Collect seeded Qinglong script repositories
This commit is contained in:
260
脚本库/微信小程序/抓包版/益禾堂/2026-04-12_yht_3f2d67f0.js
Normal file
260
脚本库/微信小程序/抓包版/益禾堂/2026-04-12_yht_3f2d67f0.js
Normal file
@@ -0,0 +1,260 @@
|
||||
// # Source: https://github.com/smallfawn/QLScriptPublic/blob/main/daily/yht.js
|
||||
// # Raw: https://raw.githubusercontent.com/smallfawn/QLScriptPublic/main/daily/yht.js
|
||||
// # Repo: smallfawn/QLScriptPublic
|
||||
// # Path: daily/yht.js
|
||||
// # UploadedAt: 2026-04-12T06:41:36Z
|
||||
// # SHA256: 3f2d67f0b71391331c9cc40ea43a3b49855e4fbefc611dd27988f1974cb41533
|
||||
// # Category: 微信小程序/抓包版
|
||||
// # Evidence: appid/openid/session_key/encryptedData等小程序字段
|
||||
//
|
||||
|
||||
/*
|
||||
------------------------------------------
|
||||
@Author: sm
|
||||
@Date: 2024.06.07 19:15
|
||||
@Description:
|
||||
@cron: 30 8 * * *
|
||||
------------------------------------------
|
||||
益禾堂 qm-user-token
|
||||
------------------------------------------
|
||||
|
||||
*/
|
||||
window = {}
|
||||
const {
|
||||
Env
|
||||
} = require("../tools/env")
|
||||
const $ = new Env("益禾堂");
|
||||
let ckName = `yht`;
|
||||
const strSplitor = "#";
|
||||
const axios = require("axios");
|
||||
const defaultUserAgent = "Mozilla/5.0 (iPhone; CPU iPhone OS 16_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.31(0x18001e31) NetType/WIFI Language/zh_CN miniProgram"
|
||||
|
||||
|
||||
class Task {
|
||||
constructor(env) {
|
||||
this.index = $.userIdx++
|
||||
this.user = env.split(strSplitor);
|
||||
this.token = this.user[0];
|
||||
this.activityUrl = ''
|
||||
|
||||
}
|
||||
|
||||
async run() {
|
||||
|
||||
await this.getLoginUrl()
|
||||
|
||||
await this.getActivityToken()
|
||||
let key = await this.getActivityKey()
|
||||
await this.doSign(key)
|
||||
|
||||
}
|
||||
async getLoginUrl() {
|
||||
let options = {
|
||||
method: 'POST',
|
||||
url: `https://webapi.qmai.cn/web/catering/crm/member/redirect`,
|
||||
headers: {
|
||||
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 MicroMessenger/7.0.20.1781(0x6700143B) NetType/WIFI MiniProgramEnv/Windows WindowsWechat/WMPF WindowsWechat(0x63090a13) UnifiedPCWindowsWechat(0xf254173b) XWEB/19027',
|
||||
'Accept': 'v=1.0',
|
||||
'Content-Type': 'application/json',
|
||||
'xweb_xhr': '1',
|
||||
'gdt-vid': '',
|
||||
'work-staff-name': '',
|
||||
'channelcode': '',
|
||||
'work-wechat-userid': '',
|
||||
'qz-gtd': '',
|
||||
'qm-from-type': 'catering',
|
||||
'accept-language': 'zh-CN',
|
||||
'scene': '1101',
|
||||
'qm-from': 'wechat',
|
||||
'qm-user-token': '' + this.token,
|
||||
'work-staff-id': '',
|
||||
'multi-store-id': '',
|
||||
'store-id': '203009',
|
||||
'promotion-code': '',
|
||||
'sec-fetch-site': 'cross-site',
|
||||
'sec-fetch-mode': 'cors',
|
||||
'sec-fetch-dest': 'empty',
|
||||
'referer': 'https://servicewechat.com/wx4080846d0cec2fd5/517/page-frame.html',
|
||||
'priority': 'u=1, i'
|
||||
},
|
||||
data: {
|
||||
"redirectUrl": "https://86019.activity-12.m.duiba.com.cn/chw/visual-editor/skins?id=203576",
|
||||
"appid": "wx4080846d0cec2fd5"
|
||||
}
|
||||
}
|
||||
let {
|
||||
data: result
|
||||
} = await axios.request(options);
|
||||
if (result.data && result.status) {
|
||||
this.activityUrl = result.data
|
||||
return result.data
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
ObjectKeys2LowerCase(e) { return e = Object.fromEntries(Object.entries(e).map((([e, t]) => [e.toLowerCase(), t]))), new Proxy(e, { get: function (e, t, r) { return Reflect.get(e, t.toLowerCase(), r) }, set: function (e, t, r, n) { return Reflect.set(e, t.toLowerCase(), r, n) } }) }
|
||||
|
||||
async getActivityToken() {
|
||||
|
||||
|
||||
const opts = {
|
||||
method: "GET",
|
||||
url: this.activityUrl,
|
||||
maxRedirects: 0,
|
||||
// 关键点 2: 默认 Axios 认为非 2xx 是错误,需定义 302 为合法状态
|
||||
validateStatus: function (status) {
|
||||
return status >= 200 && status < 400; // 允许 302 (或 3xx) 进入 .then
|
||||
},
|
||||
headers: {}
|
||||
}
|
||||
let res = await axios.request(opts);
|
||||
|
||||
let headers = this.ObjectKeys2LowerCase(res?.headers);
|
||||
//对青龙进行兼容
|
||||
let session = Array.isArray(headers['set-cookie']) ? [...new Set(headers['set-cookie'])].join("") : headers['set-cookie'];
|
||||
|
||||
let [wdata4, w_ts, _ac, wdata3, dcustom] = session.match(/(wdata4|w_ts|_ac|wdata3|dcustom)=.+?;/g)
|
||||
this.session = wdata4 + w_ts + _ac + wdata3 + dcustom;
|
||||
$.log(`✅ 获取活动token成功!`)
|
||||
|
||||
|
||||
|
||||
}
|
||||
async getActivityKey() {
|
||||
|
||||
let options = {
|
||||
method: 'POST',
|
||||
url: `https://86019-activity.dexfu.cn/chw/ctoken/getToken`,
|
||||
headers: {
|
||||
'Content-type': 'application/x-www-form-urlencoded',
|
||||
'Cookie': this.session,
|
||||
},
|
||||
data: {
|
||||
timestamp: Date.now(),
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
let {
|
||||
data: result
|
||||
} = await axios.request(options);
|
||||
if (result.success) {
|
||||
// 自动修复:将旧式八进制 (如 0123) 替换为现代写法 (0o123)
|
||||
// 匹配以 0 开头后面跟数字,且不含 x (十六进制) 或 b (二进制) 的部分
|
||||
const fixedCode = result.token.replace(/\b0([0-7]+)\b/g, '0o$1');
|
||||
eval(fixedCode)
|
||||
return window['620fa72t']
|
||||
|
||||
}
|
||||
}
|
||||
async doSign(key) {
|
||||
let data = ({
|
||||
'signOperatingId': '326649747164581',
|
||||
'token': '' + key
|
||||
});
|
||||
|
||||
let options = {
|
||||
method: 'POST',
|
||||
url: 'https://86019-activity.dexfu.cn/sign/component/doSign?_=' + Date.now(),
|
||||
headers: {
|
||||
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 MicroMessenger/7.0.20.1781 NetType/WIFI MiniProgramEnv/Windows WindowsWechat/WMPF XWEB/50249',
|
||||
'Accept': 'application/json, text/plain, */*',
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
'origin': 'https://86019-activity.dexfu.cn',
|
||||
'sec-fetch-site': 'same-origin',
|
||||
'sec-fetch-mode': 'cors',
|
||||
'sec-fetch-dest': 'empty',
|
||||
'referer': 'https://86019-activity.dexfu.cn/sign/component/page?signOperatingId=326649747164581',
|
||||
'accept-language': 'zh-CN,zh;q=0.9',
|
||||
'Cookie': this.session
|
||||
},
|
||||
data: data
|
||||
};
|
||||
let {
|
||||
data: result
|
||||
} = await axios.request(options);
|
||||
console.log(result);
|
||||
|
||||
/*if (result.success) {
|
||||
$.log(`✅ 签到成功!获得${result.data.signResult}积分`)
|
||||
}*/
|
||||
|
||||
}
|
||||
/**
|
||||
* 通用 eval 混淆解密函数(动态执行劫持)
|
||||
* @param {string} obfuscatedCode - 原始的混淆代码
|
||||
* @returns {string} - 解密后的真实代码
|
||||
*/
|
||||
decryptByHookingEval(obfuscatedCode) {
|
||||
let decryptedCode = "";
|
||||
|
||||
// 1. 备份系统原生的 eval
|
||||
const originalEval = globalThis.eval;
|
||||
|
||||
try {
|
||||
// 2. 劫持全局 eval 函数
|
||||
globalThis.eval = function (payload) {
|
||||
decryptedCode = payload; // 将解密后的字符串保存下来
|
||||
// 重要:不往下执行原生的 eval,从而阻止危险/恶意代码实际运行
|
||||
};
|
||||
|
||||
// 3. 构造一个沙箱函数并执行混淆代码的外壳
|
||||
// 外壳代码会执行所有的解密运算,并最终调用我们上面劫持的 eval()
|
||||
const runner = new Function(obfuscatedCode);
|
||||
runner();
|
||||
|
||||
} catch (error) {
|
||||
console.error("执行解密外壳时发生错误:", error);
|
||||
} finally {
|
||||
// 4. 无论成功与否,务必恢复系统的 eval,避免影响其他正常业务
|
||||
globalThis.eval = originalEval;
|
||||
}
|
||||
|
||||
return decryptedCode || "未能拦截到 eval 调用,可能代码结构不适用此方法。";
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
!(async () => {
|
||||
await getNotice()
|
||||
$.checkEnv(ckName);
|
||||
|
||||
for (let user of $.userList) {
|
||||
await new Task(user).run();
|
||||
}
|
||||
})()
|
||||
.catch((e) => console.log(e))
|
||||
.finally(() => $.done());
|
||||
|
||||
async function getNotice() {
|
||||
console.log(`1、此脚本仅用于学习研究,不保证其合法性、准确性、有效性,请根据情况自行判断,本人对此不承担任何保证责任。
|
||||
2、由于此脚本仅用于学习研究,您必须在下载后 24 小时内将所有内容从您的计算机或手机或任何存储设备中完全删除,若违反规定引起任何事件本人对此均不负责。
|
||||
3、请勿将此脚本用于任何商业或非法目的,若违反规定请自行对此负责。
|
||||
4、此脚本涉及应用与本人无关,本人对因此引起的任何隐私泄漏或其他后果不承担任何责任。
|
||||
5、本人对任何脚本引发的问题概不负责,包括但不限于由脚本错误引起的任何损失和损害。
|
||||
6、如果任何单位或个人认为此脚本可能涉嫌侵犯其权利,应及时通知并提供身份证明,所有权证明,我们将在收到认证文件确认后删除此脚本。
|
||||
7、所有直接或间接使用、查看此脚本的人均应该仔细阅读此声明。本人保留随时更改或补充此声明的权利。一旦您使用或复制了此脚本,即视为您已接受此免责声明。`)
|
||||
try {
|
||||
let options = {
|
||||
url: `https://ghproxy.net/https://raw.githubusercontent.com/smallfawn/Note/refs/heads/main/Notice.json`,
|
||||
headers: {
|
||||
"User-Agent": defaultUserAgent,
|
||||
},
|
||||
timeout: 3000
|
||||
}
|
||||
let {
|
||||
data: res
|
||||
} = await axios.request(options);
|
||||
$.log(res)
|
||||
return res
|
||||
} catch (e) { }
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user