Encrypted MP3's (MP3_160_ENC)

[samsnyder]

So I scraped the new Protobuf layout from Spotify's javascript file, and it seems that value '7' in AudioFormat is "MP3_160_ENC", which I am guessing is an encrypted MP3.

For some tracks, sending "sp/track_uri" with args ["mp3160", songid] sends a "Failed to send to backend" #116 or a "TrackError: Account subscription status not Spotify Premium" #111 .

Instead, you must send a "sp/track_uri2" command with args [songid, fileid]. This is what the web player currently does. Unfortunately though, there is no "MP3_160" file id for songs now, only a "MP3_160_ENC" file id, that then gives you a URL for an encoded MP3.

Has anyone else seen this or know of a way of decrypting the MP3's to stream? I imagine it must be some flash applet that does the decrypting.

[amagus]

After some investigation I found out that the server replies an "album_art" message right after a "track_uri2" call. And it contains a javascript code which, when eval'd, returns what appears to be a key to the player.

The bad thing is that they don't use any conventional encryption system and they compiled the functions on the swf using flascc. We will have bad time in order to figure out how they do it.

[juanmito]

Hi.

I've receiving the message "Failed to send to backend" too. Just a tip: amagus, maybe the trouble could be similar to the pingpong issue??

[amagus]

This is harder than the pingpong issue since the full decoding of the MP3 would be needed. And does not communicate back to the server, it simply play the file.

I still have no clue in how to do this rather than looking instruction by instruction on the flascc generated code.

[juanmito]

I couldn't get that message (album_art). How did you found it?

[amagus]

It's a message sent by the server right after replying the track_uri2 request. http://imgur.com/YEGaFuB

[ghost]

Hi, I'm debugging it now. How can I get the FileID? I don't find it in the track object.

[ghost]

Actually its symmetric RC4, SHA-1 HMACs and good ol' XOR. Got a few notes here. Should have something in a few days.

[amagus]

wow. nice work guys!

[denysvitali]

Actually the guys from the Shigawire's fork of node-spotify-web figured out how to fix the issue

[eartle]

I've not been getting the 'album_art' message for about a week now so it just hangs. Is that happening (no happening) for anyone else?