好友
阅读权限10
听众
最后登录1970-1-1
|
本帖最后由 zhoumo1111 于 2023-2-3 20:26 编辑
说在前面:
1,本人用的较低版本某浪 APP(3.9.0),当前(2023-02-03)最新版本5.6.0 无法抓包。爱思可装历史版本。
2,仅供学习
正文:
1,打开某浪APP,启动手机中抓包APP(Stream 或 HTTPCatcher)
2,进入要获取视频的课程详情,并点击查看全部章节
3,在抓包APP中找到 GET student-api-lf.iyincaishijiao.com/ep/course/lessons? 的数据请求。
4,解析第3的响应主体:data(字典)→data(数组,多章节)→item→lesson_info(字典)
5,lesson_info可中取出 课程id 课程名称,章节id 章节名称,视频信息在 video(字典)中
6,video 中可取得
(1)play_auth_token,如下:
eyJHZXRQbGF5SW5mb1Rva2VuIjoiQWN0aW9uPUdldFBsYXlJbmZvXHUwMDI2VmVyc2lvbj0yMDE5LTAzLTE1XHUwMDI2WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTZcdTAwMjZYLUFtei1DcmVkZW50aWFsPUFLTFRNbVkzWWpnNU5XVXpaRFl3TkdJMk4ySmpNbUZoWVdJME56Rm1ZV1F4WTJZJTJGMjAyMzAyMDMlMkZjbi1ub3J0aC0xJTJGdm9kJTJGYXdzNF9yZXF1ZXN0XHUwMDI2WC1BbXotRGF0ZT0yMDIzMDIwM1QxMTAyNDRaXHUwMDI2WC1BbXotRXhwaXJlcz0yMTYwMFx1MDAyNlgtQW16LU5vdFNpZ25Cb2R5PVx1MDAyNlgtQW16LVNpZ25hdHVyZT0zMTgyMGNjZWNiNGViNDY2ZmQ1NzJiNGUyYzhhMjYwMmY0ODkxZWUyMjc2MzI4NGI1NjQ3ZThjZTgzY2NkNjI4XHUwMDI2WC1BbXotU2lnbmVkSGVhZGVycz1cdTAwMjZYLUFtei1TaWduZWRRdWVyaWVzPUFjdGlvbiUzQlZlcnNpb24lM0JYLUFtei1BbGdvcml0aG0lM0JYLUFtei1DcmVkZW50aWFsJTNCWC1BbXotRGF0ZSUzQlgtQW16LUV4cGlyZXMlM0JYLUFtei1Ob3RTaWduQm9keSUzQlgtQW16LVNpZ25lZEhlYWRlcnMlM0JYLUFtei1TaWduZWRRdWVyaWVzJTNCYWlkJTNCYXV0aF9wb2xpY3klM0Jmb3JtYXRfdHlwZSUzQnNzbCUzQnN0cmVhbV90eXBlJTNCdXJsX3R5cGUlM0J2aWRlb19pZFx1MDAyNmFpZD0yOTg5XHUwMDI2YXV0aF9wb2xpY3k9ZXlKMmJTSTZNeXdpZFdsa0lqb2lNQ0o5XHUwMDI2Zm9ybWF0X3R5cGU9aGxzXHUwMDI2c3NsPTFcdTAwMjZzdHJlYW1fdHlwZT1ldmlkZW9cdTAwMjZ1cmxfdHlwZT02XHUwMDI2dmlkZW9faWQ9djAyYjAxZzEwMDAwYzVpbTIxM2M3N3U5OGwzZjhrbzAiLCJWZXJzaW9uIjoidjEifQ==
(2)kds_token,如下:
HMAC-SHA1%3A1.0%3A1675429364%3AAKLTMmY3Yjg5NWUzZDYwNGI2N2JjMmFhYWI0NzFmYWQxY2Y%3A3vSAUUXn8dUFszwPcg2nL91VjUA%3D
7,将第6步获取的play_auth_token进行base64解码,获得GetPlayInfoToken,如下:(注意:\u0026 替换成 &)
{"GetPlayInfoToken":"Action=GetPlayInfo&Version=2019-03-15&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKLTMmY3Yjg5NWUzZDYwNGI2N2JjMmFhYWI0NzFmYWQxY2Y%2F20230203%2Fcn-north-1%2Fvod%2Faws4_request&X-Amz-Date=20230203T110244Z&X-Amz-Expires=21600&X-Amz-NotSignBody=&X-Amz-Signature=31820ccecb4eb466fd572b4e2c8a2602f4891ee22763284b5647e8ce83ccd628&X-Amz-SignedHeaders=&X-Amz-SignedQueries=Action%3BVersion%3BX-Amz-Algorithm%3BX-Amz-Credential%3BX-Amz-Date%3BX-Amz-Expires%3BX-Amz-NotSignBody%3BX-Amz-SignedHeaders%3BX-Amz-SignedQueries%3Baid%3Bauth_policy%3Bformat_type%3Bssl%3Bstream_type%3Burl_type%3Bvideo_id&aid=2989&auth_policy=eyJ2bSI6MywidWlkIjoiMCJ9&format_type=hls&ssl=1&stream_type=evideo&url_type=6&video_id=v02b01g10000c5im213c77u98l3f8ko0","Version":"v1"}
8,在GetPlayInfoToken的值前拼接上域名https://vod.bytedanceapi.com/ ,得请求链接如下:
https://vod.bytedanceapi.com/?Action=GetPlayInfo&Version=2019-03-15&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKLTMmY3Yjg5NWUzZDYwNGI2N2JjMmFhYWI0NzFmYWQxY2Y%2F20230203%2Fcn-north-1%2Fvod%2Faws4_request&X-Amz-Date=20230203T110244Z&X-Amz-Expires=21600&X-Amz-NotSignBody=&X-Amz-Signature=31820ccecb4eb466fd572b4e2c8a2602f4891ee22763284b5647e8ce83ccd628&X-Amz-SignedHeaders=&X-Amz-SignedQueries=Action%3BVersion%3BX-Amz-Algorithm%3BX-Amz-Credential%3BX-Amz-Date%3BX-Amz-Expires%3BX-Amz-NotSignBody%3BX-Amz-SignedHeaders%3BX-Amz-SignedQueries%3Baid%3Bauth_policy%3Bformat_type%3Bssl%3Bstream_type%3Burl_type%3Bvideo_id&aid=2989&auth_policy=eyJ2bSI6MywidWlkIjoiMCJ9&format_type=hls&ssl=1&stream_type=evideo&url_type=6&video_id=v02b01g10000c5im213c77u98l3f8ko0
9,GET请求第8步中的链接,获得json结构数据Result,解析Result→Data→PlayInfoList(数组,最后一个item为高清视频数据)→item→lMainPlayUrl,得m3u8地址如下:
https://v3-ep.iyincaishijiao.com/c0ecd8310a6cd7e5a06ade2cae8af86e/63dcfc7b/dash/hls-v02b01g10000c5im213c77u98l3f8ko0/tos-cn-v-9d0c2e/fe2472c7c8794c9b812e4215f0e24e9c/main.m3u8?a=2989&ch=0&cr=0&dr=0&er=1&cd=0%7C0%7C0%7C0&br=2256&bt=2256&cs=0&ds=4&mime_type=video_mp4&qs=0&rc=OWhpZjczN2c0ZDczNDg3NkBpM25pbzw6ZjRwODMzNDRlM0BgYDIxMF8xXzQxYF4wYTA1YSNsNTA1cjQwL2ZgLS1kLS9zcw%3D%3D&l=20230203191034DE1F7A61F85B392F37F0&btag=38000
10,根据第9步的m3u8地址,下载m3u8文件,发现该m3u8为AES-128加密。用TXT打卡m3u8文件,获得URI:
http://kds.bytedance.com/kds/api/v1/keys?source=jarvis&ak=616561046c39fc94546f45300102b01b
拼接上第6步获取的kds_token,得如下链接:
http://kds.bytedance.com/kds/api/v1/keys?source=jarvis&ak=616561046c39fc94546f45300102b01b&token=HMAC-SHA1%3A1.0%3A1675429364%3AAKLTMmY3Yjg5NWUzZDYwNGI2N2JjMmFhYWI0NzFmYWQxY2Y%3A3vSAUUXn8dUFszwPcg2nL91VjUA%3D
11,GET请求第10步的链接,得到data:
ZmQzNzFhYWJlNDI1NDZmZA==
data进行base64转16进制得key:66643337316161626534323534366664
12,下载每个ts文件,路径用第9步中得到的m3u8路径,示例如下:
https://v3-ep.iyincaishijiao.com/c0ecd8310a6cd7e5a06ade2cae8af86e/63dcfc7b/dash/hls-v02b01g10000c5im213c77u98l3f8ko0/tos-cn-v-9d0c2e/fe2472c7c8794c9b812e4215f0e24e9c/0.ts
13,用openssl命令解密,其中-iv在m3u8文件中直接得到,K为第11步获取的key,示例命令如下:
openssl aes-128-cbc -d -in 0.ts -out 0.mp4 -nosalt -iv 00000000000000000000000000000000 -K 66643337316161626534323534366664
14,循环第13步解密所有ts文件,用ffmpeg可合并。
|
免费评分
-
查看全部评分
|
发帖前要善用【论坛搜索】功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。 |
|
|
|
|
|
|
发表于 2023-2-3 20:21
