: 683f639ef5646148
Content-Encoding: gzip
Server: cdnwaf
X-Cache-Status: MISS

{"code":200,"message":"操作成功","data":[],"request_id":""}

密码:114517
确认密码:114517
昵称:我是昵称
邀请码:
账号:114517
就是那个verify不知道是干啥的,可能还有人机验证?不知道反正我没遇到过

和没有一样的人机验证

就如同它的名字一样,太人机了
可能是这块的逻辑写了一半骗子就懒得写了,写到验证码的获取就放弃了干脆直接啥都不用直接注册

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Request
POST https://chenfdafdt612q.vgqxpr.cn/api/login/captcha HTTP/1.1
X-App-Identifier: 3dDYxMmFwcA==4
Proxy-Authorization: 1dDYxMg==2
versionName: 108.6.8
Authorization: Bearer
Accept-platform: android
Accept-version: 3
Accept-site: 
Accept-language: zh-cn
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Host: chenfdafdt612q.vgqxpr.cn
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/4.10.0



--------------------------------------------------------

Response
HTTP/1.1 200
Date: Sun, 01 Jun 2025 13:08:29 GMT
Content-Type: application/json
Content-Length: 1850
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Trace-Id: 0e1f475beaf57b5d
Content-Encoding: gzip
Server: cdnwaf
X-Cache-Status: MISS

{"code":200,"message":"操作成功","data":{"base64":"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAKIAAAAyCAMAAADoSvBqAAAAulBMVEX\/\/\/94XE7Vs5uWpduXycfbxszez97gxNjHxp7bt7Hfwam9v9Lu6uiPcWGqmZDCoJiQcmbMwbzJqJGZhHrd1tK1lIvOq6S7raapiX+IcGR\/bnGKiaaOkreskJOFaV\/GqrWReHK5naTRwMyrlZbTt8aEamCfg4Geh4TEsrq3o6iSdnC0ssGJdG+RgX+Hkop\/d2yTu7d7aV2HgJR7ZV+LoJmDd4KDhHuPrajCq6yEaV3OuLypkY21npyQdm2Cs5zwAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAFV0lEQVRYhbWZiZrbNBCANc56ncRGrZFBq5bs0dJ02ULZQimE4\/1fi5mRfOlw7CSdb6NNbMf6NbccIQLZbDY0hCdEUfTjbNlutzR0n\/N8dLosF93NiqWLMRZOFiL2Y0Qug2jXjeNCOCseYn4JLQrf0B2iZTxTiwPEEvlOQyRvHJq5RxTL7TyBSHTliYieDBBPkCSihVuOuHJyOURfzka0Mkbku\/pufrJ8HUTmuwAi3+IyvugTXko8xDMimghPytIJ4ftkJHl+GX8Z6HACcRxDVTVFSK8M32XZBfDE2MrTiJ2DVhqaxGW1fHpqapHNsceRUrmUkEOotZrWRkbV2BhA2Rvl7pQu\/8L1G268COEQUSJjHblEE6DRuz3ss3mI2+0ixI7wGiXBaC1tTAMqvKBGQNmIW0DUO\/bFBOKGRcxE7GVAaF8xRCasgCBCSxtT48FiD0rBvqCIntDiCYgjwjQj\/a8USAM6OK91oytR3NEKnooeLoZIx7ZOlhKmtdghSg1GhpZm5Rq81S008NSTbCKI9tCYMK2bALH1RZfVeoN2rqjjljZ0tBHVDh727QKIL0Rsj4w0eAxxdGmW0YXZN\/IFzvAS2uC13QVqS8UtLcEoRNRaKR26QYQQpRkk2KT5QkJSIHJ+iwGqmga6NO1KLgZujamFbDqWCrGlEErVRqZSu0Nsm+hquNLliNl3L5ExdDo8kopprosGXRFmTERSK5yiu0+Q7dbrNCMRis33GiMD\/CStcOGJmKZm5gPjzyQEmsA4la9mI\/JiMkK8oTsE9iTLo7F3cFsUd30h5OjCVqsmxEhijwgaQ0qNRVMy4QpnHveFScRuQtbHjReP1oqECLUZ6LhF1PAz6RltGKuRIzFgPgJ8\/BUV2a10xIiI60lM1McNgJ8xNNyjOfTugY3tcSCiAusckczJcnXVjhLt8fwJnRG\/8Pr1iul8La6nVWmiDnePh968NWzpux+7w1mrReMiqYnF0xARL9D4X1Ln8dvvIMN9nqNLM9bRsL1+22jFHQ2lo0HGR0Rs\/MsPv4Dz33g8ERz\/Yb5RTYVvP6Mi\/5Do4DEtTiOiIZV15KFU98T3Tj\/s6WxR+OFSYy9pv1XLSURNuRW+PF+J6gslYIfn++IUYgO2nvli4N37Rz79sMPOsHM4h4ghytEiKgymWMC0iAKbDnCB8vxnJU5AlLG0jfLTo02dvALoPcEhGqhoYY2kc4ENGNEKvf\/rAHD4m46xjXkY8kwj2gISqsEV+0ctqVSrmvedtPPsELXNRpCqgkR3xWrL8woTzj85Ia5W9snIZI4ZCzdcRgT9nEV8w\/mZ611pd\/C8KRWkfP6mn43GgnscajSw6NefPzUuyNnGCwitHbX3xLVlvL5WGI32s7d3byhalJ7YxNqqoshD8n\/hkB8cISHOJqx4p4R\/0W2kV0n9xwt1Ync4EKvnylVAGDwMWE8Xk15w+2TTtg2v6dYdEcfOcAyQayOlbZEfwNTw3wnPK1y6QVMw4mj+cDdSlqEzHBElbSuLqswxXJYTUkqjtC2tw49njyGGVx2p\/9r2Xw2Hvjmu9cRdKOm9wtruzW23IkPEqL9O1390QbQzVUAZKw6zhRriVyvfgrMR+zF2b9pz1FzmJzc5R6WRP3Qzr51cBpEfrZi6SnQaS8TfjBNivzc6A1FgMALuFKNWXvTMz398i3Mmf40LETM7Jias6lR6OgdxfnWagZiWud8IO6NF9bOfajjhvAcOc9eUat5mS9twLUccSrwiWq5gJ7GYUGTMOBOxLGO\/dyTSa4sYXrwQkV\/ZPMSyxIsDxlRi4OYyFSmzjeQ0mM3Tol2QRfwfB11Kal1olkUAAAAASUVORK5CYII=","base_id":"ioc4Dav6lmE3oHgU"},"request_id":""}

登录

这个接口的目的是获取账号的token,为了给需要登录的接口使用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Request
POST https://chenfdafdt612q.vgqxpr.cn/api/login/login HTTP/1.1
X-App-Identifier: 3dDYxMmFwcA==4
Proxy-Authorization: 1dDYxMg==2
versionName: 108.6.8
Authorization: Bearer
Accept-platform: android
Accept-version: 3
Accept-site: 
Accept-language: zh-cn
Content-Type: application/x-www-form-urlencoded
Content-Length: 81
Host: chenfdafdt612q.vgqxpr.cn
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/4.10.0


password=114517&client=android&verify=&verify_id=ioc4Dav6lmE3oHgU&username=114517
--------------------------------------------------------

Response
HTTP/1.1 200
Date: Sun, 01 Jun 2025 13:15:11 GMT
Content-Type: application/json
Content-Length: 704
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Trace-Id: f262d91306f4ecb1
Content-Encoding: gzip
Server: cdnwaf
X-Cache-Status: MISS

{"code":200,"message":"操作成功","data":{"UserID":"30073647","UserSig":"eJwtzMEKgkAUheF3uevQuY7TTEKLWkQLFcIwAzfCjHULZbChrOjdM3N5vgP-G-Zx5t1NBxEEHoPZuEmb1lFNI3PGJJ*Hcvpu*lpZSxqigDFUGLK-m95SZyBCIcTwTOqo*ZkMlVRcIk4NOg3hVK*a-BKXfi42Ds-xUbwwK-1t-WjFukgXukgUd8nTHvp8t4TPFxRPMOs_","token_api":"eyJ0eXAiOiJqd3QifQ.eyJzdWIiOiIxIiwiaXNzIjoiaHR0cDpcL1wvOiIsImV4cCI6MTc2NDMzNTcxMSwiaWF0IjoxNzQ4NzgzNzExLCJuYmYiOjE3NDg3ODM3MTEsInVpZCI6MzAwNzM2NDcsInMiOiJuZEttNWwiLCJqdGkiOiJkMWNhZjllNjUxZjdmZGIwMWFkZGZiZjQ2YWRmMjVmNSJ9.NzFhNjMxMzE5ZGQ4MjI3ZDVjNjAzMDc2MTlhZTJjNTI5ZjhmMDY1YQ","user_nickname":"我是昵称","telephone":"114517","account":"114517","friendcover":"","addfriend":"1","creategroup":"1","moments":0,"is_admin":0,"is_bud_register":0,"avatar":"http:\/\/xzup7npic.lfyhjn.com\/photo_2025-04-10_13-59-01.jpg","password_pay":0,"site":""},"request_id":""}

这里的username对应上面的account
当然还有一种被封号的情况(调戏骗子是这样的):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Request
POST https://chenfdafdt612q.vgqxpr.cn/api/login/login HTTP/1.1
X-App-Identifier: 3dDYxMmFwcA==4
Proxy-Authorization: 1dDYxMg==2
versionName: 108.6.8
Authorization: Bearer eyJ0eXAiOiJqd3QifQ.eyJzdWIiOiIxIiwiaXNzIjoiaHR0cDpcL1wvOiIsImV4cCI6MTc2NDMzNTcxMSwiaWF0IjoxNzQ4NzgzNzExLCJuYmYiOjE3NDg3ODM3MTEsInVpZCI6MzAwNzM2NDcsInMiOiJuZEttNWwiLCJqdGkiOiJkMWNhZjllNjUxZjdmZGIwMWFkZGZiZjQ2YWRmMjVmNSJ9.NzFhNjMxMzE5ZGQ4MjI3ZDVjNjAzMDc2MTlhZTJjNTI5ZjhmMDY1YQ
Accept-platform: android
Accept-version: 3
Accept-site: 
Accept-language: zh-cn
Content-Type: application/x-www-form-urlencoded
Content-Length: 65
Host: chenfdafdt612q.vgqxpr.cn
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/4.10.0


password=114514&client=android&verify=&verify_id=&username=114514
--------------------------------------------------------

Response
HTTP/1.1 200
Date: Sun, 01 Jun 2025 13:23:56 GMT
Content-Type: application/json
Content-Length: 84
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Trace-Id: 7418f5ea5126abe9
Content-Encoding: gzip
Server: cdnwaf
X-Cache-Status: MISS

{"code":403,"message":"账户异常","data":[],"request_id":""}

退登

笑死这骗子根本连退出登录都不写,每次登录都只是获取一个新的token(不知道刷新会不会让上次获取的自动失效)

账号资料

获取自己资料

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Request
POST https://chenfdafdt612q.vgqxpr.cn/api/member/info HTTP/1.1
X-App-Identifier: 3dDYxMmFwcA==4
Proxy-Authorization: 1dDYxMg==2
versionName: 108.6.8
Authorization: Bearer eyJ0eXAiOiJqd3QifQ.eyJzdWIiOiIxIiwiaXNzIjoiaHR0cDpcL1wvOiIsImV4cCI6MTc2NDMzNTcxMSwiaWF0IjoxNzQ4NzgzNzExLCJuYmYiOjE3NDg3ODM3MTEsInVpZCI6MzAwNzM2NDcsInMiOiJuZEttNWwiLCJqdGkiOiJkMWNhZjllNjUxZjdmZGIwMWFkZGZiZjQ2YWRmMjVmNSJ9.NzFhNjMxMzE5ZGQ4MjI3ZDVjNjAzMDc2MTlhZTJjNTI5ZjhmMDY1YQ
Accept-platform: android
Accept-version: 3
Accept-site: 
Accept-language: zh-cn
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Host: chenfdafdt612q.vgqxpr.cn
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/4.10.0



--------------------------------------------------------

Response
HTTP/1.1 200
Date: Sun, 01 Jun 2025 13:15:13 GMT
Content-Type: application/json
Content-Length: 337
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Trace-Id: 71af3fededbcdd8d
Content-Encoding: gzip
Server: cdnwaf
X-Cache-Status: MISS

{"code":200,"message":"操作成功","data":{"id":30073647,"username":"114517","nickname":"我是昵称","avatar":"http:\/\/xzup7npic.lfyhjn.com\/photo_2025-04-10_13-59-01.jpg","balance":"0.00","signature":"","email":"","birthday":"","mobile":"","gender":0,"is_admin":0,"allow_login":1,"allow_create_team":1,"allow_add_friend":1,"password_pay":0,"is_verify":0,"turn_count":0,"online_status":1,"timestamp":1748783713,"site":""},"request_id":""}

就是获得自己注册的时候填的账号信息

搜索用户

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Request
POST https://chenfdafdt612q.vgqxpr.cn/api/member/search HTTP/1.1
X-App-Identifier: 3dDYxMmFwcA==4
Proxy-Authorization: 1dDYxMg==2
versionName: 108.6.8
Authorization: Bearer eyJ0eXAiOiJqd3QifQ.eyJzdWIiOiIxIiwiaXNzIjoiaHR0cDpcL1wvOiIsImV4cCI6MTc2NDMzNjUzMSwiaWF0IjoxNzQ4Nzg0NTMxLCJuYmYiOjE3NDg3ODQ1MzEsInVpZCI6MzAwNzM2NDcsInMiOiJiVkJRbk8iLCJqdGkiOiI0NzkxNjA1ZmZjNDQ1MDBhMGQ2YjMxMTMxZTc3OWU2NSJ9.N2FlNzI1MGVhODNlMWQwMjY4OTViN2Q5YTlhMDY1ZGI1NWUyZWFlMw
Accept-platform: android
Accept-version: 3
Accept-site: 
Accept-language: zh
Content-Type: application/x-www-form-urlencoded
Content-Length: 15
Host: chenfdafdt612q.vgqxpr.cn
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/4.10.0


username=114515
--------------------------------------------------------

Response
HTTP/1.1 200
Date: Sun, 01 Jun 2025 13:33:00 GMT
Content-Type: application/json
Content-Length: 204
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Trace-Id: 7d06d677c304a6f0
Content-Encoding: gzip
Server: cdnwaf
X-Cache-Status: MISS

{"code":200,"message":"操作成功","data":{"user_id":"26500769","nickname":"114515","avatar":"http:\/\/xzup7npic.lfyhjn.com\/photo_2025-04-10_13-59-01.jpg","is_admin":0,"signature":"","is_friend":0},"request_id":""}

请求添加好友

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Request
POST https://chenfdafdt612q.vgqxpr.cn/api/sync/friend_remark HTTP/1.1
X-App-Identifier: 3dDYxMmFwcA==4
Proxy-Authorization: 1dDYxMg==2
versionName: 108.6.8
Authorization: Bearer eyJ0eXAiOiJqd3QifQ.eyJzdWIiOiIxIiwiaXNzIjoiaHR0cDpcL1wvOiIsImV4cCI6MTc2NDMzNjUzMSwiaWF0IjoxNzQ4Nzg0NTMxLCJuYmYiOjE3NDg3ODQ1MzEsInVpZCI6MzAwNzM2NDcsInMiOiJiVkJRbk8iLCJqdGkiOiI0NzkxNjA1ZmZjNDQ1MDBhMGQ2YjMxMTMxZTc3OWU2NSJ9.N2FlNzI1MGVhODNlMWQwMjY4OTViN2Q5YTlhMDY1ZGI1NWUyZWFlMw
Accept-platform: android
Accept-version: 3
Accept-site: 
Accept-language: zh
Content-Type: application/x-www-form-urlencoded
Content-Length: 60
Host: chenfdafdt612q.vgqxpr.cn
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/4.10.0


user_id=26500769&remark=%E6%88%91%E6%98%AF%E5%A4%87%E6%B3%A8
--------------------------------------------------------

Response
HTTP/1.1 200
Date: Sun, 01 Jun 2025 13:33:31 GMT
Content-Type: application/json
Content-Length: 84
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Trace-Id: d3a6593e43c9bef7
Content-Encoding: gzip
Server: cdnwaf
X-Cache-Status: MISS

{"code":200,"message":"操作成功","data":[],"request_id":""}

remark是备注
似乎修改备注也是这个接口,这代码复用率可谓是非常高了

同意好友申请

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Request
POST https://chenfdafdt612q.vgqxpr.cn/api/sync/friend HTTP/1.1
X-App-Identifier: 3dDYxMmFwcA==4
Proxy-Authorization: 1dDYxMg==2
versionName: 108.6.8
Authorization: Bearer eyJ0eXAiOiJqd3QifQ.eyJzdWIiOiIxIiwiaXNzIjoiaHR0cDpcL1wvOiIsImV4cCI6MTc2NDMzNzA3NiwiaWF0IjoxNzQ4Nzg1MDc2LCJuYmYiOjE3NDg3ODUwNzYsInVpZCI6MjY1MDA3NjksInMiOiJtd2Ixd0kiLCJqdGkiOiJlNDA1MjdhYWM1NzFhNWU0YWM0NWU1ZTMyM2Y4N2ViYiJ9.MDdhYWIxNDg5ZTFjNjVhNGY5Njc5OTZmZTFlZWFjZGU1YTk4NDU4MA
Accept-platform: android
Accept-version: 3
Accept-site: 
Accept-language: zh
Content-Type: application/x-www-form-urlencoded
Content-Length: 25
Host: chenfdafdt612q.vgqxpr.cn
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/4.10.0


status=1&user_id=30073647
--------------------------------------------------------

Response
HTTP/1.1 200
Date: Sun, 01 Jun 2025 13:39:40 GMT
Content-Type: application/json
Content-Length: 84
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Trace-Id: 823a5c4fac5c5ba7
Content-Encoding: gzip
Server: cdnwaf
X-Cache-Status: MISS

{"code":200,"message":"操作成功","data":[],"request_id":""}

盲猜一波拒绝也是这个接口,1变成0

关于其他

刚才看了下,发消息和是否有新好友申请啥的用的都不是HTTP接口,那应该就是协议包了
我并不会逆向协议包这些
所以对于这个骗子自建聊天平台的逆向也只能是浅尝辄止
我也没办法了,能扒出来HTTP的接口倒是也能有很多好玩的
但是如果要组建聊天室,恐怕只有这些是不够的
因此白嫖骗子服务器来建聊天室必须去逆向协议包和协议包接口的通信过程
我反正是做不到了,只能尽量收集那些HTTP接口的东西了