diff --git a/lib/api/kuwo/kuwo.dart b/lib/api/kuwo/kuwo.dart index 30f90ee..cd382cf 100644 --- a/lib/api/kuwo/kuwo.dart +++ b/lib/api/kuwo/kuwo.dart @@ -34,6 +34,7 @@ class KuWo { ///Banner static Future banner() { + return _banner.call({}, []); } @@ -237,14 +238,17 @@ final _api = { //请求 Future _get(String path, {Map? params, List cookie = const []}) async { var hm_token = getRandom(32); - var token_sha1=sha1.convert(utf8.encode(hm_token)).toString(); + var hm_Iuvt = getRandom(32); + var key="Hm_Iuvt_cdb524f42f0ce19b169b8072123a4727"; + + var token_sha1 = sha1.convert(utf8.encode(hm_token)).toString(); Map header = { // "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.43", "csrf": "SQ6EJ3Q5G6B", "Token": "7865309485D199575C04186AFF58C46D", - "Secret":"3d12021f8dfdbc44df42bf3a92d1cb890fc1babcd39e0fc020487fb7ecfb520e0443ee85", - "cookie": "Hm_token=$hm_token;kw_token=${getRandom(11)};Hm_Iuvt_cdb524f42f0ce19b169b8072123a4727=cNxswyQMayRz67Rt2tC4ns3KX4sfHBE5", + "cookie": "Hm_token=$hm_token;kw_token=${getRandom(11)};$key=$hm_Iuvt", "Cross": md5.convert(utf8.encode(token_sha1)).toString(), + "Secret": KuwoDES.secret(key, hm_Iuvt), "Referer": "http://www.kuwo.cn/", }; diff --git a/lib/api/kuwo/kuwoDES.dart b/lib/api/kuwo/kuwoDES.dart index 3ca0252..ea6db6e 100644 --- a/lib/api/kuwo/kuwoDES.dart +++ b/lib/api/kuwo/kuwoDES.dart @@ -1,4 +1,5 @@ import 'dart:convert'; +import 'dart:math'; class KuwoDES { static List SECRET_KEY = utf8.encode("ylzsxkwm"); @@ -1193,7 +1194,8 @@ class KuwoDES { // System.arraycopy(src, num * 8, szTail, 0, srcLength - num * 8); int tail64 = 0; - for (int i = 0; i < tail_num; i++) tail64 = tail64 | ((szTail[i] & 0xff)) << (i * 8); + for (int i = 0; i < tail_num; i++) + tail64 = tail64 | ((szTail[i] & 0xff)) << (i * 8); pEncyrpt[num] = DES64(subKey, tail64); @@ -1211,4 +1213,34 @@ class KuwoDES { //return new String(Base64Coder.encode(result, result.length, null)); return result; } + + //请求头Hm_Iuvt_cdb524f42f0ce19b169b8072123a4727,Secret算法 + static String secret(String name, String token) { + var n = name.codeUnits.map((e) => e.toString()).join(); + var r = (n.length / 5).floor(); + var o = int.parse(n[r] + n[2 * r] + n[3 * r] + n[4 * r] + n[5 * r]); + var l = (name.length / 2.0).ceil(); + var c = pow(2, 31) - 1; + var d = ((1e9 * Random().nextDouble()).round() % 1e8).toInt(); + n = "$n$d"; + while (n.length > 10) { + var a1 = n.substring(0, 10); + var a2 = n.substring(10, n.length); + if (a2.contains("e+")) { + n = (double.parse(a1).toInt() + double.parse(a2.replaceAll("e+", ".")).toInt()).toString(); + } else { + n = (double.parse(a1) + double.parse(a2)).toString(); + } + } + n = ((o * double.parse(n) + l) % c).toString(); + + var f = token.codeUnits.map((e) { + var h = e ^ (double.parse(n) / c * 255).floor(); + n = ((o * double.parse(n) + l) % c).toString(); + return h.toRadixString(16).padLeft(2, '0'); + }).join(); + + var dd = d.toRadixString(16).padLeft(8, '0'); + return f + dd; + } } diff --git "a/lib/api/kuwo/\350\257\267\346\261\202\345\244\264\347\256\227\346\263\225" "b/lib/api/kuwo/\350\257\267\346\261\202\345\244\264\347\256\227\346\263\225" new file mode 100644 index 0000000..e865278 --- /dev/null +++ "b/lib/api/kuwo/\350\257\267\346\261\202\345\244\264\347\256\227\346\263\225" @@ -0,0 +1,53 @@ +```kotlin +fun main() { + //t是随机的32位字符串 + val t = "6Q5tPYAYEdQSz888887jh5FTKaMRXwdx" + //e是固定的Cookie名称 + val e = "Hm_Iuvt_cdb524f42f0ce19b169b8072123a4727" + //n是e的ASCII码拼接 + var n = e.toCharArray().joinToString("") { it.code.toString() } + println(n) + val r = floor(n.length / 5.0).toInt() + println("r=$r") + val o = (n[r].toString() + n[2 * r] + n[3 * r] + n[4 * r] + n[5 * r]).toInt() + println("o=$o") + val l = ceil(e.length / 2.0).toInt() + println("l=$l") + val c = (2.0.pow(31.0) - 1).toInt() + println("c=$c") + val d = (Math.round(1e9 * Math.random()) % 1e8).toInt() + println("d=$d") + n = "$n$d" + //===========一个神奇的算法START,后期大概率会改=================================== + //这是上面计算的n值7210995731171181169599100985350521025250102489910149579849545798564855504950519752555055 + while (n.length > 10) { + val a1 = n.substring(0, 10) + val a2 = n.substring(10, n.length) + //第一次循环7210995731 17118116959910098535052102525010248991014957984954579856485550495051975255505545084407 + //第二次循环1.71181169 59910098E85 + //这里竟然生成了科学计数 + //js中用了parseInt,但是在kotlin中‘59910098E85’带有字母会报错,这里用了parseDouble,替换了‘E’,实现了和js一样的效果 + //最后计算出来的值是59910099 + println("$a1 $a2") + n = if (a2.contains("E")) { + (parseDouble(a1).toInt() + parseDouble(a2.replace("E", ".")).toInt()).toString() + } else { + (parseDouble(a1) + parseDouble(a2)).toString() + } + } + //===========一个神奇的算法END=================================== + println("n=$n") + n = ((o * n.toDouble() + l) % c).toString() + //由于上面算法科学计数剪切问题,随机数d被剪切丢失,这里n其实是一个固定值798334170 + //上面算法都是废话 + val f = t.toCharArray().joinToString("") { + val h = it.code xor (floor(n.toDouble() / c * 255)).toInt() + n = ((o * n.toDouble() + l) % c).toString() + h.toString(16).padStart(2, '0') + } + println(f) + val dd = d.toString(16).padStart(8, '0') + //计算出来的Secret + println(f + dd) +} +``` \ No newline at end of file