首页
社区
课程
招聘
[原创]菜鸟对QQ一个Key生成算法分析
发表于: 2012-11-24 10:45 11719

[原创]菜鸟对QQ一个Key生成算法分析

2012-11-24 10:45
11719

小菜第一次在逆向区发帖,希望大家勿喷

我曾经写过一篇关于QQ Registry.db分析帖子,不过最后却有一个16字节的Key参与运算,这次打算把Key的生成算法发出来,希望对某些用到该Key的人有帮助

该Key可用于解密Registry.db文件里面LoginInfo流里面bufPassword字段关键,具体情况看我在看雪发表的两个帖子
http://bbs.pediy.com/showthread.php?t=159045
http://bbs.pediy.com/showthread.php?t=156031

程序停在这里,因为QQ解密时候用到该Key,因此我在QQ启动时就对该Key的地址下硬件访问断点


31844340    56             PUSH ESI
31844341    8BF1           MOV ESI,ECX
31844343    807E 10 00     CMP BYTE PTR DS:[ESI+10],0
31844347    75 0D          JNZ SHORT KernelUt.31844356
31844349    56             PUSH ESI                            ;参数1,为最后生成Key的地址,16个字节
3184434A    E8 31FFFFFF    CALL KernelUt.31844280              ;跟进,生成Key的主要算法
3184434F    83C4 04        ADD ESP,4
31844352    C646 10 01     MOV BYTE PTR DS:[ESI+10],1
31844356    5E             POP ESI
31844357    C3             RETN



跟进3184434A处的调用来到下面
31844280    55             PUSH EBP
31844281    8BEC           MOV EBP,ESP
31844283    83EC 28        SUB ESP,28
31844286    A1 48958831    MOV EAX,DWORD PTR DS:[31889548]
3184428B    33C5           XOR EAX,EBP
3184428D    8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
31844290    33C0           XOR EAX,EAX
31844292    53             PUSH EBX
31844293    56             PUSH ESI
31844294    8B75 08        MOV ESI,DWORD PTR SS:[EBP+8]          ;将传进来的参数1赋给ESI
31844297    8945 DD        MOV DWORD PTR SS:[EBP-23],EAX
3184429A    8945 E1        MOV DWORD PTR SS:[EBP-1F],EAX
3184429D    8945 E5        MOV DWORD PTR SS:[EBP-1B],EAX
318442A0    66:8945 E9     MOV WORD PTR SS:[EBP-17],AX
318442A4    8845 EB        MOV BYTE PTR SS:[EBP-15],AL
318442A7    8945 ED        MOV DWORD PTR SS:[EBP-13],EAX
318442AA    8945 F1        MOV DWORD PTR SS:[EBP-F],EAX
318442AD    8945 F5        MOV DWORD PTR SS:[EBP-B],EAX
318442B0    66:8945 F9     MOV WORD PTR SS:[EBP-7],AX
318442B4    8845 FB        MOV BYTE PTR SS:[EBP-5],AL
318442B7    8D45 DC        LEA EAX,DWORD PTR SS:[EBP-24] 
318442BA    57             PUSH EDI
318442BB    33DB           XOR EBX,EBX
318442BD    50             PUSH EAX                              ;参数1,称作Key1,16个字节
318442BE    885D DC        MOV BYTE PTR SS:[EBP-24],BL
318442C1    885D EC        MOV BYTE PTR SS:[EBP-14],BL
318442C4    E8 A7FCFFFF    CALL KernelUt.31843F70                ;生成Key1
318442C9    8D4D EC        LEA ECX,DWORD PTR SS:[EBP-14]         ;参数1,称作Key2,16个字节
318442CC    51             PUSH ECX
318442CD    E8 5EFEFFFF    CALL KernelUt.31844130                ;生成Key2
318442D2    8D55 ED        LEA EDX,DWORD PTR SS:[EBP-13]
318442D5    8BFE           MOV EDI,ESI
318442D7    2BFA           SUB EDI,EDX
318442D9    8D55 DD        LEA EDX,DWORD PTR SS:[EBP-23]
318442DC    8D5D ED        LEA EBX,DWORD PTR SS:[EBP-13]
318442DF    83C4 08        ADD ESP,8
318442E2    33C0           XOR EAX,EAX
318442E4    2BD6           SUB EDX,ESI
318442E6    2BDE           SUB EBX,ESI
318442E8    8D4E 02        LEA ECX,DWORD PTR DS:[ESI+2]
318442EB    895D D8        MOV DWORD PTR SS:[EBP-28],EBX
318442EE    8BFF           MOV EDI,EDI
318442F0    0FB65C05 EC    MOVZX EBX,BYTE PTR SS:[EBP+EAX-14]
318442F5    325C05 DC      XOR BL,BYTE PTR SS:[EBP+EAX-24]       ;将Key1和Key2进行异或
318442F9    8D7405 ED      LEA ESI,DWORD PTR SS:[EBP+EAX-13]
318442FD    881C37         MOV BYTE PTR DS:[EDI+ESI],BL          ;结果放到传进来的参数1里,下面都是一样
31844300    0FB65C05 DD    MOVZX EBX,BYTE PTR SS:[EBP+EAX-23]
31844305    321E           XOR BL,BYTE PTR DS:[ESI]
31844307    8B75 D8        MOV ESI,DWORD PTR SS:[EBP-28]
3184430A    8859 FF        MOV BYTE PTR DS:[ECX-1],BL
3184430D    0FB65C05 DE    MOVZX EBX,BYTE PTR SS:[EBP+EAX-22]
31844312    325C05 EE      XOR BL,BYTE PTR SS:[EBP+EAX-12]
31844316    83C0 04        ADD EAX,4
31844319    8819           MOV BYTE PTR DS:[ECX],BL
3184431B    0FB61C0E       MOVZX EBX,BYTE PTR DS:[ESI+ECX]
3184431F    321C0A         XOR BL,BYTE PTR DS:[EDX+ECX]
31844322    83C1 04        ADD ECX,4
31844325    83F8 10        CMP EAX,10
31844328    8859 FD        MOV BYTE PTR DS:[ECX-3],BL
3184432B  ^ 7C C3          JL SHORT KernelUt.318442F0
3184432D    8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]
31844330    5F             POP EDI
31844331    5E             POP ESI
31844332    33CD           XOR ECX,EBP
31844334    5B             POP EBX
31844335    E8 F08C0100    CALL KernelUt.3185D02A
3184433A    8BE5           MOV ESP,EBP
3184433C    5D             POP EBP
3184433D    C3             RETN



跟进 318442C4 处的调用,这里生成Key1
31843F70    55             PUSH EBP
31843F71    8BEC           MOV EBP,ESP
31843F73    81EC 24070000  SUB ESP,724
31843F79    A1 48958831    MOV EAX,DWORD PTR DS:[31889548]
31843F7E    33C5           XOR EAX,EBP
31843F80    8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
31843F83    8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
31843F86    53             PUSH EBX
31843F87    56             PUSH ESI
31843F88    57             PUSH EDI
31843F89    33FF           XOR EDI,EDI
31843F8B    68 06020000    PUSH 206
31843F90    8985 BCFDFFFF  MOV DWORD PTR SS:[EBP-244],EAX
31843F96    33C0           XOR EAX,EAX
31843F98    8D8D D2FDFFFF  LEA ECX,DWORD PTR SS:[EBP-22E]
31843F9E    57             PUSH EDI
31843F9F    51             PUSH ECX
31843FA0    66:C745 F4 410>MOV WORD PTR SS:[EBP-C],41
31843FA6    66:C745 F6 3A0>MOV WORD PTR SS:[EBP-A],3A
31843FAC    66:C745 F8 5C0>MOV WORD PTR SS:[EBP-8],5C
31843FB2    66:897D FA     MOV WORD PTR SS:[EBP-6],DI
31843FB6    C645 D8 00     MOV BYTE PTR SS:[EBP-28],0
31843FBA    8945 D9        MOV DWORD PTR SS:[EBP-27],EAX
31843FBD    8945 DD        MOV DWORD PTR SS:[EBP-23],EAX
31843FC0    8945 E1        MOV DWORD PTR SS:[EBP-1F],EAX
31843FC3    8945 E5        MOV DWORD PTR SS:[EBP-1B],EAX
31843FC6    8945 E9        MOV DWORD PTR SS:[EBP-17],EAX
31843FC9    8945 ED        MOV DWORD PTR SS:[EBP-13],EAX
31843FCC    8845 F1        MOV BYTE PTR SS:[EBP-F],AL
31843FCF    66:89BD D0FDFF>MOV WORD PTR SS:[EBP-230],DI
31843FD6    E8 39910100    CALL <JMP.&MSVCR80.memset>
31843FDB    83C4 0C        ADD ESP,0C
31843FDE    68 04010000    PUSH 104
31843FE3    8D95 D0FDFFFF  LEA EDX,DWORD PTR SS:[EBP-230]
31843FE9    52             PUSH EDX
31843FEA    57             PUSH EDI
31843FEB    FF15 84848631  CALL DWORD PTR DS:[<&KERNEL32.GetModuleF>; kernel32.GetModuleFileNameW
31843FF1    8A85 D0FDFFFF  MOV AL,BYTE PTR SS:[EBP-230]           ;取第一个字节
31843FF7    24 DF          AND AL,0DF                             ;大写字母
31843FF9    8AC8           MOV CL,AL 
31843FFB    80E9 41        SUB CL,41
31843FFE    80F9 19        CMP CL,19                              ;是否是26个字母里面的任何一个
31844001    77 08          JA SHORT KernelUt.3184400B
31844003    0FBED0         MOVSX EDX,AL
31844006    C64415 97 01   MOV BYTE PTR SS:[EBP+EDX-69],1         ;将对应磁盘索引的字节设置成1
3184400B    68 04010000    PUSH 104
31844010    8D85 D0FDFFFF  LEA EAX,DWORD PTR SS:[EBP-230]
31844016    50             PUSH EAX
31844017    FF15 04858631  CALL DWORD PTR DS:[<&KERNEL32.GetSystemD>; kernel32.GetSystemDirectoryW
3184401D    8A85 D0FDFFFF  MOV AL,BYTE PTR SS:[EBP-230]            ;取第一个字节
31844023    24 DF          AND AL,0DF                              ;大写字母
31844025    8AC8           MOV CL,AL
31844027    80E9 41        SUB CL,41                               ;得到磁盘索引
3184402A    80F9 19        CMP CL,19                               ;是否是26个字母里面的任何一个
3184402D    77 08          JA SHORT KernelUt.31844037
3184402F    0FBED0         MOVSX EDX,AL
31844032    C64415 97 01   MOV BYTE PTR SS:[EBP+EDX-69],1           ;将对应磁盘索引的字节设置成1
31844037    68 DC040000    PUSH 4DC
3184403C    8D85 E0F8FFFF  LEA EAX,DWORD PTR SS:[EBP-720]
31844042    57             PUSH EDI
31844043    50             PUSH EAX
31844044    89BD DCF8FFFF  MOV DWORD PTR SS:[EBP-724],EDI
3184404A    E8 C5900100    CALL <JMP.&MSVCR80.memset>
3184404F    8D4D D8        LEA ECX,DWORD PTR SS:[EBP-28]
31844052    83C4 0C        ADD ESP,0C
31844055    33F6           XOR ESI,ESI                               ;清空ESI
31844057    32DB           XOR BL,BL                                 ;清空BL
31844059    898D CCFDFFFF  MOV DWORD PTR SS:[EBP-234],ECX
3184405F    90             NOP
31844060    8B95 CCFDFFFF  MOV EDX,DWORD PTR SS:[EBP-234]
31844066    803A 00        CMP BYTE PTR DS:[EDX],0                   ;比较对应的字节是否为1
31844069    74 78          JE SHORT KernelUt.318440E3
3184406B    57             PUSH EDI
3184406C    57             PUSH EDI
3184406D    57             PUSH EDI
3184406E    57             PUSH EDI
3184406F    8D8D C8FDFFFF  LEA ECX,DWORD PTR SS:[EBP-238]
31844075    51             PUSH ECX
31844076    66:0FB6C3      MOVZX AX,BL
3184407A    57             PUSH EDI
3184407B    57             PUSH EDI
3184407C    8D55 F4        LEA EDX,DWORD PTR SS:[EBP-C]
3184407F    66:05 4100     ADD AX,41
31844083    52             PUSH EDX
31844084    66:8945 F4     MOV WORD PTR SS:[EBP-C],AX
31844088    89BD C8FDFFFF  MOV DWORD PTR SS:[EBP-238],EDI
3184408E    FF15 00858631  CALL DWORD PTR DS:[<&KERNEL32.GetVolumeI>; kernel32.GetVolumeInformationW
31844094    57             PUSH EDI
31844095    8D85 C0FDFFFF  LEA EAX,DWORD PTR SS:[EBP-240]
3184409B    50             PUSH EAX
3184409C    57             PUSH EDI
3184409D    8D4D F4        LEA ECX,DWORD PTR SS:[EBP-C]
318440A0    51             PUSH ECX
318440A1    89BD C0FDFFFF  MOV DWORD PTR SS:[EBP-240],EDI
318440A7    89BD C4FDFFFF  MOV DWORD PTR SS:[EBP-23C],EDI
318440AD    FF15 FC848631  CALL DWORD PTR DS:[<&KERNEL32.GetDiskFre>; kernel32.GetDiskFreeSpaceExW
318440B3    8B95 C8FDFFFF  MOV EDX,DWORD PTR SS:[EBP-238]
318440B9    8B85 C0FDFFFF  MOV EAX,DWORD PTR SS:[EBP-240]
318440BF    8B8D C4FDFFFF  MOV ECX,DWORD PTR SS:[EBP-23C]
318440C5    8994B5 DCF8FFF>MOV DWORD PTR SS:[EBP+ESI*4-724],EDX     ;驱动器序列号
318440CC    83C6 01        ADD ESI,1                                ;ESI加1
318440CF    8984B5 DCF8FFF>MOV DWORD PTR SS:[EBP+ESI*4-724],EAX     ;驱动器总字节数高32位
318440D6    83C6 01        ADD ESI,1                                ;ESI加1
318440D9    898CB5 DCF8FFF>MOV DWORD PTR SS:[EBP+ESI*4-724],ECX     ;驱动器总字节数低32位
318440E0    83C6 01        ADD ESI,1                                ;ESI加1
318440E3    8385 CCFDFFFF >ADD DWORD PTR SS:[EBP-234],1
318440EA    80C3 01        ADD BL,1                                 ;BL加1
318440ED    80FB 1A        CMP BL,1A                                ;BL小于26
318440F0  ^ 0F82 6AFFFFFF  JB KernelUt.31844060
318440F6    8B8D BCFDFFFF  MOV ECX,DWORD PTR SS:[EBP-244]
318440FC    8D14B5 0000000>LEA EDX,DWORD PTR DS:[ESI*4]             ;ESI*4得到数据总大小
31844103    52             PUSH EDX                                 ;EDX为数据大小
31844104    8D85 DCF8FFFF  LEA EAX,DWORD PTR SS:[EBP-724]
3184410A    50             PUSH EAX                                 ;EAX为要计算MD5的数据
3184410B    51             PUSH ECX                                 ;数据的MD5,这就是Key1
3184410C    E8 3BDFFBFF    CALL KernelUt.3180204C                   ;计算MD5
31844111    8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]
31844114    83C4 0C        ADD ESP,0C
31844117    5F             POP EDI
31844118    5E             POP ESI
31844119    33CD           XOR ECX,EBP
3184411B    5B             POP EBX
3184411C    E8 098F0100    CALL KernelUt.3185D02A
31844121    8BE5           MOV ESP,EBP
31844123    5D             POP EBP
31844124    C3             RETN



跟进 318442CD 处的调用,这里生成Key2
31844130    55             PUSH EBP
31844131    8BEC           MOV EBP,ESP
31844133    81EC B0000000  SUB ESP,0B0
31844139    A1 48958831    MOV EAX,DWORD PTR DS:[31889548]
3184413E    33C5           XOR EAX,EBP
31844140    8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
31844143    57             PUSH EDI
31844144    8B7D 08        MOV EDI,DWORD PTR SS:[EBP+8]
31844147    8D85 58FFFFFF  LEA EAX,DWORD PTR SS:[EBP-A8]
3184414D    50             PUSH EAX
3184414E    68 19000200    PUSH 20019
31844153    6A 00          PUSH 0
31844155    68 10108731    PUSH KernelUt.31871010                   ; UNICODE "SOFTWARE\Microsoft\Cryptography"
3184415A    68 02000080    PUSH 80000002
3184415F    FF15 08808631  CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey>; ADVAPI32.RegOpenKeyExW
31844165    85C0           TEST EAX,EAX
31844167    0F85 02010000  JNZ KernelUt.3184426F
3184416D    56             PUSH ESI
3184416E    8D8D 50FFFFFF  LEA ECX,DWORD PTR SS:[EBP-B0]
31844174    51             PUSH ECX
31844175    8B8D 58FFFFFF  MOV ECX,DWORD PTR SS:[EBP-A8]
3184417B    8D95 5CFFFFFF  LEA EDX,DWORD PTR SS:[EBP-A4]
31844181    52             PUSH EDX
31844182    8845 DC        MOV BYTE PTR SS:[EBP-24],AL
31844185    8945 DD        MOV DWORD PTR SS:[EBP-23],EAX
31844188    8945 E1        MOV DWORD PTR SS:[EBP-1F],EAX
3184418B    8945 E5        MOV DWORD PTR SS:[EBP-1B],EAX
3184418E    8945 E9        MOV DWORD PTR SS:[EBP-17],EAX
31844191    8945 ED        MOV DWORD PTR SS:[EBP-13],EAX
31844194    8945 F1        MOV DWORD PTR SS:[EBP-F],EAX
31844197    8945 F5        MOV DWORD PTR SS:[EBP-B],EAX
3184419A    66:8945 F9     MOV WORD PTR SS:[EBP-7],AX
3184419E    8845 FB        MOV BYTE PTR SS:[EBP-5],AL
318441A1    8D85 54FFFFFF  LEA EAX,DWORD PTR SS:[EBP-AC]
318441A7    50             PUSH EAX
318441A8    6A 00          PUSH 0
318441AA    68 F40F8731    PUSH KernelUt.31870FF4                   ; UNICODE "MachineGuid"
318441AF    51             PUSH ECX
318441B0    C785 50FFFFFF >MOV DWORD PTR SS:[EBP-B0],80
318441BA    C785 54FFFFFF >MOV DWORD PTR SS:[EBP-AC],1
318441C4    FF15 04808631  CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa>; ADVAPI32.RegQueryValueExW
318441CA    8B95 58FFFFFF  MOV EDX,DWORD PTR SS:[EBP-A8]
318441D0    52             PUSH EDX
318441D1    FF15 00808631  CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe>; ADVAPI32.RegCloseKey
318441D7    33C0           XOR EAX,EAX
318441D9    66:83BD 5CFFFF>CMP WORD PTR SS:[EBP-A4],7B
318441E1    B1 46          MOV CL,46                                ;CL赋值为0x46
318441E3    0F94C0         SETE AL
318441E6    BE CC0F8731    MOV ESI,KernelUt.31870FCC                ; ASCII "FGDEBC@A-JKHI-NOLM-PQRS-TUVWXYZ[\]^_" 
318441EB    8D9445 5CFFFFF>LEA EDX,DWORD PTR SS:[EBP+EAX*2-A4] ;EDX指向从注册表读取到的MachineGuid
318441F2    80F9 40        CMP CL,40                                ;CL大于0x40
318441F5    7C 1D          JL SHORT KernelUt.31844214
318441F7    66:8B02        MOV AX,WORD PTR DS:[EDX]                 ;取MachineGuid第一个字节
318441FA    66:0D 2000     OR AX,20                                 ;小写
318441FE    0FB7C0         MOVZX EAX,AX
31844201    66:3D 6100     CMP AX,61                                ;是数字还是字母
31844205    72 04          JB SHORT KernelUt.3184420B
31844207    2C 57          SUB AL,57                                 ;如果是字母的话减除0x57
31844209    EB 02          JMP SHORT KernelUt.3184420D
3184420B    2C 30          SUB AL,30                                 ;数字减除0x30
3184420D    0FBEC9         MOVSX ECX,CL
31844210    88440D 9C      MOV BYTE PTR SS:[EBP+ECX-64],AL           ;根据ECX的位置存储AL
31844214    8A4E 01        MOV CL,BYTE PTR DS:[ESI+1]
31844217    83C6 01        ADD ESI,1
3184421A    83C2 02        ADD EDX,2                                                       
3184421D    84C9           TEST CL,CL
3184421F  ^ 75 D1          JNZ SHORT KernelUt.318441F2
31844221    8D4F 01        LEA ECX,DWORD PTR DS:[EDI+1]
31844224    8D45 DD        LEA EAX,DWORD PTR SS:[EBP-23]
31844227    BE 04000000    MOV ESI,4                                  ;4轮,将高位和低位合成一个字节,共生成16的字节,这就是Key2
3184422C    8D6424 00      LEA ESP,DWORD PTR SS:[ESP]
31844230    0FB650 FF      MOVZX EDX,BYTE PTR DS:[EAX-1]
31844234    C0E2 04        SHL DL,4
31844237    0A10           OR DL,BYTE PTR DS:[EAX]
31844239    83C1 04        ADD ECX,4
3184423C    8851 FB        MOV BYTE PTR DS:[ECX-5],DL
3184423F    0FB650 01      MOVZX EDX,BYTE PTR DS:[EAX+1]
31844243    C0E2 04        SHL DL,4
31844246    0A50 02        OR DL,BYTE PTR DS:[EAX+2]
31844249    83C0 08        ADD EAX,8
3184424C    8851 FC        MOV BYTE PTR DS:[ECX-4],DL
3184424F    0FB650 FB      MOVZX EDX,BYTE PTR DS:[EAX-5]
31844253    C0E2 04        SHL DL,4
31844256    0A50 FC        OR DL,BYTE PTR DS:[EAX-4]
31844259    8851 FD        MOV BYTE PTR DS:[ECX-3],DL
3184425C    0FB650 FD      MOVZX EDX,BYTE PTR DS:[EAX-3]
31844260    C0E2 04        SHL DL,4
31844263    0A50 FE        OR DL,BYTE PTR DS:[EAX-2]
31844266    83EE 01        SUB ESI,1
31844269    8851 FE        MOV BYTE PTR DS:[ECX-2],DL
3184426C  ^ 75 C2          JNZ SHORT KernelUt.31844230
3184426E    5E             POP ESI
3184426F    8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]
31844272    33CD           XOR ECX,EBP
31844274    5F             POP EDI
31844275    E8 B08D0100    CALL KernelUt.3185D02A
3184427A    8BE5           MOV ESP,EBP
3184427C    5D             POP EBP
3184427D    C3             RETN


[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

上传的附件:
收藏
免费 6
支持
分享
最新回复 (6)
雪    币: 237
活跃值: (40)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
2
好帖!学习了
2012-11-24 12:52
0
雪    币: 15
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
正在分析中,多谢楼主分享!
2012-11-27 11:07
0
雪    币: 73
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
强顶,好文~~老马菊花又紧了
2012-11-27 14:07
0
雪    币: 39
活跃值: (12)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
请问是哪个版本的QQ啊? 是QQ2012吗 还是别的?
2012-11-29 08:27
0
雪    币: 446
活跃值: (186)
能力值: ( LV12,RANK:230 )
在线值:
发帖
回帖
粉丝
6
我分析的是QQ2012beta3,我觉得应该跟QQ的版本没有太大的关系,我相信腾讯也不会觉得好玩,天天换算法。否则的话,每换一次算法,就要把Registry.db里面的记住密码也要重新加密
2012-11-29 08:51
0
雪    币: 39
活跃值: (12)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
7
但key的生成不一定,可能会变. 建议参照看 QQ 2012正式版,它的协议就全部变了。
2012-11-30 08:40
0
游客
登录 | 注册 方可回帖
返回
//