今天安装新了最新版的某短视频app(23.5.0版),发现了一些新的东西
1、新的加密参数X-Helios、X-Medusa
2、新的请求参数
咱们到处逛逛 ,看下哪些请求都用了这些请求参数
我们主要关注几个重要的
(1)详情页
(2)列表页
(3) 播放
(4)点赞
(5)关注
行吧,基本确定,新的版本需要新的两个加密参数:X-Helios X-Medusa
{"X-Gorgon": "0404e0d100004f0f01357e77278e7d2f4f8e5eca4ad8e13c3d29","X-Khronos": "1671091550","X-Ladon": "iCleZExu4B6JVA/QWFkcF0IOmeMuhYgxHpVA1lM2jNj2feOw","X-Argus": "UO4J6YwKN7wdHt/DzDc1IfRFUBvX7zGQl4CewdQVvgm2q8XDrrAXG9ZQBCx2NIoSKpJDEUpiLxoqrX3CiTbsGCqURV9+1AEa3yMvTUAc8dvafmHonyj0L/onXf31i3uDPw+Yj24yTecEqAhMNNBzPfT5EsjiqIQ25/8woP4n2G77bJi+vTHGCOPMFVhMji3kuSetB+RGQSP4CsPDacPqSUDE+P0hiqombg3APIm8Oa+cExhNsEl7ovIBfeyK22DQ4pI\u003d","X-Helios": "5ezqUOFyjbJoC17hIUXEKxI7lzDIRP/sIwu0b9U7AaSb5UpA","X-Medusa": "SSg/9cuvION1QLv83RfaERZVKottW6S8YI2A2vuDweu696oz2gfP6etgb21C/BvS1mpQfh1VMTJMMLA97xAF/7/pIb7JQSVbLtJ7AMOlwJWTNgKTlLB7dfqD83O2rANlc5qCOo9/xgJ04uKUwHbt5xcZFgP+M3mr/e2oyd24KTo5UqQX3ngyBDQLfLRfXy5dS1S+Rz2CuxL7DZ6idu6mOZKiT0Q6kdJWkuaBPjByAqEsexwxU2OQvBO85p8M43lAm6f1tKenKtnBtxInGupvmUiXgAHzKga/mW5UorlMNWHIMMPyR4Pvl3D+L74fOmAtOvvUBkymMY2XTVYJinJ48XmC2fAsQV\u003d\u003d"
}关于以下几个参数
luckydog_base: WHpfrsefHe-xXFOoVjqW13v9Ehu55IdhLJL8e01x19jV48vnpRWBzWHFepNE2TwJ4C-6agjha3urvqEkcjNCfWCZ39JuYBiU-MqIMk466w-Pl9PgzpjZnhrTF8ynieptLX-AUzublqQp8OkNfi57aPe6JsaV49xw0ZrPECxBAno
luckydog_token: odHNCWJmswumZ5H5K61qP_J4vFZ-XNdhfsbewxP7lD5BqLkRdoORadus8w6gEYVMw4NEnDP0xfMHjOFXZNnLSA
luckydog_data: VsQWamfNrAypoCgQAG9MP8qIinMPs5nX6t_ONi2x5XQeTg5S1VJATj7DqhPB59q7SpGxvu8ChjLXoLi0z7NlgVlqwzCPuvRN7MQUm33rdzc目前在直播和详情页发现,暂不明其主要原因,但是基本可以确定是风控参数
ok,那我们看下加密算法都藏在哪
新版的包是真的大,都打不开了
第一层:大入口 (还在老地方)
第二层:
第三层:看这个关键字“Helios”,是不是有点熟悉
Hook一下看下效果
先试下user详情页
{"X-Gorgon": "0404e0d1000080db68cb7e77278e7d2f4f8e5eca4ad8e188638b","X-Khronos": "1671100662","X-Ladon": "+Vw1TobNmYl7unWZ8XaieC4LVmf30q/j72XOwYQ6gpZUQZgU","X-Argus": "mY61Vpe2SbIFoJ80TOXgAgsoW5IjJP9Yj7r8ovYo45RsLx2CBIx+nP443NfFzJ0/I8fNkUKB1OaEm57uZGO6vUtBCezZSlYdPA9tY5m16eKwlbTnKXhHDLptKsEQUDvzCzJJ/8/FkHpzn98hdzxEnI1ZdJe1FIqP7nsW0sfemCiJC+m3r9ddOYlkQvQihbkkGoYIVcSWTPtQ50y6EoETfqnH/yE1ju9CVqKphyqBwUpIIsNVlJfbeNnN9NybqFyleUI\u003d","X-Helios": "B6FbYGCcvN8ghNWKFkVj+eYM1DWLh9kxMFS46Pen4QFocGFv","X-Medusa": "Bz4/KwLP351jWUYKb7QvwSv9XERRYuQ/H0w377dHISQHmwZoHhBxndZnzLdUa9AmUYJ+9I056HstZqnZRXaWVu3nXgEq3PPbzqIxlTQjkOZTCGZySXNB8MPgpSVGIxeWusNpv5nIP0hpIHMVHw2s/j1bHurXQxjXRECJ8vnRA8QXU4/mLL9CtDXGjHIrY0W+JKlcrOVcQwbcVekm0lWqGnddg3LYichL/9ksmtdnd3Osz+M4HjH5wnuZGGsVx2GwGOxER1e5m3usQRHXN/gYgjpgO7d29a7xhpnVJ+D1HYjxBYVbWs6oXtwfEwvr0zYfearCEOaCC0EpqTeqNZl2/nM+P0Sgaw\u003d\u003d"
}
再看看列表页
{"X-Gorgon": "0404e0d10000d5fdf33c7e77278e7d2f4f8e5eca4ad8e108a81d","X-Khronos": "1671100725","X-Ladon": "zAKVMbQLK9auSFD9iDFCVqwC/8ibk6mIe+5UBUsHB9p5q6vk","X-Argus": "9BvIPKDpFu1yOhvoHrv7A1uqgEr9ZSrCuBcPyg3LrEnGt3an6/zhp6OFVe29WQO+z8Dy4ajRYjZ5Dxq9W/vl5tclOEgITdLCxKmZ68PHXwyksQ3UBuUsMk5YKzMAXCXwWfwamiu5ApBZNromAECVcksBmVaj8cDzeUTWg7zBJh51GtcAo35F5Xk1cQhGnN74gg595wUnD+zMZVacxdPGBUg2zy3nxTZOCnHrQWq+lLDDK24UIo07qSp1PBNarotyWFU\u003d","X-Helios": "0/gpx/RybhJFmiXs+5VHvyqMfX+uf7g3Pyfu/B67g8m8H4hf","X-Medusa": "ZdH/TL23ww6QdX1c4mt7nHA8y/plhLf+yRf2cswkUHcJbMEiRjjzv11mwfS3KvDKGDCQ/rsY2Fu1WSvzEC2OMknLEXpUtX9KoLlXWJSUIv2zBw9kLxkfqCNBfyoZtTpTVrskAsI6DW/fkNT9/sugE37OzFDGO7Yjymbw52IiK4hRtkMeBBXOc/6n6nWmyQCGaMg/pYBMe49MKQQjNaeZwt5QgP6HasfptSve6h2AwYF5GtOkNFN0XNs/46dbBSimOKZmY8JoxBP9EWxJ+AbwFEZIIKUBmgLmw23dfsprcsFY4vN7S8fee15Alr8e9486G4nVdzoDOE2bdwYRRECof98Z/MkrBB\u003d\u003d"
}
基本上,加密算法更新到现在,都只是在之前的基础上小修小改,真正的风控重点已经逐渐转移到设备算法上。有些设备能访问详情页,但是不能访问列表页,有的能访问列表页,但是不能访问播放页。这个才是需要着重考虑的地方
