tiktok参数x-tt-params

作品列表接口 /api/post/item_list/? 有一段 x-tt-params

观察后发现主要是由device_id、secUid、browser等信息组合成的字符串经过AES加密后生成。

file
调试可知 AES加密,128位,CBC,PKCS7。

在线测试

https://tool.lmeee.com/jiami/aes

file

本地模拟

var CryptoJS = require("crypto-js");
function aes(secUid){
        e = {
            "aid": "1988",
            "app_name": "tiktok_web",
            "channel": "tiktok_web",
            "device_platform": "web_pc",
            "device_id": "7202509366032811522",
            "region": "TW",
            "priority_region": "",
            "os": "windows",
            "referer": "",
            "root_referer": "undefined",
            "cookie_enabled": "true",
            "screen_width": "1920",
            "screen_height": "1080",
            "browser_language": "zh-CN",
            "browser_platform": "Win32",
            "browser_name": "Mozilla",
            "browser_version": "5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36",
            "browser_online": "true",
            "verifyFp": "undefined",
            "app_language": "zh-Hans",
            "webcast_language": "zh-Hans",
            "tz_name": "Asia/Shanghai",
            "is_page_visible": "true",
            "focus_state": "true",
            "is_fullscreen": "false",
            "history_len": "3",
            "battery_info": "1",
            "from_page": "user",
            "secUid": secUid,
            "count": "30",
            "cursor": "",
            "language": "zh-Hans",
            "userId": "undefined",
            "is_encryption": "1"
        }
        const t = [];
        return Object.keys(e).forEach((i=>{
            const o = `${i}=${e[i]}`;
            t.push(o)
        }
        )),
        t.push("is_encryption=1"),
        ((e,t)=>{
            const i = ((e,t)=>{
                let i = e.toString();
                const o = i.length;
                return o < 16 ? i = new Array(16 - o + 1).join("0") + i : o > 16 && (i = i.slice(0, 16)),
                i
            }
            )("webapp1.0+20210628")
              , n = CryptoJS.enc.Utf8.parse(i);
            return CryptoJS.AES.encrypt(e, n, {
                iv: n,
                mode: CryptoJS.mode.CBC,
                padding: CryptoJS.pad.Pkcs7
            }).toString()
        }
        )(t.join("&"))
}

console.log(aes("MS4wLjABAAAA6aI0jkpA6X5yzejGmhzXFtd6vKbLKkJV1bQ4cATqZUmPGVenv3R0cJTsHdrI2NBG"))
点赞

发表回复