New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

请问可以获取到群号吗? #90

Closed
issmile opened this Issue Nov 12, 2016 · 25 comments

Comments

5 participants
@issmile

issmile commented Nov 12, 2016

Run npm run doctor or wechaty run doctor(for docker user), paste output here

Expected behavior

可以获取唯一标识群的群号吗?就是重新登录后不会改变的群标识,我看有人做的机器人可以获取的

image
image

右上角的按钮就是取所有群号的触发按钮,我不会抓这种包。。。

Actual behavior

Steps to reproduce the behavior (and fixes, if any)

Paste the full output logs here with WECHATY_LOG=silly set

@zixia zixia added the question label Nov 12, 2016

@zixia

This comment has been minimized.

Member

zixia commented Nov 13, 2016

As far as I know, it will be not possible to get the permanent id for a room(group) or a contact, when you are using the webwxApp(wx.qq.com) API.

But if others can get it, then we can have a look how they could do that.

Can you provide more information about "有人做的机器人可以获取"?

@issmile

This comment has been minimized.

issmile commented Nov 13, 2016

恩,我可以给你远程看.这个是个付费的软件.你用QQ或者微信吗?我怎么联系你?
或者我的QQ52087976,微信issmile,请告诉我是wechaty的

@JasLin

This comment has been minimized.

Contributor

JasLin commented Nov 13, 2016

maybe they are hacking wechat for android

@issmile

This comment has been minimized.

issmile commented Nov 13, 2016

@JasLin 额,这个软件作者告诉我是web协议的,而且就是WEB登陆方式,软件登陆了WEB就不能登录了.难道android协议还能和web混用?

@issmile

This comment has been minimized.

issmile commented Nov 13, 2016

上传了几个截图.大神看看,

@zixia

This comment has been minimized.

Member

zixia commented Nov 13, 2016

Interesting... it seems a room id is a number of /\d{9,10}/ ?

I had checked some message log, not found it in my log.

So where it comes from?

@issmile

This comment has been minimized.

issmile commented Nov 14, 2016

http://alimmao.com/ 这个软件,刚发现可以1天试用,以12点钟为界限.大神看看,直接用微信号登陆就是开通了1天试用

@zixia

This comment has been minimized.

Member

zixia commented Nov 14, 2016

amazing, it works.

成功获取26个好友
成功获取18个群
30秒后开始获取群ID和UIN
群:0 南无阿米(630278141)修改昵称为“王阳”
群:0 UIN:317115075 好
群:3249470305 UIN:0 Ok

alimao

Some useful links:

  • http://bbs.125.la/thread-13928632-1-1.html

    获取微信群群友Uin或者群友微信号(网页版微信)
    
    1、不可以通过置顶微信群方式来获取。
    2、任何一个微信群都可以获取的到。
    3、登录微信后有新成员加入微信群一样可以获取到其Uin或微信号。
    4、通过UserName单独请求获取微信群成员Uin或微信号也可以。
    5、同时获取与Uin或微信号本次登录相匹配的UserName。
    
    【只要获取Uin和微信号 其中一种就行  不需要两个都获取】
    
@issmile

This comment has been minimized.

issmile commented Nov 14, 2016

什么意思丫,可以获取了吗?是怎么弄的?

@zixia

This comment has been minimized.

Member

zixia commented Nov 14, 2016

No, I still have no idea on how to get the Uin from wxwebApp API.

What I mean is that the "alimmao" really works as you said. :)

@issmile

This comment has been minimized.

issmile commented Nov 14, 2016

是否会像另一个人说的那样可以和安卓补充的用协议?要不就是还有个桌面版的那种抓的包?

@zixia

This comment has been minimized.

Member

zixia commented Nov 14, 2016

Yes, if you can capture the network packages of "alimmao" that will be helpful for us to know how to get the Uin for you.

I guess the Uin is inside some HTTP API call of webwxApp, need specific action to let it show out. (like the above quote said: maybe the API that set the room on top will return Uin of the room?)

@issmile

This comment has been minimized.

issmile commented Nov 14, 2016

我很想提供这个包,不过我不太会抓这种软件类的包
,我想你能不能简单教我一下,或者你可以直接远程操作我电脑抓包?

@issmile

This comment has been minimized.

issmile commented Nov 16, 2016

我用Wireshark 抓一个完整的登录到获取群号的包这样可以么?然后我怎么给你?

@zixia

This comment has been minimized.

Member

zixia commented Nov 16, 2016

great. could you paste the related part here?

thanks for the contribution!

@issmile

This comment has been minimized.

issmile commented Nov 17, 2016

链接: https://pan.baidu.com/s/1nvGu4el 密码: fhpe
我保存到百度云盘里了,这个你那可以下载的吧 ?

@zixia

This comment has been minimized.

Member

zixia commented Nov 17, 2016

@issmile Thanks, I got the file.

You had captured the network packages, good job. But they are SSL encrypted.

We can only see an HTTP request of getting wxwebApp QR Code, the others API is called by HTTPS, which means we can not read directly in your capture file.

I believe that decoding the SSL stream is possible, because we are the client, and we can get the wx.qq.com Public SSL Certificate Key.

However, I have not enough SSL knowledge right now. Could you try to find some way to:

  1. Decrypt the SSL TCP stream in your pcap file, or
  2. Use other pcap tools which can hook inside the Application, capture the API call above the SSL Layer?
@issmile

This comment has been minimized.

issmile commented Nov 17, 2016

额,我连doctor 都不会....这么高级的技术....有没有地方可以求助?

@ericzhangjx

This comment has been minimized.

ericzhangjx commented Dec 15, 2016

一点个人经验:

上面两个图 第一张是获取到了群Uin但是没有用户Uin 只有一行数据 不太好判断(我自己没有保存群Uin的需求 因此从来没注意过群的Uin);

第二张是没有群Uin但是每个用户的Uin都拿到了 这个我曾经做到过 方法是对这个群修改群名(或任何会导致该群信息改变的行为 例如加新人进群) 然后会触发syncCheck->webwxSync 会在ModContactList里面返回该群和群成员信息 这时候返回的MemberList里面的Member的Uin是真实的 没有被重置为0

另外 这个方法已经失效了😢前天上午还能work的 前天下午就不行了..

@zixia

This comment has been minimized.

Member

zixia commented Dec 15, 2016

@ericzhangjx Thanks for your great sharing!

Hope we could find other ways to identify wechat contact in Wechaty in the future.

@zixia

This comment has been minimized.

Member

zixia commented Dec 20, 2016

@ericzhangjx @issmile

After install client from AlimMao.com(link) , we can see this ChangeLog:

2016-12-18
修复由于腾讯协议(Uin)变动导致软件无法使用的问题

Could AlimMao still get Uin for now?

@ericzhangjx

This comment has been minimized.

ericzhangjx commented Dec 21, 2016

@zixia 当然不能 但是它们的确找到了一种新办法..

webWxSync里面AddMsgList有时会有一种MsgType=51的消息 Content是一串xml 里面有一个叫username的tag 里面是逗号分隔的wxid 就是只能手动设置一次 没有设置则由微信给你分配一个形如wxid_******的字符串 这个当然算是一种唯一标识符(对于用户:形如wxid_12345678;对于群:形如12345678@chatroom)
这条message里面有个StatusNotifyUserName property 里面其实是逗号分隔的username 一一对应着上面的wxid

阿里猫就是改成了使用wxid而不是uin来识别用户(能找到这种规律..真的是服了 五体投地)

有几个问题:

  1. 我只测了几次,发现可能有关的property有这么几个:MsgType、Content、StatusNotifyUserName、StatusNotifyCode,其中最后一个最有可能,目前的测试结果是对于用户发送的正常消息,StatusNotifyCode===0,此时StatusNotifyUserName===‘’,MsgType===1; 对于会返回wxid的message来说,MsgType===51, StatusNotifyCode===2或者4,具体的规则还有待测试。
  2. 我联系人列表有170+联系人,但是这种方法返回的wxid最多的就90多个,剩下的基本上都只返回一两个,目前还不知道是什么原理。
  3. 像Uin一样,wxid在网页版上也是一点用都没有,因此有可能日后wxid也不会被提供给网页版了,到时候还得改。
  4. 这种机制可能会有一个潜在的更新wxid的问题 比如说我今天还没有设置wxid 系统自动给我生成一个 例如wxid_12345678 然后我进软件跟机器人聊天 这时候机器人识别我是通过wxid的 如果我晚上退出机器人之后手动设置wxid为qwerty123456 那么明天登录机器人的时候我的wxid应该就是我自己设置的那个qwerty123456 机器人就只能把我识别成一个新用户了(目前没在API中找到任何可能标示了用户自设wxid跟旧的系统分配的wxid相关联的信息)
@zixia

This comment has been minimized.

Member

zixia commented Dec 21, 2016

@ericzhangjx Thanks for your awesome analytics, this make the Uin/wxid magic clear for us.

In my option, there's no need to support this because wxid might disappear in the future in anytime without any reason.

@zixia zixia added the wontfix label Dec 23, 2016

@zixia zixia closed this Dec 23, 2016

@zeroleo12345

This comment has been minimized.

zeroleo12345 commented Dec 26, 2016

@ericzhangjx 测了一下, 含有wxid的只有刚登陆的几个请求, 最近联系人的请求才会有wxid返回, 所以并不包含全部联系人。现在还没发现能够返回群成员唯一标识符的请求~

@zixia

This comment has been minimized.

Member

zixia commented Jun 21, 2018

Wechaty v0.15 Can Get the Unique ID of Contact/Room across sessions by PuppetPadchat

Start from Wechaty v0.15, we enable new Puppet System with all protocols support, include but not limited to Android, iOS, Pad, Win32, Web.

Learn more at:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment