题记
近期对官方源弹幕进行优化更新及新增,目前支持优酷,奇艺,腾讯,芒果,bilibili,乐视,搜狐。
优化了颜色显示、出现位置、文字大小,更具真实性,特色!
常有弹幕在,观影不孤独!
数据分析
通过抓包:
参考官方JS:https://g.alicdn.com/pc-playpage-components/youku-barrage/0.1.24/index.js
1、https://acs.youku.com/h5/mopen.youku.danmu.list/1.0/?jsv=2.5.1&appKey=24679788&t=1632124149241&sign=9df66618e35f8ff79242106ea10f48f9&api=mopen.youku.danmu.list&v=1.0&type=originaljson&dataType=jsonp&timeout=20000&jsonpIncPrefix=utility
这是接口,仍需要POST提交数据
2、post数据data=%7B%22pid%22%3A0%2C%22ctype%22%3A10004%2C%22sver%22%3A%223.1.0%22%2C%22cver%22%3A%22v1.0%22%2C%22ctime%22%3A1632124149214%2C%22guid%22%3A%22JCCoF7kmLS4CATFSBgl5BofS%22%2C%22vid%22%3A%22XNTE4NjI4MTI1Ng%3D%3D%22%2C%22mat%22%3A6%2C%22mcount%22%3A1%2C%22type%22%3A1%2C%22msg%22%3A%22eyJjdGltZSI6MTYzMjEyNDE0OTIxNCwiY3R5cGUiOjEwMDA0LCJjdmVyIjoidjEuMCIsImd1aWQiOiJKQ0NvRjdrbUxTNENBVEZTQmdsNUJvZlMiLCJtYXQiOjYsIm1jb3VudCI6MSwicGlkIjowLCJzdmVyIjoiMy4xLjAiLCJ0eXBlIjoxLCJ2aWQiOiJYTlRFNE5qSTRNVEkxTmc9PSJ9%22%2C%22sign%22%3A%22ef83bc07a5aedffaf104ce5cfff8f63a%22%7D
通过urlencode解码可得json明文。
{"pid":0,"ctype":10004,"sver":"3.1.0","cver":"v1.0","ctime":1632124149214,"guid":"JCCoF7kmLS4CATFSBgl5BofS","vid":"XNTE4NjI4MTI1Ng==","mat":6,"mcount":1,"type":1,"msg":"eyJjdGltZSI6MTYzMjEyNDE0OTIxNCwiY3R5cGUiOjEwMDA0LCJjdmVyIjoidjEuMCIsImd1aWQiOiJKQ0NvRjdrbUxTNENBVEZTQmdsNUJvZlMiLCJtYXQiOjYsIm1jb3VudCI6MSwicGlkIjowLCJzdmVyIjoiMy4xLjAiLCJ0eXBlIjoxLCJ2aWQiOiJYTlRFNE5qSTRNVEkxTmc9PSJ9","sign":"ef83bc07a5aedffaf104ce5cfff8f63a"}
先分析接口地址,其他都可以通过明文获取除了sign参数,大约可得知是md5,继续翻官方JS。https://g.alicdn.com/youku-node/pc-playpage/1.3.38/scripts/lib.js
if (i.H5Request === !0) {
var n = "//" + (i.prefix ? i.prefix + "." : "") + (i.subDomain ? i.subDomain + "." : "") + i.mainDomain +
"/h5/" + t.api.toLowerCase() + "/" + t.v.toLowerCase() + "/",
r = t.appKey || ("waptest" === i.subDomain ? "4272" : "12574478"),
a = (new Date).getTime(),
o = s(i.token + "&" + a + "&" + r + "&" + t.data),
l = {
appKey: r,
t: a,
sign: o
},
u = {
data: t.data,
ua: t.ua
};
Object.keys(t).forEach(function (e) {
"undefined" == typeof l[e] && "undefined" == typeof u[e] && (l[e] = t[e])
}), i.getJSONP ? l.type = "jsonp" : i.getOriginalJSONP ? l.type = "originaljsonp" : (i.getJSON || i
.postJSON) && (l.type = "originaljson"), i.querystring = l, i.postdata = u, i.path = n
}
i.token就是cookie m_h5_tk 中的【】前面一部分,
a是时间戳,
r当前appKey,
t.data就是上面post的data值
md5(2f8596ebe61d0619ebc0581e41a682b2 + "&" + 1632126761503 + "&" + 24679788 + "&" + {"pid":0,"ctype":10004,"sver":"3.1.0","cver":"v1.0","ctime":1632124149214,"guid":"JCCoF7kmLS4CATFSBgl5BofS","vid":"XNTE4NjI4MTI1Ng==","mat":6,"mcount":1,"type":1,"msg":"eyJjdGltZSI6MTYzMjEyNDE0OTIxNCwiY3R5cGUiOjEwMDA0LCJjdmVyIjoidjEuMCIsImd1aWQiOiJKQ0NvRjdrbUxTNENBVEZTQmdsNUJvZlMiLCJtYXQiOjYsIm1jb3VudCI6MSwicGlkIjowLCJzdmVyIjoiMy4xLjAiLCJ0eXBlIjoxLCJ2aWQiOiJYTlRFNE5qSTRNVEkxTmc9PSJ9","sign":"ef83bc07a5aedffaf104ce5cfff8f63a"})
接口地址解析的差不多了,现在看POST的数据
ctime,mat,msg,sign,vid是动态的,需要获取
ctime时间戳
mat可能是弹幕文件的序列号,从0开始(暂定)
msg,先base64解码一下,发现其实就是套用母层数据重新生成一个JSON,没什么难度
{"ctime":1632124149214,"ctype":10004,"cver":"v1.0","guid":"JCCoF7kmLS4CATFSBgl5BofS","mat":6,"mcount":1,"pid":0,"sver":"3.1.0","type":1,"vid":"XNTE4NjI4MTI1Ng=="}
sign的算法:md5(编码后的msg值+MD5盐值)
md5的盐值为MkmC9SoIw6xCkSKHhJ7b5D2r51kBiREr
访问时要附带cookie
