[ { "path": "LICENSE", "content": "Copyright (c) \n\nAnti 996 License Version 1.0 (Draft)\n\nPermission is hereby granted to any individual or legal entity obtaining a copy\nof this licensed work (including the source code, documentation and/or related\nitems, hereinafter collectively referred to as the \"licensed work\"), free of\ncharge, to deal with the licensed work for any purpose, including without\nlimitation, the rights to use, reproduce, modify, prepare derivative works of,\npublish, distribute and sublicense the licensed work, subject to the following\nconditions:\n\n1. The individual or the legal entity must conspicuously display, without\n modification, this License on each redistributed or derivative copy of the\n Licensed Work.\n\n2. The individual or the legal entity must strictly comply with all applicable\n laws, regulations, rules and standards of the jurisdiction relating to\n labor and employment where the individual is physically located or where\n the individual was born or naturalized; or where the legal entity is\n registered or is operating (whichever is stricter). In case that the\n jurisdiction has no such laws, regulations, rules and standards or its\n laws, regulations, rules and standards are unenforceable, the individual\n or the legal entity are required to comply with Core International Labor\n Standards.\n\n3. The individual or the legal entity shall not induce or force its\n employee(s), whether full-time or part-time, or its independent\n contractor(s), in any methods, to agree in oral or written form,\n to directly or indirectly restrict, weaken or relinquish his or\n her rights or remedies under such laws, regulations, rules and\n standards relating to labor and employment as mentioned above,\n no matter whether such written or oral agreement are enforceable\n under the laws of the said jurisdiction, nor shall such individual\n or the legal entity limit, in any methods, the rights of its employee(s)\n or independent contractor(s) from reporting or complaining to the copyright\n holder or relevant authorities monitoring the compliance of the license\n about its violation(s) of the said license.\n\nTHE LICENSED WORK IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS\nFOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT\nHOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\nOF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ANY WAY CONNECTION\nWITH THE LICENSED WORK OR THE USE OR OTHER DEALINGS IN THE LICENSED WORK.\n" }, { "path": "README.md", "content": "# AliyunDrive ECC Signature\n\n> Welcome star, issue and pull requests.\n\n## What can it do\n\n1. Generate random `ECC` key-pair to create a new session.\n2. Get the file’s download url without `invalid X-Device-Id`.\n\n## How to use\n\n1. Set the `deviceId` in line 7.\n2. Set the `userId` in line 8.\n3. Set the `authorization` in line 34.\n4. (Optional) Set the private key in line 11,12. (Only if you want to use custom key-pair.)\n\n## Some details\n\n1. `deviceId` could be found in `DevTools` -> `Application` -> `Local Storage` -> `cna`.\n\n2. `userId` could be found in `DevTools` -> `Application` -> `Local Storage` -> `token` -> `user_id`.\n\n3. `authorization` could be found in `Network`, choose any request, `Request Headers` -> `authorization`.\n\n4. `private key` could be found in `DevTools` -> `Application` -> `IndexedDB` -> `ALIYUN_DRIVE_CLIENT_SIGNATURE` -> `signature` -> `privateKey`.\n\n `private key` will be generated automatically, so there’s no need to specificate.\n\n## Last\n\nThere’re some problems need to be solved.\n\n* [x] How to generate a `deviceId`?\n\n Just a UUIDv4 string, So you can generate a deviceId randomly.\n* [ ] How to generate `authorization` from cookie or local storage?\n* [ ] How often is `nonce` updated? (Could be frozen?)\n\n## Test\n\nYou can use `ali_renew_test.py` to test `nonce` update.\n\nIf `nonce` is 0, it will create a session automatically.\n\nIf `nonce` is larger than 0, it will renew the session.\n\n**Notice:** If it fails, try to increase the interval.\n\nNow it could pass almost 1000 rounds :thumbsup:\n\n## LICENSE\n\nAnti-996-License.\n" }, { "path": "ali.py", "content": "import hashlib\nimport ecdsa\nimport requests\nimport random\n\nappId = \"5dde4e1bdf9e4966b387ba58f4b3fdc3\"\ndeviceId = \"e5173011-XXXX-XXXX-XXXX-XXXXf04f3c62\"\nuserId = \"XXXXf36e37XXXX79bdXXXXdeb6203f67\"\nnonce = 0\n\n# private_key = [175, 87, 171, 214, 222, 196, 127, 36, 25, 50, 237, 179, 71, 81, 49, 196,\n# 250, 103, 115, 203, 138, 179, 192, 182, 43, 175, 233, 72, 200, 14, 64, 254]\n# private_key = int.from_bytes(private_key, byteorder='big')\nprivate_key = random.randint(1, 2**256-1)\necc_pri = ecdsa.SigningKey.from_secret_exponent(\n private_key, curve=ecdsa.SECP256k1)\necc_pub = ecc_pri.get_verifying_key()\npublic_key = \"04\"+ecc_pub.to_string().hex()\n\n\ndef r(appId: str, deviceId: str, userId: str, nonce: int) -> str:\n return f\"{appId}:{deviceId}:{userId}:{nonce}\"\n\n\ndef sign(appId, deviceId, userId, nonce) -> str:\n sign_dat = ecc_pri.sign(r(appId, deviceId, userId, nonce).encode('utf-8'), entropy=None,\n hashfunc=hashlib.sha256)\n return sign_dat.hex()+\"01\"\n\n\nsignature = sign(appId, deviceId, userId, nonce)\n\nheaders = {\n \"authorization\": \"Bearer BEARERBEARER\",\n \"origin\": \"https://www.aliyundrive.com\",\n \"referer\": \"https://www.aliyundrive.com/\",\n \"user-agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.41\",\n \"x-canary\": \"client=web,app=adrive,version=v3.17.0\",\n \"x-device-id\": deviceId,\n \"x-signature\": signature,\n}\n\nreq = requests.post(\n \"https://api.aliyundrive.com/users/v1/users/device/create_session\",\n json={\n \"deviceName\": \"Edge浏览器\",\n \"modelName\": \"Windows网页版\",\n \"pubKey\": public_key,\n },\n headers=headers)\n\nprint(req.json())\n# {'result': True, 'success': True, 'code': None, 'message': None}\n\nreq = requests.post(\"https://api.aliyundrive.com/v2/file/get_download_url\",\n json={\"expire_sec\": 14400, \"drive_id\": \"341789\",\n \"file_id\": \"63dd352b22e34327c0f84277b389eb381XXXXXXX\"},\n headers=headers)\nprint(req.json())\n# {'domain_id': 'bj29', 'drive_id': '341789', 'file_id': '63dd352b22e34327c0f84277b389eb381XXXXXXX', 'revision_id': '63dd352ba95fd7...\n" }, { "path": "ali_renew_test.py", "content": "import hashlib\nimport ecdsa\nimport requests\nimport random\nimport time\n\nappId = \"5dde4e1bdf9e4966b387ba58f4b3fdc3\"\ndeviceId = \"e5173011-XXXX-XXXX-XXXX-XXXXf04f3c62\"\nuserId = \"XXXXf36e37XXXX79bdXXXXdeb6203f67\"\n# nonce = 0\n\n# private_key = [175, 87, 171, 214, 222, 196, 127, 36, 25, 50, 237, 179, 71, 81, 49, 196,\n# 250, 103, 115, 203, 138, 179, 192, 182, 43, 175, 233, 72, 200, 14, 64, 254]\n# private_key = int.from_bytes(private_key, byteorder='big')\nprivate_key = random.randint(1, 2**256-1)\necc_pri = ecdsa.SigningKey.from_secret_exponent(\n private_key, curve=ecdsa.SECP256k1)\necc_pub = ecc_pri.get_verifying_key()\npublic_key = \"04\"+ecc_pub.to_string().hex()\n\n\ndef r(appId: str, deviceId: str, userId: str, nonce: int) -> str:\n return f\"{appId}:{deviceId}:{userId}:{nonce}\"\n\n\ndef sign(appId, deviceId, userId, nonce) -> str:\n sign_dat = ecc_pri.sign(r(appId, deviceId, userId, nonce).encode('utf-8'), entropy=None,\n hashfunc=hashlib.sha256)\n return sign_dat.hex()+\"01\"\n\n\nfor nonce in range(1000):\n print(f\"Testing nonce = {nonce}\", end=' ')\n signature = sign(appId, deviceId, userId, nonce)\n headers = {\n \"authorization\": \"Bearer BEARERBEARER\",\n \"origin\": \"https://www.aliyundrive.com\",\n \"referer\": \"https://www.aliyundrive.com/\",\n \"user-agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.41\",\n \"x-canary\": \"client=web,app=adrive,version=v3.17.0\",\n \"x-device-id\": deviceId,\n \"x-signature\": signature,\n }\n\n if nonce == 0:\n req = requests.post(\n \"https://api.aliyundrive.com/users/v1/users/device/create_session\",\n json={\n \"deviceName\": \"Edge浏览器\",\n \"modelName\": \"Windows网页版\",\n \"pubKey\": public_key,\n },\n headers=headers)\n # print(req.json())\n # {'result': True, 'success': True, 'code': None, 'message': None}\n assert req.json()['result']\n else:\n req = requests.post(\n \"https://api.aliyundrive.com/users/v1/users/device/renew_session\",\n json={},\n headers=headers)\n # print(req.json())\n # {'result': True, 'success': True, 'code': None, 'message': None}\n assert req.json()['result']\n\n req = requests.post(\"https://api.aliyundrive.com/v2/file/get_download_url\",\n json={\"expire_sec\": 14400, \"drive_id\": \"341789\",\n \"file_id\": \"63dd352b22e34327c0f84277b389eb381XXXXXXX\"},\n headers=headers)\n # print(req.json())\n # {'domain_id': 'bj29', 'drive_id': '341789', 'file_id': '63dd352b22e34327c0f84277b389eb381XXXXXXX', 'revision_id': '63dd352ba95fd7...\n assert 'url' in req.json()\n\n print(\"Passed!\")\n\n time.sleep(0.5) # 0.5s is the minimum interval between requests\n" }, { "path": "requirements.txt", "content": "ecdsa\nrequests\n" } ]