Original link: https://missuo.me/post/tf-wechat/
Under normal circumstances, it is impossible to install two identical apps on an iOS device. But most people want to have 2 or more for the微信app. Two numbers for work and personal, do not disturb each other. It is also the most perfect thing to be able to see the news of the two accounts in time.
If you need to do the above situation, most of the choices may be to buy from a treasure. The price of a certain treasure basically ranges from 40-100 yuan, which is very expensive. On average, buy it once and use it for about 1-3 months at most. Taobao sells various brands of WeChat, but they are divided into two categories, TestFlight(TF) and企业证书. I won’t expand on the difference between the two versions. If I had to choose a better one, I would choose the TF version.
Since a certain treasure is so expensive, how much does it cost? In theory, excluding the development cost, the cost should only be the cost of an Apple Developer subscription account (688 yuan). Therefore, there will be many websites called卡密网that sell WeChat Duokai at very low prices. Basically the price is between 5-40 yuan, mostly 10-20 yuan. I have bought it many times, and the final experience is that basically within three months, the author will definitely run away. That means you won’t be able to use it after three months, and the worst thing is that the author will change a name and start selling again after three months. The typical name change continues to make money.
The normal process is to buy an activation code, and then when you open the multi-open for the first time, you need to enter the activation code for verification. After successful verification, it can be used normally. I thought, is there a way to bypass this verification?
Directly shield the authentication interface
Under normal circumstances, in order to control the validity of the activation code, the author can immediately block your activation code so that you cannot use it if you refund it. So they usually initiate a request to the server every time they open the app, and if the server-side verification passes, it will return something, such as “success” and so on. In fact, there is still a way to solve this verification method. We only need to get the normal activation code and what is the content of the Response . We can use a powerful tool such as QuanX or Surge to open MITM and rewrite the Response . In the process of my testing, I have encountered that the direct Reject interface can also bypass the verification.
DOMAIN-SUFFIX, xxx.com, Reject
Of course, some developers may have considered that we would do this, so he directly wrote the verification code locally. Such programs are almost impossible to bypass.
Get the activation code yourself
Because of being plucked too many times for wool, he runs away every three months. I began to wonder if there is any way to scour the author’s wool. The initial idea is to understand the law of the author’s activation code. But this is obviously unreliable, because these are basically randomly generated, of course, there must be certain rules, but we are not the developers themselves, and it is almost impossible to guess.
Since there is no rule, we can only start brute force cracking. I found that most of the multi-open activation codes are YW-XXXXXX , and the first two letters are the initials of the product name, such as YW for Yunwei, YC for Yunwei, and so on. Then the following string of XXXXXX is a random six letters. That is to say, the possibility of activation code only exists in AAAAAA – ZZZZZZ . This possibility is very high, but it is a piece of cake for our server to do it.
pool = threadpool.ThreadPool(99) while True: code = create_code() tasks = threadpool.makeRequests(run, code) [pool.putRequest(req) for req in tasks] pool.wait()
I started writing scripts and tried a multi-threaded approach. The effect is very good, with many verified results appearing in a few minutes. The server runs for 24 hours, and thousands of activation codes can appear. So I have an inexhaustible activation code, and I successfully got the author’s wool.
This article is reprinted from: https://missuo.me/post/tf-wechat/
This site is for inclusion only, and the copyright belongs to the original author.