抖音逆向解析
2025-08-03
加密参数S
function N(e) {
var t = function() {
var e = Date.now()//w()()
, t = String(e)
, n = Number(x(t).call(t, 0, 3))
, r = Number(x(t).call(t, -4));
//console.log(n,r);//n,r的值没有问题
return {
currentTimestamp: e,
sKey: n + r + n * r,
_:e
}
}()
, n = t.currentTimestamp
, o = t.sKey
, _ = t._
//console.log(o,_);
res={"s": o,"_": _,"_bid": "mcenter_buyin"}
return res
}
function x(e) {
var t = e.slice;
return t//e === i || r(i, e) && t === i.slice ? o : t
}
n={
"headers": {
"content-type": "application/json"
}
}
S=N(n)
console.log(S)这个是S的生成函数,就是用时间戳计算出一个S值,同时这个时间戳添加到请求头里面
加密参数msToken & a_bogus
GET
xhr.bdmsInvokeList中的args参数是GET请求需要替换的内容,在生成GET请求需要的a_bogus时需要修改这里面的url,url格式就是不带a_bogus的样子 注意:此处的url编码很特殊,只是编码了=,其余部分不编码 但是并不要求自己拼接,直接获取xhr里面的原始数据就可以
只要是GET请求,就只需要传入一个不包含msToken,a_bogus的url然后经过生成后就可以获得正常请求的URL,请求时该添加的Headers也要添加 (目前经过测试的接口有财账信息获取,橱窗列表获取)(GET请求通用逻辑)
function getab(){
xhr = new XMLHttpRequest();
xhr.bdmsInvokeList= [
{
"args": [
"GET",
"https://buyin.jinritemai.com/api/buyin/marketing/anchor_coupon/list?_bid=mcenter_buyin&_=1753497007695&s=1354495&size=20&page=1&start_use_time=0&end_use_time=0&coupon_type=0&coupon_status=0&verifyFp=verify_mdih40gl_iT61AVSe_JLKJ_4PD9_9zvT_wwuLcw9kvj6n&fp=verify_mdih40gl_iT61AVSe_JLKJ_4PD9_9zvT_wwuLcw9kvj6n&msToken=ia2AXihpB_rB2HcRiyL2HUkjIvzMbjiZfl2mWdhdtU1TIZTmB5XedM4Q7YAVSgYkCGz4VTulalMp8UUQX2SYPR-7PqQySi2KAlOen4sT0HfIqfi0f1ojqXubvOKOtHWVLB3rqnZ0DU5h4-pzqaj84wlvFRDZeEjn5RPP3OXWsj_6giIf3wgwGBo%3D",
true
]
},
{
"args": [
"Accept",
"application/json, text/plain, */*"
]
}
]
try {
xhr.send();
} catch (err) {
console.log("发生错误,但被忽略:", err.message); // 可选:仅打印日志
console.log('yesssss');
console.log(window.a_bogus);
}
}
getab();POST
bdms对xhr方法进行的重写,所有只需要按照正常的发送POST请求的方式来发送请求就可以了
// 初始化bdms
window.bdms.init({
"aid": 2631,
"boe": false,
"paths": [
"/captcha/get",
"/captcha/verify",
"/api/authorStatData",
"/api/author",
"/api/shop",
"/api/livepc",
"/api/governance/creator/violations",
"/api",
"/pc",
"/index/getUser",
"/fxg-buyin",
"/apply_sample_pc_api",
"/index/",
"/square_pc_api",
"/comment_api",
"/ecom/captain"
]
});
function postRequest() {
var xhr = new XMLHttpRequest();
xhr.bdmsInvokeList = [
{
"args": [
"POST",
"",
true
]
},
{
"args": [
"Accept",
"application/json, text/plain, */*"
]
},
{
"args": [
"Content-Type",
"application/json"
]
}
];
var postData = {"page_size":20,"view_type":0,"common_filter":{"quick_filter":{"sub_fields":[]}},"page":1,"version":2}
try {
xhr.send(JSON.stringify(postData));
} catch (err) {
console.log("发生错误,但被忽略:", err.message);
console.log('URL:', xhr.bdmsInvokeList[0]["args"][1]);
console.log('a_bogus:', window.a_bogus);
console.log('mstoken:', window.mstoken);
}
}
postRequest();加密参数header里面的x-secsdk-csrf-token
这个其实不是在本地进行的加密,是通过HEAD请求接口来获取的值
https://buyin.jinritemai.com/pc/selection/common/btm_mapping
curl --location --head 'https://buyin.jinritemai.com/pc/selection/common/btm_mapping?msToken=AEBhDFtTDRgERtmFPdVJiLWL4OZAN3BmzmxJ5KJqBZ8rVZNEncbskiQHRaurIhZGpdp0Z0G6-xOPlCUnTULSqW8SZKpmeHXHr6bGKty9LCGjllO1xRqRGIluAUufdKQMFI52D2qagBhtqlpC5CaDdE4W_o55DEnKPXR8Ej4273s8IQ%3D%3D&a_bogus=x7sVDqUEOx%2FRapeSYKQsHvnU7HjlrTuyPFT2bSlrHVeFOhUT%2F2B5wJgTJNF3X6SLPRpaie3HUnYAbVDP0l5aI99kzmZkuZwS04QCVhvog1i2TTJ27rRzesGxqi-GWWsPQ55HiQi1l0l7125fqq9BAAKySAej-8b8zNaydrWlexg-6GvYIVoDSub%3D' \
--header 'accept: */*' \
--header 'accept-language: zh-CN,zh;q=0.9' \
--header 'cache-control: no-cache' \
--header 'pragma: no-cache' \
--header 'priority: u=1, i' \
--header 'referer: https://buyin.jinritemai.com/dashboard/marketing/coupon-manager?pre_universal_page_params_id=&universal_page_params_id=b73459bd-9ad2-477e-b6b1-105aa310d6b2' \
--header 'sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138"' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-ch-ua-platform: "Windows"' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0' \
--header 'x-secsdk-csrf-request: 1' \
--header 'x-secsdk-csrf-version: 1.2.22' \
--header 'Cookie: gfkadpd=2631,22740; _tea_utm_cache_3813=undefined; scmVer=1.0.1.9157; s_v_web_id=verify_mdmhblak_AytJSzpF_0jXm_415p_8j64_dYobtGEIQOaK; passport_csrf_token=e0901f96f720db7ff34133d8c4147e4a; passport_csrf_token_default=e0901f96f720db7ff34133d8c4147e4a; is_staff_user=false; ttwid=1%7C4bF6Ikx24GoscQPLgDZKjAHyXZQ20iVLM2h-158HQSE%7C1753684845%7Cfdf13e25a3081868728ac50e65da82935a674e3b4867cae925973a2f792151ee; uid_tt=a2b5cac8292b790542a16cb539dae089; uid_tt_ss=a2b5cac8292b790542a16cb539dae089; sid_tt=65f4d628c484bb4169c5d1eba134a2f3; sessionid=65f4d628c484bb4169c5d1eba134a2f3; sessionid_ss=65f4d628c484bb4169c5d1eba134a2f3; session_tlb_tag=sttt%7C9%7CZfTWKMSEu0FpxdHroTSi8_________-8BhZkSbflr8a0EBeDswZjzdEn06CshYHQyRzbDpp3xJ8%3D; odin_tt=66a2335b1987c3e60be975b36667a1dc6e0e90f422e52767981622dd4d0a7d35c2bc3ed318dd0fa37d6883da76a78b63096ab228a58ef313330d9a61f7ebed53; ucas_c0_buyin=CkAKBTEuMC4wEKuIjM667cbDaBi9LyDb6OCUjszDBCiPETC7idCfxIxTQPC2nMQGSPDq2MYGUI-8yojp7JSHZ1h-EhSbpyMI3PgMPIq4BFWYsjAJo0OwwQ; ucas_c0_ss_buyin=CkAKBTEuMC4wEKuIjM667cbDaBi9LyDb6OCUjszDBCiPETC7idCfxIxTQPC2nMQGSPDq2MYGUI-8yojp7JSHZ1h-EhSbpyMI3PgMPIq4BFWYsjAJo0OwwQ; sid_guard=65f4d628c484bb4169c5d1eba134a2f3%7C1753684848%7C5184000%7CFri%2C+26-Sep-2025+06%3A40%3A48+GMT; sid_ucp_v1=1.0.0-KDJiM2RmODYzZTYxMGQwNDI5Y2Y4NmUwNmMzMmM4ZGVjOGFiYjU0YzYKFwi7idCfxIxTEPC2nMQGGI8RIAw4CEAmGgJobCIgNjVmNGQ2MjhjNDg0YmI0MTY5YzVkMWViYTEzNGEyZjM; ssid_ucp_v1=1.0.0-KDJiM2RmODYzZTYxMGQwNDI5Y2Y4NmUwNmMzMmM4ZGVjOGFiYjU0YzYKFwi7idCfxIxTEPC2nMQGGI8RIAw4CEAmGgJobCIgNjVmNGQ2MjhjNDg0YmI0MTY5YzVkMWViYTEzNGEyZjM; SASID=SID2_7532018330289389859; BUYIN_SASID=SID2_7532018330289389859; buyin_shop_type=24; buyin_account_child_type=1128; buyin_app_id=1128; buyin_shop_type_v2=24; buyin_account_child_type_v2=1128; buyin_app_id_v2=1128; csrf_session_id=8e8f37b3254b6ed8875019b67c9d0d4e; op_session=; csrf_session_id=8e8f37b3254b6ed8875019b67c9d0d4e'
到此,抖音bdms1.0.20版本的加密就已经全部搞定