关于WEB端优酷YouKu弹幕分析笔记

题记

近期对官方源弹幕进行优化更新及新增,目前支持优酷,奇艺,腾讯,芒果,bilibili,乐视,搜狐。
优化了颜色显示、出现位置、文字大小,更具真实性,特色!
常有弹幕在,观影不孤独!

数据分析

通过抓包:
参考官方JS:https://g.alicdn.com/pc-playpage-components/youku-barrage/0.1.24/index.js

1、https://acs.youku.com/h5/mopen.youku.danmu.list/1.0/?jsv=2.5.1&appKey=24679788&t=1632124149241&sign=9df66618e35f8ff79242106ea10f48f9&api=mopen.youku.danmu.list&v=1.0&type=originaljson&dataType=jsonp&timeout=20000&jsonpIncPrefix=utility

这是接口,仍需要POST提交数据
2、post数据data=%7B%22pid%22%3A0%2C%22ctype%22%3A10004%2C%22sver%22%3A%223.1.0%22%2C%22cver%22%3A%22v1.0%22%2C%22ctime%22%3A1632124149214%2C%22guid%22%3A%22JCCoF7kmLS4CATFSBgl5BofS%22%2C%22vid%22%3A%22XNTE4NjI4MTI1Ng%3D%3D%22%2C%22mat%22%3A6%2C%22mcount%22%3A1%2C%22type%22%3A1%2C%22msg%22%3A%22eyJjdGltZSI6MTYzMjEyNDE0OTIxNCwiY3R5cGUiOjEwMDA0LCJjdmVyIjoidjEuMCIsImd1aWQiOiJKQ0NvRjdrbUxTNENBVEZTQmdsNUJvZlMiLCJtYXQiOjYsIm1jb3VudCI6MSwicGlkIjowLCJzdmVyIjoiMy4xLjAiLCJ0eXBlIjoxLCJ2aWQiOiJYTlRFNE5qSTRNVEkxTmc9PSJ9%22%2C%22sign%22%3A%22ef83bc07a5aedffaf104ce5cfff8f63a%22%7D
通过urlencode解码可得json明文。

{"pid":0,"ctype":10004,"sver":"3.1.0","cver":"v1.0","ctime":1632124149214,"guid":"JCCoF7kmLS4CATFSBgl5BofS","vid":"XNTE4NjI4MTI1Ng==","mat":6,"mcount":1,"type":1,"msg":"eyJjdGltZSI6MTYzMjEyNDE0OTIxNCwiY3R5cGUiOjEwMDA0LCJjdmVyIjoidjEuMCIsImd1aWQiOiJKQ0NvRjdrbUxTNENBVEZTQmdsNUJvZlMiLCJtYXQiOjYsIm1jb3VudCI6MSwicGlkIjowLCJzdmVyIjoiMy4xLjAiLCJ0eXBlIjoxLCJ2aWQiOiJYTlRFNE5qSTRNVEkxTmc9PSJ9","sign":"ef83bc07a5aedffaf104ce5cfff8f63a"}

先分析接口地址,其他都可以通过明文获取除了sign参数,大约可得知是md5,继续翻官方JS。https://g.alicdn.com/youku-node/pc-playpage/1.3.38/scripts/lib.js

if (i.H5Request === !0) {
            var n = "//" + (i.prefix ? i.prefix + "." : "") + (i.subDomain ? i.subDomain + "." : "") + i.mainDomain +
                "/h5/" + t.api.toLowerCase() + "/" + t.v.toLowerCase() + "/",
                r = t.appKey || ("waptest" === i.subDomain ? "4272" : "12574478"),
                a = (new Date).getTime(),
                o = s(i.token + "&" + a + "&" + r + "&" + t.data),
                l = {
                    appKey: r,
                    t: a,
                    sign: o
                },
                u = {
                    data: t.data,
                    ua: t.ua
                };
            Object.keys(t).forEach(function (e) {
                "undefined" == typeof l[e] && "undefined" == typeof u[e] && (l[e] = t[e])
            }), i.getJSONP ? l.type = "jsonp" : i.getOriginalJSONP ? l.type = "originaljsonp" : (i.getJSON || i
                .postJSON) && (l.type = "originaljson"), i.querystring = l, i.postdata = u, i.path = n
        }

i.token就是cookie m_h5_tk 中的【】前面一部分,
a是时间戳,
r当前appKey,
t.data就是上面post的data值

md5(2f8596ebe61d0619ebc0581e41a682b2 + "&" + 1632126761503 + "&" + 24679788 + "&" + {"pid":0,"ctype":10004,"sver":"3.1.0","cver":"v1.0","ctime":1632124149214,"guid":"JCCoF7kmLS4CATFSBgl5BofS","vid":"XNTE4NjI4MTI1Ng==","mat":6,"mcount":1,"type":1,"msg":"eyJjdGltZSI6MTYzMjEyNDE0OTIxNCwiY3R5cGUiOjEwMDA0LCJjdmVyIjoidjEuMCIsImd1aWQiOiJKQ0NvRjdrbUxTNENBVEZTQmdsNUJvZlMiLCJtYXQiOjYsIm1jb3VudCI6MSwicGlkIjowLCJzdmVyIjoiMy4xLjAiLCJ0eXBlIjoxLCJ2aWQiOiJYTlRFNE5qSTRNVEkxTmc9PSJ9","sign":"ef83bc07a5aedffaf104ce5cfff8f63a"})

接口地址解析的差不多了,现在看POST的数据

ctime,mat,msg,sign,vid是动态的,需要获取
ctime时间戳
mat可能是弹幕文件的序列号,从0开始(暂定)
msg,先base64解码一下,发现其实就是套用母层数据重新生成一个JSON,没什么难度

{"ctime":1632124149214,"ctype":10004,"cver":"v1.0","guid":"JCCoF7kmLS4CATFSBgl5BofS","mat":6,"mcount":1,"pid":0,"sver":"3.1.0","type":1,"vid":"XNTE4NjI4MTI1Ng=="}

sign的算法:md5(编码后的msg值+MD5盐值)
md5的盐值为MkmC9SoIw6xCkSKHhJ7b5D2r51kBiREr
访问时要附带cookie

给TA打赏
共{{data.count}}人
人已打赏
技术笔记

记录Github加速(含国内镜像与加速下载)

2021-12-18 23:45:07

技术笔记

sojson.v4混淆解密过程及其快捷代码

2021-12-21 16:13:30

声明 本站文章上的代码及教程皆来源于NOW世界(favnow.com),仅供学习交流,切勿用于非法用途。转载请备注来源!
如果您对此有任何有建树的想法都可以请您发送邮件至 cople@139.com 或点击右侧 私信:鲨鱼,我们将尽快处理!
0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索