Skip to content

Instantly share code, notes, and snippets.

View Last-Order's full-sized avatar
🍉

Eridanus Sora Last-Order

🍉
  • Trip.com
  • Shanghai, China
View GitHub Profile

ALyric

ALyric http://lyric.moesound.org/

ALyric 是一个可以和大家分享歌词的网站。

ALyric 支持将歌词以单句的形式展示,并提供了API,可以在第三方网站展示。

API 说明

"use strict"
var dict = {};
var appendToDict = (char) => {
if (dict[char]) dict[char]++
else dict[char] = 1;
}
var convert = (string) => {
string.toLowerCase().split('').map(appendToDict);
for (key of Object.keys(dict)) {
string = string.replace(new RegExp(key, 'ig'), dict[key] % 2 == 0 ? '\$' : '#');
"use strict"
var dict = {};
var appendToDict = char => {
if (dict[char]) dict[char]++
else dict[char] = 1;
}
var escapeRegExp = string => {
return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
}
var convert = string => {
@Last-Order
Last-Order / async_await.js
Last active October 26, 2016 08:45
async_await.js
function wait(delay) {
return new Promise((resolve, reject) => {
setTimeout(resolve, delay);
});
}
async function hello() {
await wait(delay);
console.log('executed');
}
@Last-Order
Last-Order / Who are you.md
Last active November 14, 2017 12:32
Who are you

进入界面,右上登录,Steam 账号授权。

然后进Home发现有infomationshopshop里可以买flag推测但显示余额不足。

购买动作的URL为http://gogogo.2017.hctf.io/shop/3,修改3为4可以发现调试模式没关,源码泄露。

 public function buy(Request $request)
    {
 $itemId = $request->route('id');
@Last-Order
Last-Order / gist:97392a9e270f65e5cdb1b1e1f52f1900
Last active November 28, 2019 03:05
# ShinyMas 请求分析

Idol Master Shiny Colors API 请求分析

本作与后台API的请求 payload,经过 WebAssembly 函数加密解密。XHR 请求返回格式为 JSON(经过加密)。图片、视频等资源文件路径加密但内容不加密。

封装了统一请求函数,位于app.js:1667,在app.js:1680调用 WebAssembly 对返回内容进行解密。

主要加解密函数

  1. decodeResponse(text, session)
const cryptojs = require('crypto-js');
const abemafresh = [1413502068, 2104980084, 1144534056, 1967279194, 2051549272, 860632952, 1464353903, 1212380503];
const url = "abemafresh://abemafresh/206437t2806498f02ad88f4aecd7aa2083a6374edef/2928e09b0fa322020bbe5d854eb92984";
const part1 = url.split('/')[3];
const part2 = url.split('/')[4];
const hash = cryptojs.HmacSHA256(part1, cryptojs.lib.WordArray.create(abemafresh));
const decryptResult = cryptojs.AES.decrypt(cryptojs.lib.CipherParams.create({
ciphertext: cryptojs.enc.Hex.parse(part2)
// ==UserScript==
// @name New Script
// @namespace Violentmonkey Scripts
// @match https://show.bilibili.com/platform/checkSeat.html?*
// @grant none
// ==/UserScript==
//
//
(async () => {
const open = XMLHttpRequest.prototype.open;

如何获得 Abema 的 Key

打开播放页面,开发者工具 Sources 面板。

libs/theoplayer/xxxxxx下找到theoplayer.js

搜索 u.send(),大约25229行,打一个断点,刷新。

@Last-Order
Last-Order / 1.js
Created October 16, 2018 15:43
test
var hexcase = 0
, b64pad = "=";
function b64_hmac_sha1(k, d) {
return rstr2b64(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d)))
}
function rstr_sha1(s) {
return binb2rstr(binb_sha1(rstr2binb(s), 8 * s.length))
}
function rstr_hmac_sha1(key, data) {
var bkey = rstr2binb(key);