[Simple Reverse] Obtaining a paid live broadcast link of a live broadcast APP - AES decryption

Language 2023-06-05 11:15:25 views: null

origin of the story

In the picture, I saw someone promoting the so-called "no cost" APP (but it is not actually free)
. I downloaded it and tried it. If they are all the same APP
, but this APP is a little simpler. . Locate in a few seconds
【Healthy life, stay away from pornography, gambling and drugs】

tool

1.jadx (or MT/NP)
2. Little yellow bird HttpCanary (because FD did not catch the request, only the live connection was caught, but all the little yellow birds were caught, so use the little yellow bird)

step

List capture (getVideoList)

insert image description here

Capture the live connection in FD in the format of HTTP://XX.XX.XXX/XXX.FLV?AUTH_KEY=XXX
The returned parameters are: title/liveimage/nplayFlv, etc.

title title
liveimage Live Cover Image
nplayFlv The AES ciphertext of the suspected Flv live broadcast address
userid podcaster id
liveFree Is it free
hostName host name

decompile

jadx (MT/NP) search nplayFlv, get
insert image description here

I found the com.AA.BB.ui.activity.room.RoomMainActivity class directly

  AESUtil.decrypt(this.recordsDTO.getNPlayFlv(), "qwertyui12345678");

Take a look at this AESUtil.decrypt

  public static String decrypt(String str, String str2) {
    
    
      try {
    
    
          byte[] decode = Base64.decode(str, 0);
          SecretKeySpec secretKeySpec = new SecretKeySpec(str2.getBytes("UTF-8"), "AES");
          Cipher instance = Cipher.getInstance("AES/ECB/PKCS5Padding");
          instance.init(2, secretKeySpec);
          byte[] doFinal = instance.doFinal(decode);
          if (doFinal != null) {
    
    
              return new String(doFinal, "UTF-8");
          }
          return null;
      } catch (Exception e) {
    
    
          e.printStackTrace();
          return null;
      }
  }

So the available encryption mode is AES/ECB/PKCS5Padding, and the key is qwertyui12345678

encryption mode key
AES/ECB/PKCS5Padding qwertyui12345678

Then copy a piece of nplayFlv and try to decrypt it
insert image description here

Successfully decrypted, indicating that the previous key is correct

close the case

AES/ECB/PKCS5Padding, the key is qwertyui12345678

Easy language pulls all live room information

FLV live broadcast, can be played in QQ video and audio
, including paid live broadcast room, can capture the address
insert image description here

Guess you like

Origin blog.csdn.net/a952252664/article/details/118268768
Recommended
NetBSD bans submission of code generated by AI
Ranking
Talk dubbo of LRUCache
Chapter 1 Learning Summary
Introduction to Virtualization
pytorch 调用lstm
Six modules
[8086] The natural number of 1 to 36 into a 6x6 two-dimensional array of line-sequentially, and then print out the lower left half of the triangular array
mybatis mapper mapping file $ # {} {} understanding and
C language input and output buffer
c language floating-point input and output
andorid P version compatible, refer to Huawei
Daily
More
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)

Code World

© 2018 codetd.com