Mythsman


乐极生悲,苦尽甘来。


好动校园理论考试破解(2/2)

现在已经分析清楚了,就这么点玩意,照着之前分析出来的接口用python写个小脚本就行了。

hack.py

#coding:utf-8
import urllib2,cookielib,urllib,json,sys,time

login_system_url="http://appsrv.ihodoo.com/login"
login_exam_url="http://appsrv.ihodoo.com/auth/exam/enterIndex?"
get_paper_url="http://appsrv.ihodoo.com/auth/exam/start/"
solve_question_url="http://appsrv.ihodoo.com/auth/exam/select/"
submit_paper_url="http://appsrv.ihodoo.com/auth/exam/submit/"
data={}
cj=cookielib.CookieJar()
opener=urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
opener.addheaders=[('User-agent','Mozilla/5.0 (Linux; U; Android 2.3.7; en-us; Nexus One Build/FRF91) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1')]
urllib2.install_opener(opener)

def login_system(username,password):
	request=urllib2.urlopen(login_system_url,urllib.urlencode({"username":username,"password":password}))
	content=request.read()
	response=json.loads(content)
	data["uid"]=str(response["uid"])#用户名
	data["sno"]=str(response["sno"])#学号
	data["token"]=str(response["token"])#token

def login_exam():
	url=login_exam_url+"uid="+data["uid"]+"&token="+data["token"]
	request=urllib2.urlopen(url)
	content=request.read()
	response=json.loads(content)
	data["id"]=str(response["id"])#某编号
	data["totalSubCount"]=str(response["totalSubCount"])#题数
	data["examPaperId"]=str(response["examPaperId"])#试卷编号

def get_paper():
	url=get_paper_url+data["id"]+"/"+data["examPaperId"]+"?uid="+data["uid"]+"&token="+data["token"]+"&totalCount="+data["totalSubCount"]
	request=urllib2.urlopen(url)
	content=request.read()
	response=json.loads(content)
	ans=response["dtos"]
	for question in ans:
		subId=str(question["subId"])
		answers=question["answers"]
		option=""
		for opt in answers:
			option+=","+opt["optionValue"]
		option=option[1:len(option)]
		#time.sleep(10) 如果每道题需要做10秒。。。
		solve_question(subId,option)

def solve_question(subId,option):
	url=solve_question_url+data["examPaperId"]+"/"+subId+"?selectOptions="+option+"&token="+data["token"]+"&uid="+data["uid"]
	urllib2.urlopen(url)

def submit_paper():
	url=submit_paper_url+data["examPaperId"]+"?uid="+data["uid"]+"&token="+data["token"]
	request=urllib2.urlopen(url)
	content=request.read()
	response=json.loads(content)
	print "Your score is "+str(response["score"])+" !"

if '__main__'==__name__:
    login_system(sys.argv[1],sys.argv[2])
    login_exam()
    get_paper()
    submit_paper()

最后执行python hack.py <账号> <密码> 即可。不出意外的话,几秒钟之后就会显示Your score is 100 ! 了。