Open maximilianosinski opened 9 months ago
Which were you seeing? Nothing has changed recently, so unless Spotify changed a feature flag I don't see why they wouldn't be logged
The handshake, authentication, MercuryReq's for stream reporting, now i see none. Im using latest script and spotify apk
any idea? still not showing
Could you upload/link the APK and show the output of the injector? If absolutely nothing is showing then the hooks probably failed
its the APK from the google play store.
Target: android
Executable: com.spotify.music
Binary: \\?\C:\Users\maxim\Documents\spoti\spotify-analyze-v2\needle\injector\target\release\liborbit-jni-spotify.so
Found ELF relocation 0x0000000000-0x00010641e0 -> 0x0000000000-0x00010641e0 (0x0000000000 - 0x0001065000)
Found ELF relocation 0x0001065000-0x000113b488 -> 0x0001065000-0x000113b488 (0x0001065000 - 0x000113c000)
Found ELF relocation 0x000113b488-0x0001168ab8 -> 0x000113c488-0x000119c7e0 (0x000113c000 - 0x000119d000)
Detected JNI for arm64-v8a
Found server public key at liborbit-jni-spotify.so:0x0000309138 Offset: 0x0000309138 Address: 0x0000309138
Found shannon constant at liborbit-jni-spotify.so:0x0000efa228 Offset: 0x0000efa228 Address: 0x0000efa228
Found shannon constant at liborbit-jni-spotify.so:0x0000efa898 Offset: 0x0000efa898 Address: 0x0000efa898
Found shannon constant at liborbit-jni-spotify.so:0x0000efc130 Offset: 0x0000efc130 Address: 0x0000efc130
Found function prologue at liborbit-jni-spotify.so:0x0000efa924 Offset: 0x0000efa924 Address: 0x0000efa924
Found function prologue at liborbit-jni-spotify.so:0x0000efb518 Offset: 0x0000efb518 Address: 0x0000efb518
Using offsets:
- shannon_offset1: 0x0000efa924
- shannon_offset2: 0x0000efb518
- server_public_key: 0x0000309138
Found package.json at C:\Users\maxim\Documents\spoti\spotify-analyze-v2\needle\package.json
Using script dir C:\Users\maxim\Documents\spoti\spotify-analyze-v2\needle
v21.5.0
Der Befehl "yarn" ist entweder falsch geschrieben oder
konnte nicht gefunden werden.
10.2.4
Der Befehl "yarn" ist entweder falsch geschrieben oder
konnte nicht gefunden werden.
Running command `"node" "C:\\Users\\maxim\\Documents\\spoti\\spotify-analyze-v2\\needle\\bootstrap.js" "--platform" "android" "--exec" "com.spotify.music" "--" "serverKey=0x309138" "shnAddr1=0xefa924" "shnAddr2=0xefb518"`
Spawned process 5037
[STATUS] Injected into process. Got arguments:
{
"serverKey": "0x309138",
"shnAddr1": "0xefa924",
"shnAddr2": "0xefb518"
}
[STATUS] Hooked dlopen
[INFO] android_dlopen_ext(/system/framework/oat/x86_64/org.apache.http.legacy.odex, 0 | RTLD_NOW, 0x7ffd6f347ed0)
[INFO] android_dlopen_ext(/data/app/~~i4dCf7Z54dkyZb3igcXAGg==/com.spotify.music-shjGOJ_OwFC4Htj-d9Py6A==/oat/x86_64/base.odex, 0 | RTLD_NOW, 0x7ffd6f348030)
[INFO] android_dlopen_ext(/data/app/~~i4dCf7Z54dkyZb3igcXAGg==/com.spotify.music-shjGOJ_OwFC4Htj-d9Py6A==/oat/x86_64/split_comscore_dynamic_wrapper.odex, 0 | RTLD_NOW, 0x7ffd6f348030)
[INFO] android_dlopen_ext(/system/framework/oat/x86_64/com.android.media.remotedisplay.odex, 0 | RTLD_NOW, 0x78c6bbe79a50)
[INFO] android_dlopen_ext(/system/lib64/arm64/nb/libtcb.so, 0 | RTLD_NOW, 0x7ffd6f3468f0)
[INFO] android_dlopen_ext(/system/framework/oat/x86_64/com.android.location.provider.odex, 0 | RTLD_NOW, 0x78c6bbe79a50)
[INFO] android_dlopen_ext(/data/dalvik-cache/x86_64/data@downloads@com.android.chrome@base.apk@classes.dex, 0 | RTLD_NOW, 0x78c6a59cd890)RTLD_NOW, 0x78c6bbe79bb0)
[INFO] android_dlopen_ext(libmonochrome.so, 0 | RTLD_NOW, 0x78c6a59cf330)
[INFO] android_dlopen_ext(/data/downloads/com.android.chrome/base.apk!/lib/x86_64/libmonochrome.so, 0 | RTLD_NOW, 0x78c6a59ce550)
[INFO] android_dlopen_ext(/system/lib64/libwebviewchromium_plat_support.so, 0 | RTLD_NOW, 0x78c6a59ce750)
[INFO] android_dlopen_ext(/data/app/~~TFHicueX9tBl_XAP92_T-Q==/com.google.android.gms-0P5Nq3xtrU0AvwBCOdG18w==/oat/x86_64/split_DynamiteModulesC.odex, 0 | RTLD_NOW, 0x7ffd6f346220)
Do you see the following lines after the ones you posted?
[STATUS] Spotify JNI loaded at 0x742361c000
[STATUS] Hooking shannon functions
[STATUS] Determined {0x7424516924 liborbit-jni-spotify.so!0xefa924} is shn_encrypt
[STATUS] Determined {0x7424517518 liborbit-jni-spotify.so!0xefb518} is shn_decrypt
[STATUS] Hooked shannon functions
If not then the script is failing to detect the library or it isn't being loaded. To check, you can run the following to spawn the app using frida:
frida -U -f com.spotify.music
Then once it finishes loading you can run this:
Process.enumerateModulesSync().filter(mod => mod.name.toLowerCase().includes("spotify"))
That should output the library, if it outputs an empty array then run the following and upload the output to hastebin then I'll take a look:
Process.enumerateModulesSync()
it says frida not found, but the frida-server is running,
You will need to install frida-tools, you can use pip or follow the installation guide:
pip install frida-tools
on the emulator or on my machine?
on your machine
when i execute your commands for e.g: Process.enumerateModulesSync()
i get a massive array.
and this one empty: Process.enumerateModulesSync().filter(mod => mod.name.toLowerCase().includes("spotify"))
Could you copy the result of Process.enumerateModulesSync()
and upload it to hastebin?
I've never seen that before, very interesting. Since the play store moved to split APKs there is no way to (easily) send one file that I can debug with, however if you want you could pull then upload all of the parts. Alternatively uninstall spotify and use an APK from e.g. uptodown.
If you want to pull and upload the play store parts, first find where they are:
adb shell pm path com.spotify.music
Which should give something like this:
package:/data/app/~~k5OtHVfrK7Xr-x_xRMaIDA==/com.spotify.music-rTKPV6IL4OiIDZtJjnwRmQ==/base.apk
package:/data/app/~~k5OtHVfrK7Xr-x_xRMaIDA==/com.spotify.music-rTKPV6IL4OiIDZtJjnwRmQ==/split_comscore_dynamic_wrapper.apk
package:/data/app/~~k5OtHVfrK7Xr-x_xRMaIDA==/com.spotify.music-rTKPV6IL4OiIDZtJjnwRmQ==/split_config.arm64_v8a.apk
package:/data/app/~~k5OtHVfrK7Xr-x_xRMaIDA==/com.spotify.music-rTKPV6IL4OiIDZtJjnwRmQ==/split_config.en.apk
package:/data/app/~~k5OtHVfrK7Xr-x_xRMaIDA==/com.spotify.music-rTKPV6IL4OiIDZtJjnwRmQ==/split_config.xxhdpi.apk
You can then pull each of the parts:
adb pull /data/app/~~k5OtHVfrK7Xr-x_xRMaIDA==/com.spotify.music-rTKPV6IL4OiIDZtJjnwRmQ==/base.apk
# Repeat for all parts
Finally upload them somewhere and share the link as an archive or folder
i tried it with both, still the same results.
I saw the MercuryReq's before, suddenly i cant see them anymore, any idea?