Anchira : Source Request

keiyoushi / extensions-source

Source code of extensions for Tachiyomi/Mihon and variants.

https://keiyoushi.github.io/

Apache License 2.0

2.24k stars 502 forks source link

Anchira : Source Request #29

Closed ImperialXeno closed 10 months ago

ImperialXeno commented 10 months ago

Source name

Anchira

Source link

https://anchira.to/

Source language

English

Other details

NSFW = Yes

Acknowledgements

[X] I have checked that the extension does not already exist by searching the GitHub repository and verified it does not appear in the code base.
[X] I have searched the existing issues and this is a new ticket, NOT a duplicate or related to another open or closed issue.
[X] I have written a meaningful title with the source name.
[X] I will fill out all of the requested information in this form.

LetrixZ commented 10 months ago

The site is client-side rendered, so it uses an API. The API is encrypted, and the client code is obfuscated. Once you have decrypted the API response, you will have access to the library, but now you need to get the images (pages). You need a key for that, and that key is behind a captcha (triggers every 5 new reads and lasts 48 hours), so unless you want to use the thumbnails as pages, you need to get the keys for every gallery in the site's library and store them somewhere. You get them, but where do you store them? If you store them in the extension, for every new batch you need to update the app. So the only feasible solution is to have a middleware between Anchira's API that has the keys and adds them to the response.

And this only works as long as Anchira's dev doesn't change the API structure or the obfuscation.

beer-psi commented 10 months ago

Anchira is pretty difficult to make, not sure where to even start because JS deobfuscators choke on the minified + obfuscated bundle.

LetrixZ commented 10 months ago

Anchira is pretty difficult to make, not sure where to even start because JS deobfuscators choke on the minified + obfuscated bundle.

If you want to decode the API, use this Rust function:

pub fn decrypt(text: &String) -> Vec<u8> {
  let decoded = general_purpose::STANDARD.decode(text).unwrap();
  xxtea::decrypt(&decoded,  KEY HERE)
}

I can't leave the key here without probably being banned from GitHub (the dev is a nice person 😉).

The hard part is the captcha and the pages.

beer-psi commented 10 months ago

Can't crack CAPTCHA (we're definitely not going against Cloudflare who has with unlimited money and time), so I suppose we'll need to make the user verify manually when it hits.

As for the key, if it is on the API side, I suppose we can used shared preferences to store them?