#JiExperience GT4 slider verification protocol full-link reverse demonstration

After Jiexian iterated from the third generation verification code to the fourth generation, the complexity of the core encryption logic has made a qualitative leap - especially in environmental fingerprint collection, behavioral trajectory fitting and other aspects. However, for the official public demonstration site, or when key generation functions can be stably extracted through browser Hooks, a lightweight and reproducible full-process automation solution can still be built.

This article will target the official GT4 login Demo and show how to use Python + Node.js to build a minimalist implementation and complete the verification process.

#1. Dismantling of the overall verification process

The GT4 simplified version of the public verification logic can be split into 4 core steps:

1. Generate UUID formatchallengeLogo This is the starting point of the verification pipeline, and each verification requires a globally unique identifier.

2. Call/loadInterface pull verification configuration getlot_number、payload、process_tokenand static resource pathsstatic_pathand other key fields.

3. Core reverse engineering: generate encryption parametersw
   Call the JS function extracted from the browser Hook or after filling the environment, and calculatewparameter. This step is the hardest part of the entire process.

4. Call/verifyThe interface is verified by Jiexin server Carrying the generated in the previous stepwand other metadata request verification interfaces, and finally obtain business-usableseccode。

5. CarryseccodeComplete business Demo login useseccodeinpass_token、gen_time、captcha_outputWait for parameters, send a request to the backend business interface, and complete the login.

Let’s look directly at the code implementation.

#2. Lightweight implementation code

#Prerequisites

pip install requests PyExecJS

NOTE:PyExecJSRequires Node.js to be installed locally andnodeThe command is added to the environment variables. When executed, Node is called through the child process to run JavaScript code.

#Python main logic (main.py）

import requests
import time
import execjs
import json
from datetime import datetime, timezone, timedelta

# ---------------------- 1. 初始化 JS 执行环境 ----------------------
# demo.js 是通过浏览器 Hook / 补环境后提取的核心 JS 代码（需自行准备）
with open("demo.js", "r", encoding="utf-8") as f:
    jscode = f.read()
ctx = execjs.compile(jscode)

# ---------------------- 2. 基础配置 ----------------------
CAPTCHA_ID = "99b142aaece96330d0f3ffb565ffb3ef"  # 极验 GT4 Demo 站固定 captcha_id
BASE_HEADERS = {
    "Accept": "*/*",
    "Accept-Language": "zh-CN,zh;q=0.9",
    "Cache-Control": "no-cache",
    "Connection": "keep-alive",
    "Pragma": "no-cache",
    "Referer": "https://gt4.geetest.com/",
    "Sec-Fetch-Dest": "script",
    "Sec-Fetch-Mode": "no-cors",
    "Sec-Fetch-Site": "same-site",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36",
    "sec-ch-ua": "\"Not;A=Brand\";v=\"99\", \"Google Chrome\";v=\"139\", \"Chromium\";v=\"139\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"Windows\""
}
# 可选：极验 GT4 Demo 站的临时 Cookie（可省略但响应速度可能稍慢）
BASE_COOKIES = {
    "captcha_v4_user": "011a9cb06bdd4689975694733321d078",
    "sensorsdata2015jssdkcross": "%7B%22distinct_id%22%3A%221984a8102985cf-0b16af714940d38-26011151-2073600-1984a810299111c%22%2C%22first_id%22%3A%22%22%2C%22props%22%3A%7B%7D%2C%22%24device_id%22%3A%221984a8102985cf-0b16af714940d38-26011151-2073600-1984a810299111c%22%7D",
    "Hm_lvt_25b04a5e7a64668b9b88e2711fb5f0c4": "1753596626,1753862889",
    "_uetvid": "635904806ab011f0ba3ed52cdc6e75e1"
}

# ---------------------- 3. 生成 challenge 标识 ----------------------
challenge = ctx.call("uuid")

# ---------------------- 4. 调用 Load 接口拉取验证配置 ----------------------
load_params = {
    "captcha_id": CAPTCHA_ID,
    "challenge": challenge,
    "client_type": "web",
    "lang": "zho",
    "callback": f"geetest_{int(time.time() * 1000)}"
}
load_resp = requests.get(
    url="https://gcaptcha4.geetest.com/load",
    headers=BASE_HEADERS,
    cookies=BASE_COOKIES,
    params=load_params
)
# 去掉 JSONP 外层的回调函数名，提取真正的 JSON 数据
load_data = json.loads(load_resp.text[load_resp.text.find('{'): -1])["data"]

# ---------------------- 5. 核心：生成加密参数 w ----------------------
# GT4 要求带 +08:00 时区的 ISO 格式时间（必须严格带时区）
formatted_time = datetime.now(timezone(timedelta(hours=8))).isoformat()
# 调用提取的 getW 函数（需 demo.js 中暴露该函数）
w = ctx.call(
    "getW",
    load_data["lot_number"],
    CAPTCHA_ID,
    formatted_time,
    load_data["static_path"],
    load_data["payload"],
    load_data["process_token"]
)

# ---------------------- 6. 调用 Verify 接口通过验证 ----------------------
verify_params = {
    "callback": f"geetest_{int(time.time() * 1000)}",
    "captcha_id": CAPTCHA_ID,
    "client_type": "web",
    "lot_number": load_data["lot_number"],
    "payload": load_data["payload"],
    "process_token": load_data["process_token"],
    "payload_protocol": "1",
    "pt": "1",
    "w": w
}
verify_resp = requests.get(
    url="https://gcaptcha4.geetest.com/verify",
    headers=BASE_HEADERS,
    cookies=BASE_COOKIES,
    params=verify_params
)
verify_data = json.loads(verify_resp.text[verify_resp.text.find('{'): -1])["data"]["seccode"]

# ---------------------- 7. 携带 seccode 完成 Demo 业务交互 ----------------------
demo_params = {
    "captcha_id": CAPTCHA_ID,
    "lot_number": load_data["lot_number"],
    "pass_token": verify_data["pass_token"],
    "gen_time": verify_data["gen_time"],
    "captcha_output": verify_data["captcha_output"]
}
demo_resp = requests.get(
    url="https://gt4.geetest.com/demov4/demo/login",
    headers=BASE_HEADERS,
    params=demo_params
)
print("Demo 业务接口响应：", demo_resp.json())

#3. Key things to note

#1. Aboutdemo.jsacquisition

This article only provides the calling framework on the Python side, the coredemo.jsNot included**. You need to prepare yourself by:

• Browser Hook: Set breakpoints on XHR/Fetch or critical JS files in Chrome DevTools to find the handler/loadThe interface responds and generateswfunction and then export it. Common target functions usually call something like__gct$or$_XConfusing names.

• Automated browser patching environment: Use Puppeteer or Playwright to load the page and directly call the complete logic within the page. However, this method introduces complete browser dependencies, which is contrary to the "lightweight" goal of this article, so it will not be expanded upon.

Either way, you end up withdemo.jsBoth need to expose two functions: function uuid()– Generate challenge; function getW(lot_number, captcha_id, time, static_path, payload, process_token)– Generate encryption parametersw。

#2. About ISO time with time zone

GT4'sgetWThe function is very sensitive to the time format and must be used with +08:00(East 8th District) ISO 8601 format of time zone stamp, e.g.2025-08-01T12:00:00+08:00. If the time zone information is incorrect or missing, the Jiexin server will directly reject the verification request.

In the code we passdatetime.now(timezone(timedelta(hours=8)))to accurately generate timestamps with time zones.

#3. About the use of cookies

Cookies provided here are not required, but carry withUser-AgentMatching temporary cookies can reduce the extra detection of the environment by the Jiexin server, thereby improving the probability of passing verification and the response speed. In a production environment, these cookies typically need to be extracted from real browser browsing sessions.

#4. About JSONP callback processing

Extremely experimental/loadand/verifyThe interface returns JSONP format by default (such asgeetest_123456({...})), the outer function call is directly removed by string interception in the code, and then handed over tojson.loadsparse. If you want to be more robust, you can also consider using regular extraction, but string slicing is sufficient in Demo scenarios.

#4. Summary

This article gives a set of full-link lightweight automation solution for the Jiexian GT4 official demonstration station. The difficulty of the entire link is concentrated indemo.jsThe extraction and complement environment works, while the Python side just concatenates requests and assembles parameters in order.

For real online business, GT4 usually superimposes complex behavioral trajectory fitting algorithms, strong environmental fingerprint verification, and back-end risk analysis. The simplified solution in this article cannot be directly reused. At that time, it will be necessary to combine the trajectory generation algorithm and more in-depth browser environment simulation to achieve stable pass.

I hope this demonstration can help you clarify the complete interaction logic of GT4 verification and pave the way for more in-depth reverse work.