最近微信运动中都在流行比步数= =现在这里已经成为了一个装逼圣地了,每次看到别人把自己的封面占领后都会无比的无奈╮(╯_╰)╭可是每个人心中都有那么一点小九九希望占领别人的封面。现在就来说一下怎么在微信运动中在朋友之间装一波大逼。先来看一下效果图哈哈哈~

https://www.daryl.red/wp-content/uploads/2016/02/IMG_0306.jpg

看到了吧,97110步哈哈哈哈~~~然后来看具体是怎么做的。

首先我们要借助一个第三方的部署统计的应用——乐动力。戳这里查看官网http://www.ledongli.cn/。应用的样子就是这个样子的。

https://www.daryl.red/wp-content/uploads/2016/02/IMG_0288.jpg

继续哈,看到左上角的设置键了嘛,点进去,会有一个提交成绩,这里点击这个提交成绩,就会将成绩提交给微信或者qq或者其它相关联的账户(前提是一定要关联上哈~)。这里就有问题了。这里提交是使用HTTP来进行提交的,估计设个数据包是可以改的,抓了个包之后看到下面这些报文数据。

POST /xq/io.ashx?&action=profile&cmd=updatedaily_eden&uid=37696132&v=5.8%20ios&vc=581%20ios HTTP/1.1
Host: pl.api.ledongli.cn
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
Accept: */*
User-Agent: xiaoqin/5.8 (iPhone; iOS 9.2.1; Scale/2.00)
Accept-Language: zh-Hans-CN;q=1, zh-Hant-CN;q=0.9
Content-Length: 645
Accept-Encoding: gzip, deflate

list=%5B%7B%22lon%22%3A120.34187212039591%2C%22calories%22%3A368.32262824365876%2C%22activeValue%22%3A76846%2C%22key%22%3A%2213dc3aeaefc35bd171e95eb55bc62712%22%2C%22lat%22%3A30.317888166626108%2C%22date%22%3A1456588800%2C%22location%22%3A%22%E6%9D%AD%E5%B7%9E%E5%B8%82%22%2C%22pm2d5%22%3A0%2C%22report%22%3A%22%5B%7B%5C%22activity%5C%22%3A%5C%22walking%5C%22%2C%5C%22calories%5C%22%3A220.4649834617322%2C%5C%22steps%5C%22%3A3748%2C%5C%22distance%5C%22%3A4420.4103699999987%2C%5C%22duration%5C%22%3A2760%7D%5D%22%2C%22duration%22%3A3000%2C%22distance%22%3A4420.4103699999987%2C%22steps%22%3A5489%7D%5D&pc=c4a6e349b97d3efe61e95609d3f36dbd7b657680

返回数据发现是这样的。

HTTP/1.1 200 OK
Date: Mon, 29 Feb 2016 08:58:57 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 87

{"status": "OK", "uid": null, "ret": null, "errorCode": 0, "error": null, "path": null}

棒棒哒,看来没有进行数据校验。先看下url里的key,可以看到有这样一个uid,这个应该就是乐动力的用户id,根据这个id查询数据库中记录的绑定信息。再来看下请求包中的post数据,发现了这两个key,一个是steps,一个是datestep就是步数,date就是更新的日期。我判断了半天,这个日期只能是当日0时0分的时间戳。改掉这些数据,就可以刷步数啦~

为了日后方便,我用php写了一个小脚本(不要问我为什么不用Python,因为我还不熟啊不熟不熟啊╮(╯_╰)╭)。

<?php
	date_default_timezone_set('Asia/Shanghai');
	$uid = '';//乐动力的用户id
	$steps = '';//想刷的步数
	$url = 'http://pl.api.ledongli.cn/xq/io.ashx?&action=profile&cmd=updatedaily&uid='.$uid.'&v=5.5%20ios&vc=551%20ios';
	$post = 'list=%5B%7B%22pm2d5%22%3A0%2C%22report%22%3A%22%5B%7B%5C%22activity%5C%22%3A%5C%22walking%5C%22%2C%5C%22calories%5C%22%3A437.14414200191618%2C%5C%22steps%5C%22%3A11111%2C%5C%22distance%5C%22%3A7519.0167199999987%2C%5C%22duration%5C%22%3A7140%7D%5D%22%2C%22distance%22%3A7519.0167199999987%2C%22steps%22%3A'.$steps.'%2C%22location%22%3A%22%E6%9D%AD%E5%B7%9E%E5%B8%82%22%2C%22date%22%3A'.mktime(0, 0, 0, date('n'), date('j'), date('Y')).'%2C%22calories%22%3A503.07246579211363%2C%22duration%22%3A6060%2C%22lon%22%3A120.2145220549457%2C%22activeValue%22%3A138208%2C%22lat%22%3A30.209404890080783%7D%5D&pc=fef5836f1127975bc9d19f8a24bb2cb3e46b6530';
	$ch = curl_init($url);
	curl_setopt($ch, CURLOPT_POST, true);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
	curl_exec($ch);
	curl_close($ch);

好了就这样了,不过还是那句话:莫装逼,装逼遭雷劈。 代码可以看这里。https://github.com/Daryl-L/wechat_steps