分析问题
音频url
点入某个音乐的播放界面,通过F12-Network,分析数据,可以看到有一个index.php?..返回数据中有一个play_url,打开后正是我们需要的音频。
查看该url的headers,其params参数如下,通过反复不同的几次尝试,得知r、callback、dfid、mid、platid这几项不变,而通过初步的requests尝试,发现最后一项'_'可有可无,改变的只有hash和album_id两项。
r: play/getdata
callback: jQuery1910861615852090795_1612578519454
hash: EF0DA656831F08B1FD2CB855BC38ED2C
dfid: 0Q0Clh1IcZaG3ey1J70RaTiL
mid: b6cf66837b18642cc269390b066649dc
platid: 4
album_id: 41669581
_: 1612578519455
搜索url
得知改变的只有两项后,那就容易多了,在搜索歌曲界面Network,发现song?...该url返回值中有hash和album_id存在,我们之后只用搜索结果第一项(一般要搜的歌曲排名第一)。
同样分析其params参数,改变的只有keyword、signature、clienttime、mid、uuid。后三者可以比较容易看出其为毫秒级时间戳(13位),keyword也挺容易明白,signature哪里找呢?通过全局搜索signature,发现有一个js文件中含有该关键词。
callback: callback123
keyword: 花海
page: 1
pagesize: 30
bitrate: 0
isfuzzy: 0
tag: em
inputtype: 0
platform: WebFilter
userid: -1
clientver: 2000
iscorrection: 1
privilege_filter: 0
srcappid: 2919
clienttime: 1612579100435
mid: 1612579100435
uuid: 1612579100435
dfid: -
signature: 472F60133C23184CAFC5005350C90229
JS
找到的js代码如下
"undefined" == typeof faultylabs && (faultylabs = {}),
faultylabs.MD5 = function(a) {
function b(a) {
var b = (a >>> 0).toString(16);
return "00000000".substr(0, 8 - b.length) + b
}
function c(a) {
for (var b = [], c = 0; c < a.length; c++)
b = b.concat(k(a[c]));
return b
}
function d(a) {
for (var b = [], c = 0; 8 > c; c++)
b.push(255 & a),
a >>>= 8;
return b
}
function e(a, b) {
return a << b & 4294967295 | a >>> 32 - b
}
function f(a, b, c) {
return a & b | ~a & c
}
function g(a, b, c) {
return c & a | ~c & b
}
function h(a, b, c) {
return a ^ b ^ c
}
function i(a, b, c) {
return b ^ (a | ~c)
}
function j(a, b) {
return a[b + 3] << 24 | a[b + 2] << 16 | a[b + 1] << 8 | a[b]
}
function k(a) {
for (var b = [], c = 0; c < a.length; c++)
if (a.charCodeAt(c) <= 127)
b.push(a.charCodeAt(c));
else
for (var d = encodeURIComponent(a.charAt(c)).substr(1).split("%"), e = 0; e < d.length; e++)
b.push(parseInt(d[e], 16));
return b
}
function l() {
for (var a = "", c = 0, d = 0, e = 3; e >= 0; e--)
d = arguments[e],
c = 255 & d,
d >>>= 8,
c <<= 8,
c |= 255 & d,
d >>>= 8,
c <<= 8,
c |= 255 & d,
d >>>= 8,
c <<= 8,
c |= d,
a += b(c);
return a
}
function m(a) {
for (var b = new Array(a.length), c = 0; c < a.length; c++)
b[c] = a[c];
return b
}
function n(a, b) {
return 4294967295 & a + b
}
function o() {
function a(a, b, c, d) {
var f = v;
v = u,
u = t,
t = n(t, e(n(s, n(a, n(b, c))), d)),
s = f
}
var b = p.length;
p.push(128);
var c = p.length % 64;
if (c > 56) {
for (var k = 0; 64 - c > k; k++)
p.push(0);
c = p.length % 64
}
for (k = 0; 56 - c > k; k++)
p.push(0);
p = p.concat(d(8 * b));
var m = 1732584193
, o = 4023233417
, q = 2562383102
, r = 271733878
, s = 0
, t = 0
, u = 0
, v = 0;
for (k = 0; k < p.length / 64; k++) {
s = m,
t = o,
u = q,
v = r;
var w = 64 * k;
a(f(t, u, v), 3614090360, j(p, w), 7),
a(f(t, u, v), 3905402710, j(p, w + 4), 12),
a(f(t, u, v), 606105819, j(p, w + 8), 17),
a(f(t, u, v), 3250441966, j(p, w + 12), 22),
a(f(t, u, v), 4118548399, j(p, w + 16), 7),
a(f(t, u, v), 1200080426, j(p, w + 20), 12),
a(f(t, u, v), 2821735955, j(p, w + 24), 17),
a(f(t, u, v), 4249261313, j(p, w + 28), 22),
a(f(t, u, v), 1770035416, j(p, w + 32), 7),
a(f(t, u, v), 2336552879, j(p, w + 36), 12),
a(f(t, u, v), 4294925233, j(p, w + 40), 17),
a(f(t, u, v), 2304563134, j(p, w + 44), 22),
a(f(t, u, v), 1804603682, j(p, w + 48), 7),
a(f(t, u, v), 4254626195, j(p, w + 52), 12),
a(f(t, u, v), 2792965006, j(p, w + 56), 17),
a(f(t, u, v), 1236535329, j(p, w + 60), 22),
a(g(t, u, v), 4129170786, j(p, w + 4), 5),
a(g(t, u, v), 3225465664, j(p, w + 24), 9),
a(g(t, u, v), 643717713, j(p, w + 44), 14),
a(g(t, u, v), 3921069994, j(p, w), 20),
a(g(t, u, v), 3593408605, j(p, w + 20), 5),
a(g(t, u, v), 38016083, j(p, w + 40), 9),
a(g(t, u, v), 3634488961, j(p, w + 60), 14),
a(g(t, u, v), 3889429448, j(p, w + 16), 20),
a(g(t, u, v), 568446438, j(p, w + 36), 5),
a(g(t, u, v), 3275163606, j(p, w + 56), 9),
a(g(t, u, v), 4107603335, j(p, w + 12), 14),
a(g(t, u, v), 1163531501, j(p, w + 32), 20),
a(g(t, u, v), 2850285829, j(p, w + 5cm�y-a9z+l/c.amkl O� |
转播
