Tiktok App 登录账号、密码、验证码 XOR 加密算法
| 抖音 App 登录账号、密码、验证码 XOR 加密算法% E9 n+ z, \& R1 a4 b. ^ 流程分析 登录 Tiktok APP 时,通过抓包发现账号密码是非明文传输的。 |
getUserProfile($userId, $secUid);
echo "\n\n 视频列表:\n";
echo $tiktok->getMixList($userId);
// 示例:加密后的密码 hex 字符串
$encrypted_hex = "74726077717c706c6a7534453d3d3d3d3d";
$decrypted_password = decrypt_tiktok_password($encrypted_hex);
echo "解密后密码是:$decrypted_password\n";
// 示例:TikTok 加密邮箱的 hex 字符串
$encrypted_email = "72646b627d6c646a616a6b623437343634313430456268646c692b666a68";
$decrypted_email = decrypt_tiktok_password($encrypted_email);
echo "解密后邮箱是:$decrypted_email\n";
// 示例用法
$email = '[email protected]';
$hash = sha256_hash($email);
echo "Email: $email\n";
echo "SHA-256 Hash: $hash\n";
class TikTokClient
{
private string $token = '047c4fc5b16c396d7055908554a3f096a404a373478c9313ec40ee8e8fe6e251ddf85a1b71c5102237849d96d5ca1196ea9405127f280e60c126ebd3cf8eaaf654f674a4a71589afb5de729d5ba2a9cb99dba7683b97b69e7ba9e9209552fc5757d68--0a4e0a2039c085de2b1b7130677d5be860420424ef6612ba0871a4b8fb2943bb4ed9e77b122087e01f1d74923df095f0250d2f0dce19303c9b5dae6db1bc7f816f518d037b421801220674696b746f6b-3.0.0';
private array $defaultParams = [
'version_code' => '34.1.0',
'language' => 'zh',
'app_name' => 'musical_ly',
'app_version' => '34.1.0',
'carrier_region' => 'JP',
'op_region' => 'JP',
'residence' => 'JP',
'channel' => 'App Store',
'mcc_mnc' => '44000',
'tz_offset' => '28800',
'device_id' => '7488190626207417857',
'account_region' => 'us',
'sys_region' => 'CN',
'aid' => '1233',
'locale' => 'zh-Hans',
'screen_width' => '1125',
'uoo' => '0',
'openudid' => 'd04f0d20f43164175274772e4a4c4da2eeabf1c7',
'cdid' => 'B124AFDA-3EF1-4427-B2C1-D5B8C698619C',
'os_api' => '18',
'idfv' => '647D6F93-ED0A-4824-9B66-45EBF30CF5DC',
'ac' => 'WIFI',
'os_version' => '13.6.1',
'app_language' => 'zh',
'content_language' => '',
'tz_name' => 'Asia/Shanghai',
'current_region' => 'JP',
'device_platform' => 'iphone',
'build_number' => '341018',
'iid' => '7488213154625128234',
'device_type' => 'iPhone10,3'
];
private function getHeaders(): array
{
return [
'User-Agent: TikTok 34.1.0 rv:341018 (iPhone; iOS 13.6.1; zh_CN) Cronet',
'passport-sdk-version: 5.12.1',
'sdk-version: 2',
'x-Tt-Token: ' . $this->token,
'x-metasec-tspk-non-native: 1',
'x-tt-dm-status: login=1;ct=1;rt=1',
'x-vc-bdturing-sdk-version: 2.3.7'
];
}
private function sendGetRequest(string $url, array $params): string
{
$fullUrl = $url . '?' . http_build_query($params);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $fullUrl);
curl_setopt($ch, CURLOPT_HTTPHEADER, $this->getHeaders());
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// ✅ 关闭 SSL 验证(用于测试环境)
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$response = curl_exec($ch);
if (curl_errno($ch)) {
return 'Curl Error: ' . curl_error($ch);
}
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
echo " HTTP 状态码: $httpCode\n";
curl_close($ch);
echo " HTTP response: $response\n";
return $response;
}
// 获取用户资料
public function getUserProfile(string $userId, string $secUid): string
{
$params = $this->defaultParams;
$params['user_id'] = $userId;
$params['sec_uid'] = $secUid;
$params['scene_id'] = '201';
return $this->sendGetRequest("https://api-va.tiktokv.com/tiktok/user/profile/other/v1", $params);
}
// 获取视频列表
public function getMixList(string $userId, int $cursor = 0): string
{
$params = $this->defaultParams;
$params['uid'] = $userId;
$params['cursor'] = $cursor;
return $this->sendGetRequest("https://api-va.tiktokv.com/tiktok/v1/mix/list/", $params);
}
}
function decrypt_tiktok_password($hex) {
$bytes = hex2bin($hex);
$output = '';
for ($i = 0; $i < strlen($bytes); $i++) {
// 每个字符异或 0x05
$output .= chr(ord($bytes[$i]) ^ 0x05);
}
return $output;
}
function decrypt_tiktok_email($hex) {
$bytes = hex2bin($hex);
$output = '';
for ($i = 0; $i < strlen($bytes); $i++) {
// 前12字节 XOR 0x05,其余 XOR 0x15
$key = $i < 12000 ? 0x05 : 0x15;
$output .= chr(ord($bytes[$i]) ^ $key);
}
return $output;
}
/**
* 计算字符串的 SHA-256 哈希值
*
* @param string $input 要加密的字符串(如邮箱)
* @return string 返回 SHA-256 哈希值
*/
function sha256_hash($input) {
return hash('sha256', $input);
}
curl -X POST "https://api-va.tiktokv.com/aweme/v3/verification/age/?version_code=34.1.0&language=zh&app_name=musical_ly&app_version=34.1.0&carrier_region=JP&op_region=JP&residence=JP&channel=App%20Store&mcc_mnc=44000&tz_offset=28800&device_id=7488190626207417857&account_region=us&sys_region=CN&aid=1233&locale=zh-Hans&screen_width=1125&uoo=0&openudid=d04f0d20f43164175274772e4a4c4da2eeabf1c7&cdid=B124AFDA-3EF1-4427-B2C1-D5B8C698619C&os_api=18&idfv=647D6F93-ED0A-4824-9B66-45EBF30CF5DC&ac=WIFI&os_version=13.6.1&app_language=zh&content_language=&tz_name=Asia/Shanghai¤t_region=JP&device_platform=iphone&build_number=341018&iid=7488213154625128234&device_type=iPhone10,3" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "User-Agent: TikTok 34.1.0 rv:341018 (iPhone; iOS 13.6.1; zh_CN) Cronet" \
-H "passport-sdk-version: 5.12.1" \
-H "sdk-version: 2" \
-H "x-Tt-Token: 047c4fc5b16c396d7055908554a3f096a404a373478c9313ec40ee8e8fe6e251ddf85a1b71c5102237849d96d5ca1196ea9405127f280e60c126ebd3cf8eaaf654f674a4a71589afb5de729d5ba2a9cb99dba7683b97b69e7ba9e9209552fc5757d68--0a4e0a2039c085de2b1b7130677d5be860420424ef6612ba0871a4b8fb2943bb4ed9e77b122087e01f1d74923df095f0250d2f0dce19303c9b5dae6db1bc7f816f518d037b421801220674696b746f6b-3.0.0" \
-H "x-metasec-tspk-non-native: 1" \
-H "x-tt-dm-status: login=1;ct=1;rt=1" \
-H "x-vc-bdturing-sdk-version: 2.3.7" \
--data-urlencode "birthday=1996-04-21" \
--data-urlencode "is_guest=0" \
--data-urlencode "reg_store_region=jp" \
--data-urlencode "session_registered=1" \
--data-urlencode "update_birthdate_type=1"
{"extra":{"fatal_item_ids":[],"logid":"20250421155904748DB8B81AA1BC021020","now":1745222344000},"is_eligible":true,"log_pb":{"impr_id":"20250421155904748DB8B81AA1BC021020"},"register_age_gate_post_action":0,"status_code":0,"status_msg":""}
curl -X POST "https://api16-normal-c-alisg.tiktokv.com/passport/app/region/?ttp_bypass_dp=1&residence=JP&device_id=7488190626207417857&os_version=13.6.1&multi_login=1&app_id=1233&iid=7488213154625128234&app_name=musical_ly&locale=zh-Hans&ac=WIFI&sys_region=CN&ssmix=a&version_code=34.1.0&channel=App%20Store&op_region=JP&os_api=18&idfa=A71D438D-AA3B-42C8-959E-EC5E4285FF14&install_id=7488213154625128234&idfv=647D6F93-ED0A-4824-9B66-45EBF30CF5DC&device_platform=iphone&device_type=iPhone10%2C3&openudid=d04f0d20f43164175274772e4a4c4da2eeabf1c7&account_region=us&tz_name=Asia%2FShanghai&tz_offset=28800&app_language=zh&carrier_region=JP¤t_region=JP&aid=1233&mcc_mnc=44000&screen_width=1125&uoo=0&content_language=&language=zh&cdid=B124AFDA-3EF1-4427-B2C1-D5B8C698619C&build_number=341018&app_version=34.1.0&resolution=1125%2A2436" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "User-Agent: TikTok 34.1.0 rv:341018 (iPhone; iOS 13.6.1; zh_CN) Cronet" \
-H "X-TT-BYPASS-DP: 1" \
-H "passport-sdk-version: 5.12.1" \
-H "sdk-version: 2" \
-H "tt-request-time: 1745221747912" \
-H "x-metasec-tspk-non-native: 1" \
-H "x-vc-bdturing-sdk-version: 2.3.7" \
-H "x-Tt-Token: 047c4fc5b16c396d7055908554a3f096a404a373478c9313ec40ee8e8fe6e251ddf85a1b71c5102237849d96d5ca1196ea9405127f280e60c126ebd3cf8eaaf654f674a4a71589afb5de729d5ba2a9cb99dba7683b97b69e7ba9e9209552fc5757d68--0a4e0a2039c085de2b1b7130677d5be860420424ef6612ba0871a4b8fb2943bb4ed9e77b122087e01f1d74923df095f0250d2f0dce19303c9b5dae6db1bc7f816f518d037b421801220674696b746f6b-3.0.0" \
-H "x-tt-multi-sids: 7488212729246778411%3A7c4fc5b16c396d7055908554a3f096a4" \
-H "x-tt-passport-csrf-token: b54c6c55016d8d49f6d747bb318d2d21" \
-H "X-SS-Cookie: reg-store-region=JP; store-country-code=us; store-country-code-src=uid; store-country-sign=MEIEDFJkX2IpPg-qoC0g7wQgsKJCTmQJGuVbrC21Oko_rkPCc7DaRZ2mFHuw5IJtncoEEJkEu5tI4G6mnoYFDbpIQ7s; store-idc=useast5; tt-target-idc=useast5; msToken=xYx6bFmzYx2h0aCE8Klc7xZntn8XBnhR-2MoN9La_1OiB-yj8ashL4MxuiXjQDpUM2zI81r_I_D1pumy09enRjJnACi_8seK4bu4T8l9BOU=; odin_tt=4e55b505e06b3fcb2e498136b3a5275827e14db9edd0335c4a45b49f1d081c204e5b2d53511de9ad1e5b17ecc2dbc039dff3df4858afd29afab9f0b47d50af5b4c95e7579cc247f70a19c217eedd4127; install_id=7488213154625128234; ttreq=1$fb6669b36f45f66cf71038486d82e2b11e6c2134; cmpl_token=AgQQAPNSF-RPsLfVl2oZYt0S_Yr8gOIf_4MhYNgecg; d_ticket=ae5784ab15e2f75e8bfcc93219443a5fd3ce6; multi_sids=7488212729246778411%3A7c4fc5b16c396d7055908554a3f096a4; sessionid=7c4fc5b16c396d7055908554a3f096a4; sessionid_ss=7c4fc5b16c396d7055908554a3f096a4; sid_guard=7c4fc5b16c396d7055908554a3f096a4%7C1743521435%7C15552000%7CSun%2C+28-Sep-2025+15%3A30%3A35+GMT; sid_tt=7c4fc5b16c396d7055908554a3f096a4; uid_tt=0633acdad328486b67a033379670731a5761607eec5110daee28a4156ae7084b; uid_tt_ss=0633acdad328486b67a033379670731a5761607eec5110daee28a4156ae7084b; passport_csrf_token=b54c6c55016d8d49f6d747bb318d2d21; passport_csrf_token_default=b54c6c55016d8d49f6d747bb318d2d21" \
--data-urlencode "hashed_id=88e61f0af905883a0381068d520c4acd85694273d641754d14cebf06ec9fbc36" \
--data-urlencode "reg_store_region=jp" \
--data-urlencode "support_webview=1" \
--data-urlencode "type=2"
{"data":{"captcha_domain":"rc-verification-sg.tiktokv.com","country_code":"cn","domain":"api16-normal-c-alisg.tiktokv.com"},"message":"success"}
curl -X POST "https://api-va.tiktokv.com/passport/user/check_email_registered?reg_store_region=jp&user_selected_region=0&residence=JP&device_id=7488190626207417857&os_version=13.6.1&multi_login=1&app_id=1233&iid=7488213154625128234&app_name=musical_ly&locale=zh-Hans&ac=WIFI&sys_region=CN&ssmix=a&version_code=34.1.0&channel=App%20Store&op_region=JP&os_api=18&idfa=A71D438D-AA3B-42C8-959E-EC5E4285FF14&install_id=7488213154625128234&idfv=647D6F93-ED0A-4824-9B66-45EBF30CF5DC&device_platform=iphone&device_type=iPhone10%2C3&openudid=d04f0d20f43164175274772e4a4c4da2eeabf1c7&account_region=us&tz_name=Asia%2FShanghai&tz_offset=28800&app_language=zh&carrier_region=JP¤t_region=JP&aid=1233&mcc_mnc=44000&screen_width=1125&uoo=0&content_language=&language=zh&cdid=B124AFDA-3EF1-4427-B2C1-D5B8C698619C&build_number=341018&app_version=34.1.0&resolution=1125%2A2436" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "User-Agent: TikTok 34.1.0 rv:341018 (iPhone; iOS 13.6.1; zh_CN) Cronet" \
-H "X-TT-BYPASS-DP: 1" \
-H "passport-sdk-version: 5.12.1" \
-H "sdk-version: 2" \
-H "tt-request-time: 1745221748632" \
-H "x-metasec-tspk-non-native: 1" \
-H "x-tt-dm-status: login=1;ct=1;rt=8" \
-H "x-vc-bdturing-sdk-version: 2.3.7" \
-H "x-tt-multi-sids: 7488212729246778411%3A7c4fc5b16c396d7055908554a3f096a4" \
-H "x-tt-passport-csrf-token: b54c6c55016d8d49f6d747bb318d2d21" \
-H "x-Tt-Token: 047c4fc5b16c396d7055908554a3f096a404a373478c9313ec40ee8e8fe6e251ddf85a1b71c5102237849d96d5ca1196ea9405127f280e60c126ebd3cf8eaaf654f674a4a71589afb5de729d5ba2a9cb99dba7683b97b69e7ba9e9209552fc5757d68--0a4e0a2039c085de2b1b7130677d5be860420424ef6612ba0871a4b8fb2943bb4ed9e77b122087e01f1d74923df095f0250d2f0dce19303c9b5dae6db1bc7f816f518d037b421801220674696b746f6b-3.0.0" \
-H "Cookie: store-country-code=us; store-country-code-src=uid; store-country-sign=MEIEDOFSXCg3ZGD5bMKzvgQgAJ4pK4-OG6oSBHK8GE9P9QRRjg__QSqDmmj54qwqupkEEL_ZOw10vgMlxZ_Z2FwoEMI; store-idc=useast5; tt-target-idc=useast5; msToken=xYx6bFmzYx2h0aCE8Klc7xZntn8XBnhR-2MoN9La_1OiB-yj8ashL4MxuiXjQDpUM2zI81r_I_D1pumy09enRjJnACi_8seK4bu4T8l9BOU=; odin_tt=4e55b505e06b3fcb2e498136b3a5275827e14db9edd0335c4a45b49f1d081c204e5b2d53511de9ad1e5b17ecc2dbc039dff3df4858afd29afab9f0b47d50af5b4c95e7579cc247f70a19c217eedd4127; install_id=7488213154625128234; ttreq=1$fb6669b36f45f66cf71038486d82e2b11e6c2134; user_oec_info=0a53f54b0febe0430ae49b4b09e4a3acf7dff936e7fc0cc72c777bf125a5057190acc4d001b53ffeed350d06853af3c14ea45de9ad349f713da664bb1e59ab162e244b40b29daf9e4024d94aa535a87fd3cd30a8bc1a490a3c000000000000000000004ee7b1950c04863c69ea160fde114ad4b9e4cecbccbf0afd1ad71e8770644a2e732d7ca065cbb82131e9b2dfc61de1f9d2d110a3a8ef0d1886d2f6f20d220104fbe22afd; cmpl_token=AgQQAPNSF-RPsLfVl2oZYt0S_Yr8gOIf_4MhYNgecg; d_ticket=ae5784ab15e2f75e8bfcc93219443a5fd3ce6; multi_sids=7488212729246778411%3A7c4fc5b16c396d7055908554a3f096a4; sessionid=7c4fc5b16c396d7055908554a3f096a4; sessionid_ss=7c4fc5b16c396d7055908554a3f096a4; sid_guard=7c4fc5b16c396d7055908554a3f096a4%7C1743521435%7C15552000%7CSun%2C+28-Sep-2025+15%3A30%3A35+GMT; sid_tt=7c4fc5b16c396d7055908554a3f096a4; uid_tt=0633acdad328486b67a033379670731a5761607eec5110daee28a4156ae7084b; uid_tt_ss=0633acdad328486b67a033379670731a5761607eec5110daee28a4156ae7084b; passport_csrf_token=b54c6c55016d8d49f6d747bb318d2d21; passport_csrf_token_default=b54c6c55016d8d49f6d747bb318d2d21" \
--data-urlencode "email=72646b627d6c646a616a6b62343734363431456268646c692b666a68" \
--data-urlencode "mix_mode=1" \
--data-urlencode "multi_login=1" \
--data-urlencode "support_webview=1"
{"data":{"captcha":"","desc_url":"","description":"访问太频繁,请稍后再试","error_code":7},"message":"error"}
curl -X POST "https://api-va.tiktokv.com/passport/user/login/?residence=JP&device_id=7488190626207417857&os_version=13.6.1&multi_login=1&app_id=1233&iid=7488213154625128234&app_name=musical_ly&locale=zh-Hans&ac=WIFI&sys_region=CN&ssmix=a&version_code=34.1.0&channel=App%20Store&op_region=JP&os_api=18&idfa=A71D438D-AA3B-42C8-959E-EC5E4285FF14&install_id=7488213154625128234&idfv=647D6F93-ED0A-4824-9B66-45EBF30CF5DC&device_platform=iphone&device_type=iPhone10%2C3&openudid=d04f0d20f43164175274772e4a4c4da2eeabf1c7&account_region=us&tz_name=Asia%2FShanghai&tz_offset=28800&app_language=zh&carrier_region=JP¤t_region=JP&aid=1233&mcc_mnc=44000&screen_width=1125&uoo=0&content_language=&language=zh&cdid=B124AFDA-3EF1-4427-B2C1-D5B8C698619C&build_number=341018&app_version=34.1.0&resolution=1125%2A2436" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "User-Agent: TikTok 34.1.0 rv:341018 (iPhone; iOS 13.6.1; zh_CN) Cronet" \
-H "X-TT-BYPASS-DP: 1" \
-H "passport-sdk-version: 5.12.1" \
-H "sdk-version: 2" \
-H "tt-request-time: 1745223135894" \
-H "x-metasec-tspk-non-native: 1" \
-H "x-tt-dm-status: login=1;ct=1;rt=8" \
-H "x-vc-bdturing-sdk-version: 2.3.7" \
-H "x-tt-multi-sids: 7488212729246778411%3A7c4fc5b16c396d7055908554a3f096a4" \
-H "x-tt-passport-csrf-token: b54c6c55016d8d49f6d747bb318d2d21" \
-H "x-Tt-Token: 047c4fc5b16c396d7055908554a3f096a404a373478c9313ec40ee8e8fe6e251ddf85a1b71c5102237849d96d5ca1196ea9405127f280e60c126ebd3cf8eaaf654f674a4a71589afb5de729d5ba2a9cb99dba7683b97b69e7ba9e9209552fc5757d68--0a4e0a2039c085de2b1b7130677d5be860420424ef6612ba0871a4b8fb2943bb4ed9e77b122087e01f1d74923df095f0250d2f0dce19303c9b5dae6db1bc7f816f518d037b421801220674696b746f6b-3.0.0" \
-H "Cookie: store-country-code=us; store-country-code-src=uid; store-country-sign=MEIEDJ6tzbn8HKtjVm3W3gQg65gNrbdwrDQItTFIcGopnCZHpamAIZSQj2r-elynSpsEEECD5luiR9vwXbeG3JS1xp8; store-idc=useast5; tt-target-idc=useast5; msToken=xYx6bFmzYx2h0aCE8Klc7xZntn8XBnhR-2MoN9La_1OiB-yj8ashL4MxuiXjQDpUM2zI81r_I_D1pumy09enRjJnACi_8seK4bu4T8l9BOU=; odin_tt=4e55b505e06b3fcb2e498136b3a5275827e14db9edd0335c4a45b49f1d081c204e5b2d53511de9ad1e5b17ecc2dbc039dff3df4858afd29afab9f0b47d50af5b4c95e7579cc247f70a19c217eedd4127; install_id=7488213154625128234; ttreq=1$fb6669b36f45f66cf71038486d82e2b11e6c2134; user_oec_info=...; sessionid=7c4fc5b16c396d7055908554a3f096a4; uid_tt=0633acdad328486b67a033379670731a5761607eec5110daee28a4156ae7084b; passport_csrf_token=b54c6c55016d8d49f6d747bb318d2d21" \
--data-urlencode "email=72646b627d6c646a616a6b62343734363431456268646c692b666a68" \
--data-urlencode "password=7c7c7c7c7c7c7c7c7c7c7c" \
--data-urlencode "mix_mode=1" \
--data-urlencode "multi_login=1" \
--data-urlencode "support_webview=1"
{"data":{"captcha":"","desc_url":"","description":"访问太频繁,请稍后再试","error_code":7},"message":"error"}