Closed lzghzr closed 4 years ago
原始数据
{"platform":"android","uuid":"965983d6-2144-4040-b1f6-fbfcbdc0f27e","buvid":"XY721587F2E5639D82213B9BA4211A4FB02AC","seq_id":"1","room_id":"5082","parent_id":"6","area_id":"283","timestamp":"1594740248","secret_key":"axoaadsffcazxksectbbb","watch_time":"300","up_id":"673816","up_level":"33","jump_from":"24001","gu_id":"9ebadb876715e80e2fa2d116207d18e01734ded1026","play_type":"0","play_url":"http://d1--cn-gotcha03.bilivideo.com/live-bvc/126229/live_673816_8552541_2500.flv?cdn=cn-gotcha03&expires=1594743846&len=0&oi=465680638&pt=android&qn=400&trid=abceb8f7b0ad4920949a49f824378f82&sigparams=cdn,expires,len,oi,pt,qn,trid&sign=c0f414cfe0ab6cf1448b6637d5f4d67a&ptype=0&src=5&level=3","s_time":"0","data_behavior_id":"","data_source_id":"","up_session":"l:one:live:record:5082:1594726910","visit_id":"77193bdd8a33d10d239eac2724b50011","watch_status":"%7B%22pk_id%22%3A0%2C%22screen_status%22%3A1%7D","click_id":"f981f115-cdb7-444c-953f-0321389b7081","session_id":"","player_type":"0","client_ts":"1594744851"}
3号算法 SHA512
SHA512
22cf943cbff34b9e46800fe855b7c5a175e2f392a3b851b2d6d5acb968aecc1e0f21dfe4f7cfbb4570c3eab0563fe0011f1464d56fc3daac6d5f422801086b00
7号算法 SHA3-512
SHA3-512
1eb8e33852cb69008520c8179232b5f6d7551a2bbaddc462880dfa9a5fd3406696435a269a9a0a2dce74a5d00651fe8f8224a66db976c4fdf058eb9a891dcf43
2号算法 SHA384
SHA384
554aeafc7f4a595b071cf1c663c6ba78ebb3c6cacab408f0d9578fa082796982c29a9fea287566364871b19626bee630
6号算法 SHA3-384
SHA3-384
dea56c7706c250cfea9289442a0af43a4de67d92577157fa72e521fbb2a38993bdcaec4b3259810e65d45c3a4dd28f4f
8号算法 BLAKE2b512
BLAKE2b512
1bf468dc6d6cd74112a5867317cd818880175a5d4662d1bc7bd162c7d10472aec74ffd2073c358de14a33eaa4c0f1f964aec040a918e7415bf522b092c790f10
经过五次hash得到签名, 我是真不知道五次hash除了恶心人还有什么用
插件作者可以使用 tools.Hash(algorithm: string, data: string | Buffer): string 来计算hash 例如
tools.Hash(algorithm: string, data: string | Buffer): string
tools.Hash('BLAKE2b512', 'dea56c7706c250cfea9289442a0af43a4de67d92577157fa72e521fbb2a38993bdcaec4b3259810e65d45c3a4dd28f4f') // 1bf468dc6d6cd74112a5867317cd818880175a5d4662d1bc7bd162c7d10472aec74ffd2073c358de14a33eaa4c0f1f964aec040a918e7415bf522b092c790f10
\ \ \ \ \ 附破解算法, 其实就是暴力破解, 得益于现代计算机的性能, 五百万次hash计算也只要不到10秒钟
import { createHash } from 'crypto' const Hash = (algorithm, data) => createHash(algorithm).update(data).digest('hex') const algorithms = [ 'BLAKE2b512', 'BLAKE2s256', 'MD4', 'MD5', 'MD5-SHA1', 'RIPEMD160', 'SHA1', 'SHA224', 'SHA256', 'SHA3-224', 'SHA3-256', 'SHA3-384', 'SHA3-512', 'SHA384', 'SHA512', 'SHA512-224', 'SHA512-256', 'SHAKE128', 'SHAKE256', 'SM3', 'whirlpool' ] const input = '{"platform":"android","uuid":"965983d6-2144-4040-b1f6-fbfcbdc0f27e","buvid":"XY721587F2E5639D82213B9BA4211A4FB02AC","seq_id":"1","room_id":"5082","parent_id":"6","area_id":"283","timestamp":"1594740248","secret_key":"axoaadsffcazxksectbbb","watch_time":"300","up_id":"673816","up_level":"33","jump_from":"24001","gu_id":"9ebadb876715e80e2fa2d116207d18e01734ded1026","play_type":"0","play_url":"http://d1--cn-gotcha03.bilivideo.com/live-bvc/126229/live_673816_8552541_2500.flv?cdn=cn-gotcha03&expires=1594743846&len=0&oi=465680638&pt=android&qn=400&trid=abceb8f7b0ad4920949a49f824378f82&sigparams=cdn,expires,len,oi,pt,qn,trid&sign=c0f414cfe0ab6cf1448b6637d5f4d67a&ptype=0&src=5&level=3","s_time":"0","data_behavior_id":"","data_source_id":"","up_session":"l:one:live:record:5082:1594726910","visit_id":"77193bdd8a33d10d239eac2724b50011","watch_status":"%7B%22pk_id%22%3A0%2C%22screen_status%22%3A1%7D","click_id":"f981f115-cdb7-444c-953f-0321389b7081","session_id":"","player_type":"0","client_ts":"1594744851"}' const output = '1bf468dc6d6cd74112a5867317cd818880175a5d4662d1bc7bd162c7d10472aec74ffd2073c358de14a33eaa4c0f1f964aec040a918e7415bf522b092c790f10' console.time('hash') for (let i of algorithms) { const hash1 = Hash(i, input) for (let j of algorithms) { const hash2 = Hash(j, hash1) for (let k of algorithms) { const hash3 = Hash(k, hash2) for (let l of algorithms) { const hash4 = Hash(l, hash3) for (let m of algorithms) { const hash5 = Hash(m, hash4) if (hash5 === output) { console.timeEnd('hash') console.log(i, j, k, l, m) } } } } } } // hash: 4.851s // SHA512 SHA3-512 SHA384 SHA3-384 BLAKE2b512
然而,破站一共有12套算法 有一说一,这波操作,没有妈妈
其他算法都是位数不同, 比如还有sha256, 不加盐的话排列组合跑一遍就行了
除了恶心人没啥用,干脆直接上Bcrypt把用户也恶心一遍
原始数据
3号算法
SHA512
7号算法
SHA3-512
2号算法
SHA384
6号算法
SHA3-384
8号算法
BLAKE2b512
经过五次hash得到签名, 我是真不知道五次hash除了恶心人还有什么用
插件作者可以使用
tools.Hash(algorithm: string, data: string | Buffer): string
来计算hash 例如\ \ \ \ \ 附破解算法, 其实就是暴力破解, 得益于现代计算机的性能, 五百万次hash计算也只要不到10秒钟