redredraider Posted October 22, 2007 Share Posted October 22, 2007 Hello everyone I'm new to the forum and have some questions that maybe someone here can help me with. How to retrieve the audio URL that the pandora client is using. Not long ago you could query the pandora server and get an xml file which contained the information that the pandora client displayed along with the audio url of the song. Well they got wind of this and modified it slightly. The audio url is now in this form hxxp: audio-inap10-sjl10. pandora. com/access/?version=4&lid=13984893&token=jwwQndF%2Fa5rxLOy%2Bnc2R2hAuOwLUgo5icI O3qjj5FbEkoqonR5DOIb%2FbyhHN5%2FPpyQhNEJDsGtOQGg%2B1z9bxseiKTPP2QXOBy38e5sbTpCkRBG27rwz%2F8a7cJ2YU4dwj1ydLfP5gt D1Xteo%2BYRJprOhjQEGJytj2uh5k%2FLVLflTfxkqvxl21nuM9XiCGjuvcGCqCpon9u%2FMhhfpLb8ebfebb1b2b9b955c28500edf921b14f3a665d09d43a156 Well when the flash player connects for this song it uses this url hxxp: audio-inap10-sjl10. pandora. com/access/?version=4&lid=13984893&token=jwwQndF%2Fa5rxLOy%2Bnc2R2hAuOwLUgo5icIO3qjj5FbEkoqon R5DOIb%2FbyhHN5%2FPpyQhNEJDsGtOQGg%2B1z9bxseiKTPP2QXOBy38e5sbTpCkRBG27rwz%2F8a7cJ2YU4dwj1ydLfP5gtD1Xteo%2BYRJprOhjQE GJytj2uh5k%2FLVLflTfxkqvxl21nuM9XiCGjuvcGCqCpon9u%2FMhhfpL4FORCQDIvOpO882O note the differences in the end of the url b8ebfebb1b2b9b955c28500edf921b14f3a665d09d43a156 for the encrypted url 4FORCQDIvOpO882O for the decrypted url So the flash player is decrypting the last 48 bytes of the url to get the true location of the song. Here's the problem! I have decompiled the flash program and discovered the app is using blowfish to decode the last 48 bytes of the url. I cannot however replicate this decryption. I am not a actionscript guru so I could use some help figuring out why the code isn't working. If you know anything about blowfish the key arrays are plaintext in the decompiled code but I can find where a password is used for the encryption/decryption. I also have a working implementation of blowfish in flash that I've been playing with. If anyone is interested and is not a representative of Pandora I will send you what Ive got so far. Figuring this out would pretty much give us unlimited downloads of whatever songs we want. Time shifting at hyperspeed. email travis. taylor@ttu. edu Quote Link to comment Share on other sites More sharing options...
MaxRabbit Posted October 23, 2007 Share Posted October 23, 2007 Flippin' sweet! I'm dumb to this, but you'd be my hero if you fixed it and got Pandora Unleashed working again! Quote Link to comment Share on other sites More sharing options...
Cynagen Posted November 21, 2007 Share Posted November 21, 2007 I hate to break it to you, but they're using a password on the blowfish encryption... I've run it through every BF decrypter i can try... see if the password isn't plain as day in there, or if not, where they're getting it from? Quote Link to comment Share on other sites More sharing options...
konfoo Posted December 6, 2007 Share Posted December 6, 2007 No need to reverse engineer it, just work around it. The trick is to grab the URL before the flash application does. I've hooked the flash URL events with a wrapper application to intercept and block the Flash app until my own http download starts, and it works pretty well. The only problem is ofcourse the track is downloaded twice. Quote Link to comment Share on other sites More sharing options...
Cynagen Posted December 24, 2007 Share Posted December 24, 2007 Why not just feed the first downloaded copy back to the pandora app like it was the server it originally requested the file from? You're already intercepting and putting it on hold, why not just turn around and inject data saying you're the server. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.