origin of the story
In the picture, I saw someone promoting the so-called "no cost" APP (but it is not actually free)
. I downloaded it and tried it. If they are all the same APP
, but this APP is a little simpler. . Locate in a few seconds
【Healthy life, stay away from pornography, gambling and drugs】
tool
1.jadx (or MT/NP)
2. Little yellow bird HttpCanary (because FD did not catch the request, only the live connection was caught, but all the little yellow birds were caught, so use the little yellow bird)
step
List capture (getVideoList)
Capture the live connection in FD in the format of HTTP://XX.XX.XXX/XXX.FLV?AUTH_KEY=XXX
The returned parameters are: title/liveimage/nplayFlv, etc.
title | title |
---|---|
liveimage | Live Cover Image |
nplayFlv | The AES ciphertext of the suspected Flv live broadcast address |
userid | podcaster id |
liveFree | Is it free |
hostName | host name |
decompile
jadx (MT/NP) search nplayFlv, get
I found the com.AA.BB.ui.activity.room.RoomMainActivity class directly
AESUtil.decrypt(this.recordsDTO.getNPlayFlv(), "qwertyui12345678");
Take a look at this AESUtil.decrypt
public static String decrypt(String str, String str2) {
try {
byte[] decode = Base64.decode(str, 0);
SecretKeySpec secretKeySpec = new SecretKeySpec(str2.getBytes("UTF-8"), "AES");
Cipher instance = Cipher.getInstance("AES/ECB/PKCS5Padding");
instance.init(2, secretKeySpec);
byte[] doFinal = instance.doFinal(decode);
if (doFinal != null) {
return new String(doFinal, "UTF-8");
}
return null;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
So the available encryption mode is AES/ECB/PKCS5Padding, and the key is qwertyui12345678
encryption mode | key |
---|---|
AES/ECB/PKCS5Padding | qwertyui12345678 |
Then copy a piece of nplayFlv and try to decrypt it
Successfully decrypted, indicating that the previous key is correct
close the case
AES/ECB/PKCS5Padding, the key is qwertyui12345678
Easy language pulls all live room information
FLV live broadcast, can be played in QQ video and audio
, including paid live broadcast room, can capture the address