feat: support for ximalaya-pc v4.0.2 generated files

Cargo.toml

@@ -20,6 +20,8 @@ debug = 2
 strip = false
 
 [dependencies]
+aes = "0.8.4"
+cbc = "0.1.2"
 argh = "0.1.12"
 base64 = "0.21.7"
 bincode = "1.3.3"

README.md

@@ -15,6 +15,7 @@
   - `kwm` / AI 升频 `mflac` [^kuwo_mflac]
 - 喜马拉雅
   - 安卓客户端 `x2m` / `x3m` [^x3m]
+  - PC 客户端 `xm`
 
 [^qm_mflac]: 安卓需要提取密钥数据库；PC 端需要提供密钥数据库以及解密密钥。
 [^kuwo_mflac]: 需要在有特权的安卓设备提取密钥文件: `/data/data/cn.kuwo.player/files/mmkv/cn.kuwo.player.mmkv.defaultconfig`

src/bin/cli/cli_error.rs

@@ -1,6 +1,6 @@
 use thiserror::Error;
 
-use parakeet_crypto::crypto::{kugou, kuwo, tencent};
+use parakeet_crypto::crypto::{kugou, kuwo, tencent, ximalaya_pc};
 
 #[derive(Debug, Error)]
 pub enum ParakeetCliError {
@@ -31,6 +31,9 @@ pub enum ParakeetCliError {
     #[error("Failed to init kuwo cipher: {0}")]
     KuwoCipherInitError(kuwo::InitCipherError),
 
+    #[error("Cipher error: {0}")]
+    XimalayaPcError(ximalaya_pc::Error),
+
     #[error("Unspecified error (placeholder)")]
     #[allow(dead_code)]
     UnspecifiedError,
@@ -53,3 +56,9 @@ impl From<kuwo::InitCipherError> for ParakeetCliError {
         Self::KuwoCipherInitError(error)
     }
 }
+
+impl From<ximalaya_pc::Error> for ParakeetCliError {
+    fn from(error: ximalaya_pc::Error) -> Self {
+        Self::XimalayaPcError(error)
+    }
+}

src/bin/cli/cli_handle_ximalaya_pc.rs

@@ -0,0 +1,75 @@
+use std::fs::File;
+use std::io::{Read, Seek, SeekFrom, Write};
+
+use argh::FromArgs;
+
+use parakeet_crypto::crypto::ximalaya_pc;
+
+use crate::cli::cli_error::ParakeetCliError;
+use crate::cli::logger::CliLogger;
+use crate::cli::utils::CliFilePath;
+
+/// Handle Ximalaya PC encryption/decryption.
+#[derive(Debug, Eq, PartialEq, FromArgs)]
+#[argh(subcommand, name = "ximalaya-pc")]
+pub struct Options {
+    /// input file name/path
+    #[argh(option, short = 'i', long = "input")]
+    input_file: CliFilePath,
+
+    /// output file name/path
+    #[argh(option, short = 'o', long = "output")]
+    output_file: CliFilePath,
+}
+
+pub fn handle(args: Options) -> Result<(), ParakeetCliError> {
+    let log = CliLogger::new("Kugou");
+
+    let mut src = File::open(args.input_file.path).map_err(ParakeetCliError::SourceIoError)?;
+    let mut dst =
+        File::create(args.output_file.path).map_err(ParakeetCliError::DestinationIoError)?;
+
+    let mut buffer = vec![0u8; 1024];
+    src.read_exact(&mut buffer)
+        .map_err(ParakeetCliError::SourceIoError)?;
+
+    let hdr = match ximalaya_pc::Header::from_bytes(&buffer) {
+        // in case our buffer was too small...
+        Err(ximalaya_pc::Error::InputTooSmall(n, _)) => {
+            buffer.resize(n, 0);
+
+            src.seek(SeekFrom::Start(0))
+                .and_then(|_| src.read_exact(&mut buffer))
+                .map_err(ParakeetCliError::SourceIoError)?;
+            ximalaya_pc::Header::from_bytes(&buffer)?
+        }
+        res => res?,
+    };
+
+    log.debug(format!(
+        "cipher: len(stolen_bytes)={}, cipher_len={}, data_start={}",
+        hdr.stolen_header_bytes.len(),
+        hdr.encrypted_header_len,
+        hdr.data_start_offset,
+    ));
+
+    // read encrypted part 2 data, and decrypt it
+    buffer.resize(hdr.encrypted_header_len, 0);
+    src.seek(SeekFrom::Start(hdr.data_start_offset as u64))
+        .and_then(|_| src.read_exact(&mut buffer))
+        .map_err(ParakeetCliError::SourceIoError)?;
+    let decrypted_part_2 = ximalaya_pc::decipher_part_2(&hdr, &buffer)?;
+
+    // write all parts to dst.
+    dst.write_all(&hdr.stolen_header_bytes)
+        .and_then(|_| dst.write_all(&decrypted_part_2))
+        .and_then(|_| std::io::copy(&mut src, &mut dst))
+        .map_err(ParakeetCliError::DestinationIoError)?;
+
+    let bytes_written = dst
+        .stream_position()
+        .map_err(ParakeetCliError::DestinationIoError)?;
+    log.info(format!("decrypt: done, written {} bytes", bytes_written));
+
+    Ok(())
+}

src/bin/cli/commands.rs

@@ -17,4 +17,5 @@ pub enum Command {
     Kugou(cli_handle_kugou::Options),
     Kuwo(cli_handle_kuwo::Options),
     XimalayaAndroid(cli_handle_ximalaya_android::Options),
+    XimalayaPc(cli_handle_ximalaya_pc::Options),
 }

src/bin/cli/mod.rs

@@ -10,6 +10,7 @@ mod cli_handle_kuwo;
 mod cli_handle_qmc1;
 mod cli_handle_qmc2;
 mod cli_handle_ximalaya_android;
+mod cli_handle_ximalaya_pc;
 
 pub fn parakeet_main() {
     let options: commands::CliOptions = argh::from_env();
@@ -27,6 +28,7 @@ pub fn parakeet_main() {
         Command::Kugou(options) => cli_handle_kugou::handle(options),
         Command::Kuwo(options) => cli_handle_kuwo::handle(options),
         Command::XimalayaAndroid(options) => cli_handle_ximalaya_android::handle(options),
+        Command::XimalayaPc(options) => cli_handle_ximalaya_pc::handle(options),
     };
 
     match cmd_result {

src/crypto/mod.rs

@@ -4,3 +4,4 @@ pub mod kugou;
 pub mod kuwo;
 pub mod tencent;
 pub mod ximalaya_android;
+pub mod ximalaya_pc;

src/crypto/ximalaya_pc/cipher.rs

@@ -0,0 +1,59 @@
+use crate::crypto::ximalaya_pc::{Error, Header};
+use aes::cipher::block_padding::Pkcs7;
+use aes::cipher::{BlockDecryptMut, KeyIvInit};
+use base64::{engine::general_purpose::STANDARD as Base64, DecodeError, Engine as _};
+
+type Aes192CbcDec = cbc::Decryptor<aes::Aes192>;
+type Aes256CbcDec = cbc::Decryptor<aes::Aes256>;
+
+const STAGE_1_KEY: &[u8; 32] = include_bytes!("data/stage_1.bin");
+
+fn decode_deciphered_content<T: AsRef<[u8]>>(buf: T) -> Result<Vec<u8>, DecodeError> {
+    Base64.decode(buf)
+}
+
+fn stage_1_decipher<T: AsRef<[u8]>>(buf: T, iv: &[u8; 16]) -> Result<Vec<u8>, Error> {
+    let mut temp = Vec::from(buf.as_ref());
+
+    // aes-256-cbc decryption
+    let buf = Aes256CbcDec::new(STAGE_1_KEY.into(), iv.into())
+        .decrypt_padded_mut::<Pkcs7>(&mut temp)
+        .map_err(Error::Stage1PadError)?;
+
+    decode_deciphered_content(buf).map_err(Error::Stage1CipherDecodeError)
+}
+
+fn stage_2_decipher<T: AsRef<[u8]>>(buf: T, key_iv: &[u8; 24]) -> Result<Vec<u8>, Error> {
+    let mut temp = Vec::from(buf.as_ref());
+
+    // aes-192-cbc decryption
+    let buf = Aes192CbcDec::new(key_iv.into(), key_iv[..16].into())
+        .decrypt_padded_mut::<Pkcs7>(&mut temp)
+        .map_err(Error::Stage2PadError)?;
+
+    decode_deciphered_content(buf).map_err(Error::Stage2CipherDecodeError)
+}
+
+/// Decrypt header
+/// `part_2_data` should contain at least `hdr.encrypted_header_len` bytes.
+/// Note:
+/// - Read & parse header from file
+/// - Seek to `hdr.data_start_offset`, read `hdr.encrypted_header_len`.
+/// - call `decipher_header` to decrypt.
+/// - build the final file:
+///   - File header - `hdr.stolen_header_bytes`
+///   - Decrypted `part_2_data` after calling this method
+///   - Seek to `hdr.data_start_offset + hdr.encrypted_header_len`, copy till EOF.
+pub fn decipher_part_2(hdr: &Header, part_2_data: &[u8]) -> Result<Vec<u8>, Error> {
+    if part_2_data.len() < hdr.encrypted_header_len {
+        Err(Error::InputTooSmall(
+            hdr.encrypted_header_len,
+            part_2_data.len(),
+        ))?;
+    }
+
+    let buf = &part_2_data[..hdr.encrypted_header_len];
+    let buf = stage_1_decipher(buf, &hdr.stage_1_iv)?;
+    let buf = stage_2_decipher(buf, &hdr.stage_2_key)?;
+    Ok(buf)
+}

src/crypto/ximalaya_pc/data/stage_1.bin

@@ -0,0 +1 @@
+ximalayaximalayaximalayaximalaya

src/crypto/ximalaya_pc/header.rs

@@ -0,0 +1,123 @@
+use base64::{engine::general_purpose::STANDARD as Base64, Engine as _};
+use byteorder::{ByteOrder, BE};
+use std::str::FromStr;
+
+fn parse_safe_sync_u32(v: u32) -> u32 {
+    let a = v & 0x00_00_00_7f;
+    let b = (v & 0x00_00_7f_00) >> 1;
+    let c = (v & 0x00_7f_00_00) >> 2;
+    let d = (v & 0x7f_00_00_00) >> 3;
+    a | b | c | d
+}
+
+fn from_utf16_le(data: &[u8]) -> Vec<u8> {
+    data.chunks(2)
+        .map_while(|chunk| match chunk[0] {
+            0 => None,
+            v => Some(v),
+        })
+        .collect()
+}
+
+pub struct Header {
+    pub data_start_offset: usize,
+    pub encrypted_header_len: usize,
+    pub stage_1_iv: [u8; 16],
+    /// aes-192, key length = 24-bytes (first 16 byte is also re-used as its iv)
+    pub stage_2_key: [u8; 24],
+    pub stolen_header_bytes: Box<[u8]>,
+}
+
+const MAGIC_ID3: [u8; 3] = *b"ID3";
+
+impl Header {
+    pub fn from_bytes<T: AsRef<[u8]>>(data: T) -> Result<Self, super::Error> {
+        let data = data.as_ref();
+        if data.len() < 10 {
+            Err(super::Error::InputTooSmall(10, data.len()))?;
+        }
+        if !data.starts_with(&MAGIC_ID3) {
+            Err(super::Error::InvalidId3Header)?;
+        }
+        let hdr_size = parse_safe_sync_u32(BE::read_u32(&data[6..]));
+        let data_start_offset = hdr_size as usize + 10;
+        if data.len() < data_start_offset {
+            Err(super::Error::InputTooSmall(data_start_offset, data.len()))?;
+        }
+
+        let mut offset = 10usize;
+
+        let mut result = Self {
+            data_start_offset,
+            encrypted_header_len: 0,
+            stage_1_iv: [0u8; 16],
+            stage_2_key: [0u8; 24],
+            stolen_header_bytes: Box::new([]),
+        };
+
+        while offset < data_start_offset {
+            if offset + 10 >= data_start_offset {
+                Err(super::Error::UnexpectedHeaderEof(offset))?;
+            }
+
+            let tag_name = &data[offset..offset + 4];
+            offset += 4;
+            let tag_size = BE::read_u32(&data[offset..]) as usize;
+            offset += 4;
+
+            offset += 2; // flags - not used/ignored
+
+            if offset + tag_size > data_start_offset {
+                Err(super::Error::UnexpectedHeaderEof(offset))?;
+            }
+
+            // 01 ff fe ignored - those are encoding marks. All fields are in unicode anyway...
+            // src: https://web.archive.org/web/2020/https://id3.org/id3v2.3.0#ID3v2_frame_overview
+            // > If ISO-8859-1 is used this byte should be $00, if Unicode is used it should be $01.
+            // > Unicode strings must begin with the Unicode BOM ($FF FE or $FE FF) to identify the byte order.
+            let tag_data = &data[offset + 3..offset + tag_size];
+            offset += tag_size;
+
+            match tag_name {
+                b"TSIZ" => {
+                    let tag_len_str = from_utf16_le(tag_data);
+                    let tag_len_str = String::from_utf8_lossy(tag_len_str.as_slice());
+                    let header_len = u32::from_str(&tag_len_str)
+                        .map_err(super::Error::DeserializeHeaderValueInt)?;
+                    result.encrypted_header_len = header_len as usize;
+                }
+                b"TSRC" | b"TENC" => {
+                    let tag_data = from_utf16_le(tag_data);
+                    let buf_stage1_key =
+                        hex::decode(tag_data).map_err(super::Error::DeserializeHeaderValueHex)?;
+                    if buf_stage1_key.len() != result.stage_1_iv.len() {
+                        Err(super::Error::InvalidData(offset))?;
+                    }
+                    result.stage_1_iv.copy_from_slice(&buf_stage1_key);
+                }
+                b"TSSE" => {
+                    let tag_data = from_utf16_le(tag_data);
+                    let stolen_header = Base64
+                        .decode(tag_data)
+                        .map_err(super::Error::DeserializeHeaderValueBase64)?;
+                    result.stolen_header_bytes = stolen_header.into_boxed_slice();
+                }
+                b"TRCK" => {
+                    let mut tag_data = from_utf16_le(tag_data);
+                    let mut key = *b"123456781234567812345678";
+                    if tag_data.len() > 24 {
+                        tag_data.drain(..24 - tag_data.len());
+                    }
+                    let left = key.len() - tag_data.len();
+                    key[left..].copy_from_slice(&tag_data);
+                    result.stage_2_key = key;
+                }
+                _ => {
+                    // ignored
+                }
+            }
+        }
+
+        Ok(result)
+    }
+}

src/crypto/ximalaya_pc/mod.rs

@@ -0,0 +1,46 @@
+use aes::cipher::block_padding::UnpadError;
+use hex::FromHexError;
+use std::num::ParseIntError;
+use thiserror::Error;
+
+mod cipher;
+mod header;
+
+pub use cipher::decipher_part_2;
+pub use header::Header;
+
+#[derive(Debug, Error)]
+pub enum Error {
+    #[error("file does not begin with a valid ID3 header")]
+    InvalidId3Header,
+
+    #[error("Input buffer too small. Expected at least {0} bytes, got {0} bytes.")]
+    InputTooSmall(usize, usize),
+
+    #[error("Unexpected EOF while parsing header at offset {0}")]
+    UnexpectedHeaderEof(usize),
+
+    #[error("Could not deserialize an integer: {0}")]
+    DeserializeHeaderValueInt(ParseIntError),
+
+    #[error("Could not deserialize a hex str to vec: {0}")]
+    DeserializeHeaderValueHex(FromHexError),
+
+    #[error("Could not deserialize a base64 str to vec: {0}")]
+    DeserializeHeaderValueBase64(base64::DecodeError),
+
+    #[error("Failed to parse at offset: {0}")]
+    InvalidData(usize),
+
+    #[error("Failed to decrypt data (stage 1, pkcs#7 padding error): {0}")]
+    Stage1PadError(UnpadError),
+
+    #[error("Failed to decrypt data (stage 1, b64 decode)")]
+    Stage1CipherDecodeError(base64::DecodeError),
+
+    #[error("Failed to decrypt data (stage 2, pkcs#7 padding error): {0}")]
+    Stage2PadError(UnpadError),
+
+    #[error("Failed to decrypt data (stage 2, b64 decode)")]
+    Stage2CipherDecodeError(base64::DecodeError),
+}