Comments (8)
It looks like the issue is coming from the Loklok API updating their headers. Best case is I fix it without releasing a new app version. Hopefully I could fix it within the week.
from watcher-tv.
I just tried the Loklok App and they just updated the API and increased the security by adding unique headers (aesKey
and sign
) for every request made. For now, I won't be able to intercept that alone and won't be able to fix the app.
from watcher-tv.
may i know how you intercept the request?
from watcher-tv.
Before I was using HTTP Toolkit on Android emulators, but on the latest update of Loklok, it now crashes on emulators. Now I use HTTP Catcher on iOS. It has a free version, but to intercept POST requests, you need to pay for the premium version. It's just a 1 time payment.
from watcher-tv.
i see, the API for the web version of Loklok also use the same security system, kinda. After looking around the web source code, i found out that it use AES and RSA encryption, i can reverse engineer it but i don't know if the mobile api use the exact same method or not.
from watcher-tv.
I'm not really familiar on how the Web version works. But maybe you could reverse engineer it and share it here on how it works. I could try it on mobile if it would work.
from watcher-tv.
here's the client for the web api, i've reimplemented the signing from the web using crypto from node
const { default: axios } = require('axios');
const crypto = require('crypto');
const uuid = '03e1a9143604a894';
const publicKey = `-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/K5eyJ18Y2l/vgGClKLXGQ0oAO2YdZleu59Oh2wlrxcxgKmt6FJ6rjxDJhs3K3uHdjvZWJnIQjd+pkc0g2/Yh+n5el7zWTWavUQ+q/mMIIIubiDvIJrECPj8thFy7LMFqrM2Qek8wdGV3lPMn/Yq6siidALJwOrt+UBehcwoV2QIDAQAB
-----END PUBLIC KEY-----`;
function prepareData(obj, sortValues = false) {
const values = [];
for (const key in obj) {
const value = obj[key];
if (Array.isArray(value)) {
value.forEach((val) => values.push(`${key}=${val}`));
} else {
values.push(`${key}=${value}`);
}
}
if (sortValues) {
values.sort();
}
return values.map((val) => val.split('=')[1]).join('');
}
const encrypt = function (data, key = 'abcdefgabcdefg12') {
if (typeof data === 'object') {
data = JSON.stringify(data);
}
const keyUtf8 = Buffer.from(key, 'utf-8');
const dataUtf8 = Buffer.from(data, 'utf-8');
const cipher = crypto.createCipheriv('aes-128-ecb', keyUtf8, null);
let encryptedData = cipher.update(dataUtf8);
encryptedData = Buffer.concat([encryptedData, cipher.final()]);
return crypto
.createHash('md5')
.update(encryptedData.toString('base64'))
.digest('hex');
};
const client = axios.create({
baseURL: 'https://web-api.netpop.app/cms/web/pc/',
headers: {
lang: 'en'
}
});
client.interceptors.request.use((config) => {
const currentTime = new Date().getTime();
config.headers.currentTime = currentTime;
config.headers.sign = encrypt(
`${currentTime}${prepareData(
'post' === config.method ? config.data : config.params,
true
)}`,
uuid
);
config.headers.aesKey = crypto
.publicEncrypt(
{
key: publicKey,
padding: crypto.constants.RSA_PKCS1_PADDING
},
Buffer.from(uuid)
)
.toString('base64');
return config;
});
client
.get('homePage/singleAlbums', { params: { page: 6, size: 6 } })
.then(({ data }) => console.log(data))
.catch((err) => {
console.log('err', err);
});
*edit:
i've just tried using this method on the mobile api endpoint, and... nope. i still got sign error, so it seems to be using a different method
from watcher-tv.
Archiving this repository. Thanks for the support! Feel free to use it as a reference for your Android TV App.
from watcher-tv.
Related Issues (5)
- APK DEMO HOT 4
- App cannot be opened HOT 2
- Support new API
- please watcher-tv Spain Europe HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from watcher-tv.