B站w_rid逆向案例

2024-10-20

内容仅供交流学习！请勿用于非法用途！

打算做个数据看板，能够看到B站某个up的视频信息，因此做个逆向，也依此进行学习。

访问主页，并根据视频的标题进行搜索以找到接口。

只有一个搜索结果，看接口返回的数据也能确认是由这里返回的数据。

分析刷新页面进行两次请求，分析其中改动的参数。

其中很明显的是wts是时间戳，w_rid是其中一个加密参数；其中的dm_img_inter和w_webid的后半部分也是在变化的，但经过我测试发现他们不通过mid（这里的mid就是B站的uid）进行加密，也就是说目前将这两个参数写死的话也能获取到不同的UP主的视频信息，故在此先不分析这两个参数，将重点放到w_rid上面（罗永浩有过一句话——又不是不能用）。

我们直接进行全局搜索，搜w_rid：
搜索出的结果也不多，我们将每个结果打上断点，刷新页面，逐个查看断点信息，很快能够定位到我们所要的数据是由这个地方生成的

此时再仔细看一下里面的参数，我能可以发现w_rid的值和MD5的标准加密算法很像，也能发现i的值每次都是不变的，h的值就是其他的请求参数按一定顺序由“&”拼接起来，上面也说过了，另外两个变动的参数并不由mid进行生成，可以暂时写死，然后再把里面的h值和i值取过来放到md5标准加密算法进行一遍加密试试，再输出一遍C(h + i)，对比两个值能发现两个值是一样的，也印证了C函数其实就是MD5加密算法；
所以我们就可以直接看出w_rid的生成了，甚至都不用去扣js代码，当然更完整的话可以再将dm_img_inter和w_webid的值继续进行逆向解析（我这里就暂时不深入解析了）

到这里其实就可以生成一个可供使用的代码了：

import hashlib
import requests
import time


# 获取w_rid的值
def Hash(uid):
    data_time = str(int(time.time()))
    h = f'dm_cover_img_str=QU5HTEUgKE5WSURJQSwgTlZJRElBIEdlRm9yY2UgR1RYIDE2NjAgVGkgKDB4MDAwMDIxOTEpIERpcmVjdDNEMTEgdnNfNV8wIHBzXzVfMCwgRDNEMTEpR29vZ2xlIEluYy4gKE5WSURJQS&dm_img_inter=%7B%22ds%22%3A%5B%7B%22t%22%3A1%2C%22c%22%3A%22%22%2C%22p%22%3A%5B679%2C19%2C-182%5D%2C%22s%22%3A%5B286%2C450%2C664%5D%7D%5D%2C%22wh%22%3A%5B2970%2C1315%2C14%5D%2C%22of%22%3A%5B150%2C300%2C150%5D%7D&dm_img_list=%5B%7B%22x%22%3A1040%2C%22y%22%3A1149%2C%22z%22%3A0%2C%22timestamp%22%3A15346%2C%22k%22%3A78%2C%22type%22%3A0%7D%5D&dm_img_str=V2ViR0wgMS4wIChPcGVuR0wgRVMgMi4wIENocm9taXVtKQ&keyword=&mid={uid}&order=pubdate&order_avoided=true&platform=web&pn=1&ps=30&tid=0&w_webid=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzcG1faWQiOiIwLjAiLCJidXZpZCI6IkMxQUJBMDM4LTM2ODctMzlGNC1DNzhGLTEzNzk0OURFQ0U1QjEwODU0aW5mb2MiLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyOS4wLjAuMCBTYWZhcmkvNTM3LjM2IiwiYnV2aWRfZnAiOiIwY2E4MGFlMGEzMGRjNzBjYWI5NWY4OTEyMTJmYmZlNCIsImNyZWF0ZWRfYXQiOjE3MjkzNTg2MTIsInR0bCI6ODY0MDAsInVybCI6Ii80MzgwMTY3NC92aWRlbyIsInJlc3VsdCI6Im5vcm1hbCIsImlzcyI6ImdhaWEiLCJpYXQiOjE3MjkzNTg2MTJ9.jfb8jEoc_W5LyfZoxgluIbTGQdWRC9wxmhRx5yCdua9QB-ozWez0Xb3wvpkOZ7QrMCGe5AtHXslj0fAYadErIwcFk5u6tyUrQPs6IP-X5kKwXrG0gaTXpfgT0KEqFLtVWMkIG1g10uT9KGPDd9-cuS8a1VUNeK3DGgWw-2cspDylr8cXr0XJIF-6RfBtq6X-wlg1OR0zgY-eysnvjr6gzpopXXdCYo2nUNoekVtXGt8hc6zVe4nrGkyLwcXOtTzadImi9pV9RPnUd5cQiDrZNo4OlKHc0N7Ff4HJcjEMjfT0K1-mgpXw18M6FFw8DwOy5IFFgLJysAZ-yKqzX_AtPg&web_location=1550101&wts={data_time}'
    i = 'ea1db124af3c7062474693fa704f4ff8'
    MD5 = hashlib.md5()
    MD5.update((h+i).encode('utf-8'))
    w_rid = MD5.hexdigest()
    return w_rid, data_time


if __name__ == "__main__":
    uid = '43801674'
    w_rid = Hash(uid)
    # url = f'https://api.bilibili.com/x/space/wbi/arc/search?mid=329101587&ps=30&tid=0&pn=1&keyword=&order=pubdate&platform=web&web_location=1550101&order_avoided=true&dm_img_list=[%7B%22x%22:1040,%22y%22:1149,%22z%22:0,%22timestamp%22:15346,%22k%22:78,%22type%22:0%7D]&dm_img_str=V2ViR0wgMS4wIChPcGVuR0wgRVMgMi4wIENocm9taXVtKQ&dm_cover_img_str=QU5HTEUgKE5WSURJQSwgTlZJRElBIEdlRm9yY2UgR1RYIDE2NjAgVGkgKDB4MDAwMDIxOTEpIERpcmVjdDNEMTEgdnNfNV8wIHBzXzVfMCwgRDNEMTEpR29vZ2xlIEluYy4gKE5WSURJQS&dm_img_inter=%7B%22ds%22:[%7B%22t%22:1,%22c%22:%22%22,%22p%22:[679,19,-182],%22s%22:[286,450,664]%7D],%22wh%22:[2970,1315,14],%22of%22:[150,300,150]%7D&w_webid=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzcG1faWQiOiIwLjAiLCJidXZpZCI6IkMxQUJBMDM4LTM2ODctMzlGNC1DNzhGLTEzNzk0OURFQ0U1QjEwODU0aW5mb2MiLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyOS4wLjAuMCBTYWZhcmkvNTM3LjM2IiwiYnV2aWRfZnAiOiIwY2E4MGFlMGEzMGRjNzBjYWI5NWY4OTEyMTJmYmZlNCIsImNyZWF0ZWRfYXQiOjE3MjkzNTg2MTIsInR0bCI6ODY0MDAsInVybCI6Ii80MzgwMTY3NC92aWRlbyIsInJlc3VsdCI6Im5vcm1hbCIsImlzcyI6ImdhaWEiLCJpYXQiOjE3MjkzNTg2MTJ9.jfb8jEoc_W5LyfZoxgluIbTGQdWRC9wxmhRx5yCdua9QB-ozWez0Xb3wvpkOZ7QrMCGe5AtHXslj0fAYadErIwcFk5u6tyUrQPs6IP-X5kKwXrG0gaTXpfgT0KEqFLtVWMkIG1g10uT9KGPDd9-cuS8a1VUNeK3DGgWw-2cspDylr8cXr0XJIF-6RfBtq6X-wlg1OR0zgY-eysnvjr6gzpopXXdCYo2nUNoekVtXGt8hc6zVe4nrGkyLwcXOtTzadImi9pV9RPnUd5cQiDrZNo4OlKHc0N7Ff4HJcjEMjfT0K1-mgpXw18M6FFw8DwOy5IFFgLJysAZ-yKqzX_AtPg&w_rid={w_rid[0]}&wts={w_rid[1]}'
    url = f'https://api.bilibili.com/x/space/wbi/arc/search?mid={uid}&ps=30&tid=0&pn=1&keyword=&order=pubdate&platform=web&web_location=1550101&order_avoided=true&dm_img_list=[%7B%22x%22:1040,%22y%22:1149,%22z%22:0,%22timestamp%22:15346,%22k%22:78,%22type%22:0%7D]&dm_img_str=V2ViR0wgMS4wIChPcGVuR0wgRVMgMi4wIENocm9taXVtKQ&dm_cover_img_str=QU5HTEUgKE5WSURJQSwgTlZJRElBIEdlRm9yY2UgR1RYIDE2NjAgVGkgKDB4MDAwMDIxOTEpIERpcmVjdDNEMTEgdnNfNV8wIHBzXzVfMCwgRDNEMTEpR29vZ2xlIEluYy4gKE5WSURJQS&dm_img_inter=%7B%22ds%22:[%7B%22t%22:1,%22c%22:%22%22,%22p%22:[679,19,-182],%22s%22:[286,450,664]%7D],%22wh%22:[2970,1315,14],%22of%22:[150,300,150]%7D&w_webid=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzcG1faWQiOiIwLjAiLCJidXZpZCI6IkMxQUJBMDM4LTM2ODctMzlGNC1DNzhGLTEzNzk0OURFQ0U1QjEwODU0aW5mb2MiLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyOS4wLjAuMCBTYWZhcmkvNTM3LjM2IiwiYnV2aWRfZnAiOiIwY2E4MGFlMGEzMGRjNzBjYWI5NWY4OTEyMTJmYmZlNCIsImNyZWF0ZWRfYXQiOjE3MjkzNTg2MTIsInR0bCI6ODY0MDAsInVybCI6Ii80MzgwMTY3NC92aWRlbyIsInJlc3VsdCI6Im5vcm1hbCIsImlzcyI6ImdhaWEiLCJpYXQiOjE3MjkzNTg2MTJ9.jfb8jEoc_W5LyfZoxgluIbTGQdWRC9wxmhRx5yCdua9QB-ozWez0Xb3wvpkOZ7QrMCGe5AtHXslj0fAYadErIwcFk5u6tyUrQPs6IP-X5kKwXrG0gaTXpfgT0KEqFLtVWMkIG1g10uT9KGPDd9-cuS8a1VUNeK3DGgWw-2cspDylr8cXr0XJIF-6RfBtq6X-wlg1OR0zgY-eysnvjr6gzpopXXdCYo2nUNoekVtXGt8hc6zVe4nrGkyLwcXOtTzadImi9pV9RPnUd5cQiDrZNo4OlKHc0N7Ff4HJcjEMjfT0K1-mgpXw18M6FFw8DwOy5IFFgLJysAZ-yKqzX_AtPg&w_rid={w_rid[0]}&wts={w_rid[1]}'
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36",
        "referer": "https://space.bilibili.com/329101587"
    }
    print(w_rid)
    response = requests.get(url=url, headers=headers).json()
    print(response)

运行结果：

经过测试，修改uid也是可以成功获取数据的，到这里w_rid的逆向逻辑已经出来了，为啥不使用js直接把代码扣过来，而要自己分析逻辑进行实现？因为我在导入execjs模块的时候报错了！！！艸，就直接分析逻辑进行实现了。