we will be doing some analysis here with updates
Newest douyin/tiktok encryption for validating devices... Necessary for new devices being validated through newest apk version Can be encrypted/decrypted. mssdk
Encryption in hex format...
we can inject straight into some dynamic library / shared object
first decompile latest tiktok apk using jadx
after searching around for a bit we stumble upon hashmap values... in function LIZIZ() mostly obfuscated funcs to prevent snooping.
#investigating web mssdk encryption we see that the response is base64 encoded
#we will investigate in depth both encryptions should be the same
After going through many requests in web we sift through some js files and we have found obfuscated functions
or follow this link and inspect source https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.412/webmssdk.js
After looking at each function we can see this from this file in formatted version...
Time to go through each obfuscated function one by one this can be the confusing/tricky part but it can be done through this file...
we take a look at some functions in this file... and found
Try and follow the obfuscated function...no more updates for now....