网易云API加密

https://segmentfault.com/a/1190000012818254?utm_source=tuicool&utm_medium=referral

大致流程

url:https://interface.music.163.com/weapi/cloudvideo/playurl
data:"params":"GEilmPWmPGuYLbWrpXOkm4yaQ8JCPA7XM9p2X7AQKyOEZWQE05aZiJGVWLEYzDnDqwGvKBs3k1mcgfpjWpvZIqzaTY+Q6Acv8e3AGicXvAWJrbfbR9NyrzHu9rxh0g2jDTCKCZo/o1Ve39KUbfnzNA==", "encSecKey":"6d1e3b33c789ccbffe9f8629eb923a077a61eb12e24140fe43e20ed5cbc543975f4c03d1605c9eb0a8373f31b679fed31f1bdc535f48383eb83d0aa0b798b32237fb6c0031cf328d14a2f3033f08decacc095b15d5314b58a60e66c73426f214400995352f50e5a857a9257bfe4158c87334ee824ada6b9a94c87a63e7a69bc8"

截屏2020-05-05 上午10.51.30.png

data = {"id":"123"}
suiji16Str = 生成一个随机的16位字符串
dataEncodeStr = urlEncode(data)
params = aes(text=dataEncodeStr, key="0CoJUm6Qyw8W8jud", iv="0102030405060708")
params = aes(text=params, key=suiji16Str, iv="0102030405060708") //这就是最后的params参数
enSecKey = rsa(suiji16Str, pubkey="010001", modules="00e0b509f6259df8642dbc35662901477df22677ec152b5ff68ace615bb7b725152b3ab17a876aea8a5aa76d2e417629ec4ee341f56135fccf695280104e0312ecbda92557c93870114af6c9d05c4f7f0c3685b7a46bee255932575cce10b424d813cfe4875d3e82047b97ddef52741d546b8e289dc6935b3ece0462db0a22b8e7")
结果：{params:params, "enseckey":enseckey}

var bPc2x = window.asrsea(JSON.stringify(j4n), buv7o(["流泪", "强"]), buv7o(Tg9X.md), buv7o(["爱心", "女孩", "惊恐", "大笑"]));
            e4i.data = k4o.cE5J({
                params: bPc2x.encText,
                encSecKey: bPc2x.encSecKey
            })

!function() {
    function a(a) {
        var d, e, b = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", c = "";
        for (d = 0; a > d; d += 1)
            e = Math.random() * b.length,
            e = Math.floor(e),
            c += b.charAt(e);
        return c
    }
    function b(a, b) {
        var c = CryptoJS.enc.Utf8.parse(b)
          , d = CryptoJS.enc.Utf8.parse("0102030405060708")
          , e = CryptoJS.enc.Utf8.parse(a)
          , f = CryptoJS.AES.encrypt(e, c, {
            iv: d,
            mode: CryptoJS.mode.CBC
        });
        return f.toString()
    }
    function c(a, b, c) {
        var d, e;
        return setMaxDigits(131),
        d = new RSAKeyPair(b,"",c),
        e = encryptedString(d, a)
    }
    function d(d, e, f, g) {
        var h = {}
          , i = a(16);
        return h.encText = b(d, g),
        h.encText = b(h.encText, i),
        h.encSecKey = c(i, e, f),
        h
    }
    function e(a, b, d, e) {
        var f = {};
        return f.encText = c(a + e, b, d),
        f
    }
    window.asrsea = d,
    window.ecnonasr = e
}();

a=urlencode(params) //参数编码
b = "010001";
c = "00e0b509f6259df8642dbc35662901477df22677ec152b5ff68ace615bb7b725152b3ab17a876aea8a5aa76d2e417629ec4ee341f56135fccf695280104e0312ecbda92557c93870114af6c9d05c4f7f0c3685b7a46bee255932575cce10b424d813cfe4875d3e82047b97ddef52741d546b8e289dc6935b3ece0462db0a22b8e7"
d = "0CoJUm6Qyw8W8jud"

RSA 加密采用非常规填充方式，既不是PKCS1也不是PKCS1_OAEP，网易的做法是直接向前补0
这样加密出来的密文有个特点：加密过程没有随机因素，明文多次加密后得到的密文是相同的
然而，我们常用的 RSA 加密模块均不支持此种加密，所以需要手写一段简单的 RSA 加密
加密过程 convertUtf8toHex(reversedText)^e%N
输入过程中需要对加密字符串进行 hex 格式转码

def rsaEncrypt(text=suiji16str, pubKey=010001, modulus=00e0b509f6259df8642dbc35662901477df22677ec152b5ff68ace615bb7b725152b3ab17a876aea8a5aa76d2e417629ec4ee341f56135fccf695280104e0312ecbda92557c93870114af6c9d05c4f7f0c3685b7a46bee255932575cce10b424d813cfe4875d3e82047b97ddef52741d546b8e289dc6935b3ece0462db0a22b8e7):
    text = text[::-1]
    rs = int(text.encode('hex'), 16)**int(pubKey, 16)%int(modulus, 16)
    return format(rs, 'x').zfill(256)