search

SocialSisterYi / bilibili-API-collect

哔哩哔哩-API收集整理【不断更新中....】
https://socialsisteryi.github.io/bilibili-API-collect/
Other
13.84k stars 1.59k forks source link

`bili_ticket` related discovery (#903 Extended) #940

Open cxw620 opened 5 months ago

cxw620 commented 5 months ago

Since the way getting web bili_ticket was found by @aynuarance in https://github.com/SocialSisterYi/bilibili-API-collect/issues/903, I guess that the way getting app bili_ticket is similar and also makes use of HS256, meaning that what we need to do is finding the HMAC key. After a day of hard work REing of libbili.so(OLLVM obfuscation, f**k you), I successfully did so.

Encryption algorithm: HMAC-SHA256

HMAC KEY INFO:

Details:

Progress:

cxw620 commented 5 months ago

x-exbadbasket seems not a must so we can leave it empty.

Here's example of x-exbadbasket (already converted into json string and formatted) with explain (may be wrong) of each param. Not familiar with reverse engineering native codes and I need more help.

{
    "b00e":"tv.danmaku.bili", // pn => process name
    "a0c6":"7.57.2", // vn => version name
    "c94e":"3.2.43", // sdk_version => ?
    "cd5e":"android", // os
    "b59e":"", // serial, leave it empty
    "dd3b":0, // root?
    "a769":0, // root?
    "fd49":"11", // osv => os version
    "c203":"", // mac, default empty
    "b935":458243454, // apk_sign => **Not know how `libbili.so` gets such value**
    "ed96":"", // mid
    "f438":"XU0D0580A80C82276D9DF33B4D20665C42E33", // buvid
    "e57c":"Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 XL Build/RP1A.201005.004.A1) 7.57.2 os/android model/Pixel 2 XL mobi_app/android build/7572100 channel/master innerVer/7572110 osVer/11 network/2", // ua
    "aff2":1, // app_id
    "edc2":1705589660, // ctime
    "e24d":7572110, // vc => version code
    "e701":"13566853", // build => build sn
    "e29f":"0", // ptrace
    "e58c":"", // frida => **Not know how `libbili.so` gets such value**
    "fd4c":"", // xposed => **Not know how `libbili.so` gets such value**
    "d7be":"", // magisk => **Not know how `libbili.so` gets such value**
    "e7fa":1, // net
    "debc":"google", // brand
    "adf0":"Pixel 2 XL", // model
    "ccd6":1705677891, // fts
    "ada0":"a3811c3af294c9ff045bf24c9bb0545b2024011923245159b5fa061488ab5b05" // fp => see `fp_local`
}

I'm more than curious about the relation between hashcode and real name(ahh, pure characters seen from the register) like b00e and pn. MD5 or any else? I don't know...