GithubHelp home page GithubHelp logo

Comments (8)

janjanmedinaaa avatar janjanmedinaaa commented on May 29, 2024 1

It looks like the issue is coming from the Loklok API updating their headers. Best case is I fix it without releasing a new app version. Hopefully I could fix it within the week.

from watcher-tv.

janjanmedinaaa avatar janjanmedinaaa commented on May 29, 2024 1

I just tried the Loklok App and they just updated the API and increased the security by adding unique headers (aesKey and sign) for every request made. For now, I won't be able to intercept that alone and won't be able to fix the app.

from watcher-tv.

Nunu27 avatar Nunu27 commented on May 29, 2024

may i know how you intercept the request?

from watcher-tv.

janjanmedinaaa avatar janjanmedinaaa commented on May 29, 2024

Before I was using HTTP Toolkit on Android emulators, but on the latest update of Loklok, it now crashes on emulators. Now I use HTTP Catcher on iOS. It has a free version, but to intercept POST requests, you need to pay for the premium version. It's just a 1 time payment.

from watcher-tv.

Nunu27 avatar Nunu27 commented on May 29, 2024

i see, the API for the web version of Loklok also use the same security system, kinda. After looking around the web source code, i found out that it use AES and RSA encryption, i can reverse engineer it but i don't know if the mobile api use the exact same method or not.

from watcher-tv.

janjanmedinaaa avatar janjanmedinaaa commented on May 29, 2024

I'm not really familiar on how the Web version works. But maybe you could reverse engineer it and share it here on how it works. I could try it on mobile if it would work.

from watcher-tv.

Nunu27 avatar Nunu27 commented on May 29, 2024

here's the client for the web api, i've reimplemented the signing from the web using crypto from node

const { default: axios } = require('axios');
const crypto = require('crypto');

const uuid = '03e1a9143604a894';
const publicKey = `-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/K5eyJ18Y2l/vgGClKLXGQ0oAO2YdZleu59Oh2wlrxcxgKmt6FJ6rjxDJhs3K3uHdjvZWJnIQjd+pkc0g2/Yh+n5el7zWTWavUQ+q/mMIIIubiDvIJrECPj8thFy7LMFqrM2Qek8wdGV3lPMn/Yq6siidALJwOrt+UBehcwoV2QIDAQAB
-----END PUBLIC KEY-----`;
function prepareData(obj, sortValues = false) {
	const values = [];

	for (const key in obj) {
		const value = obj[key];

		if (Array.isArray(value)) {
			value.forEach((val) => values.push(`${key}=${val}`));
		} else {
			values.push(`${key}=${value}`);
		}
	}

	if (sortValues) {
		values.sort();
	}

	return values.map((val) => val.split('=')[1]).join('');
}
const encrypt = function (data, key = 'abcdefgabcdefg12') {
	if (typeof data === 'object') {
		data = JSON.stringify(data);
	}

	const keyUtf8 = Buffer.from(key, 'utf-8');
	const dataUtf8 = Buffer.from(data, 'utf-8');

	const cipher = crypto.createCipheriv('aes-128-ecb', keyUtf8, null);
	let encryptedData = cipher.update(dataUtf8);
	encryptedData = Buffer.concat([encryptedData, cipher.final()]);

	return crypto
		.createHash('md5')
		.update(encryptedData.toString('base64'))
		.digest('hex');
};

const client = axios.create({
	baseURL: 'https://web-api.netpop.app/cms/web/pc/',
	headers: {
		lang: 'en'
	}
});
client.interceptors.request.use((config) => {
	const currentTime = new Date().getTime();
	config.headers.currentTime = currentTime;
	config.headers.sign = encrypt(
		`${currentTime}${prepareData(
			'post' === config.method ? config.data : config.params,
			true
		)}`,
		uuid
	);
	config.headers.aesKey = crypto
		.publicEncrypt(
			{
				key: publicKey,
				padding: crypto.constants.RSA_PKCS1_PADDING
			},
			Buffer.from(uuid)
		)
		.toString('base64');

	return config;
});

client
	.get('homePage/singleAlbums', { params: { page: 6, size: 6 } })
	.then(({ data }) => console.log(data))
	.catch((err) => {
		console.log('err', err);
	});

*edit:
i've just tried using this method on the mobile api endpoint, and... nope. i still got sign error, so it seems to be using a different method

from watcher-tv.

janjanmedinaaa avatar janjanmedinaaa commented on May 29, 2024

Archiving this repository. Thanks for the support! Feel free to use it as a reference for your Android TV App.

from watcher-tv.

Related Issues (5)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.