当前位置: 首页 > news >正文

Tiktok App 登录账号、密码、验证码 XOR 加密算法

news 来源:原创 2025/6/5 19:27:21
抖音 App 登录账号、密码、验证码 XOR 加密算法% E9 n+ z, \& R1 a4 b. ^
流程分析

登录 Tiktok APP 时,通过抓包发现账号密码是非明文传输的。

<?php// http://xxx.xx.x.x.x/tiktok/$tiktok = new TikTokClient();$userId = '7212597544604484614';
$secUid = 'MS4wLjABAAAAY4pw9kbeNduMqJCy6GVXEfhwYWFSQgb311qvFcbNF9C7RQ-s-QdeXtUWn7sQfnka';echo "👤 用户信息:\n";
echo $tiktok->getUserProfile($userId, $secUid);echo "\n\n🎬 视频列表:\n";
echo $tiktok->getMixList($userId);// 示例:加密后的密码 hex 字符串
$encrypted_hex = "74726077717c706c6a7534453d3d3d3d3d";
$decrypted_password = decrypt_tiktok_password($encrypted_hex);echo "解密后密码是:$decrypted_password\n";// 示例:TikTok 加密邮箱的 hex 字符串
$encrypted_email = "72646b627d6c646a616a6b623437343634313430456268646c692b666a68";
$decrypted_email = decrypt_tiktok_password($encrypted_email);echo "解密后邮箱是:$decrypted_email\n";// 示例用法
$email = 'xxxxxxxxxxxxxx@gmail.com';
$hash = sha256_hash($email);echo "Email: $email\n";
echo "SHA-256 Hash: $hash\n";class TikTokClient
{private string $token = '047c4fc5b16c396d7055908554a3f096a404a373478c9313ec40ee8e8fe6e251ddf85a1b71c5102237849d96d5ca1196ea9405127f280e60c126ebd3cf8eaaf654f674a4a71589afb5de729d5ba2a9cb99dba7683b97b69e7ba9e9209552fc5757d68--0a4e0a2039c085de2b1b7130677d5be860420424ef6612ba0871a4b8fb2943bb4ed9e77b122087e01f1d74923df095f0250d2f0dce19303c9b5dae6db1bc7f816f518d037b421801220674696b746f6b-3.0.0';private array $defaultParams = ['version_code' => '34.1.0','language' => 'zh','app_name' => 'musical_ly','app_version' => '34.1.0','carrier_region' => 'JP','op_region' => 'JP','residence' => 'JP','channel' => 'App Store','mcc_mnc' => '44000','tz_offset' => '28800','device_id' => '7488190626207417857','account_region' => 'us','sys_region' => 'CN','aid' => '1233','locale' => 'zh-Hans','screen_width' => '1125','uoo' => '0','openudid' => 'd04f0d20f43164175274772e4a4c4da2eeabf1c7','cdid' => 'B124AFDA-3EF1-4427-B2C1-D5B8C698619C','os_api' => '18','idfv' => '647D6F93-ED0A-4824-9B66-45EBF30CF5DC','ac' => 'WIFI','os_version' => '13.6.1','app_language' => 'zh','content_language' => '','tz_name' => 'Asia/Shanghai','current_region' => 'JP','device_platform' => 'iphone','build_number' => '341018','iid' => '7488213154625128234','device_type' => 'iPhone10,3'];private function getHeaders(): array{return ['User-Agent: TikTok 34.1.0 rv:341018 (iPhone; iOS 13.6.1; zh_CN) Cronet','passport-sdk-version: 5.12.1','sdk-version: 2','x-Tt-Token: ' . $this->token,'x-metasec-tspk-non-native: 1','x-tt-dm-status: login=1;ct=1;rt=1','x-vc-bdturing-sdk-version: 2.3.7'];}private function sendGetRequest(string $url, array $params): string{$fullUrl = $url . '?' . http_build_query($params);$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $fullUrl);curl_setopt($ch, CURLOPT_HTTPHEADER, $this->getHeaders());curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);// ✅ 关闭 SSL 验证(用于测试环境)curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);$response = curl_exec($ch);if (curl_errno($ch)) {return 'Curl Error: ' . curl_error($ch);}$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);echo "📡 HTTP 状态码: $httpCode\n";curl_close($ch);echo "📡 HTTP response: $response\n";return $response;}// 获取用户资料public function getUserProfile(string $userId, string $secUid): string{$params = $this->defaultParams;$params['user_id'] = $userId;$params['sec_uid'] = $secUid;$params['scene_id'] = '201';return $this->sendGetRequest("https://api-va.tiktokv.com/tiktok/user/profile/other/v1", $params);}// 获取视频列表public function getMixList(string $userId, int $cursor = 0): string{$params = $this->defaultParams;$params['uid'] = $userId;$params['cursor'] = $cursor;return $this->sendGetRequest("https://api-va.tiktokv.com/tiktok/v1/mix/list/", $params);}
}function decrypt_tiktok_password($hex) {$bytes = hex2bin($hex);$output = '';for ($i = 0; $i < strlen($bytes); $i++) {// 每个字符异或 0x05$output .= chr(ord($bytes[$i]) ^ 0x05);}return $output;
}
function decrypt_tiktok_email($hex) {$bytes = hex2bin($hex);$output = '';for ($i = 0; $i < strlen($bytes); $i++) {// 前12字节 XOR 0x05,其余 XOR 0x15$key = $i < 12000 ? 0x05 : 0x15;$output .= chr(ord($bytes[$i]) ^ $key);}return $output;
}
/*** 计算字符串的 SHA-256 哈希值** @param string $input 要加密的字符串(如邮箱)* @return string 返回 SHA-256 哈希值*/
function sha256_hash($input) {return hash('sha256', $input);
}

 

curl -X POST "https://api-va.tiktokv.com/aweme/v3/verification/age/?version_code=34.1.0&language=zh&app_name=musical_ly&app_version=34.1.0&carrier_region=JP&op_region=JP&residence=JP&channel=App%20Store&mcc_mnc=44000&tz_offset=28800&device_id=7488190626207417857&account_region=us&sys_region=CN&aid=1233&locale=zh-Hans&screen_width=1125&uoo=0&openudid=d04f0d20f43164175274772e4a4c4da2eeabf1c7&cdid=B124AFDA-3EF1-4427-B2C1-D5B8C698619C&os_api=18&idfv=647D6F93-ED0A-4824-9B66-45EBF30CF5DC&ac=WIFI&os_version=13.6.1&app_language=zh&content_language=&tz_name=Asia/Shanghai&current_region=JP&device_platform=iphone&build_number=341018&iid=7488213154625128234&device_type=iPhone10,3" \-H "Content-Type: application/x-www-form-urlencoded" \-H "User-Agent: TikTok 34.1.0 rv:341018 (iPhone; iOS 13.6.1; zh_CN) Cronet" \-H "passport-sdk-version: 5.12.1" \-H "sdk-version: 2" \-H "x-Tt-Token: 047c4fc5b16c396d7055908554a3f096a404a373478c9313ec40ee8e8fe6e251ddf85a1b71c5102237849d96d5ca1196ea9405127f280e60c126ebd3cf8eaaf654f674a4a71589afb5de729d5ba2a9cb99dba7683b97b69e7ba9e9209552fc5757d68--0a4e0a2039c085de2b1b7130677d5be860420424ef6612ba0871a4b8fb2943bb4ed9e77b122087e01f1d74923df095f0250d2f0dce19303c9b5dae6db1bc7f816f518d037b421801220674696b746f6b-3.0.0" \-H "x-metasec-tspk-non-native: 1" \-H "x-tt-dm-status: login=1;ct=1;rt=1" \-H "x-vc-bdturing-sdk-version: 2.3.7" \--data-urlencode "birthday=1996-04-21" \--data-urlencode "is_guest=0" \--data-urlencode "reg_store_region=jp" \--data-urlencode "session_registered=1" \--data-urlencode "update_birthdate_type=1"{"extra":{"fatal_item_ids":[],"logid":"20250421155904748DB8B81AA1BC021020","now":1745222344000},"is_eligible":true,"log_pb":{"impr_id":"20250421155904748DB8B81AA1BC021020"},"register_age_gate_post_action":0,"status_code":0,"status_msg":""}curl -X POST "https://api16-normal-c-alisg.tiktokv.com/passport/app/region/?ttp_bypass_dp=1&residence=JP&device_id=7488190626207417857&os_version=13.6.1&multi_login=1&app_id=1233&iid=7488213154625128234&app_name=musical_ly&locale=zh-Hans&ac=WIFI&sys_region=CN&ssmix=a&version_code=34.1.0&channel=App%20Store&op_region=JP&os_api=18&idfa=A71D438D-AA3B-42C8-959E-EC5E4285FF14&install_id=7488213154625128234&idfv=647D6F93-ED0A-4824-9B66-45EBF30CF5DC&device_platform=iphone&device_type=iPhone10%2C3&openudid=d04f0d20f43164175274772e4a4c4da2eeabf1c7&account_region=us&tz_name=Asia%2FShanghai&tz_offset=28800&app_language=zh&carrier_region=JP&current_region=JP&aid=1233&mcc_mnc=44000&screen_width=1125&uoo=0&content_language=&language=zh&cdid=B124AFDA-3EF1-4427-B2C1-D5B8C698619C&build_number=341018&app_version=34.1.0&resolution=1125%2A2436" \-H "Content-Type: application/x-www-form-urlencoded" \-H "User-Agent: TikTok 34.1.0 rv:341018 (iPhone; iOS 13.6.1; zh_CN) Cronet" \-H "X-TT-BYPASS-DP: 1" \-H "passport-sdk-version: 5.12.1" \-H "sdk-version: 2" \-H "tt-request-time: 1745221747912" \-H "x-metasec-tspk-non-native: 1" \-H "x-vc-bdturing-sdk-version: 2.3.7" \-H "x-Tt-Token: 047c4fc5b16c396d7055908554a3f096a404a373478c9313ec40ee8e8fe6e251ddf85a1b71c5102237849d96d5ca1196ea9405127f280e60c126ebd3cf8eaaf654f674a4a71589afb5de729d5ba2a9cb99dba7683b97b69e7ba9e9209552fc5757d68--0a4e0a2039c085de2b1b7130677d5be860420424ef6612ba0871a4b8fb2943bb4ed9e77b122087e01f1d74923df095f0250d2f0dce19303c9b5dae6db1bc7f816f518d037b421801220674696b746f6b-3.0.0" \-H "x-tt-multi-sids: 7488212729246778411%3A7c4fc5b16c396d7055908554a3f096a4" \-H "x-tt-passport-csrf-token: b54c6c55016d8d49f6d747bb318d2d21" \-H "X-SS-Cookie: reg-store-region=JP; store-country-code=us; store-country-code-src=uid; store-country-sign=MEIEDFJkX2IpPg-qoC0g7wQgsKJCTmQJGuVbrC21Oko_rkPCc7DaRZ2mFHuw5IJtncoEEJkEu5tI4G6mnoYFDbpIQ7s; store-idc=useast5; tt-target-idc=useast5; msToken=xYx6bFmzYx2h0aCE8Klc7xZntn8XBnhR-2MoN9La_1OiB-yj8ashL4MxuiXjQDpUM2zI81r_I_D1pumy09enRjJnACi_8seK4bu4T8l9BOU=; odin_tt=4e55b505e06b3fcb2e498136b3a5275827e14db9edd0335c4a45b49f1d081c204e5b2d53511de9ad1e5b17ecc2dbc039dff3df4858afd29afab9f0b47d50af5b4c95e7579cc247f70a19c217eedd4127; install_id=7488213154625128234; ttreq=1$fb6669b36f45f66cf71038486d82e2b11e6c2134; cmpl_token=AgQQAPNSF-RPsLfVl2oZYt0S_Yr8gOIf_4MhYNgecg; d_ticket=ae5784ab15e2f75e8bfcc93219443a5fd3ce6; multi_sids=7488212729246778411%3A7c4fc5b16c396d7055908554a3f096a4; sessionid=7c4fc5b16c396d7055908554a3f096a4; sessionid_ss=7c4fc5b16c396d7055908554a3f096a4; sid_guard=7c4fc5b16c396d7055908554a3f096a4%7C1743521435%7C15552000%7CSun%2C+28-Sep-2025+15%3A30%3A35+GMT; sid_tt=7c4fc5b16c396d7055908554a3f096a4; uid_tt=0633acdad328486b67a033379670731a5761607eec5110daee28a4156ae7084b; uid_tt_ss=0633acdad328486b67a033379670731a5761607eec5110daee28a4156ae7084b; passport_csrf_token=b54c6c55016d8d49f6d747bb318d2d21; passport_csrf_token_default=b54c6c55016d8d49f6d747bb318d2d21" \--data-urlencode "hashed_id=88e61f0af905883a0381068d520c4acd85694273d641754d14cebf06ec9fbc36" \--data-urlencode "reg_store_region=jp" \--data-urlencode "support_webview=1" \--data-urlencode "type=2"{"data":{"captcha_domain":"rc-verification-sg.tiktokv.com","country_code":"cn","domain":"api16-normal-c-alisg.tiktokv.com"},"message":"success"}curl -X POST "https://api-va.tiktokv.com/passport/user/check_email_registered?reg_store_region=jp&user_selected_region=0&residence=JP&device_id=7488190626207417857&os_version=13.6.1&multi_login=1&app_id=1233&iid=7488213154625128234&app_name=musical_ly&locale=zh-Hans&ac=WIFI&sys_region=CN&ssmix=a&version_code=34.1.0&channel=App%20Store&op_region=JP&os_api=18&idfa=A71D438D-AA3B-42C8-959E-EC5E4285FF14&install_id=7488213154625128234&idfv=647D6F93-ED0A-4824-9B66-45EBF30CF5DC&device_platform=iphone&device_type=iPhone10%2C3&openudid=d04f0d20f43164175274772e4a4c4da2eeabf1c7&account_region=us&tz_name=Asia%2FShanghai&tz_offset=28800&app_language=zh&carrier_region=JP&current_region=JP&aid=1233&mcc_mnc=44000&screen_width=1125&uoo=0&content_language=&language=zh&cdid=B124AFDA-3EF1-4427-B2C1-D5B8C698619C&build_number=341018&app_version=34.1.0&resolution=1125%2A2436" \-H "Content-Type: application/x-www-form-urlencoded" \-H "User-Agent: TikTok 34.1.0 rv:341018 (iPhone; iOS 13.6.1; zh_CN) Cronet" \-H "X-TT-BYPASS-DP: 1" \-H "passport-sdk-version: 5.12.1" \-H "sdk-version: 2" \-H "tt-request-time: 1745221748632" \-H "x-metasec-tspk-non-native: 1" \-H "x-tt-dm-status: login=1;ct=1;rt=8" \-H "x-vc-bdturing-sdk-version: 2.3.7" \-H "x-tt-multi-sids: 7488212729246778411%3A7c4fc5b16c396d7055908554a3f096a4" \-H "x-tt-passport-csrf-token: b54c6c55016d8d49f6d747bb318d2d21" \-H "x-Tt-Token: 047c4fc5b16c396d7055908554a3f096a404a373478c9313ec40ee8e8fe6e251ddf85a1b71c5102237849d96d5ca1196ea9405127f280e60c126ebd3cf8eaaf654f674a4a71589afb5de729d5ba2a9cb99dba7683b97b69e7ba9e9209552fc5757d68--0a4e0a2039c085de2b1b7130677d5be860420424ef6612ba0871a4b8fb2943bb4ed9e77b122087e01f1d74923df095f0250d2f0dce19303c9b5dae6db1bc7f816f518d037b421801220674696b746f6b-3.0.0" \-H "Cookie: store-country-code=us; store-country-code-src=uid; store-country-sign=MEIEDOFSXCg3ZGD5bMKzvgQgAJ4pK4-OG6oSBHK8GE9P9QRRjg__QSqDmmj54qwqupkEEL_ZOw10vgMlxZ_Z2FwoEMI; store-idc=useast5; tt-target-idc=useast5; msToken=xYx6bFmzYx2h0aCE8Klc7xZntn8XBnhR-2MoN9La_1OiB-yj8ashL4MxuiXjQDpUM2zI81r_I_D1pumy09enRjJnACi_8seK4bu4T8l9BOU=; odin_tt=4e55b505e06b3fcb2e498136b3a5275827e14db9edd0335c4a45b49f1d081c204e5b2d53511de9ad1e5b17ecc2dbc039dff3df4858afd29afab9f0b47d50af5b4c95e7579cc247f70a19c217eedd4127; install_id=7488213154625128234; ttreq=1$fb6669b36f45f66cf71038486d82e2b11e6c2134; user_oec_info=0a53f54b0febe0430ae49b4b09e4a3acf7dff936e7fc0cc72c777bf125a5057190acc4d001b53ffeed350d06853af3c14ea45de9ad349f713da664bb1e59ab162e244b40b29daf9e4024d94aa535a87fd3cd30a8bc1a490a3c000000000000000000004ee7b1950c04863c69ea160fde114ad4b9e4cecbccbf0afd1ad71e8770644a2e732d7ca065cbb82131e9b2dfc61de1f9d2d110a3a8ef0d1886d2f6f20d220104fbe22afd; cmpl_token=AgQQAPNSF-RPsLfVl2oZYt0S_Yr8gOIf_4MhYNgecg; d_ticket=ae5784ab15e2f75e8bfcc93219443a5fd3ce6; multi_sids=7488212729246778411%3A7c4fc5b16c396d7055908554a3f096a4; sessionid=7c4fc5b16c396d7055908554a3f096a4; sessionid_ss=7c4fc5b16c396d7055908554a3f096a4; sid_guard=7c4fc5b16c396d7055908554a3f096a4%7C1743521435%7C15552000%7CSun%2C+28-Sep-2025+15%3A30%3A35+GMT; sid_tt=7c4fc5b16c396d7055908554a3f096a4; uid_tt=0633acdad328486b67a033379670731a5761607eec5110daee28a4156ae7084b; uid_tt_ss=0633acdad328486b67a033379670731a5761607eec5110daee28a4156ae7084b; passport_csrf_token=b54c6c55016d8d49f6d747bb318d2d21; passport_csrf_token_default=b54c6c55016d8d49f6d747bb318d2d21" \--data-urlencode "email=72646b627d6c646a616a6b62343734363431456268646c692b666a68" \--data-urlencode "mix_mode=1" \--data-urlencode "multi_login=1" \--data-urlencode "support_webview=1"{"data":{"captcha":"","desc_url":"","description":"访问太频繁,请稍后再试","error_code":7},"message":"error"}curl -X POST "https://api-va.tiktokv.com/passport/user/login/?residence=JP&device_id=7488190626207417857&os_version=13.6.1&multi_login=1&app_id=1233&iid=7488213154625128234&app_name=musical_ly&locale=zh-Hans&ac=WIFI&sys_region=CN&ssmix=a&version_code=34.1.0&channel=App%20Store&op_region=JP&os_api=18&idfa=A71D438D-AA3B-42C8-959E-EC5E4285FF14&install_id=7488213154625128234&idfv=647D6F93-ED0A-4824-9B66-45EBF30CF5DC&device_platform=iphone&device_type=iPhone10%2C3&openudid=d04f0d20f43164175274772e4a4c4da2eeabf1c7&account_region=us&tz_name=Asia%2FShanghai&tz_offset=28800&app_language=zh&carrier_region=JP&current_region=JP&aid=1233&mcc_mnc=44000&screen_width=1125&uoo=0&content_language=&language=zh&cdid=B124AFDA-3EF1-4427-B2C1-D5B8C698619C&build_number=341018&app_version=34.1.0&resolution=1125%2A2436" \-H "Content-Type: application/x-www-form-urlencoded" \-H "User-Agent: TikTok 34.1.0 rv:341018 (iPhone; iOS 13.6.1; zh_CN) Cronet" \-H "X-TT-BYPASS-DP: 1" \-H "passport-sdk-version: 5.12.1" \-H "sdk-version: 2" \-H "tt-request-time: 1745223135894" \-H "x-metasec-tspk-non-native: 1" \-H "x-tt-dm-status: login=1;ct=1;rt=8" \-H "x-vc-bdturing-sdk-version: 2.3.7" \-H "x-tt-multi-sids: 7488212729246778411%3A7c4fc5b16c396d7055908554a3f096a4" \-H "x-tt-passport-csrf-token: b54c6c55016d8d49f6d747bb318d2d21" \-H "x-Tt-Token: 047c4fc5b16c396d7055908554a3f096a404a373478c9313ec40ee8e8fe6e251ddf85a1b71c5102237849d96d5ca1196ea9405127f280e60c126ebd3cf8eaaf654f674a4a71589afb5de729d5ba2a9cb99dba7683b97b69e7ba9e9209552fc5757d68--0a4e0a2039c085de2b1b7130677d5be860420424ef6612ba0871a4b8fb2943bb4ed9e77b122087e01f1d74923df095f0250d2f0dce19303c9b5dae6db1bc7f816f518d037b421801220674696b746f6b-3.0.0" \-H "Cookie: store-country-code=us; store-country-code-src=uid; store-country-sign=MEIEDJ6tzbn8HKtjVm3W3gQg65gNrbdwrDQItTFIcGopnCZHpamAIZSQj2r-elynSpsEEECD5luiR9vwXbeG3JS1xp8; store-idc=useast5; tt-target-idc=useast5; msToken=xYx6bFmzYx2h0aCE8Klc7xZntn8XBnhR-2MoN9La_1OiB-yj8ashL4MxuiXjQDpUM2zI81r_I_D1pumy09enRjJnACi_8seK4bu4T8l9BOU=; odin_tt=4e55b505e06b3fcb2e498136b3a5275827e14db9edd0335c4a45b49f1d081c204e5b2d53511de9ad1e5b17ecc2dbc039dff3df4858afd29afab9f0b47d50af5b4c95e7579cc247f70a19c217eedd4127; install_id=7488213154625128234; ttreq=1$fb6669b36f45f66cf71038486d82e2b11e6c2134; user_oec_info=...; sessionid=7c4fc5b16c396d7055908554a3f096a4; uid_tt=0633acdad328486b67a033379670731a5761607eec5110daee28a4156ae7084b; passport_csrf_token=b54c6c55016d8d49f6d747bb318d2d21" \--data-urlencode "email=72646b627d6c646a616a6b62343734363431456268646c692b666a68" \--data-urlencode "password=7c7c7c7c7c7c7c7c7c7c7c" \--data-urlencode "mix_mode=1" \--data-urlencode "multi_login=1" \--data-urlencode "support_webview=1"{"data":{"captcha":"","desc_url":"","description":"访问太频繁,请稍后再试","error_code":7},"message":"error"}

相关文章:

  • 模拟电子技术 第一章<半导体基础>
  • Linux进程间通信(IPC)
  • Ubuntu系统 | 本地部署ollama+deepseek
  • 微软PowerBI考试 PL300-Power BI 入门
  • 自驾总结_Localization
  • 免费批量文件重命名软件
  • [蓝桥杯]最大化股票交易的利润
  • 湖北理元理律师事务所:系统性债务化解中的法律技术革新
  • 大模型分布式训练笔记(基于accelerate+deepspeed分布式训练解决方案)
  • 【Connected Paper使用以及如何多次使用教程分享】
  • 机器学习——放回抽样
  • 【Typst】4.导入、包含和读取
  • HTTP连接管理——短连接,长连接,HTTP 流水线
  • 二维 根据矩阵变换计算缩放比例
  • 49套夏日小清新计划总结日系卡通ppt模板
  • 什么是C语言块级变量
  • 从 Docker 到 Containerd:Kubernetes 容器运行时迁移实战指南
  • Alita:通过 MCP 实现自主进化的通用 AI 代理
  • 星敏感器:卫星姿态测量的“星空导航仪”
  • 三极管和MOS的三种状态命名的区别
  • 网页开发环境一般写什么/seo策略工具
  • 只做特卖的网站/网站建设优化推广系统
  • wordpress留言版添加/seo是什么学校
  • 手机如何做微电影网站/自己建网站怎么建
  • 乌尔禾区做网站哪里好/品牌推广策略分析
  • share poine 户做网站/品牌网络推广