某红书X-s X-s-common VMP逆向（算法还原）

URL

https://www.xiaohongshu.com/explore

版本

4.3.5

好久没有更新某红书了，这次变动比较大，代码乱七八糟，这次采用RC4加密，打印log即可分析

之前更过很很多版本，好久不更，版本变化挺大

第一眼看上去就很恶心人

可以使用Codex去ast这个js文件，打印出来log，根据log去调试即可

说重点环境数组

# 121,104,96,41 固定

# 240,199,85,240   随机数

# [99, 23, 138, 168,157,1, 0, 0] new Date()

# [176, 62, 134, 168,157,1,0, 0] cookie ts

# [ 22, 0, 0, 0 ] 随机数

# [ 75, 5, 0, 0 ] window的属性值个数

# [ 46, 1, 0, 0 ] 第一个值

# [133, 143, 162, 86,32, 112,  98, 12] 参数第二个md5值 .

# [52,  49,  57, 100,  57,  97,  50,  53,  48,  53,57,  48,  49, 102, 110, 109, 107,  54,  48, 110,104, 115, 104, 108, 100, 102, 119, 114, 110, 112, 56,  53, 116, 120,  57, 100, 106,  57,  54, 122,108,  99,  53,  48,  48,  48,  48,  54,  54,  52,53,  48,  49] a1值

# [10, 120, 104, 115,  45,112,  99,  45, 119, 101,98]  # xhs-pc-web 

# [1, 131, 249, 65, 103, 103,201, 181, 131, 99,  94,   7,68, 250, 132, 21] # 固定值 


# [2, 97, 51, 16] # 固定

# [141, 233, 102, 213, 246,54, 186, 135,8,12,216, 225,159, 92, 50,128]  参数3md5,

重点是之后这一步好像是新更的，因为看别人文章时，发现这里当时不是144位，文章是data3拼接md5字节数组，但这个进入其他文件循环24位=>16位计算

插一嘴

x-common就是获取的localstroage里边的一些参数乱七八糟的，然后最后利用和xs的加密方式加密一下即可，没有啥难度，直接python还原算法

测试代码

import hashlib
from xhs_xs import get_X_S
import requests
import json
from urllib.parse import urlparse


def md5(text):
    return hashlib.md5(text.encode('utf-8')).hexdigest()


proxies = {
    "http": None,
    "https": None
}

a1 = "19d9a2505901fnmk60nhshldfwrnp85tx9dj96zlc50000664501"

loadts = 1776742797071

headers = {
    "Accept": "application/json, text/plain, */*",
    "Content-Type": "application/json;charset=UTF-8",
    "Cookie": f"",
    "Host": "edith.xiaohongshu.com",
    "Origin": "https://www.xiaohongshu.com",
    "Referer": "https://www.xiaohongshu.com/",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36",
    "X-S-Common": "2UQAPsHC+aIjqArjwjHjNsQhPsHCH0rjNsQhPaHCH0c1PUhMHjIj2eHjwjQgynEDJ74AHjIj2ePjwjQhyoPTqBPT49pjHjIj2ecjwjH9N0G1PsHVHdWMH0ijP/SDwnrU+/ZMw/Zl8fETyAGIJfYAyBlD8d4UJdZh+gzhwnzxw/8CJBPMPeZIPeG9+eLIPaHVHdW9H0ijHjIj2eqjwjHjNsQhwsHCHDDAwoQH8B4AyfRI8FS98g+Dpd4daLP3JFSb/BMsn0pSPM87nrldzSzQ2bPAGdb7zgQB8nph8emSy9E0cgk+zSS1qgzianYt8Lzf/LzN4gzaa/+NqMS6qS4HLozoqfQnPbZEp98QyaRSp9P98pSl4oSzcgmca/P78nTTL08z/sVManD9q9z18np/8db8aob7JeQl4epsPrzsagW3Lr4ryaRApdz3agYDq7YM47HFqgzkanYMGLSbP9LA/bGIa/+nprSe+9LI4gzVPDbrJg+P4fprLFTALMm7+LSb4d+kpdzt/7b7wrQM498cqBzSpr8g/FSh+bzQygL9nSm7qSmM4epQ4flY/BQdqA+l4oYQ2BpAPp87arS34nMQyFSE8nkdqMD6pMzd8/4SL7bF8aRr+7+rG7mkqBpD8pSUzozQcA8Szb87PDSb/d+/qgzVJfl/4LExpdzQ4fRSy7bFP9+y+7+nJAzdaLp/2LSizgbH8dbMagYiJdbCwB4QyFSfJ7b7yFSeqS4o8e+A8BlO8p8c4A+Q4DbSPB8d8nzryo4QzLRAPpq3zdSl4bYQye+SPnzm8/+B/7+nLo4O8n8OqMSl4e+Q2bzA8ML9qM+M4ApP+FTA8S878FDALdkQP7ZAJMm7/9bc4AY6q7pCafQwq9zS+7+nqgq3anTN8LcIcg+n/bQsagGM8gWI8BpDaaTsaL+dq98c4FYQ4DSBLpm7abmn4rbQ2epS+dpF4DS3J9L94gqManWAq9kM4Apwqg4oJM874LSe2SzQ4SQFLnpncL4VN7+kqgzBanYc4rSk8np84g468p40G7mp/7+rq9TManYa2gzc474Cqg4manTSqM4l4oplaLbApDG9qAbQGDlQz/mA+fpDq9Sc4B+0Lo4UaL+t8nkl49YQyaRS2emQ8LS9cnpx8DTSzopFpLDA/7PlLo4LzADh/FSbqfEQc94Ay7Z9qAGE8BLI//8A8bmF2DSkzS4Q2BS+JgbF8FS92D+QyB4A+D8rPF4p4d+xqgzYaLp+PfMc4FSTJFESPFSNqM8M4oS1Loc7anTM8LSiLpkApdz8/S87qFSh+dPIpFkSPob7LB4M4bkQznMy/dbFGLSkqf+OPrzQagW98nzYPo+3J9pApdb7N74n4eYQypmTagYNqMSl4B8QyrESyFl32rS9yAYHnS+Pag8CtFS98npnLoq7qgpFpMmM4BzQ2bkyanWMq7Yp+9pxpdqEqBEyJDSez9zILozSnS8F2LS3z0pQPMzjanSz+LSb/9pDJFbA2rQ38LEl494Q4S4SGgp7qpkc4FMQcURS+DQ0PFSkanQdJ94SPbmFPFEc4b8SpnYiJ9z0/LShGfl0pdqFanDIqFz8t9RQynlIJp87cLS3qsT7pdc3JM8FLrSi4/4Qyezwag8L4LYM4MSQygH3aL+9q9Sn4M+AaprManYgpDSe8o+8J9RA+Sm7cLS9+BTQzgpmz7+HzDSiJrTI2DWFag8mqM4//fprLo4caL+Sq9Tl4rRQzpkcaLPIqFzn4A+QcFp1Gdp7zrSe+g+DqFlYqp8F8g4M4bkQyrTS8S8FJFSicg+/zSzraLP7qM++adPAqgz1asROqA+l4FYSzrbAy7pFqrS3/d+fn0pSpMmFzLSbybYQPMD3GSm74FETnpQQ2B4SLMm7GgqIa9LlnLpGqdpFyrSkpBpQPA4A2BMC2DSkcnpDLozFag8PJFSb4fprqbzHanYkJLSk4LMlqBQSag8O8/mxqgkQzgZFanTQ+DS987+nGpQjLobFJdkl4oD3J/mSzbPAqAmM4bSQye4S8r8O8pzM47zyqgzpanTi/Skl478I4gzlz7b7zaTn4bYHpdzb/ASmqMz/J7P9JfzAy9F78/8c49bQyLlPanYLPLDAnLMQPFbSy9qM8nDIa/Zh4gzCanSz+BMl4eQt8e4APpm7JLDA+fp82f4A8fEBJLS9N7+gpdzOz9+BwLSecnpDLozxag8OqM8n4AGUpdzCa/PM8n8Sao4oLozAqSL78pS+tA+Qy78Szop7Jf4l4e4jpg8A+dp7y9+c47bjpdzIag8yaFS3npP6ze+A8dmwq9SM4MzQcA4SPp8FGURl4URoJ0+SpSkgzg+D+bDUpMi7Gpm789bM4oQQcF8GaL+kGLS94/4zqrESpBRL2LShyrQQPF8Cqdb7LrDAJnkEpd4OanTw8gYj/LpjLozranYiGdkM4BRQPA4ApokTnDSiaB8QPURSydbF/oQM4FQjJepSyfq78/mc4Fk74gzoagYznbmc4sRQy/mA8eS68nzSJ9LlLo4oaL+0JDSb+fpLNMb6a/+NqM+l4B4Q4DMea/+O8nkc4r4onSQHJS87cFQn4r4QP9+LJpmFaDS9J7+/GA4Sydb7JLSi8npnJfTFag8d8nz+N9pr4g4AanTaGLS9zgZ6NFTA8bS9q9kc4FRQyLkAPBkOqAbc47p1pdzFNMmFqFSi/n+Q4fpA8bm7cFSiapkQPMkDadbFpeQYt7QzLA4A+Dby/FDAy/FjNsQhwaHCN/L7P0ZUw/G7wsIj2erIH0iINsQhP/rjwjQ1J7QTGnIjNsQhP/HjwjHl+Aq9+ALF+0G7+/LAwAr7+AGA+/LFPALEw/rjKc==",
    "X-t": "1776754671579",
    "x-b3-traceid": "e3855bbfdb5b525c",
    "x-rap-param": "ByQBBgAAAAEAAAAUAAAB5OMVWDsAACd0AAAAhQAAAAAAAAAAOHIwYzV6Tg0d6nqsO8otPu9AG9L8PQAAABDil0tO4QB85oUz8+O3b+ICP2MD3KW7QZll0h8eolxqI1QqEQ24itrM7qU3UuRyzhnYkBPUvt6eCsLP9UYkijgxpF5sQw16VPWB53XEs00h73/rrgGjVp3sVD5Lw5lBW9egXeLN0rmZn58sW9gr9zClDx2V7ij+dfjBJUp+XCnsf2H7+Tsjm33um/0rtaBHqpKf2yeI2zTQfSLdmosFT/MkoADM+ni7u1lPOm5d6o+BcLFq9PiYsz2BO2HOSIqU0e6oolwE1bAU8vRDTjHl7sezGE6PIBm+QPuhlgSc6W4Jg1PTNLiH0PVW9sHjYe8wO86OuimQz0uPK71E5lMEUALUbrcUz8zP2n1O2nZIZ8Ch+yOTUnndC809QcrVfd1hi3demqYHxLvBH/q3P9fmay11PbhvF944RHPB0/bjOtChUJ9c3HFlFyUMIlPVw1VeK8U4wcrUDezkvxPMh03Kl8O/QmHc0quo170ZKT26svLNe4QdhNWNjA2RLesDybkdFWOVgPDwAIVv64mf2VQvZ5Gl1zyj7i57YWSUNwza4hAPIRaxAxjNiq1qUzTg07XJeUaLg20AW/cMPNkBmDyHgTZG9wnJf6U6j3BlwaqZ0RWHtE15zzdILvVhTyrAP5eiQP8AAAHX",
    "x-xray-traceid": "ced76a5fe56ee752f517e1960c29af02",
    "xy-direction": "82"
}
url = "https://edith.xiaohongshu.com/api/sns/web/v1/homefeed"

data = {
    "cursor_score": "1.7768203189820013E9",
    "num": 30,
    "refresh_type": 3,
    "note_index": 16,
    "unread_begin_note_id": "",
    "unread_end_note_id": "",
    "unread_note_count": 0,
    "category": "homefeed_recommend",
    "search_key": "",
    "need_num": 8,
    "image_formats": [
        "jpg",
        "webp",
        "avif"
    ],
    "need_filter_image": False
}

uri = urlparse(url).path + json.dumps(data, separators=(',', ':'), ensure_ascii=False)
md5Str = md5(uri)
md5Uri = md5(urlparse(url).path)

headers.update({"X-s": get_X_S(uri, md5Str, md5Uri, loadts, a1)})

data = json.dumps(data, separators=(',', ':'), ensure_ascii=False)
response = requests.post(url=url, headers=headers, data=data, proxies=proxies)
if response.status_code == 200:
    result = response.json()
    if result.get('success'):
        items = result.get('data', {}).get('items', [])
        print(f"获取成功！共 {len(items)} 条笔记\n")
        print(f"{'=' * 60}")

        for idx, item in enumerate(items, 1):
            note = item.get('note_card', {})
            user = note.get('user', {})
            interact = note.get('interact_info', {})

            print(f"\n笔记 {idx}:")
            print(f"   标题: {note.get('display_title', '无标题')}")
            print(f"   作者: {user.get('nick_name', '未知')}")
            print(f"   点赞: {interact.get('liked_count', '0')}")
            print(f"   类型: {note.get('type', 'unknown')}")
            print(f"   ID: {item.get('id', '')}")

        print(f"\n{'=' * 60}")
        print(f"cursor_score: {result.get('data', {}).get('cursor_score', '')}")
        print(f"{'=' * 60}\n")
    else:
        print(f"请求失败: {result.get('msg', '未知错误')}")
        print(f"响应内容: {response.text}")
else:
    print(f"&HTTP错误: {response.status_code}")
    print(f"响应内容: {response.text}")

顺利通过！！！

声明

本文章中所有内容仅供学习交流使用，不用于其他任何目的，不提供完整代码，抓包内容、敏感网址、数据接口等均已做脱敏处理，严禁用于商业用途和非法用途，否则由此产生的一切后果均与作者无关！

本文章未经许可禁止转载，禁止任何修改后二次传播，擅自使用本文讲解的技术而导致的任何意外，作者均不负责，若有侵权，请联系作者立即删除！