Recently, a phenomenon-level barrage game has appeared on the short video platform, called "barrage interactive game". Everyone can see what this is after watching a video. Thanks at the same time https://github.com/xgxkxaxl/x-ladon-x-argus-x-gorgon-x-khronos Author's algorithm test provided.

As a technology, we don't do too much research on the business logic behind it (after all, the market has confirmed that the market effect of this game is very good), let's study its technical implementation principle

Because Shaking Dad is extremely sensitive to the word DY, let's use the tiktok mobile terminal to see the entire technical implementation plan this time.

1. Find the live broadcast entrance

1. Open tiktok, click live in the upper left corner

 

2. Capture packets

Found the wss push link beginning with "webcast16-ws-useast5.us.tiktokv.com/webcast/im/push/"

This is the websockes long link used to establish communication with the user in the live broadcast room. First look at the request parameters:

live_region:                  US
app_language:                 en
app_type:                     normal
channel:                      googleplay
device_type:                  pixel
language:                     en
rid:                          7167623950695271194
resolution:                   1080*2180
update_version_code:          202270101
cdid:                         b0a5c09c-061e-4fc8-aed1-00359b33d9e4
sys_region:                   US
uoo:                          1
timezone_name:                Canada/Eastern
residence:                    US
ac:                           wifi
effect_sdk_version:           12.3.0
current_network_quality_info: {"tcp_rtt":15,"quic_rtt":15,"http_rtt":258,"downstream_throughput_kbps":2214,"quic_send_loss_rate":-1,"quic_receive_loss_rate":-1,"net_effective_connection_type":4,"video_download_speed":1411}
device_id:                    7164618779888174635
compress:                     gzip
mcc_mnc:                      310680
version_code:                 270101
ab_version:                   27.1.1
live_id:                      12
device_platform:              android
region:                       US
aid:                          1233
room_id:                      7167623950695271194
cursor:                       1668844203887_7167631274004190978_7167631274004185088_1
manifest_version_code:        202270101
_rticket:                     1668846676392
current_region:               US
iid:                          7164619543654025001
host_abi:                     arm64-v8a
locale:                       en
openudid:                     775a74e09dd2402a
sid:                          f9532b5505890b3346904344a935e625
ac2:                          wifi5g
os_api:                       28
identity:                     audience
webcast_locale:               en_US
dpi:                          480
carrier_region:               US
os_version:                   9
timezone_offset:              -18000
carrier_region_v2:            310
webcast_sdk_version:          2500
imprp:                        u4qrACnHc7yQG
app_name:                     musical_ly
version_name:                 27.1.1
device_brand:                 pixel
op_region:                    US
webcast_language:             en
build_number:                 27.1.1
ts:                           1668844203
aid:                          1233
device_id:                    7164618779888174638
access_key:                   c810b464bad1c8b5114fc55bf0bafa35
fpid:                         9
sdk_version:                  3
iid:                          7164619543654025001
pl:                           0
ne:                           1
version_code:                 270101
ttnet_ignore_offline:         1

After testing, several parameters are necessary:

rid, room_id, iid, device_id, imprp, cursor, if there is one less of these parameters, the connection cannot be established

ok, then we will generate the above parameters one by one

3. Generate parameters

1. rid and room_id

There are two options

(1) One is to obtain the room_id through the user/interface of the mobile phone

The amount of data requested by this method is very small, and the room_id field is 0 after the user downloads. And the data feedback is timely, but the device algorithm and xaxl algorithm are required

 

(2) Request via pc

This method does not require device and xaxl, but the room_id exists forever, and the user's download also exists, so it is impossible to obtain whether the live room is closed.

In fact, I prefer to use the first method, which is stable and timely. The second is the bottom line

2. device_id and iid

Generated with Daxie's device generation algorithm

https://github.com/xgxkxaxl/x-ladon-x-argus-x-gorgon-x-khronos

 3,imprp, cursor

These two parameters cannot be found at a glance. We look up and find that

"webcast16-normal-useast5.us.tiktokv.com/webcast/im/fetch/ "The keyword at the beginning of the request has this keyword, so we simulate the request for the link, which requires several core encryption parameters:

x-gorgon
x-khronos
x-argus
x-ladon

And device information, continue to use the algorithm provided by the boss

Then the obtained data is protobuf-escaped data, we have to write a proto file for the definition of apk.

 

py file converted into pb2

protoc tiktok.proto --python_out ./

Then parse the content and find the following data (take part):

In this way, the complete wss link comes out

3. Construct and request the link of the live broadcast room

ok, stroke it again

1. Get device data

2. Structure " webcast16-normal-useast5.us.tiktokv.com/webcast/im/fetch/  "ask

3. Obtain encrypted parameters and request url

4. Parse protobuf data, get imprp, cursor

5. Construct wss link

6. Establish a long wss link and analyze the protobuf data (the mobile terminal is not easy to record the code synchronously, take the pc as an example)

4. Interaction between barrage and games

This part has a lot of content, so we will continue in the next issue. . .