anishio/docs/analyzed.md

# ani-cli Codebase Analysis: How It Retrieves Anime Episodes

Based on the exploration of the `ani-cli` repository, here is how the application works behind the scenes to fetch anime episodes. The application utilizes a `bash` script which operates primarily by scraping and making API requests to `allanime` endpoints.

### 1. The Target API
`ani-cli` points to a GraphQL API backend:
*   **Base URL**: `https://api.allanime.day/api` (constructed from `allanime_base="allanime.day"`)
*   **Referrer Policy**: To bypass basic bot protections, it explicitly sets the HTTP Referer header to `https://allmanga.to` (`$allanime_refr`) and passes a user-agent.

### 2. Searching & Episode Lists via GraphQL
The codebase uses specific embedded GraphQL queries encoded within the bash script, sent via `curl -X POST`.
*   **Search**: It queries `shows(search: ...)` using a query named `search_gql` to find titles and returns their respective `_id` and episode count.
*   **Episode Listing**: Once an `_id` is found, it queries `episodes_list_gql` to retrieve a list of available episodes (e.g., `availableEpisodesDetail`) for the chosen sub/dub setting (`translationType`).

### 3. Fetching the Episode Video Links
When an episode is selected, `ani-cli` needs the embedded player source. It does this by making another GraphQL request using `episode_embed_gql`.
*   It passes the `$showId`, `$translationType` (sub or dub mode), and `$episodeString` (the episode number).
*   The API returns a JSON payload containing `sourceUrls`.

### 4. Bypassing Encryption (`tobeparsed`)
Sometimes, `allanime` obfuscates the video source URLs to prevent scraping. The API returns an encrypted base64 payload under the key `"tobeparsed"`.
*   `ani-cli` catches this field with `grep -q '"tobeparsed"'`.
*   It then routes the blob to a decryption function `decode_tobeparsed()`.
*   **The Decryption Method**: It extracts the IV (first 12 bytes of the decoded base64 string) and uses `openssl` to run AES-256-CTR decryption against the rest of the payload. 
*   **The Key**: The decryption key (`$allanime_key`) is dynamically generated by taking the SHA-256 hash of the hardcoded salt string: `Xot36i3lK3:v1`.

### 5. Link Generation & Processing
Once the embed URLs are decrypted (or retrieved plain), they are mapped to respective video providers using `generate_link()`. Providers include `wixmp` (the default), `youtube`, `sharepoint`, and `hianime`.
*   The `get_links()` function takes the direct links, hits them, and uses `sed` to extract `.mp4` URLs or `.m3u8` playlist files based on the provider format.
*   Subtitle URLs are also isolated if available.

### 6. Streaming or Downloading
Finally, these isolated stream links (along with the necessary referrer headers) are passed directly into standard media players like `mpv`, `vlc`, `android_vlc`, or downstream download managers like `aria2c`.

---

## Code Reference (Line Numbers)

Here are the exact line numbers in the `ani-cli` script where these specific mechanisms are implemented:

*   **API Configuration & Keys**:
    *   `allanime_refr="https://allmanga.to"`: **Line 405**
    *   `allanime_base="allanime.day"`: **Line 406**
    *   `allanime_api="https://api.${allanime_base}"`: **Line 407**
    *   `allanime_key` (The hardcoded AES key hash): **Line 408**
*   **GraphQL Queries**:
    *   `episode_embed_gql` (Fetching the video player URLs): **Line 227**
    *   `search_gql` (Searching for anime titles): **Line 257**
    *   `episodes_list_gql` (Getting available episodes): **Line 280**
*   **The Decryption Logic**:
    *   The `decode_tobeparsed()` function where the AES-256-CTR decryption happens: **Lines 211 - 221**
    *   The check that routes the response to the decryption function (`if printf "%s" "$api_resp" | grep -q '"tobeparsed"'; then`): **Line 230**

---

## Is this a partnership, or can you do it yourself?

**You can absolutely do this yourself.** This is **not** an official partnership. 

What the developers of `ani-cli` have done is known as **Reverse Engineering** and **Web Scraping**. When you watch a video on a site like *allanime* in your normal web browser, your browser has to know how to talk to their servers to get the video files. Because all of this happens on the client-side (in your browser), the instructions are visible if you know where to look.

Here is how developers (and how you can) figure this out for almost any website:

1.  **Network Tab Inspection**: If you open your browser's Developer Tools (F12) and go to the "Network" tab, you can see every request the website makes. If you search for an anime, you will see a `POST` request going to `https://api.allanime.day/api`. 
2.  **Payload Analysis**: By clicking on that network request, you can see exactly what data was sent (the GraphQL query) and what the server responded with (the JSON payload).
3.  **Bypassing Basic Protections**: Websites try to stop automated scripts from doing this by checking headers. The developers saw that the site checks the `Referer` header to make sure the request is coming from `https://allmanga.to`. So, they simply programmed `ani-cli` to fake that header (`curl -e "https://allmanga.to"`).
4.  **Finding Encryption Keys**: When the site started returning encrypted `"tobeparsed"` blobs instead of plain video URLs, the developers of `ani-cli` likely opened the "Sources" tab in their browser's Developer Tools, downloaded the website's obfuscated JavaScript files, and reverse-engineered how the web player decrypts the video. That's how they found the exact AES algorithm (`aes-256-ctr`) and the hardcoded salt string (`Xot36i3lK3:v1`).

**Can you do this?** 
Yes! You can use tools like Python (with `requests` and `BeautifulSoup`), Bash (like this script uses `curl`, `grep`, and `sed`), or NodeJS to replicate these exact network requests for any site. 

*Note: Because this is reverse-engineered, sites frequently change their API endpoints, encryption keys, or security measures to break scrapers, which is why tools like `ani-cli` require constant updates.*