Site url: https://xbeibeix.com/api/bilibili/
- Disable the debugger loop
It’s set by the admin to disturb the spider to get info from the site, to disable the disgusting ‘feature’, add a conditional breakpoint in the line which contains ‘debugger;’
2. Find out specific request which contains the clear media(mp4) url
Obviously, the request is not a XHR but was generated by JavaScript, in the index.html file we can find a strange part of JS code(highlighted in following image)
There a two parts of the similar code(sojson.v4 and sojson.v5) which hints that the JS code for encryption has two versions. They are all uglified so we should beautify them first through some online sites or IDE like Intellij IDEA.
Seems like it was encrypted by AES, to prove that we can use browser’s console to get some naccesary info.
So we ensure that it’s AES encryption.
'iv': _0x4cc587,
//CryptoJS['enc']['Latin1']['parse']['beibei1234567890'] so vi is 'beibei1234567890''mode': CryptoJS[_0x4525('0xa', 'ThGR')][_0x4525('0xb', 'o(Cg')],
// CBC mode'adding': CryptoJS['pad'][_0x4525('0xc', 'm]hX')]
// ZeroPadding
Finally, we can reverse the decryption process using pure Python.
Reference
