首先从 miyoushe 官网下载 apk,然后使用 jadx 反编译 apk。

文章 中可知生成 DS 算法的位置位于 com.mihoyo.hyperion.net 包内,

使用 jadx 打开到对应目录,可以找到 bbbbb.a2222aaaaa.a2222aaaaa.b5555,分别为 DS1 DS2 的算法实现。

预览

右键方法名,选择 Find Usage,可以看到对应的实现。

预览 预览 预览

可以看到 DS LK2 K2 相关的加密算法,通过相关函数输入到 bbbbb.a2222 方法中,找到函数的参数,即为 salt

预览

下面以 DS 为例,把传入 bbbbb.a2222 方法的方法与参数拷贝出来,稍加修改,得到下面的代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
import java.util.ArrayList;
import java.util.Collection;

public class Main {

public static void main(String[] args) {
System.out.println(f1(f276382k));
}

public static final int[] f276382k = {192, -74, 180, 222, 90, 198, -177147, -84, -66, 126, 168, 156, 186, 66, -88, -4782969, 126, 216, -98, -118, -88, -4782969, -86, 180, 216, 102, 156, 126, -100, -59049, -177147, 198};

public static String f1(int[] iArr) {
int i11;
StringBuilder sb2 = new StringBuilder();
ArrayList<Number> arrayList = new ArrayList(iArr.length);
for (int i12 : iArr) {
if (i12 < 0) {
i11 = ((double) (-i12)) >= Math.pow(3.0d, 6.0d) ? (int) (((Math.log(-i12) / Math.log(3.0d)) - 6) + 48) : ~i12;
} else {
i11 = (i12 / 3) + 48;
}
arrayList.add(Integer.valueOf(i11));
}
ArrayList arrayList2 = new ArrayList(Z(arrayList, 10));
for (Number number : arrayList) {
sb2.append((char) number.intValue());
arrayList2.add(sb2);
}
String sb3 = sb2.toString();
return sb3;
}

public static final <T> int Z(Iterable<? extends T> iterable, int i11) {
return iterable instanceof Collection ? ((Collection) iterable).size() : i11;
}

}

运行后得到 pIlzNr5SAZhdnFW8ZxauW8UlxRdZc45r 即为 salt,带入到相关 api 验证一下,成功。

ref

  • https://github.com/skylot/jadx
  • https://github.com/UIGF-org/mihoyo-api-collect/issues/1
  • https://github.com/Azure99/GenshinPlayerQuery/issues/20

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# htk-inject-system-cert.sh
set -e # Fail on error
# Create a separate temp directory, to hold the current certificates
# Without this, when we add the mount we can't read the current certs anymore.
mkdir -m 700 /data/local/tmp/htk-ca-copy
# Copy out the existing certificates
cp /system/etc/security/cacerts/* /data/local/tmp/htk-ca-copy/
# Create the in-memory mount on top of the system certs folder
mount -t tmpfs tmpfs /system/etc/security/cacerts
# Copy the existing certs back into the tmpfs mount, so we keep trusting them
mv /data/local/tmp/htk-ca-copy/* /system/etc/security/cacerts/
# Copy our new cert in, so we trust that too
# cp /data/local/tmp/c88f7ed0.0 /system/etc/security/cacerts/
cp /data/misc/user/0/cacerts-added/* /system/etc/security/cacerts/
# Update the perms & selinux context labels, so everything is as readable as before
chown root:root /system/etc/security/cacerts/*
chmod 644 /system/etc/security/cacerts/*
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
# Delete the temp cert directory & this script itself
rm -r /data/local/tmp/htk-ca-copy
# rm ${injectionScriptPath}
echo "System cert successfully injected"
  • ref: http://91fans.com.cn/post/certificate/#gsc.tab=0

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
docker run -d \
--name registry \
--restart always \
-p 5000:5000 \
-v "${STORAGE_DATA_DIR}/registry":/var/lib/registry \
registry:2.8.2

docker run -d \
--name registry-ui \
--restart always \
-p 5001:80 \
-e SINGLE_REGISTRY=true \
-e SHOW_CONTENT_DIGEST=true \
-e NGINX_PROXY_PASS_URL="http://${REGISTER_IP_ADDR}:5000" \
joxit/docker-registry-ui:2.5.0

新增 /etc/rancher/k3s/registries.yaml 文件,并添加以下内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
mirrors:
"hub.docker.local:5000":
endpoint:
- "http://hub.docker.local:5000"
"docker.io":
endpoint:
- "http://hub.docker.local:5000"
"k8s.gcr.io":
endpoint:
- "http://hub.docker.local:5000"
"quay.io":
endpoint:
- "http://hub.docker.local:5000"

k3s 的配置支持镜像地址重写,如果拉去镜像 quay.io/prometheus/prometheus:v2.27.1 可以重写到 hub.docker.local:5000/prometheus/prometheus:v2.27.1

而本地只需要拉去相关镜像然后 docker tag xxx hub.docker.local:5000/xxx 即可。