酷狗音乐分析(2)

4.歌曲详情

①歌名、播放链接、歌手、专辑、专辑图片
参数mid加密了,我就不赘述破解过程了,大致记一下。
kguser.v2.min.js 第3619行:

getKgMid: function() {
    var e = KgUser.Cookie.read(KgUser.KgMid.name),
    t = "";
    window.Storage && window.localStorage && window.localStorage instanceof Storage && (t = window.localStorage.getItem(KgUser.KgMid.name));
    var r = e || t;
    if (e && e != t && window.localStorage.setItem(KgUser.KgMid.name, e), !e && t && KgUser.Cookie.write(KgUser.KgMid.name, t, 86400 * KgUser.KgMid.days, "/", KgUser.GetDomain(), !0, "None"), navigator.cookieEnabled) {
        if (KgUser.IsEmpty(r)) {
            var i = KgUser.Guid(),
            r = KgUser.Md5(i);
            try {
                KgUser.Cookie.write(KgUser.KgMid.name, KgUser.Md5(i), 86400 * KgUser.KgMid.days, "/", KgUser.GetDomain(), !0, "None"),
                window.localStorage.setItem(KgUser.KgMid.name, KgUser.Md5(i))
            } catch(e) {}
        }
    } else {
        var n = navigator.userAgent,
        o = function() {
            var e = navigator.plugins,
            t = "";
            if (0 < e.length) {
                for (var r = [], i = 0, n = e.length; i < n; i++) {
                    var o = e[i].name;
                    r.push(o)
                }
                t = r.toString()
            }
            return t
        } (),
        s = screen.width + "x" + screen.height,
        e = screen.colorDepth || "",
        t = screen.pixelDepth || "",
        i = function() {
            var e = ["canvas"];
            try {
                var t, r = document.createElement("canvas");
                r.getContext && r.getContext("2d") && (r.width = 200, r.height = 200, r.style.display = "inline", (t = r.getContext("2d")).rect(0, 0, 10, 10), t.rect(2, 2, 6, 6), e.push("canvas winding:" + (!1 === t.isPointInPath(5, 5, "evenodd") ? "yes": "no")), t.textBaseline = "alphabetic", t.fillStyle = "#f60", t.fillRect(125, 1, 62, 20), t.fillStyle = "#069", t.font = "14px 'Arial'", t.fillText("hello kugou", 2, 15), t.fillStyle = "rgba(102, 204, 0, 0.2)", t.font = "18pt Arial", t.fillText("hello kugou", 4, 45), t.globalCompositeOperation = "multiply", t.fillStyle = "rgb(255,0,255)", t.beginPath(), t.arc(50, 50, 50, 0, 2 * Math.PI, !0), t.closePath(), t.fill(), t.fillStyle = "rgb(0,255,255)", t.beginPath(), t.arc(100, 50, 50, 0, 2 * Math.PI, !0), t.closePath(), t.fill(), t.fillStyle = "rgb(255,255,0)", t.beginPath(), t.arc(75, 100, 50, 0, 2 * Math.PI, !0), t.closePath(), t.fill(), t.fillStyle = "rgb(255,0,255)", t.arc(75, 75, 75, 0, 2 * Math.PI, !0), t.arc(75, 75, 25, 0, 2 * Math.PI, !0), t.fill("evenodd"), r.toDataURL && e.push("canvas fp:" + r.toDataURL()))
            } catch(e) {}
            return KgUser.Md5(e.toString())
        } ();
        r = KgUser.Md5(n + o + s + e + t + i)
    }
    return r
}

var i = KgUser.Guid(), r = KgUser.Md5(i);可知调用了3156行的函数:

Guid: function() {
    function e() {
        return (65536 * (1 + Math.random()) | 0).toString(16).substring(1)
    }
    return e() + e() + "-" + e() + "-" + e() + "-" + e() + "-" + e() + e() + e()
},

总结:
地址:https://wwwapi.kugou.com/yy/index.php
参数:r=play/getdata,hash=歌曲哈希值,album_id=专辑id,mid=随机的8个16进制4位数以形如“xx-x-x-x-xxx”的方式拼接后采用md5小写32位加密

②歌词
参数signature加密方法:
kguser.v2.min.js?v=20191021 第160行:

!function r(i) {
    if (i < f.length)
        U[f[i]](function(e) {
            if (e)
                if ("[object Object]" == Object.prototype.toString.call(e))
                    for (var t in e)
                        m[t] = e[t];
                else
                    m[f[i]] = e;
            r(i + 1)
        });
    else {
        for (var e in m)
            a[e] || (a[e] = m[e]);
        for (var e in a)
            h.push(e);
        if (h.sort(),
        h.forEach(function(e) {
            K.push(e + "=" + a[e])
        }),
        n)
            if ("[object Object]" == Object.prototype.toString.call(n))
                if ("json" == s)
                    K.push(JSON.stringify(n));
                else {
                    var t = [];
                    for (e in n)
                        t.push(e + "=" + n[e]);
                    K.push(t.join("&"))
                }
            else
                K.push(n);
        K.unshift(y),
        K.push(y),
        a.signature = faultylabs.MD5(K.join("")),
        o && o(a)
    }
}(0)

注意到a.signature = faultylabs.MD5(K.join("")),然后调试得到了K的值,破解了加密。

总结:
地址:https://m3ws.kugou.com/api/v1/krc/get_lyrics
参数:keyword=音频名(形如歌手 - 歌名的形式,歌手之间以顿号连接),hash=歌曲哈希值,clienttime=13位时间戳,mid=13位时间戳,signature=下表元素拼接后md5大写32位加密,timelength=0,srcappid=2919,clientver=20000,dfid=-

[
    'NVPh5oo715z5DIWAeQlhMDsWXXQV4hwt',
    'clienttime=13位时间戳',
    'clientver=20000',
    'dfid=-',
    'hash=歌曲哈希值',
    'keyword=音频名',
    'mid=13位时间戳',
    'srcappid=2919',
    'timelength=0',
    'NVPh5oo715z5DIWAeQlhMDsWXXQV4hwt'
]

③热评
地址:https://mcomment.kugou.com/index.php
参数:r=commentsv2/getCommentWithLike,code=fc4be23b4e972707f36b8a828a93ba8a,extdata=歌曲哈希值,p=页数,pagesize=个数

这次把酷狗音乐收个尾,下篇就开始破解QQ音乐啦!

  1. 可能有人找不到手机版的播放页面,给个例子:https://m3ws.kugou.com/kgsong/lzwyffa.html ↩︎

posted @   vergica  阅读(560)  评论(0编辑  收藏  举报
相关博文:
·  酷狗音乐分析(1)
·  酷我音乐分析
·  Python逆向爬虫入门教程: 酷狗音乐加密参数signature逆向解析
·  js逆向——酷狗signature&酷狗音乐爬虫
·  爬虫学习笔记:酷狗音乐榜单TOP500
阅读排行:
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 地球OL攻略 —— 某应届生求职总结
· 提示词工程——AI应用必不可少的技术
· Open-Sora 2.0 重磅开源!
· 周边上新:园子的第一款马克杯温暖上架
点击右上角即可分享
微信分享提示
AI IDE Trae