广告位,联系QQ:910488011
当前位置: 首页 > Q协分析 > QQ农场数据分析
Q协分析
QQ农场数据分析
作者: admin  时间: 2012-05-11  点击: 2829

对于Web应用,交互的数据还是很好分析的。要分析QQ农场,我主要使用到的工具有,HTTP协议抓包工具,我用的是firefox上插件jerad's web recorder,这个东东非常好用。swf反编译工具,我使用的是SWFDecompiler。

当进入农场时,例如请求获取到的数据为:

{"farmlandStatus":[{"a":10,"b":1,"c":0,"d":0,"e":1,"f":0,"g":0,"h":1,"i":100,"j":0,"k":0,"l":0,"m":0,"n":[],"o":0,"p":[],"q":1255359728,"r":1255359728},{"a":10,"b":1,"c":0,"d":0,"e":1,"f":0,"g":0,"h":1,"i":100,"j":0,"k":0,"l":0,"m":0,"n":[],"o":0,"p":[],"q":1255359726,"r":1255359726},{"a":10,"b":1,"c":0,"d":0,"e":1,"f":0,"g":0,"h":1,"i":100,"j":0,"k":0,"l":0,"m":0,"n":[],"o":0,"p":[],"q":1255359700,"r":1255359700},{"a":10,"b":1,"c":0,"d":0,"e":1,"f":0,"g":0,"h":1,"i":100,"j":0,"k":0,"l":0,"m":0,"n":[],"o":0,"p":[],"q":1255359727,"r":1255359727},{"a":10,"b":1,"c":0,"d":0,"e":1,"f":0,"g":0,"h":1,"i":100,"j":0,"k":0,"l":0,"m":0,"n":[],"o":0,"p":[],"q":1255359726,"r":1255359726},{"a":10,"b":1,"c":0,"d":0,"e":1,"f":0,"g":0,"h":1,"i":100,"j":0,"k":0,"l":0,"m":0,"n":[],"o":0,"p":[],"q":1255359700,"r":1255359700},{"a":10,"b":1,"c":0,"d":0,"e":1,"f":0,"g":0,"h":1,"i":100,"j":0,"k":0,"l":0,"m":0,"n":[],"o":0,"p":[],"q":1255359729,"r":1255359729},{"a":10,"b":1,"c":0,"d":0,"e":1,"f":0,"g":0,"h":1,"i":100,"j":0,"k":0,"l":0,"m":0,"n":[],"o":0,"p":[],"q":1255359726,"r":1255359726},{"a":10,"b":1,"c":0,"d":0,"e":1,"f":0,"g":0,"h":1,"i":100,"j":0,"k":0,"l":0,"m":0,"n":[],"o":0,"p":[],"q":1255359725,"r":1255359725}],"items":{"1":{"itemId":213},"2":{"itemId":214},"3":{"itemId":215},"4":{"itemId":216}},"exp":10852,"weather":{"weatherId":3,"weatherDesc":"/u96e8/u5929"},"serverTime":{"time":1255434832},"user":{"uId":7174870,"userName":null,"money":18353,"headPic":null,"exp":10852,"yellowlevel":0,"yellowstatus":0,"canbad":50,"pf":false},"cacheControl":{"seed":7,"tool":1,"diy":2},"a":true,"b":0,"c":false,"task":{"taskId":0,"taskFlag":0}}

通过反编译flash,可以在Main_v_10.swf与happyfarm_v_1.swf中破译上面这么怪异的表述,看来开发人员还是蛮有水平的,充分为了节省网络流量,用一个字母来表示。

farmlandStatus中有9块地正在使用。每块地的数据分析:
{"a":10,"b":1,"c":0,"d":0,"e":1,"f":0,"g":0,"h":1,"i":100,"j":0,"k":0,"l":0,"m":0,"n":[],"o":0,"p":[],"q":1255359728,"r":1255359728},

a:种子的编号
b:地的状态,1表示有植物在种
c:曾经是否有草
d:曾经是否有虫子
e:曾经是否干旱
f:大于0有草
g:大于0有虫子
h:等于0干旱
i:优秀程度
j:采摘的次数
l:大于0叶,最小能偷多少?这个不能太确认
m:大于0时,表示还剩下多少个
n:偷过我果实的好友uid列表
0:施肥的次数
p:动作?
q:作物播种时间点

r:更新时间点

用户数据分析:
"user":{"uId":7174870,"userName":null,"money":18353,"headPic":null,"exp":10852,"yellowlevel":0,"yellowstatus":0,"canbad":50,"pf":false},
uid:你的QQ号码在农场中的编号
money:表示用户的金币
exp:表示用户的经验,等级是根据经验计算出来的
yellowlevel,yellowstatus跟黄钻用户相关,偶不是黄钻。

一些URI,其中每个URI都有和farmTime与farmKey,其中farmTime为提交的时间点,既然每次要提交farmTime,那farmKey的加密码规则肯定与它有关,可能是MD5(farmTime+密钥)

下面我是抓包得到的farmKey 与farmTime

farmKey 52363cfa7e60658be05db5fce363416d
farmTime 1255434831

# 进入农场:

api.php?mod=user&act=run

# 获取所有好友
api.php?mod=friend&farmKey=%s&farmTime=%s&inuId="
body=({"refresh":"true"})


# 获取某好友信息
api.php?mod=user&act=run&flag=1&farmKey=%s&farmTime=%s&inuId='
body={'ownerId':fid}

# 浇水 fid: 用户ID place:土地编号
api.php?mod=farmlandstatus&act=water&farmKey=%s&farmTime=%s&inuId='
body={'ownerId':fid,'place':place}

# 除草 fid:用户ID place:土地编号
api.php?mod=farmlandstatus&act=clearWeed&farmKey=%s&farmTime=%s&inuId='
body={'ownerId':fid,'place':place}

# 杀虫
api.php?mod=farmlandstatus&act=spraying&farmKey=%s&farmTime=%s&inuId='
body={'ownerId':fid,'place':place,'tId':0}

# 获取商店列表
api.php?mod=repertory&act=getSeedInfo&farmKey=%s&farmTime=%s&inuId='

# 查看自己购买的物品
api.php?mod=repertory&act=getUserSeed&farmKey=%s&farmTime=%s&inuId='

# 翻土
api.php?mod=farmlandstatus&act=scarify&farmKey=%s&farmTime=%s&inuId='
body={'ownerId':fid,'place':place}

# 种植
api.php?mod=farmlandstatus&act=planting&farmKey=%s&farmTime=%s&inuId='
body={'cId':cid,'ownerId':uid,'place':place}

经过反复地抓取数据分析,最后还是能够分析出farmkey的加密规则,原来是这样的:

MD5(farmtime + "密钥".substr(farmtime% 10)),密钥这里就不说了,自行分析!