In response to customer needs, today we will study some of tiktok's algorithmic risk control and video playback volume detection issues. Take the Android version as an example, here we use the newer version of tiktok 25.9.4
1. Pre-preparation for packet capture
Pack capture is a headache for most overseas tt players. For android, the network communication protocol can’t be bypassed. Finally, xposed can get around it. It is found that the phone parameters can’t be fixed, and the content in the mainland area is not displayed, and the screen is directly black. It is possible to change the mobile phone parameters of ios, but goose, the new system and new version will not allow packet capture.
In this regard, the author provides two "ideas" that are currently the most perfect solution, the so magic modification of android and the upgrade strategy of ios, which can avoid the detection of national regions and communication protocols. There are too many things involved in so magic modification, including jada reverse engineering, ida decompilation, and adb operation. Briefly share the process with you:
android: use the recompiled apk, plus the modified libsscronet.so, which can perfectly avoid detection and disconnection
ios: After logging in to the account, the strategy of upgrading the ipa can ignore network detection directly through the cached certificate for packet capture
2. When capturing packets
1. Risk control algorithm
(1) Device registration algorithm
It is different from the equipment algorithm of a certain sound in China. Certain interfaces of a certain sound have extremely high requirements on the equipment. Only one of the correctly encrypted register interface + click confirmation interface + activity library interface + log or monitoring interface + configuration interface + activation strategy can do some relatively high-end operations (play , likes, attention, etc., collection and other interfaces can only keep the head and tail strategies), while tiktok is relatively simple, only need to correctly encrypt the register interface + mac binding + google channel binding + activation strategy, Much less than the process
{
'device_id': 7165349508607477253,
'install_id': 7165350779095746309
}(2) Encryption algorithm
The early encryption algorithm only had two core parameters, x-gorgon and x-khronos, but the new version adds x-argus and x-ladon, and it is no longer possible to locate the algorithm entry through keywords in jadx. For most interfaces, these two parameters may not be needed, such as feed, video post, search, etc., but user, stats, follow, digg, etc. require new encryption parameters
{
'x-gorgon': '0404009200006554a694efece28b9e104bd2b035e5534edb1039',
'x-khronos': '1668316731',
'x-ladon': '3ZUzVd9TsVZQCYAqzNTkcjcz/7VFZsvgPfl/euzI2zqogVdX',
'x-argus': 'Sk1EW3Y8M+z+iSOS1j3+TvvcbwKOpgxMksDXdntgvzV6bNlX77GQhPewX1FqhUb/ufeSl8IEvSUe1GkRYiwXyPVaWbmMSL0rYcWuIL+3gHV0J2SPjhLBQsG8qlDwn8CHBWbrS5ensYnQw0n3wTVcX65g9M0tQnTSTpZRcJa+JL5lRxQx5ru2IHpaA0Be39O5ZNLqxKayJQ2j7DOfhrXMSI/kIk/xWDQUw9HKEzLcQIi+5eIV8g2lhu9UCsd8+gklnA2sgcJk167lREK0laBMVV0h'
}
{
"log_pb": {
"impr_id": "202211130520592109A770F334650DD710"
},
"status_code": 0,
"user": {
"ad_virtual": false,
"avatar_medium": {
"url_list": [
"https://p16-sign-sg.tiktokcdn.com/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2~tplv-tiktok-shrink:282:282.jpeg?x-expires\u003d1668337200\u0026x-signature\u003dB3vl0lpZN0Dh5JpXH2VHAC2Upbs%3D\u0026s\u003dPACK_GO_API\u0026se\u003dfalse\u0026sh\u003d282_282\u0026sc\u003davatar\u0026l\u003d202211130520592109A770F334650DD710",
"https://p16-sign-sg.tiktokcdn.com/aweme/720x720/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2.webp?x-expires\u003d1668488400\u0026x-signature\u003dG2MwwtSHLG707Id9hXGJmADuil8%3D",
"https://p16-sign-sg.tiktokcdn.com/aweme/720x720/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2.jpeg?x-expires\u003d1668488400\u0026x-signature\u003dd1hTbqRFLjHBuU8IHGWBzJ3f%2BDk%3D"
],
"uri": "tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2"
},
"avatar_300x300": {
"uri": "tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2",
"url_list": [
"https://p16-sign-sg.tiktokcdn.com/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2~tplv-tiktok-shrink:282:282.jpeg?x-expires\u003d1668337200\u0026x-signature\u003dB3vl0lpZN0Dh5JpXH2VHAC2Upbs%3D\u0026s\u003dPACK_GO_API\u0026se\u003dfalse\u0026sh\u003d282_282\u0026sc\u003davatar\u0026l\u003d202211130520592109A770F334650DD710",
"https://p16-sign-sg.tiktokcdn.com/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2~c5_300x300.webp?x-expires\u003d1668488400\u0026x-signature\u003dIbM9MHdGvc7WW0Jast4uZoCbcNQ%3D",
"https://p16-sign-sg.tiktokcdn.com/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2~c5_300x300.jpeg?x-expires\u003d1668488400\u0026x-signature\u003dHv3J8TK0fD2kGORSlh%2FioTMcO%2F0%3D"
]
},
"avatar_168x168": {
"url_list": [
"https://p16-sign-sg.tiktokcdn.com/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2~tplv-tiktok-shrink:282:282.jpeg?x-expires\u003d1668337200\u0026x-signature\u003dB3vl0lpZN0Dh5JpXH2VHAC2Upbs%3D\u0026s\u003dPACK_GO_API\u0026se\u003dfalse\u0026sh\u003d282_282\u0026sc\u003davatar\u0026l\u003d202211130520592109A770F334650DD710",
"https://p16-sign-sg.tiktokcdn.com/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2~c5_168x168.webp?x-expires\u003d1668488400\u0026x-signature\u003d2zVQsGCz38Lng1sajUTxzogN%2FSk%3D",
"https://p16-sign-sg.tiktokcdn.com/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2~c5_168x168.jpeg?x-expires\u003d1668488400\u0026x-signature\u003dL3f1peRZhFCpeNGHNKsb7HaO28w%3D"
],
"uri": "tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2"
},
"message_chat_entry": false,
"recommend_reason_relation": "",
"profile_tab_type": 0,
"is_star": false,
"twitter_name": "",
"mplatform_followers_count": 0,
"follower_count": 4549,
"supporting_ngo": {},
"is_effect_artist": false,
"account_type": 3,
"avatar_larger": {
"url_list": [
"https://p16-sign-sg.tiktokcdn.com/aweme/1080x1080/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2.webp?x-expires\u003d1668488400\u0026x-signature\u003dRdSqFnSIdUOdpRzJp0Cay32Lphc%3D",
"https://p16-sign-sg.tiktokcdn.com/aweme/1080x1080/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2.jpeg?x-expires\u003d1668488400\u0026x-signature\u003dxdXdDGH7%2BCceLYN0Miuxs%2BsMlEc%3D"
],
"uri": "tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2"
},
"commerce_user_info": {
"ad_experience_entry": true,
"ad_experience_text": "Ads",
"ad_revenue_rits": []
},
"is_blocked": false,
"twitter_id": "",
"qa_status": 0,
"video_icon": {
"uri": "",
"url_list": []
},
"verification_type": 0,
"enterprise_verify_reason": "",
"sec_uid": "MS4wLjABAAAAzVo22dPcsRtqwQ1zBz1pwFUg0dm_V7XdfWAjfUfcMvJuAS6HrFufw48PIzSYOYIT",
"with_commerce_entry": false,
"category": "Personal Blog",
"watch_status": false,
"with_new_goods": false,
"aweme_count": 127,
"commerce_user_level": 0,
"apple_account": 0,
"unique_id": "monirul1382",
"favoriting_count": 0,
"total_favorited": 21040,
"follower_status": 0,
"following_count": 7259,
"youtube_channel_id": "",
"ins_id": "",
"live_push_notification_status": 2,
"nudge_guide_info": {
"guide_time": 0,
"show_guide": false
},
"tab_settings": {
"private_tab": {
"show_private_tab": false,
"private_tab_style": 1
}
},
"follow_status": 0,
"youtube_channel_title": "",
"nickname": "p.k",
"share_info": {
"share_desc": "Check out p.k! #TikTok",
"share_image_url": {
"uri": "tos-alisg-p-0037/d1a5001fa23541b2ab34fcd17f2cc3fe_1668310237",
"url_list": [
"https://p16-sign-sg.tiktokcdn.com/obj/tos-alisg-p-0037/d1a5001fa23541b2ab34fcd17f2cc3fe_1668310237?x-expires\u003d1668337200\u0026x-signature\u003dUDs6%2FX8aiEIP7QzD83pSGn%2FBKg8%3D"
]
},
"bool_persist": 1,
"share_title_myself": "This TikTok app is soooooo fun! Follow me @monirul1382 on TikTok and check out my videos!",
"share_url": "https://www.tiktok.com/@monirul1382?_r\u003d1\u0026_d\u003de4m574m23g7672\u0026language\u003den\u0026sec_uid\u003dMS4wLjABAAAAzVo22dPcsRtqwQ1zBz1pwFUg0dm_V7XdfWAjfUfcMvJuAS6HrFufw48PIzSYOYIT\u0026share_author_id\u003d6927144936274412545\u0026source\u003dh5_m",
"share_title_other": "This TikTok user is really cool. Follow @monirul1382 on TikTok and check out those amazing videos!",
"share_title": "Join TikTok and see what I\u0027ve been up to!",
"share_desc_info": "TikTok: Make Every Second Count"
},
"is_block": false,
"short_id": "0",
"with_commerce_enterprise_tab_entry": false,
"secret": 0,
"avatar_thumb": {
"uri": "tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2",
"url_list": [
"https://p16-sign-sg.tiktokcdn.com/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2~tplv-tiktok-shrink:282:282.jpeg?x-expires\u003d1668337200\u0026x-signature\u003dB3vl0lpZN0Dh5JpXH2VHAC2Upbs%3D\u0026s\u003dPACK_GO_API\u0026se\u003dfalse\u0026sh\u003d282_282\u0026sc\u003davatar\u0026l\u003d202211130520592109A770F334650DD710",
"https://p16-sign-sg.tiktokcdn.com/aweme/100x100/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2.webp?x-expires\u003d1668488400\u0026x-signature\u003dfNikR946UDcPIUj2JDqbZIEZWiY%3D",
"https://p16-sign-sg.tiktokcdn.com/aweme/100x100/tos-alisg-avt-0068/9eda8ac4a89de8afa23fdefe99f42ac2.jpeg?x-expires\u003d1668488400\u0026x-signature\u003dvqam8wUbb6URwcIekbNdZk0eSwM%3D"
]
},
"signature": "",
"signature_language": "un",
"show_favorite_list": false,
"room_id": 0,
"privacy_setting": {
"following_visibility": 1
},
"live_commerce": false,
"story_status": 0,
"uid": "6927144936274412545",
"biz_account_info": {
"permission_list": [
"001002",
"001003",
"002001",
"002002",
"004001",
"004006",
"007001",
"007003",
"007004",
"008001",
"010001",
"010002",
"015001",
"015002"
],
"leads_gen": {
"action_name": "",
"page_id": 0,
"business_data": "",
"schema_url": "",
"has_leads_gen": false
}
},
"custom_verify": "",
"original_musician": {
"music_count": 0,
"music_used_count": 0,
"digg_count": 0
},
"forward_count": 0
},
"extra": {
"now": 1668316859000,
"fatal_item_ids": [],
"logid": "202211130520592109A770F334650DD710"
}
}2. Risk control strategy
Ok, having said so much, we started to study the issue of playback volume. We found an unpopular Internet celebrity and an unpopular video to test: Tiktok video link
(I don't know who this old man is)
The original playback was 206, and the mobile phone opened this video, watched it for a while, and found that the playback volume became 207
Capture packets and find that the api is:
Beginning with https://api26-normal-hl.amemv.com/aweme/v1/aweme/stats/?
Then request the api again and find that the playback volume becomes 208
Then use the device we generated to request
{'device_id': 7165366997055489542, 'install_id': 7165368214708061957}
{'X-Gorgon': '040460910000b4fe5e5c679b1a5aca8d0565b3de7aeac3798f6d', 'X-Khronos': '1668317354', 'X-Ladon': 'tLkHbGCrhmcvTPmlKHGkTta6Ti/YLihAsfKVgFEWFRiQV9YD', 'X-Argus': 'sCyeoOH45ibTP/CRUzAMJV1RJ337mffXnKw7lg4DOesS3htUSiUzUQy8i/csmSpKh/1ZqlycbmpLBsQEcHhXAY/jvNc6LkhmqBjn6xrYmSXrqL3JCb09o04fAaXQesxY2PBU3+JeBznMpjU1Gd7mRSEYEIXomcoH/CAyLAaoCcBGvB+DMH3xRm1TKLwj0/qorwsi6iO5x8w3t9MKpj1TX9raqMDo591OBvpEXG29XJR1gVd4bpgJeP6Ckc01p+2hfm8gpvKy1Y7MDeYXo6UDFQA0'}
post参数
pre_item_playtime=&first_install_time=1598329642&item_id=7165147705835015461&follow_status=0&sync_origin=false&follower_status=0&hide_mix_entry=true&action_time= 1668317412&tab_type=0&pre_hot_sentence=&play_delta=1&aweme_type=0&pre_item_id=
ok becomes 209
Let's generate a new device, contact and request 100 times, and see the effect
applause! ! ! ! !
3. Summary
1. After testing, if you want to upload a lot in a short time, you need high concurrency + high frequency switching device_id, and if you want to spend a small amount of device_id, you need low frequency requests
2. With high concurrency, a single device can complete as much as 12W in a short period of time, and as little as several thousand
3. There are two types of risk control: ip and device. A good device has a lot of traffic, and a good IP has a lot of traffic