Open cxw620 opened 5 months ago
x-exbadbasket
seems not a must so we can leave it empty.
Here's example of x-exbadbasket
(already converted into json string and formatted) with explain (may be wrong) of each param. Not familiar with reverse engineering native codes and I need more help.
{
"b00e":"tv.danmaku.bili", // pn => process name
"a0c6":"7.57.2", // vn => version name
"c94e":"3.2.43", // sdk_version => ?
"cd5e":"android", // os
"b59e":"", // serial, leave it empty
"dd3b":0, // root?
"a769":0, // root?
"fd49":"11", // osv => os version
"c203":"", // mac, default empty
"b935":458243454, // apk_sign => **Not know how `libbili.so` gets such value**
"ed96":"", // mid
"f438":"XU0D0580A80C82276D9DF33B4D20665C42E33", // buvid
"e57c":"Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 XL Build/RP1A.201005.004.A1) 7.57.2 os/android model/Pixel 2 XL mobi_app/android build/7572100 channel/master innerVer/7572110 osVer/11 network/2", // ua
"aff2":1, // app_id
"edc2":1705589660, // ctime
"e24d":7572110, // vc => version code
"e701":"13566853", // build => build sn
"e29f":"0", // ptrace
"e58c":"", // frida => **Not know how `libbili.so` gets such value**
"fd4c":"", // xposed => **Not know how `libbili.so` gets such value**
"d7be":"", // magisk => **Not know how `libbili.so` gets such value**
"e7fa":1, // net
"debc":"google", // brand
"adf0":"Pixel 2 XL", // model
"ccd6":1705677891, // fts
"ada0":"a3811c3af294c9ff045bf24c9bb0545b2024011923245159b5fa061488ab5b05" // fp => see `fp_local`
}
I'm more than curious about the relation between hashcode and real name(ahh, pure characters seen from the register) like b00e
and pn
. MD5 or any else? I don't know...
Since the way getting web
bili_ticket
was found by @aynuarance in https://github.com/SocialSisterYi/bilibili-API-collect/issues/903, I guess that the way getting appbili_ticket
is similar and also makes use of HS256, meaning that what we need to do is finding the HMAC key. After a day of hard work REing oflibbili.so
(OLLVM obfuscation, f**k you), I successfully did so.Encryption algorithm: HMAC-SHA256
HMAC KEY INFO:
ec02
XgwSnGZ1p
ec01
Ezlc3tgtl
Details:
Progress:
x-exbadbasket
from normal APP.x-exbadbasket
fromlibbili.so
.