gaolei
/
api_py
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
算法暴露接口(xhs、dy、ks、wx、hnw)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
459 KiB
 
Tree: 9e917f35be
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9e917f35be'
${ noResults }
api_py/xhs/shield.py

132 lines
4.8 KiB
Raw Blame History

import base64
from xhs.shield_aes import get_key
from xhs.shield_md5 import md5sum
from xhs.shield_rc4 import RC4
def hex_string(num, step=2):
"""
step 控制二进制的长度 避免有些少零了
"""
tmp_string = hex(num)[2:]
if len(tmp_string) < step:
tmp_string = '0' + tmp_string
return tmp_string
def expand_keys(keys, m):
md5_str1_list = [hex_string(int(keys[i] + keys[i + 1], 16) ^ m) for i in range(0, len(keys), 2)]
md5_str1 = "".join(md5_str1_list)
return md5_str1
def char2hex(char):
return hex_string(ord(char))
def get_md5(keys, params):
"""
标准 hmac 操作
:param keys:
:param params:
:return:
"""
# 拓展key1 0x36
md5_str1 = expand_keys(keys, 54)
# 拓展key2 0x5c
md5_str2 = expand_keys(keys, 92)
data = bytes.fromhex(md5_str1) + params.encode("utf-8")
md1 = md5sum(data)
data1 = bytes.fromhex(md5_str2 + md1)
md2 = md5sum(data1) # 获得最终结果
return md2
def get_rc4(params):
"""
标准rc4运算
:param params:
:return:
"""
key = "std::abort();"
result = RC4(key.encode("utf-8"), bytes.fromhex(params))
return result.hex()
def get_shield(keys, params, deviceId):
"""
shield生成核心部分
固定版本 和 app_id
:param keys:
:param params:
:param deviceId:
:return:
"""
version = "6970181"
app_id = "ecfaaf01"
p7 = "".join([char2hex(m) for m in version])
p8 = "".join([char2hex(m) for m in deviceId])
p9 = get_md5(keys, params) # 魔改md5 16位md5
rc4_plaintext = f"00000001{app_id}00000002000000{hex_string(len(version))}000000{hex_string(len(deviceId))}000000{hex_string(len(p9) // 2)}{p7}{p8}{p9}"
result = get_rc4(rc4_plaintext)
_tmp = len(version) + len(deviceId) + len(p9) // 2 + 24
tmp = f"0000000100000001000000{hex_string(_tmp)}000000{hex_string(_tmp)}" # 固定 0x53是上述 几个固定的值算出来的
_shield = "XY" + base64.b64encode(bytes.fromhex(tmp + result)).decode()
return _shield
def shield(node_id, xy_common_params, xy_platform_info):
"""
"""
# 设备一
deviceId = "2fe75062-a528-3340-bed3-220a67f7f240"
keys = "aa82da57410dddd5b2860e534f7c0602f589c20ec8e8830baa239360c89cce62bdc304d8a1aa988d620917dbefc2a1154692fad24294f4419ea19c7dc069897b"
api = "/api/sns/v1/note/feed"
param = f"note_id={node_id}&page=1&num=5&fetch_mode=1&source=&ads_track_id="
plaintext = api + param + xy_common_params + xy_platform_info
return get_shield(keys, plaintext, deviceId)
def shield_run(url, keys, xy_common_params, deviceId, api="/api/sns/v1/note/feed"):
"""
对外暴露接口
:param url: 请求的链接
:param keys: 参与运算的 hmac_main
:param xy_common_params: 对应header中字段
:param deviceId: 对应设备号
:param api: 对应接口 目前默认为feed流接口
:return:
"""
param = url[url.index("?") + 1:]
xy_platform_info = f"platform=android&build=6970181&deviceId={deviceId}"
plaintext = api + param + xy_common_params + xy_platform_info
# print(plaintext)
return get_shield(keys, plaintext, deviceId)
if __name__ == '__main__':
# 先获得 main_hmac 处理后的key
# XYAAAAAQAAAAEAAABTAAAAUzUWEe0xG1IbD9/c+qCLOlKGmTtFa+lG43AHe+FXTKxDxI2yn7IxH534qbVaz8N7icV+2KNmRAwcQDSAZrqn3SpjhOCLuaGTuDRgbpA0sNhU/xUP 结果
# XYAAAAAQAAAAEAAABTAAAAUzUWEe0xG1IbD9/c+qCLOlKGmTtFa+lG43AHe+FXTKxDxI2yn7IxH534qbVaz8N7icV+2KNmRAwcQDSAZrqn3SpjhOCLuaGTuDRgbpA0sNhU/xUP
# keys = "aa82da57410dddd5b2860e534f7c0602f589c20ec8e8830baa239360c89cce62bdc304d8a1aa988d620917dbefc2a1154692fad24294f4419ea19c7dc069897b"
# get_shield(keys)
url = "https://edith.xiaohongshu.com/api/sns/v1/note/feed?note_id=66ceeabe000000001d03b546&page=1&num=5&fetch_mode=1&source=&ads_track_id="
hmac = "NqLx0YFKNb4KraYq524SgzVpepYQ0SwhZLRs7eyxe6A26c/b1b+d6OU2LfAPwh8zpt3fkR/jsR5yzVzIqXe66EWhGJ8iWV36KKSIz0mVt436sTqt3eUYUZwb5TzpSYDa"
deviceId = "119214fc-0fe5-3ae8-91dd-baa821c11324"
xy_platform_info = "platform=android&build=6970181&deviceId=119214fc-0fe5-3ae8-91dd-baa821c11324"
xy_common_params = "fid=1721639154103483c0daaace2ca9266cba37ac9fe114&device_fingerprint=202407221758192809006e7e334e46628620f6768bcf3b0153b1977b9f6cd6&device_fingerprint1=202407221758192809006e7e334e46628620f6768bcf3b0153b1977b9f6cd6&cpu_name=Qualcomm+Technologies%2C+Inc+SM8150&device_model=phone&launch_id=1727578036&tz=Asia%2FShanghai&channel=CPA-3DSP-N3-ZSKJ&versionName=6.97.0.1&overseas_channel=0&deviceId=119214fc-0fe5-3ae8-91dd-baa821c11324&platform=android&sid=session.1721639201142076381131&identifier_flag=4&t=1727590998&project_id=ECFAAF&build=6970181&lang=zh-Hans&app_id=ECFAAF01&uis=dark&teenager=0"
keys = get_key(deviceId, hmac)
result = sheild_run(url, keys, xy_common_params, deviceId)
print(result)