Python of Tornado simulation login xiaomi mobile phone
- 2020-04-02 13:13:42
- OfStack
Today, I saw my colleagues participating in the snapping up of xiaomi. After several weeks of trying, I finally grabbed a xiaomi TV... Took a look at the xiaomi buying process, it seems that can be broken with the program. So I wanted to write something fun (you know...) , the first step is to simulate the first millet account, when the practice it.
Let's do it in Python, and since we're writing a Web application, the framework is Tornado.
The first is to define the URL of the application:
The next step is to find the data you need to post, and sniff it with Fiddler:
< img SRC = "border = 0 / / files.jb51.net/file_images/article/201311/20131112090852.jpg? 2013101291640 ">
That is to say, the POST address is (link: https://account.xiaomi.com/pass/serviceLoginAuth2)
< img SRC = "border = 0 / / files.jb51.net/file_images/article/201311/20131112090940.jpg? 201310129177 ">
The form parameters that need to be constructed are also simple (urlencoded) : passToken=&user=www.nowamagic.net&pwd=password&callback=https%3A%2F%2Faccount.xiaomi.com&sid=passport&qs=%253Fsid%253Dpassport&hidden=&_sign= kkkrcpzodc That is:
Now the function can be written:
How to print out the cookie, print cj directly to see the contents of the cookie.
What seem to is also very simple, it is parsing hdcontrol (URL:http://tc.hd.xiaomi.com/hdget? Callback =hdcontrol) json.
When allow is true, hdurl will have a value, like? _a=20131105_phone_a212a2b30e5&_op=choose&_s=72b686828&_m=1, etc., this is the real address of the purchase, direct access to this address should not need to click the queue button. Just throw out a brick to lead a jade, know the procedure everybody should know how to do...
Just for now (November 2013), there may be some rule changes on the xiaomi side.
Let's do it in Python, and since we're writing a Web application, the framework is Tornado.
The first is to define the URL of the application:
def main():
tornado.options.parse_command_line()
application = tornado.web.Application([
(r"/", MainHandler),
(r"/mibuy/", MiBuyHandler),
],**settings)
http_server = tornado.httpserver.HTTPServer(application)
http_server.listen(options.port)
tornado.ioloop.IOLoop.instance().start()
The next step is to find the data you need to post, and sniff it with Fiddler:
< img SRC = "border = 0 / / files.jb51.net/file_images/article/201311/20131112090852.jpg? 2013101291640 ">
That is to say, the POST address is (link: https://account.xiaomi.com/pass/serviceLoginAuth2)
< img SRC = "border = 0 / / files.jb51.net/file_images/article/201311/20131112090940.jpg? 201310129177 ">
The form parameters that need to be constructed are also simple (urlencoded) : passToken=&user=www.nowamagic.net&pwd=password&callback=https%3A%2F%2Faccount.xiaomi.com&sid=passport&qs=%253Fsid%253Dpassport&hidden=&_sign= kkkrcpzodc That is:
post_data = urllib.urlencode({'passToken':'', 'user': 'www.nowamagic.net', 'pwd': 'password', 'callback':'https://account.xiaomi.com', 'sid':'passport', 'qs':'%3Fsid%3Dpassport', 'hidden':'', '_sign':'KKkRvCpZoDC+gLdeyOsdMhwV0Xg='})
path = 'https://account.xiaomi.com/pass/serviceLoginAuth2'
Now the function can be written:
class MiBuyHandler(tornado.web.RequestHandler):
def get(self):
cj = cookielib.CookieJar()
post_data = urllib.urlencode({'passToken':'', 'user': 'www.nowamagic.net', 'pwd': 'password', 'callback':'https://account.xiaomi.com', 'sid':'passport', 'qs':'%3Fsid%3Dpassport', 'hidden':'', '_sign':'KKkRvCpZoDC+gLdeyOsdMhwV0Xg='})
path = 'https://account.xiaomi.com/pass/serviceLoginAuth2'
cookieHandle = urllib2.HTTPCookieProcessor(cj)
opener = urllib2.build_opener(cookieHandle)
#opener.addheaders = [('User-agent', 'Opera/9.23')]
urllib2.install_opener(opener)
req = urllib2.Request(path, post_data)
response = urllib2.urlopen(req)
html = response.read()
self.render("mibuy.html",message=html)
How to print out the cookie, print cj directly to see the contents of the cookie.
What seem to is also very simple, it is parsing hdcontrol (URL:http://tc.hd.xiaomi.com/hdget? Callback =hdcontrol) json.
hdcontrol(
{
stime: 1383645496,
status: {
allow: true,
miphone: {
hdurl: "",
duration: null,
hdstop: true,
reg: true,
pmstart: false,
hdstart: false
},
mibox: {
hdurl: "",
duration: null,
hdstop: true,
reg: true,
pmstart: false,
hdstart: false
},
mitv: {
hdurl: "",
duration: null,
hdstop: true,
reg: false,
pmstart: false,
hdstart: false
}
}
})
When allow is true, hdurl will have a value, like? _a=20131105_phone_a212a2b30e5&_op=choose&_s=72b686828&_m=1, etc., this is the real address of the purchase, direct access to this address should not need to click the queue button. Just throw out a brick to lead a jade, know the procedure everybody should know how to do...
Just for now (November 2013), there may be some rule changes on the xiaomi side.