本文仅用于X-Tiao个人研究和学习,禁止商用
分析过程
User个人信息以及最近对局战绩信息接口
打开HttpCanary蓝鸟进入完美APP,发现所有个人最近信息最关键的接口是/api/v2/home/validUser?sign=xxx。
提取出接口关键信息,发现鉴权比较关键的字段如下:
- 接口请求sign
- accessToken
- device
- platform
其中device和platform以及accessToken应该完美是存在一张表里联查的,改动其中一个都会报“账号不存在”。
然后就是直接raw的body里面放json格式内容正常post请求了。
{"mySteamId":"xx","gameTypeStr":"2","steamId":"xx","accessToken":"xx","dataSource":3,"pageSize":20,"csgoSeasonId":"S11","pvpType":-1,"page":1}
可以看到有赛季字段以及重复的accessToken,还有分页的字段,根据需要自己调整。
暂时没有发现这些身份验证信息的超时属性,请求接口成功后会返回账号基本信息如下(数据已经脱敏,不可直接使用):
{
"statusCode": 0,
"errorMessage": "",
"data": [
{
"group": "user-info",
"data": {
"steam_id64": "xx",
"steam_id": xx,
"name": "xx",
"avatar": "https://cdn.wmpvp.com/avatars/xx.jpg",
"followed": false
}
},
{
"group": "basic-data",
"data": {
"steamId": null,
"vac": false,
"userForbidDTO": null,
"banType": 0,
"rank": 0,
"friendCode": "xx-xx",
"public": true
}
},
{
"group": "match",
"data": [
{
"matchId": "PVP@x",
"playerId": "x",
"honor": null,
"k4": 0,
"k5": 0,
"matchScore": 0.0,
"mapUrl": "https://www.csgo.com.cn/images/maps/jianying/map_inferno.jpg",
"mapLogo": "https://www.csgo.com.cn/images/maps/logo/inferno.png",
"mapName": "炼狱小镇",
"steamName": null,
"steamAvatar": null,
"team": 2,
"winTeam": 2,
"score1": 9,
"score2": 16,
"rating": 0.74,
"pwRating": 0.87,
"leaveTime": "2023-07-07 22:51x4:52",
"startTime": "2023-07-07 22:524:52",
"endTime": "2023-07-07 213:315:24",
"timeStamp": x,
"pageTimeStamp": x,
"kill": 13,
"botKill": 0,
"negKill": 0,
"death": 17,
"assist": 15,
"duration": 410,
"dataSource": 3,
"cupName": null,
"roundRemark": null,
"mode": "天梯普通对局",
"pvpScore": 111120,
"pvpScoreChange": 29,
"pvpMvp": false,
"pvpNormalRank": null,
"greenMatch": false,
"mvp": false
}
]
}
]
}
这样steam信息和最近对局状态就成功拿到了。
完美时刻动态接口
同样的步骤,直接拿完美时刻的api,地址如下:
/acty/community/moments/getPersonalMoments?pageNum=1&pageSize=20&toUserId=xx&token=xx&type=3&year=2023
header同上,GET请求,返回内容中即包含所有完美时刻信息和视频地址