其他分享
首页 > 其他分享> > 优酷视频真实地址解析

优酷视频真实地址解析

作者:互联网

视频地址:https://v.youku.com/v_show/id_XMTMwNjkyMjU1Mg==.html?spm=a2hcb.127013 10.app.5~5!2~5!3~5~5~5~5~5~5~A

浏览器输入url,打开谷歌调试工具

 查看url,发现他是以.ts结尾的文件

 这里基本就可以确定,整个视频是以流媒体的方式进行播放的,即整个视频由一段段的小视频组成,这里必须知道的是,这种以流媒体方式播放的视频,它会有一个总记录文件(以.m3u8结尾),用来记录这每一个视频url的地址,因此我们全局搜索m3u8

 

 

 

 

 

 赋值这段地址,用浏览器打开

 既然我们找到了需要的包,我们来看一下那个返回json数据的url及参数

https://acs.youku.com/h5/mtop.youku.play.ups.appinfo.get/1.1/

参数:分析一下

jsv: 2.5.7         # 固定值
appKey: 24679788   # 固定值
t: 1590671936359   # 13位时间戳
sign: 12bc589a10bb95cee77c642ae8c40fd0 # 加密且变化的,很重要的一个参数
api: mtop.youku.play.ups.appinfo.get  # 固定值
v: 1.1            # 固定值
timeout: 20000    # 固定值
YKPid: 20160317PLF000211  # 固定值
YKLoginRequest: true  # 固定值
AntiFlood: true    # 固定值
AntiCreep: true    # 固定值
type: jsonp        # 固定值
dataType: jsonp    # 固定值
callback: mtopjsonp1 #固定值

#####data参数暂时先放下
data: {
"steal_params":"{\"ccode\":\"0502\",\"client_ip\":\"192.168.1.1\",\"utid\":\"Y7BUFzR39m0CAco+cahiFt93\",\"client_ts\":1590671936,\"version\":\"2.1.4\",\"ckey\":\"124#5JyH9kE0xG0xAPQy1kMoZeKVVpRFx4SskGO1Me+5ZXguXA0v3UtKPvNm1k5MX57fTLTlOCAlxX0LWFMF5M++lrbZNI2zX7S5LhF5YWR8SJAK5rZd7hA80i3Xpv8hGZaZkN3TXCcZ6hpCac7m7cAywDeRCV+Qkwp46xFnZaUCkfgiwB0d2XfJoITCYIR/0E0qmNH9GF5gc/H7p62ZlMan6KvBIZYLlw/2mfWeI8bpgTzo72bX/YDJ67vtQC/plm/IHf+ZI8LLgTSo1nIelUX267vBIZYLlwYnmfWeIqXpg5Sd1Z2ZlMXng7OBJZEUl5KOmfuUI8Lpg7DtnurtlbangKrWInYLlUJ3SymsCaEJNONNH4qmu87UWc1Z4c2PT5+jOzHITd2jfr8AAD4My1ZZ8zZ1IGzZ2KeNLEkKZiA2TByBAHHv4H6q8W0tdGhCFx5SieTq3N/tJDyoJoWGmT28p5Mp/tx6bP4JxXkYZwJ8bHS6SMMv83OzyqyELQPeNow6JIBAh5d5t7MTRV5z2cQtHOkKVt/VzFSMoCPbkTzBWWQbvSDGNVnyVxdQS/32W/FNhZx8VchtQBkaMV+Rjpp+Jca0mk4FvNSg+8fm4/b3rHC5SfdzYo2Cqxu+JISqTZEo69PYB83W8/HEJKtobyOtBfjE0K3WQVIYizjYp8Mdm8lHTG/9FF0dX1qRNcG2e7wyYku3A1JwU2JALiGBhkl5S2GdKewcFC4IYo+fEKFWpOlQGgqL49IRPjqI+My+qfenzYvKLbvc0QskASTyzCsk5Vrbi1kOmS3BleMfIPYpl60kAPeSWLt6iJpcITM+TCCvYdphSolX5XYm9bqKqfOU+6Qv1ZMCwKkuQtOa/XJirfhpX5OBB4f5mJoymjO7gKbsjaVQz1xtTOPPkZ6XLZDJb3vtEEcZxHFvNfsIO0==\"}","biz_params":"{\"vid\":\"XMTMwNjkyMjU1Mg==\",\"play_ability\":5376,\"current_showid\":\"299546\",\"preferClarity\":99,\"extag\":\"EXT-X-PRIVINF\",\"master_m3u8\":1,\"media_type\":\"standard\",\"app_ver\":\"2.1.4\",\"h265\":1}","ad_params":"{\"vs\":\"1.0\",\"pver\":\"2.1.4\",\"sver\":\"2.0\",\"site\":1,\"aw\":\"w\",\"fu\":0,\"d\":\"0\",\"bt\":\"pc\",\"os\":\"win\",\"osv\":\"10\",\"dq\":\"auto\",\"atm\":\"\",\"partnerid\":\"null\",\"wintype\":\"interior\",\"isvert\":0,\"vip\":0,\"emb\":\"AjMyNjczMDYzOAJ2LnlvdWt1LmNvbQIvdl9zaG93L2lkX1hNVE13TmpreU1qVTFNZz09Lmh0bWw=\",\"p\":1,\"rst\":\"mp4\",\"needbf\":2,\"avs\":\"1.0\"}"}

先来分析一下sign参数的加密算法,全局搜索sign

 来看一下刚才找到的代码:

         if (!0 === i.H5Request) {
                var o = "//" + (i.prefix ? i.prefix + "." : "") + (i.subDomain ? i.subDomain + "." : "") + i.mainDomain + "/h5/" + n.api.toLowerCase() + "/" + n.v.toLowerCase() + "/"
                  , a = n.appKey || ("waptest" === i.subDomain ? "4272" : "12574478")
                  , l = (new Date).getTime()
                  , u = s(i.token + "&" + l + "&" + a + "&" + n.data)
                  , c = {
                    jsv: "2.5.7",
                    appKey: a,
                    t: l,
                    sign: u   // u指上面的那个u = s(i.token + "&" + l + "&" + a + "&" + n.data),很明显s是一个函数,i.token等会儿看。l:(new Date).getTime(),n.data,其实指的就是我们需要
                              //携带的data参数,也就是说sign参数要想搞出来,就必须先将data搞定
    

                }

i.token这里就不废笔舌了,直接说吧,这里的token其实就是cookie中的`_m_h5_tk`对应的值的一部分,感兴趣的可以去那个js页面搜索i.token,分析一下下面这段js代码

 不信我来给你证明一下,打点调试

 然后我们去看一下cookie中`_m_h5_tk`对应的值:

 将两者粘贴出来看一下:

cookie中:b4139a1b7fba6bc4c6fcc580f16f0bf9_1590675989093
js调试出: b4139a1b7fba6bc4c6fcc580f16f0bf9

到此,我们的sign参数加密函数传的参数:s(i.token + "&" + l + "&" + a + "&" + n.data)

i.token    : cookie中的_m_h5_tk中的一部分
l          : (new Date).getTime()
a          : n.appKey  # 固定值
n.data     :  为data参数

所以,接下来我们需要去破解data参数:

{
    "steal_params": "{\"ccode\":\"0502\",\"client_ip\":\"192.168.1.1\",\"utid\":\"Y7BUFzR39m0CAco+cahiFt93\",\"client_ts\":1590676196,\"version\":\"2.1.4\",\"ckey\":\"124#9tmfr0ETxG0xAPatR0FDHeKVVpRFx4SskGO1Me+5ZXguXA0v3UtKPvNm1k5MX57fTLTlOCAlxX0LRNxu4RuBw6rIb6CxzND3uI80FzST93zgHNBUw65JyqOTOPXDsXHWMKvQTzRZ7ZTG8aPnf7X14lnvgbAUn3SDzY6jo7qdLphyvYKKgJu+iB6Pr9H7WC2ZlMan6KvBIZYLlw/2mfWeI8bpgTzo72bX/YDJ67vtQC/plm/IHf+ZI8LLgTSo1nIelUX267vBIZYLlwYnmfWeIqXpg5Sd1Z2ZlMXng7OBJZEUl5KOmfuUI8Lpg7Dt4iQElbangKC0InYLlX63YTIUCaEJNONNH4qmUdYs8WLMMt9OACNEYz3PFauH47FztC4er7/gastBy2xh8w9XpSymZCiNkF+HvIDaR3MCtFOVKaVPOPcQTR0IJeiJmkOtzrqfsc7zD61vJvJkHFtENYvu++/YwfChUhSACV7wHkIWRlms+B83LZKgWyX6kNxDXeu2Ct6xIOUyWqBNIXJf9CAdn7GXz+Q2kYyL+MDKEGxlX2jkwIjDXpBWKn6oWPpXpq70bfthHVwnbIE3jH2i/Osgx6A41h8H97H6F0vgy2HWGm2DlSP99GKePpFUyws9e1GRX1tmW7uI/bWGyNPK0FbkojqxE5J/Xb6aSYWHTdR0cUN/h24nah9bHYho1QkgjCI5wao24+b+IVBcnSzchPM37j7soNYM0zNxl3vaj0KIf6G+u+Vy8TzhWHGmlIC3bdCz0GFQyKiRmJ2sur86iifJo50zJ/T0KC73MYs06JI/FN2d3c+cRX1COHgdNtEtbyGv5VZ7F4F4ovkZhUyq8LFcAEyDxdgy+cq3ZJN3GAVv5u2d5yQpPNZPVgRda8ZhS6I//mUhuHx=\"}",
    "biz_params": "{\"vid\":\"XMTMwNjkyMjU1Mg==\",\"play_ability\":5376,\"current_showid\":\"299546\",\"preferClarity\":3,\"extag\":\"EXT-X-PRIVINF\",\"master_m3u8\":1,\"media_type\":\"standard\",\"app_ver\":\"2.1.4\",\"h265\":1}",
    "ad_params": "{\"vs\":\"1.0\",\"pver\":\"2.1.4\",\"sver\":\"2.0\",\"site\":1,\"aw\":\"w\",\"fu\":0,\"d\":\"0\",\"bt\":\"pc\",\"os\":\"win\",\"osv\":\"10\",\"dq\":\"auto\",\"atm\":\"\",\"partnerid\":\"null\",\"wintype\":\"interior\",\"isvert\":0,\"vip\":0,\"emb\":\"AjMyNjczMDYzOAJ2LnlvdWt1LmNvbQIvdl9zaG93L2lkX1hNVE13TmpreU1qVTFNZz09Lmh0bWw=\",\"p\":1,\"rst\":\"mp4\",\"needbf\":2,\"avs\":\"1.0\"}"
}

分析结果:

{
    "steal_params":
        "{"ccode":"0502",
        "client_ip":"192.168.1.1",
        "utid":"Y7BUFzR39m0CAco+cahiFt93", # cookie中的cna,这个值也可以是固定的
        "client_ts":1590676196, # 时间戳
        "version":"2.1.4",
        
        #加密
        "ckey":"124#9tmfr0ETxG0xAPatR0FDHeKVVpRFx4SskGO1Me+5ZXguXA0v3UtKPvNm1k5MX57fTLTlOCAlxX0LRNxu4RuBw6rIb6CxzND3uI80FzST93zgHNBUw65JyqOTOPXDsXHWMKvQTzRZ7ZTG8aPnf7X14lnvgbAUn3SDzY6jo7qdLphyvYKKgJu+iB6Pr9H7WC2ZlMan6KvBIZYLlw/2mfWeI8bpgTzo72bX/YDJ67vtQC/plm/IHf+ZI8LLgTSo1nIelUX267vBIZYLlwYnmfWeIqXpg5Sd1Z2ZlMXng7OBJZEUl5KOmfuUI8Lpg7Dt4iQElbangKC0InYLlX63YTIUCaEJNONNH4qmUdYs8WLMMt9OACNEYz3PFauH47FztC4er7/gastBy2xh8w9XpSymZCiNkF+HvIDaR3MCtFOVKaVPOPcQTR0IJeiJmkOtzrqfsc7zD61vJvJkHFtENYvu++/YwfChUhSACV7wHkIWRlms+B83LZKgWyX6kNxDXeu2Ct6xIOUyWqBNIXJf9CAdn7GXz+Q2kYyL+MDKEGxlX2jkwIjDXpBWKn6oWPpXpq70bfthHVwnbIE3jH2i/Osgx6A41h8H97H6F0vgy2HWGm2DlSP99GKePpFUyws9e1GRX1tmW7uI/bWGyNPK0FbkojqxE5J/Xb6aSYWHTdR0cUN/h24nah9bHYho1QkgjCI5wao24+b+IVBcnSzchPM37j7soNYM0zNxl3vaj0KIf6G+u+Vy8TzhWHGmlIC3bdCz0GFQyKiRmJ2sur86iifJo50zJ/T0KC73MYs06JI/FN2d3c+cRX1COHgdNtEtbyGv5VZ7F4F4ovkZhUyq8LFcAEyDxdgy+cq3ZJN3GAVv5u2d5yQpPNZPVgRda8ZhS6I//mUhuHx=\"}",
    "biz_params":
        "{"vid":"XMTMwNjkyMjU1Mg==",
        "play_ability":5376,
        "current_showid":"299546",
        "preferClarity":3,
        "extag":"EXT-X-PRIVINF",
        "master_m3u8":1,
        "media_type":"standard",
        "app_ver":"2.1.4",
        "h265":1
        }",
        
    "ad_params": 
        "{"vs":"1.0",
        "pver":"2.1.4",
        "sver":"2.0",
        "site":1,
        "aw":"w",
        "fu":0,
        "d":"0",
        "bt":"pc",
        "os":"win",
        "osv":"10",
        "dq":"auto",
        "atm":"",
        "partnerid":"null",
        "wintype":"interior",
        "isvert":0,
        "vip":0,
        # 加密
        "emb":"AjMyNjczMDYzOAJ2LnlvdWt1LmNvbQIvdl9zaG93L2lkX1hNVE13TmpreU1qVTFNZz09Lmh0bWw=",
        "p":1,
        "rst":"mp4",
        "needbf":2,
        "avs":"1.0"
        }"
}

上述的参数中变化的有:

utid:cookie中的cna

client_ts:时间戳

ckey:动态加密的

emb:动态加密的

除了这四个其余都是固定的

 

标签:视频,固定值,token,params,参数,2.1,解析,data,优酷
来源: https://www.cnblogs.com/kindvampire/p/12984563.html