import socket import time def replay_full_session(): """完整回放新抓包中的所有通信(保持顺序和时间间隔)""" HOST = "47.108.151.236" PORT = 211 # 从新抓包中提取的所有客户端发送的包(按时间顺序) packets = [ # 14:23:27.392 - 握手 bytes.fromhex( "04 da 00 00 54 00 00 00 08 00 00 00 26 00 00 00" "7b 00 43 00 34 00 35 00 46 00 44 00 33 00 33 00" "43 00 2d 00 37 00 39 00 30 00 46 00 2d 00 34 00" "34 00 45 00 41 00 2d 00 42 00 33 00 41 00 44 00" "2d 00 34 00 30 00 30 00 36 00 41 00 44 00 35 00" "31 00 36 00 38 00 37 00 37 00 7d 00" ), # 14:23:27.641 - id02 bytes.fromhex( "03 da 00 00 18 00 00 00 03 00 00 00 00 00 00 00" "08 00 00 00 04 00 00 00 69 00 64 00 30 00 32 00" ), # 14:23:27.760 - 复杂联查 bytes.fromhex( "02 da 00 00 72 03 00 00 03 00 00 00 00 00 00 00" "03 00 00 00 2e 01 00 00 03 00 00 00 01 00 00 00" "0b 00 00 00 ff ff 03 00 00 00 02 00 00 00 03 00" "00 00 00 00 00 08 40 00 00 9a 01 00 00 73 00 65" "00 6c 00 65 00 63 00 74 00 20 00 64 00 2e 00 6d" "00 64 00 6d 00 63 00 2c 00 62 00 2e 00 67 00 6b" "00 78 00 6d 00 2c 00 62 00 2e 00 6b 00 61 00 68" "00 61 00 6f 00 2c 00 63 00 2e 00 6e 00 61 00 6d" "00 65 00 2c 00 63 00 2e 00 6b 00 61 00 68 00 61" "00 6f 00 20 00 61 00 73 00 20 00 79 00 67 00 6b" "00 68 00 2c 00 61 00 2e 00 63 00 63 00 79 00 69" "00 64 00 2c 00 61 00 2e 00 64 00 6a 00 69 00 64" "00 2c 00 61 00 2e 00 73 00 68 00 72 00 2c 00 61" "00 2e 00 62 00 65 00 69 00 7a 00 68 00 75 00 2c" "00 61 00 2e 00 64 00 6a 00 6c 00 78 00 2c 00 61" "00 2e 00 72 00 69 00 71 00 69 00 2c 00 61 00 2e" "00 7a 00 73 00 6c 00 2c 00 61 00 2e 00 7a 00 6a" "00 65 00 2c 00 61 00 2e 00 77 00 66 00 6b 00 2c" "00 61 00 2e 00 7a 00 6b 00 6a 00 65 00 2c 00 61" "00 2e 00 73 00 72 00 2c 00 61 00 2e 00 63 00 7a" "00 6b 00 6a 00 73 00 2c 00 61 00 2e 00 64 00 78" "00 69 00 64 00 2c 00 61 00 2e 00 64 00 6a 00 6c" "00 78 00 2c 00 61 00 2e 00 6b 00 6d 00 6d 00 63" "00 20 00 66 00 72 00 6f 00 6d 00 20 00 79 00 77" "00 20 00 61 00 20 00 6a 00 6f 00 69 00 6e 00 20" "00 67 00 75 00 6b 00 65 00 20 00 62 00 20 00 6f" "00 6e 00 20 00 61 00 2e 00 64 00 78 00 69 00 64" "00 3d 00 62 00 2e 00 6b 00 61 00 68 00 61 00 6f" "00 20 00 6a 00 6f 00 69 00 6e 00 20 00 79 00 75" "00 61 00 6e 00 67 00 6f 00 6e 00 67 00 20 00 63" "00 20 00 6f 00 6e 00 20 00 61 00 2e 00 79 00 77" "00 79 00 69 00 64 00 3d 00 63 00 2e 00 6b 00 61" "00 68 00 61 00 6f 00 20 00 6a 00 6f 00 69 00 6e" "00 20 00 62 00 75 00 6d 00 65 00 6e 00 20 00 64" "00 20 00 6f 00 6e 00 20 00 72 00 69 00 67 00 68" "00 74 00 28 00 61 00 2e 00 64 00 6a 00 69 00 64" "00 2c 00 31 00 29 00 3d 00 64 00 2e 00 62 00 75" "00 6d 00 65 00 6e 00 69 00 64 00 20 00 77 00 68" "00 65 00 72 00 65 00 20 00 73 00 75 00 62 00 73" "00 74 00 72 00 69 00 6e 00 67 00 28 00 61 00 2e" "00 64 00 6a 00 69 00 64 00 2c 00 31 00 30 00 2c" "00 31 00 29 00 3d 00 27 00 4c 00 27 00 20 00 61" "00 6e 00 64 00 20 00 61 00 2e 00 72 00 69 00 71" "00 69 00 20 00 62 00 65 00 74 00 77 00 65 00 65" "00 6e 00 20 00 27 00 32 00 30 00 32 00 36 00 2d" "00 30 00 36 00 2d 00 30 00 38 00 27 00 20 00 61" "00 6e 00 64 00 20 00 27 00 32 00 30 00 32 00 36" "00 2d 00 30 00 36 00 2d 00 30 00 38 00 27 00 20" "00 61 00 6e 00 64 00 20 00 72 00 69 00 67 00 68" "00 74 00 28 00 61 00 2e 00 64 00 6a 00 69 00 64" "00 2c 00 31 00 29 00 3d 00 27 00 41 00 27 00 20" "00 6f 00 72 00 64 00 65 00 72 00 20 00 62 00 79" "00 20 00 61 00 2e 00 72 00 69 00 71 00 69 00 20" "00 64 00 65 00 73 00 63 00 2c 00 61 00 2e 00 64" "00 6a 00 69 00 64 00 20 00 64 00 65 00 73 00 63" "00 03 00 00 00 63 00 00 00" ), # 14:23:29.643 - yuangang 查询 bytes.fromhex( "02 da 00 00 b2 00 00 00 03 00 00 00 00 00 00 00" "03 00 00 00 2e 01 00 00 03 00 00 00 01 00 00 00" "0b 00 00 00 ff ff 03 00 00 00 02 00 00 00 03 00" "00 00 00 00 00 08 00 00 00 3a 00 00 00 73 00 65" "00 6c 00 65 00 63 00 74 00 20 00 64 00 69 00 73" "00 74 00 69 00 6e 00 63 00 74 00 20 00 6e 00 61" "00 6d 00 65 00 20 00 66 00 72 00 6f 00 6d 00 20" "00 79 00 75 00 61 00 6e 00 67 00 6f 00 6e 00 67" "00 20 00 77 00 68 00 65 00 72 00 65 00 20 00 79" "00 78 00 62 00 6a 00 3d 00 30 00 20 00 6f 00 72" "00 64 00 65 00 72 00 20 00 62 00 79 00 20 00 31" "00 03 00 00 00 63 00 00 00" ), # 14:23:29.871 - bumen 查询 bytes.fromhex( "02 da 00 00 80 00 00 00 03 00 00 00 00 00 00 00" "03 00 00 00 2e 01 00 00 03 00 00 00 01 00 00 00" "0b 00 00 00 ff ff 03 00 00 00 02 00 00 00 03 00" "00 00 00 00 00 08 40 00 00 21 00 00 00 73 00 65" "00 6c 00 65 00 63 00 74 00 20 00 6d 00 64 00 6d" "00 63 00 20 00 66 00 72 00 6f 00 6d 00 20 00 62" "00 75 00 6d 00 65 00 6e 00 20 00 6f 00 72 00 64" "00 65 00 72 00 20 00 62 00 79 00 20 00 31 00 03" "00 00 00 63 00 00 00" ), # 14:23:30.112 - pinpai 查询 bytes.fromhex( "02 da 00 00 bc 00 00 00 03 00 00 00 00 00 00 00" "03 00 00 00 2e 01 00 00 03 00 00 00 01 00 00 00" "0b 00 00 00 ff ff 03 00 00 00 02 00 00 00 03 00" "00 00 00 00 00 08 40 00 00 3f 00 00 00 73 00 65" "00 6c 00 65 00 63 00 74 00 20 00 64 00 69 00 73" "00 74 00 69 00 6e 00 63 00 74 00 20 00 70 00 69" "00 6e 00 70 00 61 00 69 00 20 00 66 00 72 00 6f" "00 6d 00 20 00 71 00 69 00 61 00 6e 00 7a 00 68" "00 75 00 69 00 5f 00 6a 00 70 00 20 00 77 00 68" "00 65 00 72 00 65 00 20 00 79 00 78 00 62 00 6a" "00 3d 00 30 00 20 00 6f 00 72 00 64 00 65 00 72" "00 20 00 62 00 79 00 20 00 31 00 03 00 00 00 63" "00 00 00" ), ] # 抓包中的时间间隔(秒) intervals = [ 0, # 第一个包 0.249, # 27.392 -> 27.641 0.119, # 27.641 -> 27.760 1.883, # 27.760 -> 29.643 0.228, # 29.643 -> 29.871 0.241, # 29.871 -> 30.112 ] sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(30) all_responses = [] try: sock.connect((HOST, PORT)) print("[+] 连接成功") for i, packet in enumerate(packets): print(f"\n[包 {i+1}] 发送 {len(packet)} 字节") sock.send(packet) # 接收响应 try: # 对于查询包,可能需要接收更多数据 if i >= 2: # 查询包 total = b'' sock.settimeout(10) while True: try: chunk = sock.recv(65536) if not chunk: break total += chunk print(f" 收到 {len(chunk)} 字节,累计 {len(total)}") if len(chunk) < 65536: time.sleep(0.5) break except socket.timeout: break if total: all_responses.append((i, total)) print(f" [✓] 总响应: {len(total)} 字节") # 保存响应 with open(f"response_{i+1}.bin", "wb") as f: f.write(total) parse_response(total, i+1) else: # 握手和id02的响应 resp = sock.recv(1024) print(f" 响应: {resp.hex()}") all_responses.append((i, resp)) except socket.timeout: print(f" 响应超时") # 按抓包时间间隔等待 if i < len(intervals) - 1: time.sleep(intervals[i + 1]) print("\n" + "="*60) print("所有响应接收完成") print("="*60) except Exception as e: print(f"错误: {e}") import traceback traceback.print_exc() finally: sock.close() def parse_response(data, packet_num): """解析响应数据""" print(f"\n--- 解析包 {packet_num} 的响应 ---") if len(data) < 8: return # 检查响应命令 cmd = data[0:2] length = int.from_bytes(data[4:8], 'little') print(f"命令: {cmd.hex()}, 长度: {length}") # 查找 0x03 开头的字符串 results = [] i = 0 while i < len(data) - 2: if data[i] == 0x03: str_len = data[i + 1] if i + 2 + str_len <= len(data): str_data = data[i + 2:i + 2 + str_len] try: # 尝试 GBK text = str_data.decode('gbk', errors='ignore') if text.strip() and len(text) > 1: results.append(text) except: try: text = str_data.decode('utf-8', errors='ignore') if text.strip() and len(text) > 1: results.append(text) except: pass i += 2 + str_len else: i += 1 else: i += 1 if results: print(f"\n找到 {len(results)} 条记录:") for i, text in enumerate(results[:30], 1): print(f" {i}. {text}") with open(f"parsed_{packet_num}.txt", "w", encoding="utf-8") as f: f.write('\n'.join(results)) else: # 尝试 UTF-16LE try: text = data.decode('utf-16le', errors='ignore') lines = [line.strip() for line in text.split('\x00') if len(line.strip()) > 2] if lines: print(f"\nUTF-16LE 解码找到 {len(lines)} 行:") for i, line in enumerate(lines[:30], 1): print(f" {i}. {line[:100]}") with open(f"parsed_utf16_{packet_num}.txt", "w", encoding="utf-8") as f: f.write('\n'.join(lines)) except: pass if __name__ == "__main__": replay_full_session()