(Why add pc because the mobile version webpage seems to be unencrypted)
First, we open a manga directory page and press F12, we can see that the api requesting the directory returns a bunch of hexadecimal
Entering the js file that initiates this network request, we can see the eval blah blah
The function inside eval returns a string, save it into the js file, use whistle to replace the requested file, find the callback function for the http request in Firefox, set a breakpoint (mainly found 'url': _0x1edb91 + _0x2f1f('0x19') + _0x124534 + '/chapters','success': function(){blah blah} here).
Running to line 155, we find the decrypted json exists in _0x336148. Lines 147, 148 are two function calls, a.b.c.d is written in the form of a[b][c][d]. After evaluating the expressions in the brackets one by one, we find that the function is xxx.enc.hex.parse, search the function name, find the related content of CryptoJS and conclude that AES decryption is being used here. The password is dio on line 144, the iv offset value is _0x513f33 on line 146. At this point, directly decrypting with the result from the json won't work, comparing we find that _0x2bee4f is 16 characters shorter than result, and these 16 characters are the offset value. Remove it and then decrypt to get the directory.
Next is the manga reading page
F12 didn't find an api call, but the images are lazy-loaded. Looking at the source code we find...
The decryption method here is the same as above.