The work list interface /api/post/item_list/? has a section of x-tt-params
After observation, it is found that the string composed of device_id, secUid, browser and other information is generated after AES encryption.
Debugging shows AES encryption, 128 bits, CBC, PKCS7.
online test
https://tool.lmeee.com/jiami/aes
local simulation
var CryptoJS = require("crypto-js");
function aes(secUid){
e = {
"aid": "1988",
"app_name": "tiktok_web",
"channel": "tiktok_web",
"device_platform": "web_pc",
"device_id": "7202509366032811522",
"region": "TW",
"priority_region": "",
"os": "windows",
"referer": "",
"root_referer": "undefined",
"cookie_enabled": "true",
"screen_width": "1920",
"screen_height": "1080",
"browser_language": "zh-CN",
"browser_platform": "Win32",
"browser_name": "Mozilla",
"browser_version": "5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36",
"browser_online": "true",
"verifyFp": "undefined",
"app_language": "zh-Hans",
"webcast_language": "zh-Hans",
"tz_name": "Asia/Shanghai",
"is_page_visible": "true",
"focus_state": "true",
"is_fullscreen": "false",
"history_len": "3",
"battery_info": "1",
"from_page": "user",
"secUid": secUid,
"count": "30",
"cursor": "",
"language": "zh-Hans",
"userId": "undefined",
"is_encryption": "1"
}
const t = [];
return Object.keys(e).forEach((i=>{
const o = `${
i}=${
e[i]}`;
t.push(o)
}
)),
t.push("is_encryption=1"),
((e,t)=>{
const i = ((e,t)=>{
let i = e.toString();
const o = i.length;
return o < 16 ? i = new Array(16 - o + 1).join("0") + i : o > 16 && (i = i.slice(0, 16)),
i
}
)("webapp1.0+20210628")
, n = CryptoJS.enc.Utf8.parse(i);
return CryptoJS.AES.encrypt(e, n, {
iv: n,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
}).toString()
}
)(t.join("&"))
}
console.log(aes("MS4wLjABAAAA6aI0jkpA6X5yzejGmhzXFtd6vKbLKkJV1bQ4cATqZUmPGVenv3R0cJTsHdrI2NBG"))