Repository: kazutoiris/ali_ecc Branch: main Commit: 8a813402ded7 Files: 5 Total size: 9.2 KB Directory structure: gitextract_dcene0tx/ ├── LICENSE ├── README.md ├── ali.py ├── ali_renew_test.py └── requirements.txt ================================================ FILE CONTENTS ================================================ ================================================ FILE: LICENSE ================================================ Copyright (c) Anti 996 License Version 1.0 (Draft) Permission is hereby granted to any individual or legal entity obtaining a copy of this licensed work (including the source code, documentation and/or related items, hereinafter collectively referred to as the "licensed work"), free of charge, to deal with the licensed work for any purpose, including without limitation, the rights to use, reproduce, modify, prepare derivative works of, publish, distribute and sublicense the licensed work, subject to the following conditions: 1. The individual or the legal entity must conspicuously display, without modification, this License on each redistributed or derivative copy of the Licensed Work. 2. The individual or the legal entity must strictly comply with all applicable laws, regulations, rules and standards of the jurisdiction relating to labor and employment where the individual is physically located or where the individual was born or naturalized; or where the legal entity is registered or is operating (whichever is stricter). In case that the jurisdiction has no such laws, regulations, rules and standards or its laws, regulations, rules and standards are unenforceable, the individual or the legal entity are required to comply with Core International Labor Standards. 3. The individual or the legal entity shall not induce or force its employee(s), whether full-time or part-time, or its independent contractor(s), in any methods, to agree in oral or written form, to directly or indirectly restrict, weaken or relinquish his or her rights or remedies under such laws, regulations, rules and standards relating to labor and employment as mentioned above, no matter whether such written or oral agreement are enforceable under the laws of the said jurisdiction, nor shall such individual or the legal entity limit, in any methods, the rights of its employee(s) or independent contractor(s) from reporting or complaining to the copyright holder or relevant authorities monitoring the compliance of the license about its violation(s) of the said license. THE LICENSED WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ANY WAY CONNECTION WITH THE LICENSED WORK OR THE USE OR OTHER DEALINGS IN THE LICENSED WORK. ================================================ FILE: README.md ================================================ # AliyunDrive ECC Signature > Welcome star, issue and pull requests. ## What can it do 1. Generate random `ECC` key-pair to create a new session. 2. Get the file’s download url without `invalid X-Device-Id`. ## How to use 1. Set the `deviceId` in line 7. 2. Set the `userId` in line 8. 3. Set the `authorization` in line 34. 4. (Optional) Set the private key in line 11,12. (Only if you want to use custom key-pair.) ## Some details 1. `deviceId` could be found in `DevTools` -> `Application` -> `Local Storage` -> `cna`. 2. `userId` could be found in `DevTools` -> `Application` -> `Local Storage` -> `token` -> `user_id`. 3. `authorization` could be found in `Network`, choose any request, `Request Headers` -> `authorization`. 4. `private key` could be found in `DevTools` -> `Application` -> `IndexedDB` -> `ALIYUN_DRIVE_CLIENT_SIGNATURE` -> `signature` -> `privateKey`. `private key` will be generated automatically, so there’s no need to specificate. ## Last There’re some problems need to be solved. * [x] How to generate a `deviceId`? Just a UUIDv4 string, So you can generate a deviceId randomly. * [ ] How to generate `authorization` from cookie or local storage? * [ ] How often is `nonce` updated? (Could be frozen?) ## Test You can use `ali_renew_test.py` to test `nonce` update. If `nonce` is 0, it will create a session automatically. If `nonce` is larger than 0, it will renew the session. **Notice:** If it fails, try to increase the interval. Now it could pass almost 1000 rounds :thumbsup: ## LICENSE Anti-996-License. ================================================ FILE: ali.py ================================================ import hashlib import ecdsa import requests import random appId = "5dde4e1bdf9e4966b387ba58f4b3fdc3" deviceId = "e5173011-XXXX-XXXX-XXXX-XXXXf04f3c62" userId = "XXXXf36e37XXXX79bdXXXXdeb6203f67" nonce = 0 # private_key = [175, 87, 171, 214, 222, 196, 127, 36, 25, 50, 237, 179, 71, 81, 49, 196, # 250, 103, 115, 203, 138, 179, 192, 182, 43, 175, 233, 72, 200, 14, 64, 254] # private_key = int.from_bytes(private_key, byteorder='big') private_key = random.randint(1, 2**256-1) ecc_pri = ecdsa.SigningKey.from_secret_exponent( private_key, curve=ecdsa.SECP256k1) ecc_pub = ecc_pri.get_verifying_key() public_key = "04"+ecc_pub.to_string().hex() def r(appId: str, deviceId: str, userId: str, nonce: int) -> str: return f"{appId}:{deviceId}:{userId}:{nonce}" def sign(appId, deviceId, userId, nonce) -> str: sign_dat = ecc_pri.sign(r(appId, deviceId, userId, nonce).encode('utf-8'), entropy=None, hashfunc=hashlib.sha256) return sign_dat.hex()+"01" signature = sign(appId, deviceId, userId, nonce) headers = { "authorization": "Bearer BEARERBEARER", "origin": "https://www.aliyundrive.com", "referer": "https://www.aliyundrive.com/", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.41", "x-canary": "client=web,app=adrive,version=v3.17.0", "x-device-id": deviceId, "x-signature": signature, } req = requests.post( "https://api.aliyundrive.com/users/v1/users/device/create_session", json={ "deviceName": "Edge浏览器", "modelName": "Windows网页版", "pubKey": public_key, }, headers=headers) print(req.json()) # {'result': True, 'success': True, 'code': None, 'message': None} req = requests.post("https://api.aliyundrive.com/v2/file/get_download_url", json={"expire_sec": 14400, "drive_id": "341789", "file_id": "63dd352b22e34327c0f84277b389eb381XXXXXXX"}, headers=headers) print(req.json()) # {'domain_id': 'bj29', 'drive_id': '341789', 'file_id': '63dd352b22e34327c0f84277b389eb381XXXXXXX', 'revision_id': '63dd352ba95fd7... ================================================ FILE: ali_renew_test.py ================================================ import hashlib import ecdsa import requests import random import time appId = "5dde4e1bdf9e4966b387ba58f4b3fdc3" deviceId = "e5173011-XXXX-XXXX-XXXX-XXXXf04f3c62" userId = "XXXXf36e37XXXX79bdXXXXdeb6203f67" # nonce = 0 # private_key = [175, 87, 171, 214, 222, 196, 127, 36, 25, 50, 237, 179, 71, 81, 49, 196, # 250, 103, 115, 203, 138, 179, 192, 182, 43, 175, 233, 72, 200, 14, 64, 254] # private_key = int.from_bytes(private_key, byteorder='big') private_key = random.randint(1, 2**256-1) ecc_pri = ecdsa.SigningKey.from_secret_exponent( private_key, curve=ecdsa.SECP256k1) ecc_pub = ecc_pri.get_verifying_key() public_key = "04"+ecc_pub.to_string().hex() def r(appId: str, deviceId: str, userId: str, nonce: int) -> str: return f"{appId}:{deviceId}:{userId}:{nonce}" def sign(appId, deviceId, userId, nonce) -> str: sign_dat = ecc_pri.sign(r(appId, deviceId, userId, nonce).encode('utf-8'), entropy=None, hashfunc=hashlib.sha256) return sign_dat.hex()+"01" for nonce in range(1000): print(f"Testing nonce = {nonce}", end=' ') signature = sign(appId, deviceId, userId, nonce) headers = { "authorization": "Bearer BEARERBEARER", "origin": "https://www.aliyundrive.com", "referer": "https://www.aliyundrive.com/", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.41", "x-canary": "client=web,app=adrive,version=v3.17.0", "x-device-id": deviceId, "x-signature": signature, } if nonce == 0: req = requests.post( "https://api.aliyundrive.com/users/v1/users/device/create_session", json={ "deviceName": "Edge浏览器", "modelName": "Windows网页版", "pubKey": public_key, }, headers=headers) # print(req.json()) # {'result': True, 'success': True, 'code': None, 'message': None} assert req.json()['result'] else: req = requests.post( "https://api.aliyundrive.com/users/v1/users/device/renew_session", json={}, headers=headers) # print(req.json()) # {'result': True, 'success': True, 'code': None, 'message': None} assert req.json()['result'] req = requests.post("https://api.aliyundrive.com/v2/file/get_download_url", json={"expire_sec": 14400, "drive_id": "341789", "file_id": "63dd352b22e34327c0f84277b389eb381XXXXXXX"}, headers=headers) # print(req.json()) # {'domain_id': 'bj29', 'drive_id': '341789', 'file_id': '63dd352b22e34327c0f84277b389eb381XXXXXXX', 'revision_id': '63dd352ba95fd7... assert 'url' in req.json() print("Passed!") time.sleep(0.5) # 0.5s is the minimum interval between requests ================================================ FILE: requirements.txt ================================================ ecdsa requests