引入加密参计算方法

加密参的计算引用详见文件内注释

SenKongDao.py

@@ -1,81 +1,89 @@
-import json
-import sys
-import time
-import datetime
-
-import requests
-
-# 声明常量
-# 签到url post请求
-SIGN_URL = "https://zonai.skland.com/api/v1/game/attendance"
-SUCCESS_CODE = 0
-# 休眠三秒继续其他账号签到
-SLEEP_TIME = 3
-
-# 打印当前时间
-print("当前时间为：" + datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
-
-# 读取cookie
-cookie_file = open("SenKongDao_config.txt", "r+", encoding="utf8")
-cookie_lines = cookie_file.readlines()
-cookie_file.close()
-print("已读取" + str(len(cookie_lines)) + "个cookie")
-print(str(SLEEP_TIME) + "秒后进行签到...")
-time.sleep(SLEEP_TIME)
-
-# 遍历cookie
-for cookie_line in cookie_lines:
-
-    # 准备签到信息
-    configs = cookie_line.split("&")
-    uid = configs[0].strip()
-    signing_cookie = configs[1].strip()
-    headers = {
-        "user-agent": "Skland/1.0.1 (com.hypergryph.skland; build:100001014; Android 33; ) Okhttp/4.11.0",
-        "cred": signing_cookie,
-        "vName": "1.0.1",
-        "vCode": "100001014",
-        'Accept-Encoding': 'gzip',
-        'Connection': 'close',
-        "dId": "de9759a5afaa634f",
-        "platform": "1"
-    }
-    data = {
-        "uid": str(uid),
-        "gameId": 1
-    }
-
-    # 签到请求
-    sign_response = requests.post(headers=headers, url=SIGN_URL, data=data)
-
-    # 检验返回是否为json格式
-    try:
-        sign_response_json = json.loads(sign_response.text)
-    except:
-        print(sign_response.text)
-        print("返回结果非json格式，请检查...")
-        time.sleep(SLEEP_TIME)
-        sys.exit()
-
-    # 如果为json则解析
-    code = sign_response_json.get("code")
-    message = sign_response_json.get("message")
-    data = sign_response_json.get("data")
-
-    # 返回成功的话，打印详细信息
-    if code == SUCCESS_CODE:
-        print("签到成功")
-        awards = sign_response_json.get("data").get("awards")
-        for award in awards:
-            print("签到获得的奖励ID为：" + award.get("resource").get("id"))
-            print("此次签到获得了" + str(award.get("count")) + "单位的" + award.get("resource").get("name") + "(" + award.get(
-                "resource").get("type") + ")")
-            print("奖励类型为：" + award.get("type"))
-    else:
-        print(sign_response_json)
-        print("签到失败，请检查以上信息...")
-
-    # 休眠指定时间后，继续下个账户
-    time.sleep(SLEEP_TIME)
-
-print("程序运行结束")
+import json
+import sys
+import time
+import datetime
+import headersGenerator
+import requests
+import constants
+
+# 常量引入
+success_code = constants.success_code
+sleep_time = constants.sleep_time
+sign_url = constants.sign_url
+app_version = constants.app_version
+
+# 打印当前时间
+print("当前时间为：" + datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
+
+# 读取cookie
+cookie_file = open("SenKongDao_config.txt", "r+", encoding="utf8")
+cookie_lines = cookie_file.readlines()
+cookie_file.close()
+print("已读取" + str(len(cookie_lines)) + "个cookie")
+print(str(sleep_time) + "秒后进行签到...")
+time.sleep(sleep_time)
+
+# 遍历cookie
+for cookie_line in cookie_lines:
+
+    # 准备签到信息
+    configs = cookie_line.split("&")
+    uid = configs[0].strip()
+    atoken = configs[1].strip()
+
+    # 获取签到用的值
+    cred_resp = headersGenerator.get_cred_by_token(atoken)
+    sign_token = cred_resp['token']
+    sign_cred = cred_resp['cred']
+
+    # headers初始化
+    init_headers = {
+        'user-agent': 'Skland/'+app_version+' (com.hypergryph.skland; build:100501001; Android 25; ) Okhttp/4.11.0',
+        'cred': sign_cred,
+        'Accept-Encoding': 'gzip',
+        'Connection': 'close',
+    }
+
+    # body
+    data = {
+        "uid": str(uid),
+        "gameId": 1
+    }
+
+    # headers添加加密参
+    headers = headersGenerator.get_sign_header(sign_url, 'post', data, init_headers, sign_token)
+
+    # 签到请求
+    sign_response = requests.post(headers=headers, url=sign_url, json=data)
+
+    # 检验返回是否为json格式
+    try:
+        sign_response_json = json.loads(sign_response.text)
+    except:
+        print(sign_response.text)
+        print("返回结果非json格式，请检查...")
+        time.sleep(sleep_time)
+        sys.exit()
+
+    # 如果为json则解析
+    code = sign_response_json.get("code")
+    message = sign_response_json.get("message")
+    data = sign_response_json.get("data")
+
+    # 返回成功的话，打印详细信息
+    if code == success_code:
+        print("签到成功")
+        awards = sign_response_json.get("data").get("awards")
+        for award in awards:
+            print("签到获得的奖励ID为：" + award.get("resource").get("id"))
+            print("此次签到获得了" + str(award.get("count")) + "单位的" + award.get("resource").get("name") + "(" + award.get(
+                "resource").get("type") + ")")
+            print("奖励类型为：" + award.get("type"))
+    else:
+        print(sign_response_json)
+        print("签到失败，请检查以上信息...")
+
+    # 休眠指定时间后，继续下个账户
+    time.sleep(sleep_time)
+
+print("程序运行结束")

constants.py

@@ -0,0 +1,15 @@
+# app信息
+app_code = '4ca99fa6b56cc2ba'
+app_version = '1.5.1'
+
+# 使用认证代码获得cred
+cred_code_url = "https://zonai.skland.com/api/v1/user/auth/generate_cred_by_code"
+# 使用token获得认证代码
+grant_code_url = "https://as.hypergryph.com/user/oauth2/v2/grant"
+# 签到url post请求
+sign_url = "https://zonai.skland.com/api/v1/game/attendance"
+
+# 请求成功的code码
+success_code = 0
+# 休眠x秒继续其他账号签到
+sleep_time = 3

headersGenerator.py

@@ -0,0 +1,89 @@
+import hashlib
+import hmac
+import json
+import time
+from urllib import parse
+import requests
+import constants
+
+# headers参数解密来源于Gitee作者xxyz30
+# 原仓库地址：https://gitee.com/FancyCabbage/skyland-auto-sign
+
+# 常量引入
+cred_code_url = constants.cred_code_url
+grant_code_url = constants.grant_code_url
+app_version = constants.app_version
+app_code = constants.app_code
+
+header_login = {
+    'User-Agent': 'Skland/'+app_version+' (com.hypergryph.skland; build:100001014; Android 31; ) Okhttp/4.11.0',
+    'Accept-Encoding': 'gzip',
+    'Connection': 'close'
+}
+
+header_for_sign = {
+    'platform': '1',
+    'timestamp': '',
+    'dId': '',
+    'vName': app_version
+}
+
+def get_grant_code(token):
+    response = requests.post(grant_code_url, json={
+        'appCode': app_code,
+        'token': token,
+        'type': 0
+    }, headers=header_login)
+    resp = response.json()
+    if response.status_code != 200:
+        raise Exception(f'获得认证代码失败：{resp}')
+    if resp.get('status') != 0:
+        raise Exception(f'获得认证代码失败：{resp["msg"]}')
+    return resp['data']['code']
+
+def get_cred_by_token(token):
+    grant_code = get_grant_code(token)
+    return get_cred(grant_code)
+
+def get_cred(grant):
+    resp = requests.post(cred_code_url, json={
+        'code': grant,
+        'kind': 1
+    }, headers=header_login).json()
+    if resp['code'] != 0:
+        raise Exception(f'获得cred失败：{resp["message"]}')
+    return resp['data']
+
+def get_sign_header(url: str, method, body, old_header,sign_token):
+    h = json.loads(json.dumps(old_header))
+    p = parse.urlparse(url)
+    if method.lower() == 'get':
+        h['sign'], header_ca = generate_signature(sign_token, p.path, p.query)
+    else:
+        h['sign'], header_ca = generate_signature(sign_token, p.path, json.dumps(body))
+    for i in header_ca:
+        h[i] = header_ca[i]
+    return h
+
+def generate_signature(token: str, path, body_or_query):
+    """
+    获得签名头
+    接口地址+方法为Get请求？用query否则用body+时间戳+ 请求头的四个重要参数（dId，platform，timestamp，vName）.toJSON()
+    将此字符串做HMAC加密，算法为SHA-256，密钥token为请求cred接口会返回的一个token值
+    再将加密后的字符串做MD5即得到sign
+    :param token: 拿cred时候的token
+    :param path: 请求路径（不包括网址）
+    :param body_or_query: 如果是GET，则是它的query。POST则为它的body
+    :return: 计算完毕的sign
+    """
+    # 总是说请勿修改设备时间，怕不是yj你的服务器有问题吧，所以这里特地-2
+    t = str(int(time.time()) - 2)
+    token = token.encode('utf-8')
+    header_ca = json.loads(json.dumps(header_for_sign))
+    header_ca['timestamp'] = t
+    header_ca_str = json.dumps(header_ca, separators=(',', ':'))
+    s = path + body_or_query + t + header_ca_str
+    hex_s = hmac.new(token, s.encode('utf-8'), hashlib.sha256).hexdigest()
+    md5 = hashlib.md5(hex_s.encode('utf-8')).hexdigest().encode('utf-8').decode('utf-8')
+    print(f'算出签名: {md5}')
+    return md5, header_ca