小红书shield算法分析

完整版 灰机@Lank5735

#!/usr/bin/python

# -*- coding: UTF-8 -*-

import base64

import binascii

from urllib import parse

from lib.xhs_shield_calc.XYOldShield_706 import get_oldsign

import time

import requests

import string

import random

class IOS:

    def get_ter_str(self, device_info, xycommonparams, xyplatforminfo):

        ts = int(time.time())

        url = "https://www.xiaohongshu.com/api/sns/v3/user/me?deviceId={}&device_fingerprint={}&device_fingerprint1={}&fid=1605335236101e0d28eb076dacfe290f2edc95ed7d21&lang=zh&platform=android&sid={}&sign=b1c352302484d97e6e9c93f7334a2720&t={}".format(

            device_info['deviceId'], device_info['device_fingerprint'], device_info['device_fingerprint'],

            device_info['sid'], ts)

        header = {

            "User-Agent": "discover/6.92 (iPhone; iOS 13.6; Scale/2.00) Resolution/828*1792 Version/6.92 Build/6920189 Device/(Apple Inc.;iPhone11,8) NetType/CellNetwork",

            "xy-common-params": xycommonparams,

            "xy-platform-info": xyplatforminfo,

        }

        response = requests.get(url, headers=header)

        return response.headers["xy-ter-str"]

    def getSign(self, url, main_hmac, xycommonparams, xyplatforminfo, device_info, data={}):

        parsed = parse.urlparse(url)

        path = parsed.path

        args = parse.parse_qs(parsed.query, keep_blank_values=True)

        params = dict([(k, v[0]) for k, v in args.items()])

        # main_hmac = get_ter_str(device_info=device_info, xycommonparams=xycommonparams, xyplatforminfo=xyplatforminfo)

        shield = get_oldsign(

            path=path,

            params=parse.urlencode(params),

            xy_common_params=xycommonparams,

            xy_platform_info=xyplatforminfo,

            data=parse.urlencode(data),

            main_hmac=main_hmac,

            device_id=device_info['deviceId']

        )

        return shield

class AndroidShield:

    __apk_version_build = "7060192"

    __app_id = "ecfaaf01"

    def __init__(self):

        """

        :param device_key: 小红书返回的x-ter-str

        :param device_id: 设备id

        :param content: 加密的内容

        """

        # self.device_key = device_key

        # self.device_id = device_id

        # self.content = content

    def get_ter_str(self, device_info, xycommonparams, xyplatforminfo):

        ts = int(time.time())

        url = "https://www.xiaohongshu.com/api/sns/v3/user/me?deviceId={}&device_fingerprint={}&device_fingerprint1={}&fid=1605335236101e0d28eb076dacfe290f2edc95ed7d21&lang=zh&platform=android&sid={}&sign=b1c352302484d97e6e9c93f7334a2720&t={}".format(

            device_info['deviceId'], device_info['device_fingerprint'], device_info['device_fingerprint'],

            device_info['sid'], ts)

        header = {

            "User-Agent": "discover/6.92 (iPhone; iOS 13.6; Scale/2.00) Resolution/828*1792 Version/6.92 Build/6920189 Device/(Apple Inc.;iPhone11,8) NetType/CellNetwork",

            "xy-common-params": xycommonparams,

            "xy-platform-info": xyplatforminfo,

        }

        response = requests.get(url, headers=header)

        return response.headers["xy-ter-str"]

    @staticmethod

    def strT0Hexstr(str):

        return binascii.hexlify(str.encode()).decode('utf-8')

    def getSign(self, path='', params='', xy_common_params='', xy_platform_info='', data='', content='',

                main_hmac='', device_id=''):

        """

        生成签名  根据main_hmac device_id解密出一个key。

        """

        _res = get_oldsign(path=path, params=params, xy_common_params=xy_common_params,

                          xy_platform_info=xy_platform_info, data=data,

                          content=content, main_hmac=main_hmac, device_id=device_id)

        newsign = self.calc_shield(device_id=device_id, oldsign=_res)

        return newsign

    def init_table(self):

        a1 = [0 for i in range(0x102)]

        a2 = 13

        a3 = [0x73, 0x74, 0x64, 0x3a, 0x3a, 0x61, 0x62, 0x6f, 0x72, 0x74, 0x28, 0x29, 0x3b]

        a1[0] = 0

        a1[1] = 0

        v11 = 0

        v7 = 0

        for i in range(256):

            a1[i + 2] = i

        for j in range(0, 256, 4):

            v15 = a1[j + 2]

            v8 = (a3[v11] + v15 + v7) & 0xff

            v12 = v11 + 1

            if v12 == a2:

                v12 = 0

            a1[j + 2] = a1[v8 + 2]

            a1[v8 + 2] = v15

            v16 = a1[j + 3]

            v9 = (a3[v12] + v16 + v8) & 0xff

            v13 = v12 + 1

            if v13 == a2:

                v13 = 0

            a1[j + 3] = a1[v9 + 2]

            a1[v9 + 2] = v16

            v17 = a1[j + 4]

            v10 = (a3[v13] + v17 + v9) & 0xff

            v14 = v13 + 1

            if v14 == a2:

                v14 = 0

            a1[j + 4] = a1[v10 + 2]

            a1[v10 + 2] = v17

            v18 = a1[j + 5]

            v7 = (a3[v14] + v18 + v10) & 0xff

            v11 = v14 + 1

            if v11 == a2:

                v11 = 0

            a1[j + 5] = a1[v7 + 2]

            a1[2 + v7] = v18

        return a1

    def init_base64_table(self, input_byte):

        input_len = len(input_byte)

        output_byte = [0 for i in range(input_len)]

        a1 = self.init_table()

        a2 = 0x53

        a3 = input_byte

        a4 = output_byte

        v51 = a1[0]

        v43 = a1[1]

        v59 = a1[2:]

        count = 0

        i = a2 >> 3

        while i > 0:

            pass

            # 完整算法联系飞机@Lank5735

        v6 = a2 & 7

        if (v6 != 0):

            while v6 > 0:

                pass

                # 完整算法联系飞机@Lank5735

        return output_byte

    def shield_init(self, device_id, oldsign):

        "version长度7 device_id长度24 旧shield长度10"

        appid_hex_str = self.__app_id.lower()

        appversion_hex_str = self.strT0Hexstr(self.__apk_version_build)

        deviceid_hex_str = self.strT0Hexstr(device_id)

        oldshield_hex_str = oldsign

        # print(oldshield_hex_str)  # dc502860dccd41f99045a6d675ea1e98

        # oldshield_hex_str = "a59dd3058d4c90339cf447aedf477864"

        # oldshield_hex_str = "cf a0 3f 03 67 87 7f 07 36 75 da 2e f7 5e b3 df".replace(" ","")

        calc_str = f"00000001{appid_hex_str}00000002000000070000002400000010{appversion_hex_str}{deviceid_hex_str}{oldshield_hex_str}"

        b_res = self.init_base64_table(bytes.fromhex(calc_str))

        return b_res

    def calc_shield(self, device_id, oldsign):

        output2 = [0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 83, 0, 0, 0, 83]

        output1 = self.shield_init(device_id, oldsign)

        b64_encode_str = output2 + output1

        _res = base64.b64encode(bytearray(b64_encode_str))

        return "XY" + _res.decode("utf-8")

def get_shield_7_06(url, xycommonparams, xyplatforminfo, device_info,  data={}):

    parsed = parse.urlparse(url)

    path = parsed.path

    args = parse.parse_qs(parsed.query, keep_blank_values=True)

    params = dict([(k, v[0]) for k, v in args.items()])

    s = AndroidShield()

    try:

        main_hmac = s.get_ter_str(device_info=device_info, xycommonparams=xycommonparams, xyplatforminfo=xyplatforminfo)

    except:

        rand_str = ''.join(random.sample(string.ascii_uppercase, 24))

        main_hmac = "mXtwWNLkY+tzqBSiMdzc87zwuffL+CE9tdMP2mLFEcJI7HE/4Ak6h817k6VPj6iA2yy7RObJhA0pS9HqoxQfoavlomg9AGSA8vg4OEJ/" + rand_str

    # 生成签名

    shield = s.getSign(

        main_hmac=main_hmac,

        device_id=device_info['deviceId'],

        path=path,

        params=parse.urlencode(params),

        xy_common_params=xycommonparams,

        xy_platform_info=xyplatforminfo,

        data=parse.urlencode(data),

    )

    return shield

if __name__ == '__main__':

    qq = AndroidShield()

    zz = qq.getSign(path="/api/sns/v1/note/feed",

                    params="note_id=611e3446000000002103e745&page=1&has_ads_tag=false&num=5&fetch_mode=1&source=explore&ads_track_id=fm_fwfm_ol_30day%4028y6fh5sgzc4a916hbx23",

                    device_id="879246a0-b385-3400-b59d-76f63fa5baff",

                    xy_common_params="fid=162925699210bf9c0d3447ec1a57edbfc9b9f44f9625&device_fingerprint=20210810140918508c2ccd6e986960ec8432e9c2edd16b01265a5749ac3489&device_fingerprint1=20210810140918508c2ccd6e986960ec8432e9c2edd16b01265a5749ac3489&launch_id=1629451556&tz=Asia%2FShanghai&channel=YingYongBao&versionName=7.6.0&deviceId=879246a0-b385-3400-b59d-76f63fa5baff&platform=android&sid=session.1629264087421090169948&identifier_flag=4&t=1629451595&project_id=ECFAAF&build=7060188&x_trace_page_current=explore_feed&lang=zh-Hans&app_id=ECFAAF01&uis=light",

                    xy_platform_info="platform=android&build=7060188&deviceId=879246a0-b385-3400-b59d-76f63fa5baff",

                    main_hmac="XaiJJLGJna6H3GiOhNxbfAOLFS9Th/7LY7eTl5R9PBsgcyVKtyidl2bSA9ql4RlL5IdgzuWC9XOJQJoIDs5ANDDYtBwFXmO8nzWyO4oIoH2NeTDYmL6YcIQMDTT/di8f")

    print(zz)

©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容

  • 网易云音乐Web API 加密算法分析
    前段时间在网上搜索Python爬取网易云音乐评论的demo,找到一篇《使用Python爬一爬网易云音乐上那些评论火...
    finally_y阅读 4,733评论 2 5
  • HUAWEI/CISCO交换机 API 初探
    前言:文章附上具体的脚本信息内容略长。 1、CE6851 OPS & 开放系统 产品文档链接: http://su...
    Weah阅读 2,688评论 1 1
  • 微信公众号签名算法
    1、签名算法 (签名校验工具) 签名生成的通用步骤如下: 第一步,设所有发送或者接收到的数据为集合M,将集合M内非...
    林亚希阅读 3,438评论 0 0
  • python4
    datetime是Python处理日期和时间的标准库。 获取当前日期和时间 我们先看如何获取当前日期和时间: >>...
    jbb_43b0阅读 1,052评论 0 0
  • (隐私)安居客滑动代码:
    import requests, random, datetime, re, os, time, base64, ...
    朝畫夕拾阅读 860评论 0 1