1. 本文是学习只用,不要将之用在非法用途
2. 先下载xiami的flash播放器, 通过Sothink SWFDecompiler 将之反编译;
3. 然后找出它的解密函数,关键代码如下:
public function getLocation(param1:String) : String { var _loc_2: =
undefined; var _loc_3: = undefined; var _loc_4: = undefined; var _loc_5: =
undefined; var _loc_6: = undefined; var _loc_7: = undefined; var _loc_8: =
undefined; var _loc_9: = undefined; var _loc_10: = undefined; _loc_2 =
Number(param1.charAt(0)); _loc_3 = param1.substring(1); _loc_4 =
Math.floor(_loc_3.length / _loc_2); _loc_5 = _loc_3.length % _loc_2; _loc_6 =
new Array(); _loc_7 = 0; while (_loc_7 < _loc_5) { if (_loc_6[_loc_7] ==
undefined) { _loc_6[_loc_7] = “”; } _loc_6[_loc_7] = _loc_3.substr((_loc_4 +
1) _loc_7, (_loc_4 + 1)); _loc_7 = _loc_7 + 1; } _loc_7 = _loc_5; while
(_loc_7 < _loc_2) { _loc_6[_loc_7] = _loc_3.substr(_loc_4 * (_loc_7 - _loc_5)
- (_loc_4 + 1) * _loc_5, _loc_4); _loc_7 = _loc_7 + 1; } _loc_8 = “”; _loc_7 =
0; while (_loc_7 < _loc_6[0].length) { _loc_10 = 0; while (_loc_10 <
_loc_6.length) { _loc_8 = _loc_8 + _loc_6[_loc_10].charAt(_loc_7); _loc_10 =
_loc_10 + 1; } _loc_7 = _loc_7 + 1; } _loc_8 = unescape(_loc_8); _loc_9 = “”;
_loc_7 = 0; while (_loc_7 < _loc_8.length) { if (_loc_8.charAt(_loc_7) == “^”)
{ _loc_9 = _loc_9 + “0”; } else { _loc_9 = _loc_9 + _loc_8.charAt(_loc_7); }
_loc_7 = _loc_7 + 1; } _loc_9 = _loc_9.replace(“+”, “ “); return _loc_9; }//
end function
4. 使用python实现后的算法是:
import sys import re import math import urllib import pdb def main(xiamistr):
print xiamistr; var_first = int(xiamistr[0]); var_sub = xiamistr[1:];
var_floor = math.floor(len(var_sub)/ var_first); var_floor = int(var_floor);
var_mod = len(var_sub)% var_first; print len(var_sub); print var_floor; print
var_mod; var5 = 0; result = []; tmp = 0; while var5 < var_mod: tmp =
(var_floor + 1) var5; result.insert(var5, var_sub[tmp : tmp + var_floor +
1]); var5 = var5 + 1; print result; var5 = var_mod; while var5 < var_first:
tmp = var_floor (var5 - var_mod) + (var_floor + 1 ) * var_mod;
result.insert(var5, var_sub[tmp : tmp + var_floor]); var5 = var5 + 1 ; print
result; tmpStr= “”; var5 = 0; tmp2 = “”; while var5 < len(result[0]): tmp = 0;
while tmp < len(result): tmp2 = result[tmp]; try: tmp2 = tmp2[var5]; except
IndexError: tmp2 = “”; tmpStr = tmpStr + tmp2; tmp = tmp + 1; var5 = var5 + 1;
print “tmp str “ + tmpStr; tmpStr = urllib.unquote(tmpStr); print tmpStr;
print urllib.unquote(tmpStr); var5 = 0; tmp2 = “”; while var5 < len(tmpStr):
if tmpStr[var5] == “^”: tmp2 = tmp2 + “0”; else: tmp2 = tmp2 + tmpStr[var5];
var5 += 1; print tmp2; tmp2.replace(“+”, “ “); print tmp2; if name ==
“main“: if len(sys.argv) < 2: print(“Usage: %s url”%sys.argv[0]); else:
main(sys.argv[1]);
5. 一个简单的例子是:
输入:
7h%3.65531E88pt2.n2EE%%1563tFxe5%%22719p%it%25F5613%2a%5FE%29_33Fm2E455%71.AfiF%%4E545m
输出: http://f3.xiami.net/62500/400543/01%201769748511_1586933.mp3
6. 通过上面的方法,就可以写出一个自动下载虾米歌曲的软件, 具体的思路如下:
6.1 通过http请求得到某个专辑的页面,可以得到所有歌曲的一览和songId;
6.2 通过songId可以构造http请求得到对应歌曲的信息(xml格式)
6.3 然后通过上面的程序将xml 中location项解密,即可以得到歌曲下载地址。
-—-
to xiami:
注意自己的安全。
因为已经有人写了这样的程序,就不再重写了。
http://www.appinn.com/longkey-xiami-music-dl/
to 自己
1. actionscript 中的子字符串处理函数有两个: substring 和substr,注意区分;
2. 异常处理:
try :
tmp2 = tmp2[var5];
except IndexError:
tmp2 = “”;
-–
get mustc info:
http://www.xiami.com/song/playlist/id/1770506132/object_name/default/object_id/0
python debug:
http://www.blogjava.net/Skynet/archive/2009/04/07/264259.html
my csdn blog xiami decrypt
http://blog.csdn.net/lantianjialiang/article/details/6339326