Mangarock got reversed enginerred
Tool used:
- CFR
- Xposed
- MITM
- Frida
They hashing algorithm is still XXhash just some change in their salt which is provided below.
-
Endpoint
https://api.mangarockhd.com/query/android402/ -
Headers
{
'qtoken': token(url),
'Device': 'zAMFdi5nFx',
}
- Token
'4'+XXhash.xxh64("#{url}:425bd0ffd40bfaefbd184ea34e85d5042c8e74716f6e9f770cefbadba395782b",0).to_s(16)They changed their hashing algorithm to XXhash (fast and secure hashing algorithm) and the secret in the hash was generated from a single function, I didn't even bother to read the code.
CloudFlare blocked my crawling server for the first time
-
Endpoint
https://api.mangarockhd.com/query/android375/ -
Headers
{
'QToken': token(url),
'Device': 'zAMFdi5nFx',
}
- Token
'3'+XXhash.xxh64("#{url}:37184c86f461744eacf1e0422ee42c8acd678e25c6d06f06b7d723721e331270",0).to_s(16)This time they start to verify QToken
-
Endpoint
https://api.mangarockhd.com/query/android312/ -
Headers
{
'QToken': token(url),
'Device': 'zAMFdi5nFx',
}
- Token
md5(md5(md5(url)+"mr")+"nabvn")-
Endpoint
https://api.mangarockhd.com/query/android312/ -
Headers
{
'QToken': token(url),
'Device': 'zAMFdi5nFx',
}
- Token
md5(md5(md5(url)+"mr")+"nabvn")They introduced ReactNative code inside their binary and leak the Token generator in the JS code. Their server didn't validate the QToken at that time.
-
Endpoint
https://api.mangarockhd.com/query/ios383/ -
Headers
{
'QToken': token(url),
'Device': 'zAMFdi5nFx',
}
- Token
md5(md5(md5(url)+"mr")+"nabvn")- Endpoint
http://mr2.mangarockhd.com/queryv2/mrquery4040world.php - No signing required
- Endpoint
http://mr2.mangarockhd.com/queryv2/mrquery4020world.php - No signing required
- Endpoint
http://mr2.mangarockhd.com/queryv2/mrquery4012world.php - No signing required
Contact me and we can have a talk.