You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since the way getting web bili_ticket was found by @aynuarance in #903, I guess that the way getting app bili_ticket is similar and also makes use of HS256, meaning that what we need to do is finding the HMAC key. After a day of hard work REing of libbili.so(OLLVM obfuscation, f**k you), I successfully did so.
x-exbadbasket seems not a must so we can leave it empty.
Here's example of x-exbadbasket (already converted into json string and formatted) with explain (may be wrong) of each param. Not familiar with reverse engineering native codes and I need more help.
{"b00e":"tv.danmaku.bili",// pn => process name"a0c6":"7.57.2",// vn => version name"c94e":"3.2.43",// sdk_version => ?"cd5e":"android",// os"b59e":"",// serial, leave it empty"dd3b":0,// root?"a769":0,// root?"fd49":"11",// osv => os version"c203":"",// mac, default empty"b935":458243454,// apk_sign => **Not know how `libbili.so` gets such value**"ed96":"",// mid"f438":"XU0D0580A80C82276D9DF33B4D20665C42E33",// buvid"e57c":"Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 XL Build/RP1A.201005.004.A1) 7.57.2 os/android model/Pixel 2 XL mobi_app/android build/7572100 channel/master innerVer/7572110 osVer/11 network/2",// ua"aff2":1,// app_id"edc2":1705589660,// ctime"e24d":7572110,// vc => version code"e701":"13566853",// build => build sn"e29f":"0",// ptrace"e58c":"",// frida => **Not know how `libbili.so` gets such value**"fd4c":"",// xposed => **Not know how `libbili.so` gets such value**"d7be":"",// magisk => **Not know how `libbili.so` gets such value**"e7fa":1,// net"debc":"google",// brand"adf0":"Pixel 2 XL",// model"ccd6":1705677891,// fts"ada0":"a3811c3af294c9ff045bf24c9bb0545b2024011923245159b5fa061488ab5b05"// fp => see `fp_local`}
I'm more than curious about the relation between hashcode and real name(ahh, pure characters seen from the register) like b00e and pn. MD5 or any else? I don't know...
Since the way getting web
bili_ticket
was found by @aynuarance in #903, I guess that the way getting appbili_ticket
is similar and also makes use of HS256, meaning that what we need to do is finding the HMAC key. After a day of hard work REing oflibbili.so
(OLLVM obfuscation, f**k you), I successfully did so.Encryption algorithm: HMAC-SHA256
HMAC KEY INFO:
ec02
XgwSnGZ1p
ec01
Ezlc3tgtl
Details:
Progress:
x-exbadbasket
from normal APP.x-exbadbasket
fromlibbili.so
.The text was updated successfully, but these errors were encountered: