cxzlw/bitcomet_login_demo.py Secret

## bitcomet_login_demo.py
import base64
import uuid

import httpx
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Random import get_random_bytes
from Crypto.Hash import HMAC, SHA256, SHA1

# 随机 uuid，这里用于派生后面的 aes 和 hmac key
# 后面 device_id 和这里的 client_id 一样的
# 后续用于获取 device_token，需要保存好
client_id = str(uuid.uuid4())

json = '{"username":"test","password":"asdkjashdiasfgasodqwlascas;das"}'

salt_t, salt_r = get_random_bytes(8), get_random_bytes(8)
aes_key, hmac_key = (PBKDF2(client_id, salt_t, 32, count=10 ** 4, hmac_hash_module=SHA1),
                     PBKDF2(client_id, salt_r, 32, count=10 ** 4, hmac_hash_module=SHA1))

cipher = AES.new(key=aes_key, mode=AES.MODE_CBC)
iv = cipher.iv

aes_encrypted = cipher.encrypt(pad(json.encode(), 16))  # AES padding 都是 16，刚才才踩了个坑

msg = b"\x03\x01"  # Magic number
msg += salt_t
msg += salt_r
msg += iv
msg += aes_encrypted

hmac = HMAC.new(hmac_key, digestmod=SHA256)
sig = hmac.update(msg)
msg += sig.digest()

authentication = base64.b64encode(msg).decode()  # 加密结果
print(authentication)

client = httpx.Client(headers={
    "Client-Type": "BitComet WebUI",  # 天坑，这个不传直接空响应…
})

resp = client.post("http://localhost:17960/api/webui/login",
                   json={
                       "authentication": authentication,
                       "client_id": client_id
                   })

print(resp.status_code)
print(resp.json())
invite_token = resp.json()["invite_token"]

resp = client.post("http://localhost:17960/api/device_token/get",
                   json={
                       "device_id": client_id,
                       "device_name": "PeerBanHelper - BitComet Adapter",
                   },
                   headers={
                       "Authorization": "Bearer " + invite_token
                   })
device_token = resp.json()["device_token"]
client.headers["Authorization"] = "Bearer " + device_token

resp = client.post("http://localhost:17960/api_v2/task_list/get",
                   json={"group_state": "ALL", "sort_order": "", "sort_key": ""})

print(resp.content)
	import base64
	import uuid

	import httpx
	from Crypto.Cipher import AES
	from Crypto.Util.Padding import pad, unpad
	from Crypto.Protocol.KDF import PBKDF2
	from Crypto.Random import get_random_bytes
	from Crypto.Hash import HMAC, SHA256, SHA1

	# 随机 uuid，这里用于派生后面的 aes 和 hmac key
	# 后面 device_id 和这里的 client_id 一样的
	# 后续用于获取 device_token，需要保存好
	client_id = str(uuid.uuid4())

	json = '{"username":"test","password":"asdkjashdiasfgasodqwlascas;das"}'

	salt_t, salt_r = get_random_bytes(8), get_random_bytes(8)
	aes_key, hmac_key = (PBKDF2(client_id, salt_t, 32, count=10 ** 4, hmac_hash_module=SHA1),
	PBKDF2(client_id, salt_r, 32, count=10 ** 4, hmac_hash_module=SHA1))

	cipher = AES.new(key=aes_key, mode=AES.MODE_CBC)
	iv = cipher.iv

	aes_encrypted = cipher.encrypt(pad(json.encode(), 16)) # AES padding 都是 16，刚才才踩了个坑

	msg = b"\x03\x01" # Magic number
	msg += salt_t
	msg += salt_r
	msg += iv
	msg += aes_encrypted

	hmac = HMAC.new(hmac_key, digestmod=SHA256)
	sig = hmac.update(msg)
	msg += sig.digest()

	authentication = base64.b64encode(msg).decode() # 加密结果
	print(authentication)

	client = httpx.Client(headers={
	"Client-Type": "BitComet WebUI", # 天坑，这个不传直接空响应…
	})

	resp = client.post("http://localhost:17960/api/webui/login",
	json={
	"authentication": authentication,
	"client_id": client_id
	})

	print(resp.status_code)
	print(resp.json())
	invite_token = resp.json()["invite_token"]

	resp = client.post("http://localhost:17960/api/device_token/get",
	json={
	"device_id": client_id,
	"device_name": "PeerBanHelper - BitComet Adapter",
	},
	headers={
	"Authorization": "Bearer " + invite_token
	})
	device_token = resp.json()["device_token"]
	client.headers["Authorization"] = "Bearer " + device_token

	resp = client.post("http://localhost:17960/api_v2/task_list/get",
	json={"group_state": "ALL", "sort_order": "", "sort_key": ""})

	print(resp.content)