Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github.com/wangshub/wechat_jump_game
2017 年 12 月 28 日下午,微信发布了 6.6.1 版本,加入了「小游戏」功能,并提供了官方 DEMO「跳一跳」。这是一个 2.5D 插画风格的益智游戏,玩家可以通过按压屏幕时间的长短来控制这个「小人」跳跃的距离。分数越高,那么在好友排行榜更加靠前。通过 Python 脚本自动运行,让你轻松霸榜。
可能刚开始上手的时候,因为时间距离之间的关系把握不恰当,只能跳出几个就掉到了台子下面。如果能利用图像识别精确测量出起始和目标点之间测距离,就可以估计按压的时间来精确跳跃。
将手机点击到《跳一跳》小程序界面
用 ADB 工具获取当前手机截图,并用 ADB 将截图 pull 上来
adb shell screencap -p /sdcard/autojump.png
adb pull /sdcard/autojump.png .
adb shell input swipe x y x y time(ms)
方法 1:使用 app 进行一键操作。目前已适配 Win10 64位/macOS 平台 Android 一键操作,下载请移步 STOP_jump
方法 2:相关软件工具安装和使用步骤请参考 Android 和 iOS 操作步骤
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.