QQ音樂API加密引數分析
- 1、背景
- 2、QQ音樂sign計算
- 3、Java代碼實作
- 4、總結
1、背景
不知道什么時候開始,各家音樂APP都開始對API進行加密,最近一段時間對六大音樂平臺的加密演算法進行了研究,逆向了網頁端、安卓端等等,已經掌握了各家的加密演算法,
| 平臺 | 加密演算法 | 非加密介面 | 專屬資源 | 海外IP支持 |
|---|---|---|---|---|
| MD5 | 存在,可完全替代加密介面 | 需要綠鉆Cookie | 不支持,需要國內IP代理 | |
| KW | DES | 存在,可完全替代加密介面 | 不需要額外資訊 | 支持 |
| KG | MD5 | 存在,不能完全替代加密介面 | 需要豪華會員Cookie | 不支持,需要國內IP代理 |
| WY | AES、RSA、MD5 | 存在,少數介面不能使用未加密介面,如登錄 | 需要黑膠Cookie | 不支持,但可通過設定X-Real-IP規避 |
| MG | MD5 | 存在,可完全替代加密介面 | 不需要額外資訊 | 支持 |
| XM | 私有加密 | 存在,可完全替代加密介面 | 不需要額外資訊 | 不支持,需要國內IP代理 |
2、QQ音樂sign計算
首先說明,所有加密介面都有非加密的替代介面,但是以后肯定是向加密介面發展,兩個最基礎的API是
https://u.y.qq.com/cgi-bin/musicu.fcg 支持加密和非加密
https://u.y.qq.com/cgi-bin/musics.fcg 僅支持加密
以上說多了,這篇主要是講如何計算最新版的QQ音樂加密引數,
首先打開QQ音樂官網,F12打開開發者工具,我們隨便找一條加密的鏈接
如圖所示,我們可以看到這樣一條鏈接
https://u.y.qq.com/cgi-bin/musics.fcg?-=getUCGI6892186109455234&g_tk=680034686&sign=zzadg51jzc4krod4v97bc3696a5f2740962d1e6c467957c88&loginUin=0&hostUin=0&format=json&inCharset=utf8&outCharset=utf-8¬ice=0&platform=yqq.json&needNewCode=0&data=%7B%22detail%22%3A%7B%22module%22%3A%22musicToplist.ToplistInfoServer%22%2C%22method%22%3A%22GetDetail%22%2C%22param%22%3A%7B%22topId%22%3A4%2C%22offset%22%3A0%2C%22num%22%3A20%2C%22period%22%3A%222020-12-21%22%7D%7D%2C%22comm%22%3A%7B%22ct%22%3A24%2C%22cv%22%3A0%7D%7D
在鏈接中有個引數,我們的目標就是得到這個引數如何計算的方式
sign=zzadg51jzc4krod4v97bc3696a5f2740962d1e6c467957c88
點Initiator,找一下請求來源,點擊來源的JS
在打開的JS里面查找sign找到如下圖所示的區域,sign就是在這里得到的(格式化下js代碼,否則看不清楚流程)在圖中位置下斷點,再重繪頁面
https://y.gtimg.cn/music/portal/js/common/pkg/common_d9439fa.js?max_age=31536000:formatted
然后斷在了這個地方,如果不是加密鏈接就放過,如果是,就步入
可以把滑鼠放在變數上或者再控制臺列印變數資料,如下圖所示,我將請求的URL和請求引數列印了出來
//u.y.qq.com/cgi-bin/musicu.fcg?-=getUCGI4444074835099534&g_tk=680034686
{"detail":{"module":"musicToplist.ToplistInfoServer","method":"GetDetail","param":{"topId":4,"offset":0,"num":20,"period":"2020-12-21"}},"comm":{"ct":24,"cv":0}}
sign就是對請求引數加密之后得到的,
繼續步入后,我們跳轉到了下面這個JS里面,請求引數就是在這里加密的
https://y.qq.com/component/m/qmfe-security-sign/index.umd.js?max_age=2592000:formatted
具體的內容
!function(n, t) {
"object" == typeof exports && "undefined" != typeof module ? module.exports = t() : "function" == typeof define && define.amd ? define(t) : (n = n || self).getSecuritySign = t()
}(this, function() {
"use strict";
var n = function() {
if ("undefined" != typeof self)
return self;
if ("undefined" != typeof window)
return window;
if ("undefined" != typeof global)
return global;
throw new Error("unable to locate global object")
}();
n.__sign_hash_20200305 = function(n) {
function l(n, t) {
var o = (65535 & n) + (65535 & t);
return (n >> 16) + (t >> 16) + (o >> 16) << 16 | 65535 & o
}
function r(n, t, o, e, u, p) {
return l((i = l(l(t, n), l(e, p))) << (r = u) | i >>> 32 - r, o);
var i, r
}
function g(n, t, o, e, u, p, i) {
return r(t & o | ~t & e, n, t, u, p, i)
}
function a(n, t, o, e, u, p, i) {
return r(t & e | o & ~e, n, t, u, p, i)
}
function s(n, t, o, e, u, p, i) {
return r(t ^ o ^ e, n, t, u, p, i)
}
function v(n, t, o, e, u, p, i) {
return r(o ^ (t | ~e), n, t, u, p, i)
}
function t(n) {
return function(n) {
var t, o = "";
for (t = 0; t < 32 * n.length; t += 8)
o += String.fromCharCode(n[t >> 5] >>> t % 32 & 255);
return o
}(function(n, t) {
n[t >> 5] |= 128 << t % 32,
n[14 + (t + 64 >>> 9 << 4)] = t;
var o, e, u, p, i, r = 1732584193, f = -271733879, h = -1732584194, c = 271733878;
for (o = 0; o < n.length; o += 16)
r = g(e = r, u = f, p = h, i = c, n[o], 7, -680876936),
c = g(c, r, f, h, n[o + 1], 12, -389564586),
h = g(h, c, r, f, n[o + 2], 17, 606105819),
f = g(f, h, c, r, n[o + 3], 22, -1044525330),
r = g(r, f, h, c, n[o + 4], 7, -176418897),
c = g(c, r, f, h, n[o + 5], 12, 1200080426),
h = g(h, c, r, f, n[o + 6], 17, -1473231341),
f = g(f, h, c, r, n[o + 7], 22, -45705983),
r = g(r, f, h, c, n[o + 8], 7, 1770035416),
c = g(c, r, f, h, n[o + 9], 12, -1958414417),
h = g(h, c, r, f, n[o + 10], 17, -42063),
f = g(f, h, c, r, n[o + 11], 22, -1990404162),
r = g(r, f, h, c, n[o + 12], 7, 1804603682),
c = g(c, r, f, h, n[o + 13], 12, -40341101),
h = g(h, c, r, f, n[o + 14], 17, -1502002290),
r = a(r, f = g(f, h, c, r, n[o + 15], 22, 1236535329), h, c, n[o + 1], 5, -165796510),
c = a(c, r, f, h, n[o + 6], 9, -1069501632),
h = a(h, c, r, f, n[o + 11], 14, 643717713),
f = a(f, h, c, r, n[o], 20, -373897302),
r = a(r, f, h, c, n[o + 5], 5, -701558691),
c = a(c, r, f, h, n[o + 10], 9, 38016083),
h = a(h, c, r, f, n[o + 15], 14, -660478335),
f = a(f, h, c, r, n[o + 4], 20, -405537848),
r = a(r, f, h, c, n[o + 9], 5, 568446438),
c = a(c, r, f, h, n[o + 14], 9, -1019803690),
h = a(h, c, r, f, n[o + 3], 14, -187363961),
f = a(f, h, c, r, n[o + 8], 20, 1163531501),
r = a(r, f, h, c, n[o + 13], 5, -1444681467),
c = a(c, r, f, h, n[o + 2], 9, -51403784),
h = a(h, c, r, f, n[o + 7], 14, 1735328473),
r = s(r, f = a(f, h, c, r, n[o + 12], 20, -1926607734), h, c, n[o + 5], 4, -378558),
c = s(c, r, f, h, n[o + 8], 11, -2022574463),
h = s(h, c, r, f, n[o + 11], 16, 1839030562),
f = s(f, h, c, r, n[o + 14], 23, -35309556),
r = s(r, f, h, c, n[o + 1], 4, -1530992060),
c = s(c, r, f, h, n[o + 4], 11, 1272893353),
h = s(h, c, r, f, n[o + 7], 16, -155497632),
f = s(f, h, c, r, n[o + 10], 23, -1094730640),
r = s(r, f, h, c, n[o + 13], 4, 681279174),
c = s(c, r, f, h, n[o], 11, -358537222),
h = s(h, c, r, f, n[o + 3], 16, -722521979),
f = s(f, h, c, r, n[o + 6], 23, 76029189),
r = s(r, f, h, c, n[o + 9], 4, -640364487),
c = s(c, r, f, h, n[o + 12], 11, -421815835),
h = s(h, c, r, f, n[o + 15], 16, 530742520),
r = v(r, f = s(f, h, c, r, n[o + 2], 23, -995338651), h, c, n[o], 6, -198630844),
c = v(c, r, f, h, n[o + 7], 10, 1126891415),
h = v(h, c, r, f, n[o + 14], 15, -1416354905),
f = v(f, h, c, r, n[o + 5], 21, -57434055),
r = v(r, f, h, c, n[o + 12], 6, 1700485571),
c = v(c, r, f, h, n[o + 3], 10, -1894986606),
h = v(h, c, r, f, n[o + 10], 15, -1051523),
f = v(f, h, c, r, n[o + 1], 21, -2054922799),
r = v(r, f, h, c, n[o + 8], 6, 1873313359),
c = v(c, r, f, h, n[o + 15], 10, -30611744),
h = v(h, c, r, f, n[o + 6], 15, -1560198380),
f = v(f, h, c, r, n[o + 13], 21, 1309151649),
r = v(r, f, h, c, n[o + 4], 6, -145523070),
c = v(c, r, f, h, n[o + 11], 10, -1120210379),
h = v(h, c, r, f, n[o + 2], 15, 718787259),
f = v(f, h, c, r, n[o + 9], 21, -343485551),
r = l(r, e),
f = l(f, u),
h = l(h, p),
c = l(c, i);
return [r, f, h, c]
}(function(n) {
var t, o = [];
for (o[(n.length >> 2) - 1] = void 0,
t = 0; t < o.length; t += 1)
o[t] = 0;
for (t = 0; t < 8 * n.length; t += 8)
o[t >> 5] |= (255 & n.charCodeAt(t / 8)) << t % 32;
return o
}(n), 8 * n.length))
}
function o(n) {
return t(unescape(encodeURIComponent(n)))
}
return function(n) {
var t, o, e = "0123456789abcdef", u = "";
for (o = 0; o < n.length; o += 1)
t = n.charCodeAt(o),
u += e.charAt(t >>> 4 & 15) + e.charAt(15 & t);
return u
}(o(n))
}
,
function r(f, h, c, l, g) {
g = g || [[this], [{}]];
for (var t = [], o = null, n = [function() {
return !0
}
, function() {}
, function() {
g.length = c[h++]
}
, function() {
g.push(c[h++])
}
, function() {
g.pop()
}
, function() {
var n = c[h++]
, t = g[g.length - 2 - n];
g[g.length - 2 - n] = g.pop(),
g.push(t)
}
, function() {
g.push(g[g.length - 1])
}
, function() {
g.push([g.pop(), g.pop()].reverse())
}
, function() {
g.push([l, g.pop()])
}
, function() {
g.push([g.pop()])
}
, function() {
var n = g.pop();
g.push(n[0][n[1]])
}
, function() {
g.push(g[g.pop()[0]][0])
}
, function() {
var n = g[g.length - 2];
n[0][n[1]] = g[g.length - 1]
}
, function() {
g[g[g.length - 2][0]][0] = g[g.length - 1]
}
, function() {
var n = g.pop()
, t = g.pop();
g.push([t[0][t[1]], n])
}
, function() {
var n = g.pop();
g.push([g[g.pop()][0], n])
}
, function() {
var n = g.pop();
g.push(delete n[0][n[1]])
}
, function() {
var n = [];
for (var t in g.pop())
n.push(t);
g.push(n)
}
, function() {
g[g.length - 1].length ? g.push(g[g.length - 1].shift(), !0) : g.push(void 0, !1)
}
, function() {
var n = g[g.length - 2]
, t = Object.getOwnPropertyDescriptor(n[0], n[1]) || {
configurable: !0,
enumerable: !0
};
t.get = g[g.length - 1],
Object.defineProperty(n[0], n[1], t)
}
, function() {
var n = g[g.length - 2]
, t = Object.getOwnPropertyDescriptor(n[0], n[1]) || {
configurable: !0,
enumerable: !0
};
t.set = g[g.length - 1],
Object.defineProperty(n[0], n[1], t)
}
, function() {
h = c[h++]
}
, function() {
var n = c[h++];
g[g.length - 1] && (h = n)
}
, function() {
throw g[g.length - 1]
}
, function() {
var n = c[h++]
, t = n ? g.slice(-n) : [];
g.length -= n,
g.push(g.pop().apply(l, t))
}
, function() {
var n = c[h++]
, t = n ? g.slice(-n) : [];
g.length -= n;
var o = g.pop();
g.push(o[0][o[1]].apply(o[0], t))
}
, function() {
var n = c[h++]
, t = n ? g.slice(-n) : [];
g.length -= n,
t.unshift(null),
g.push(new (Function.prototype.bind.apply(g.pop(), t)))
}
, function() {
var n = c[h++]
, t = n ? g.slice(-n) : [];
g.length -= n,
t.unshift(null);
var o = g.pop();
g.push(new (Function.prototype.bind.apply(o[0][o[1]], t)))
}
, function() {
g.push(!g.pop())
}
, function() {
g.push(~g.pop())
}
, function() {
g.push(typeof g.pop())
}
, function() {
g[g.length - 2] = g[g.length - 2] == g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] === g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] > g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] >= g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] << g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] >> g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] >>> g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] + g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] - g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] * g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] / g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] % g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] | g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] & g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] ^ g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2]in g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2]instanceof g.pop()
}
, function() {
g[g[g.length - 1][0]] = void 0 === g[g[g.length - 1][0]] ? [] : g[g[g.length - 1][0]]
}
, function() {
for (var e = c[h++], u = [], n = c[h++], t = c[h++], p = [], o = 0; o < n; o++)
u[c[h++]] = g[c[h++]];
for (var i = 0; i < t; i++)
p[i] = c[h++];
g.push(function n() {
var t = u.slice(0);
t[0] = [this],
t[1] = [arguments],
t[2] = [n];
for (var o = 0; o < p.length && o < arguments.length; o++)
0 < p[o] && (t[p[o]] = [arguments[o]]);
return r(f, e, c, l, t)
})
}
, function() {
t.push([c[h++], g.length, c[h++]])
}
, function() {
t.pop()
}
, function() {
return !!o
}
, function() {
o = null
}
, function() {
g[g.length - 1] += String.fromCharCode(c[h++])
}
, function() {
g.push("")
}
, function() {
g.push(void 0)
}
, function() {
g.push(null)
}
, function() {
g.push(!0)
}
, function() {
g.push(!1)
}
, function() {
g.length -= c[h++]
}
, function() {
g[g.length - 1] = c[h++]
}
, function() {
var n = g.pop()
, t = g[g.length - 1];
t[0][t[1]] = g[n[0]][0]
}
, function() {
var n = g.pop()
, t = g[g.length - 1];
t[0][t[1]] = n[0][n[1]]
}
, function() {
var n = g.pop()
, t = g[g.length - 1];
g[t[0]][0] = g[n[0]][0]
}
, function() {
var n = g.pop()
, t = g[g.length - 1];
g[t[0]][0] = n[0][n[1]]
}
, function() {
g[g.length - 2] = g[g.length - 2] < g.pop()
}
, function() {
g[g.length - 2] = g[g.length - 2] <= g.pop()
}
]; ; )
try {
for (; !n[c[h++]](); )
;
if (o)
throw o;
return g.pop()
} catch (n) {
var e = t.pop();
if (void 0 === e)
throw n;
o = n,
h = e[0],
g.length = e[1],
e[2] && (g[e[2]][0] = o)
}
}(120731, 0, [21, 34, 50, 100, 57, 50, 102, 50, 98, 99, 101, 52, 54, 97, 52, 99, 55, 56, 52, 49, 57, 54, 57, 49, 56, 98, 102, 100, 100, 48, 48, 55, 55, 102, 2, 10, 3, 2, 9, 48, 61, 3, 9, 48, 61, 4, 9, 48, 61, 5, 9, 48, 61, 6, 9, 48, 61, 7, 9, 48, 61, 8, 9, 48, 61, 9, 9, 48, 4, 21, 427, 54, 2, 15, 3, 2, 9, 48, 61, 3, 9, 48, 61, 4, 9, 48, 61, 5, 9, 48, 61, 6, 9, 48, 61, 7, 9, 48, 61, 8, 9, 48, 61, 9, 9, 48, 61, 10, 9, 48, 61, 11, 9, 48, 61, 12, 9, 48, 61, 13, 9, 48, 61, 14, 9, 48, 61, 10, 9, 55, 54, 97, 54, 98, 54, 99, 54, 100, 54, 101, 54, 102, 54, 103, 54, 104, 54, 105, 54, 106, 54, 107, 54, 108, 54, 109, 54, 110, 54, 111, 54, 112, 54, 113, 54, 114, 54, 115, 54, 116, 54, 117, 54, 118, 54, 119, 54, 120, 54, 121, 54, 122, 54, 48, 54, 49, 54, 50, 54, 51, 54, 52, 54, 53, 54, 54, 54, 55, 54, 56, 54, 57, 13, 4, 61, 11, 9, 55, 54, 77, 54, 97, 54, 116, 54, 104, 8, 55, 54, 102, 54, 108, 54, 111, 54, 111, 54, 114, 14, 55, 54, 77, 54, 97, 54, 116, 54, 104, 8, 55, 54, 114, 54, 97, 54, 110, 54, 100, 54, 111, 54, 109, 14, 25, 0, 3, 4, 9, 11, 3, 3, 9, 11, 39, 3, 1, 38, 40, 3, 3, 9, 11, 38, 25, 1, 13, 4, 61, 12, 9, 55, 13, 4, 61, 13, 9, 3, 0, 13, 4, 4, 3, 13, 9, 11, 3, 11, 9, 11, 66, 22, 306, 4, 21, 422, 24, 4, 3, 14, 9, 55, 54, 77, 54, 97, 54, 116, 54, 104, 8, 55, 54, 102, 54, 108, 54, 111, 54, 111, 54, 114, 14, 55, 54, 77, 54, 97, 54, 116, 54, 104, 8, 55, 54, 114, 54, 97, 54, 110, 54, 100, 54, 111, 54, 109, 14, 25, 0, 3, 10, 9, 55, 54, 108, 54, 101, 54, 110, 54, 103, 54, 116, 54, 104, 15, 10, 40, 25, 1, 13, 4, 61, 12, 9, 6, 11, 3, 10, 9, 3, 14, 9, 11, 15, 10, 38, 13, 4, 61, 13, 9, 6, 11, 6, 5, 1, 5, 0, 3, 1, 38, 13, 4, 61, 0, 5, 0, 43, 4, 21, 291, 61, 3, 12, 9, 11, 0, 3, 9, 9, 49, 72, 0, 2, 3, 4, 13, 4, 61, 8, 9, 21, 721, 3, 2, 8, 3, 2, 9, 48, 61, 3, 9, 48, 61, 4, 9, 48, 61, 5, 9, 48, 61, 6, 9, 48, 61, 7, 9, 48, 4, 55, 54, 115, 54, 101, 54, 108, 54, 102, 8, 10, 30, 55, 54, 117, 54, 110, 54, 100, 54, 101, 54, 102, 54, 105, 54, 110, 54, 101, 54, 100, 32, 28, 22, 510, 4, 21, 523, 22, 4, 55, 54, 115, 54, 101, 54, 108, 54, 102, 8, 10, 0, 55, 54, 119, 54, 105, 54, 110, 54, 100, 54, 111, 54, 119, 8, 10, 30, 55, 54, 117, 54, 110, 54, 100, 54, 101, 54, 102, 54, 105, 54, 110, 54, 101, 54, 100, 32, 28, 22, 566, 4, 21, 583, 3, 4, 55, 54, 119, 54, 105, 54, 110, 54, 100, 54, 111, 54, 119, 8, 10, 0, 55, 54, 103, 54, 108, 54, 111, 54, 98, 54, 97, 54, 108, 8, 10, 30, 55, 54, 117, 54, 110, 54, 100, 54, 101, 54, 102, 54, 105, 54, 110, 54, 101, 54, 100, 32, 28, 22, 626, 4, 21, 643, 25, 4, 55, 54, 103, 54, 108, 54, 111, 54, 98, 54, 97, 54, 108, 8, 10, 0, 55, 54, 69, 54, 114, 54, 114, 54, 111, 54, 114, 8, 55, 54, 117, 54, 110, 54, 97, 54, 98, 54, 108, 54, 101, 54, 32, 54, 116, 54, 111, 54, 32, 54, 108, 54, 111, 54, 99, 54, 97, 54, 116, 54, 101, 54, 32, 54, 103, 54, 108, 54, 111, 54, 98, 54, 97, 54, 108, 54, 32, 54, 111, 54, 98, 54, 106, 54, 101, 54, 99, 54, 116, 27, 1, 23, 56, 0, 49, 444, 0, 0, 24, 0, 13, 4, 61, 8, 9, 55, 54, 95, 54, 95, 54, 103, 54, 101, 54, 116, 54, 83, 54, 101, 54, 99, 54, 117, 54, 114, 54, 105, 54, 116, 54, 121, 54, 83, 54, 105, 54, 103, 54, 110, 15, 21, 1126, 49, 2, 14, 3, 2, 9, 48, 61, 3, 9, 48, 61, 4, 9, 48, 61, 5, 9, 48, 61, 6, 9, 48, 61, 7, 9, 48, 61, 8, 9, 48, 61, 9, 9, 48, 61, 10, 9, 48, 61, 11, 9, 48, 61, 9, 9, 55, 54, 108, 54, 111, 54, 99, 54, 97, 54, 116, 54, 105, 54, 111, 54, 110, 8, 10, 30, 55, 54, 117, 54, 110, 54, 100, 54, 101, 54, 102, 54, 105, 54, 110, 54, 101, 54, 100, 32, 28, 22, 862, 21, 932, 21, 4, 55, 54, 108, 54, 111, 54, 99, 54, 97, 54, 116, 54, 105, 54, 111, 54, 110, 8, 55, 54, 104, 54, 111, 54, 115, 54, 116, 14, 55, 54, 105, 54, 110, 54, 100, 54, 101, 54, 120, 54, 79, 54, 102, 14, 55, 54, 121, 54, 46, 54, 113, 54, 113, 54, 46, 54, 99, 54, 111, 54, 109, 25, 1, 3, 0, 3, 1, 39, 32, 22, 963, 4, 55, 54, 67, 54, 74, 54, 66, 54, 80, 54, 65, 54, 67, 54, 114, 54, 82, 54, 117, 54, 78, 54, 121, 54, 55, 21, 974, 50, 4, 3, 12, 9, 11, 3, 8, 3, 10, 24, 2, 13, 4, 61, 10, 9, 3, 13, 9, 55, 54, 95, 54, 95, 54, 115, 54, 105, 54, 103, 54, 110, 54, 95, 54, 104, 54, 97, 54, 115, 54, 104, 54, 95, 54, 50, 54, 48, 54, 50, 54, 48, 54, 48, 54, 51, 54, 48, 54, 53, 15, 10, 22, 1030, 21, 1087, 22, 4, 3, 13, 9, 55, 54, 95, 54, 95, 54, 115, 54, 105, 54, 103, 54, 110, 54, 95, 54, 104, 54, 97, 54, 115, 54, 104, 54, 95, 54, 50, 54, 48, 54, 50, 54, 48, 54, 48, 54, 51, 54, 48, 54, 53, 15, 3, 9, 9, 11, 3, 3, 9, 11, 38, 25, 1, 13, 4, 61, 11, 9, 3, 12, 9, 11, 3, 10, 3, 53, 3, 37, 39, 24, 2, 13, 4, 4, 55, 54, 122, 54, 122, 54, 97, 3, 11, 9, 11, 38, 3, 10, 9, 11, 38, 0, 49, 771, 2, 1, 12, 9, 13, 8, 3, 12, 4, 4, 56, 0], n);
var t = n.__getSecuritySign;
return delete n.__getSecuritySign,
t
});
然后在進入函式的回傳出下斷點,斷在如下位置后,在控制臺執行
r(f, e, c, l, t)
然后列印引數t,我們可以看到引數t里面出現了幾個很特別的引數
CJBPACrRuNy7
97bc3696a5f2740962d1e6c467957c88
{"detail":{"module":"musicToplist.ToplistInfoServer","method":"GetDetail","param":{"topId":4,"offset":0,"num":20,"period":"2020-12-21"}},"comm":{"ct":24,"cv":0}}
看到97bc3696a5f2740962d1e6c467957c88 這樣的數字,又是32位,可以大膽地猜測是md5,事實上,97bc3696a5f2740962d1e6c467957c88就是 把固定的字串CJBPACrRuNy7與請求引數拼接起來之后的md5值
CJBPACrRuNy7{"detail":{"module":"musicToplist.ToplistInfoServer","method":"GetDetail","param":{"topId":4,"offset":0,"num":20,"period":"2020-12-21"}},"comm":{"ct":24,"cv":0}}
這個JS檔案的作用就是用JS實作了一段MD5加密演算法,
多次探索之后,我發現sign由以下規則生成
固定頭zza+一段隨機的小寫字串,由小寫字母和數字組成,長度為10-16位+對固定字串和請求引數取md5,這三部分拼接而成,
下面回到我們除錯的地方,取消所有斷電,放開運行,之后我們就得到了一個網址
https://u.y.qq.com/cgi-bin/musics.fcg?-=getUCGI5601160880585316&g_tk=680034686&sign=zza4bb58zhof1tkhk8t97bc3696a5f2740962d1e6c467957c88&loginUin=0&hostUin=0&format=json&inCharset=utf8&outCharset=utf-8¬ice=0&platform=yqq.json&needNewCode=0&data=%7B%22detail%22%3A%7B%22module%22%3A%22musicToplist.ToplistInfoServer%22%2C%22method%22%3A%22GetDetail%22%2C%22param%22%3A%7B%22topId%22%3A4%2C%22offset%22%3A0%2C%22num%22%3A20%2C%22period%22%3A%222020-12-21%22%7D%7D%2C%22comm%22%3A%7B%22ct%22%3A24%2C%22cv%22%3A0%7D%7D
計算出了sign后面就可以正常請求了,
3、Java代碼實作
附上一段無名音樂中計算sign的代碼,用Java實作
public class QqEncrypt {
private static final String encNonce="CJBPACrRuNy7";
private static final String signPrxfix="zza";
private static final char[] dir="0234567890abcdefghijklmnopqrstuvwxyz".toCharArray();
/**
*
*@param encParams 需要加密的引數,這是一段請求體資料,為json字串格式,例如下面的格式,可以抓包獲取
* {"comm":{"ct":24,"cv":0},"vip":{"module":"userInfo…baseinfo_v2","param":{"vec_uin":["3011429848"]}}}
*
* @return 加密的方式為固定字串 zza加上一個10-16位的隨機字串再加上 固定字串 CJBPACrRuNy7加上請求資料拼接的 MD5值
*/
public static String getSign(String encParams){
return signPrxfix+uuidGenerate()+ Md5Encrypt.convertToMd5(encNonce+encParams);
}
private static String uuidGenerate(){
int minLen=10;
int maxLen=16;
Random ran=new Random(System.currentTimeMillis());
int ranLen=ran.nextInt(maxLen-minLen)+minLen;
StringBuilder sb=new StringBuilder(ranLen);
for (int i=0;i<ranLen;i++){
sb.append(dir[ran.nextInt(dir.length)]);
}
return sb.toString();
}
}
public class Md5Encrypt {
//必須要重視編碼問題了!折騰了好多天才發現MD5要用UTF-8形式加密
public static String convertToMd5(String plainText) {
byte[] secretBytes = null;
try {
secretBytes = MessageDigest.getInstance("md5").digest(plainText.getBytes("utf-8"));
} catch (Exception e) {
throw new RuntimeException("沒有這個md5演算法!");
}
String md5code = new BigInteger(1, secretBytes).toString(16);
for (int i = 0; i < 32 - md5code.length(); i++) {
md5code = "0" + md5code;
}
return md5code;
}
}
下面是封裝了一段請求代碼
public class RequestModule {
/**
* musicu支持加密請求和不加密請求,沒有對請求進行限制
* musics僅支持加密請求
*/
private static final String[] apiServer={"https://u.y.qq.com/cgi-bin/musicu.fcg?","https://u.y.qq.com/cgi-bin/musics.fcg?"};
private static final Map<String,String> headerMap=new HashMap<>();
static {
headerMap.put("user-agent","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.66");
headerMap.put("accept-encoding","application/json");
headerMap.put("cache-control","max-age=0");
}
/**
* 請求示例:{"area":-100,"sex":-100,"genre":-100,"index":15,"sin":0,"cur_page":1}
* @param area 地區 -100 不限
* @param genre 流派 全部:-100,流行:1 ,搖滾:2,民謠:3,電子:4,爵士:5,嘻哈:6 .....
* @param index 索引 熱門:-100 范圍 0-26 對應歌手名稱拼音A-Z開頭
* @param sex 性別 不限:-100 男:0 女:1 組合:2
* @param sin 偏移(第sin位)
* @param currPage 當前頁,第n頁,默認每頁最多80人
* @return
*/
public static String getSingerList(int area,int genre,int index,int sex,int sin,int currPage){
RequestTemplate template=new RequestTemplate("Music.SingerListServer","get_singer_list","{\"area\":"+area+",\"sex\":"+sex+",\"genre\":"+genre+",\"index\":"+index+",\"sin\":"+sin+",\"cur_page\":"+currPage+"}");
RequestTemplateBuilder templateBuilder=new RequestTemplateBuilder();
templateBuilder.add("singerList",template);
String sign= QqEncrypt.getSign(templateBuilder.toString());
Random ran=new Random(System.currentTimeMillis());
return HttpRequestHelper.downloadWebSiteUsePost(apiServer[ran.nextInt(apiServer.length)]+"sign="+sign,templateBuilder.toString(),headerMap);
}
public static String getHotSingerList(){
return getSingerList(-100,-100,-100,-100,0,1);
}
/**
*
* @param songId 統一規范,指的是songmid
* @return
*/
public static String getSongDetail(String songId){
//{"songinfo":{"module":"music.pf_song_detail_svr","method":"get_song_detail","param":{"song_mid":"112344"}}}
RequestTemplate template=new RequestTemplate("music.pf_song_detail_svr","get_song_detail","{\"song_mid\":\""+songId+"\"}");
RequestTemplateBuilder templateBuilder=new RequestTemplateBuilder();
templateBuilder.add("songdetail",template);
String sign= QqEncrypt.getSign(templateBuilder.toString());
Random ran=new Random(System.currentTimeMillis());
return HttpRequestHelper.downloadWebSiteUsePost(apiServer[ran.nextInt(apiServer.length)] +"sign="+sign,templateBuilder.toString(),headerMap);
}
}
物體類
public class RequestTemplate{
public String module="";
public String method="";
public Object param=new Object();
public RequestTemplate() {
}
public RequestTemplate(String module, String method, Object param) {
this.module = module;
this.method = method;
this.param = param;
}
public String getModule() {
return module;
}
public void setModule(String module) {
this.module = module;
}
public String getMethod() {
return method;
}
public void setMethod(String method) {
this.method = method;
}
public Object getParam() {
return param;
}
public void setParam(Object param) {
this.param = param;
}
@Override
public String toString() {
return "{" +
"\"module\":\"" + module + "\"" +
",\"method\":\"" + method + "\"" +
",\"param\":" + param.toString() +
"}";
}
}
/**
* 構造請求結構,所有請求都可以是這樣的
*
* {
* "comm": {
* "ct": 24,
* "cv": 0
* },
* "singerList": {
* "module": "Music.SingerListServer",
* "method": "get_singer_list",
* "param": {
* "area": -100,
* "sex": -100,
* "genre": -100,
* "index": -100,
* "sin": 0,
* "cur_page": 1
* }
* }
* }
*/
public class RequestTemplateBuilder {
private Map<String,Object> requestTemplateMap=new HashMap<>();
public RequestTemplateBuilder add(String name, Object req){
requestTemplateMap.put(name,req);
return this;
}
@Override
public String toString() {
StringBuilder sb=new StringBuilder();
for (String key: requestTemplateMap.keySet()){
sb.append("\"").append(key).append("\":").append(requestTemplateMap.get(key).toString()).append(",");
}
sb.substring(0,sb.length()-1);
return "{"+sb.substring(0,sb.length()-1)+"}";
}
}
4、總結
核心的加密函式在以下JS檔案中實作,這段JS主要就是實作了MD5演算法,由于以前沒接觸過如何實作MD5演算法,在分析這段代碼上還是遇到了很大困難的,不過我們在實作程序中完全不必自己實作MD5加密演算法,我們可以直接使用各個語言上的加密庫實作MD5加密,
https://y.qq.com/component/m/qmfe-security-sign/index.umd.js?max_age=2592000:formatted
轉載請註明出處,本文鏈接:https://www.uj5u.com/qianduan/239068.html
標籤:其他
上一篇:robots