Jump to content

another MySpace mp3 ripper! musicSpace v1.0


m0zzie
 Share

Recommended Posts

g'day all.. just saw someone else's myspace mp3 downloader in a thread today and decided i'd send mine out to the masses also (sorry if it seems like i'm stealing thunder!)

musicSpace v1.0 is a little project i've been working on slowly as i've found time, and has been available for a while now. at the moment it's a full featured ripper for myspace only with integrated ID3 editing, however full pandora integration is in the works too.

it's soon to be multithreaded (to be quicker and download more than 1 song at a time) and a preview option is there for the next version.

you can grab it from: http://m0zzie.net/?page_id=9

mspace10.jpg

comments/suggestions are very very welcome.. i'm a software engineer but i'm not all that creative - so give me ideas and i'll make them happen! ;)

Link to comment
Share on other sites

Thats cool, although I haven't tried it... I was kinda hoping the source would be included in the zip... What was it coded in? C++? Nothing personal I just don't feel comfortable running exe's that don't include the source code, I prefer to compile executable from source myself before running them... If I see the source code and compile it myself I know there's nothing harmful in it... You could have at least left it UNPACKED so I could at least check it out in OllyDbg!

well anyway its good to see someone else is working on this besides me.

;)

EDIT: i just tried it in a VMware and it doesn't seem to work... I hooked your winsock so I could see what packets your program sends...

this seems to be your problem:

GET /15/std_523fbe6796040d4316b0c3cf9f0e61b9.mp3 HTTP/1.1..User-Agent: musicSpace v1.0..Host: cache02-music01.myspacecdn.com..Cache-Control: no-cache....

your not sending the token in the url? that was my problem at first too!

anyway because its wrong after that your receive a 404: not found error!

HTTP/1.1 404 Not Found..Accept-Ranges: bytes..Connection: keep-alive..Content-Length: 23..Content-Type: text/html..Date: Fri, 05 Sep 2008 06:00:45 GMT..Server: sledgehammer/1.4.0....<h1>404: Not Found</h1

So it doesn't even work for me! m0zzie how recently have you tested your creation?

Anyways we will figure it out eventually! We just have to have perfect communication with myspace, exactly like a browser does....

Link to comment
Share on other sites

Thats cool, although I haven't tried it... I was kinda hoping the source would be included in the zip... What was it coded in? C++? Nothing personal I just don't feel comfortable running exe's that don't include the source code, I prefer to compile executable from source myself before running them... If I see the source code and compile it myself I know there's nothing harmful in it... You could have at least left it UNPACKED so I could at least check it out in OllyDbg!

well anyway its good to see someone else is working on this besides me.

;)

EDIT: i just tried it in a VMware and it doesn't seem to work... I hooked your winsock so I could see what packets your program sends...

this seems to be your problem:

GET /15/std_523fbe6796040d4316b0c3cf9f0e61b9.mp3 HTTP/1.1..User-Agent: musicSpace v1.0..Host: cache02-music01.myspacecdn.com..Cache-Control: no-cache....

your not sending the token in the url? that was my problem at first too!

anyway because its wrong after that your receive a 404: not found error!

HTTP/1.1 404 Not Found..Accept-Ranges: bytes..Connection: keep-alive..Content-Length: 23..Content-Type: text/html..Date: Fri, 05 Sep 2008 06:00:45 GMT..Server: sledgehammer/1.4.0....<h1>404: Not Found</h1

So it doesn't even work for me! m0zzie how recently have you tested your creation?

Anyways we will figure it out eventually! We just have to have perfect communication with myspace, exactly like a browser does....

hey Steve.. cheers for the feedback.

it's coded in object pascal and compiled with RAD Studio 2007. when i get around to it i'd like to re-code it in win32 c++ (i'm not a fan of MFC, .NET, and other similar architectures when it comes to small applications like this).

i understand your hesitation with running foreign .exe's which you didn't compile yourself - i'm much the same and have a spare box which i use when first running random foreign applications. (like you seem to do with VMWare)

that said, i have no interest at all in coding back doors, virii, and other shit into my programs. not only do i not have time for stuff like that, but i'm a 21 year old software engineer (been doing this for a good 10 years, although only as a job for the past year and a bit), and pulling that kind of stunt is only going to make people dislike me - and that's not what i'm after. i've only recently launched my website and plan to have a variety of tools going up there in the future, along with research and development documentation of things i find interesting :]

anyway, back to the application itself.. did you get that 404 error on multiple band URL's? i had a number of issues in my testing phase, but never with an incorrect download URL. can you give me any more info? what band was it you got that error with? (if not all)

the way your downloader works and mine works is very different, and each has its advantages and disadvantages.

mine works in a way which pretty much does exactly what the web browser does, and i know a fair number of IRC friends and actual friends of mine who are using it without any real issues currently.

do you use IRC or MSN at all? i'd like to show you the way mine actually works.. it basically pretends to be the flash mp3 player itself, and says "here i am, i need the song list and", and myspace sends back the entire song listing, # of plays, album name, and the direct URL for each mp3.

but yeah, pm me your MSN or IRC or wherever you like to hang out, and i'll show you a very quick and accurate way to get all the details.

cheers,

-m

Link to comment
Share on other sites

Can you post your src code?

Myspace has two url schemes. One of www.myspace.com/useraccountpagename and another that is the same page, but in the fome of something like profile.myspace.com/somegibberish29349349uvn/ which point to the same database when creating the pages on the fly. I wonder if you need the absolute URL like www.myspace.com/useraccount with your program or if it makes any difference at all. How does your program handle the refferrer? I know that if you block the refferrer it usually gets that 404 not found or if you leave out the token it usually gets the 404 as well. Curiuous how you call the site and what you pass back to it.

Link to comment
Share on other sites

Well m0zzie! we have something in common then, Im not a fan of MFC or .NET either and I code all my C++ in pure win32 API!!

I use CreateWindow to create all the controls on my apps...

You could easily convert it to win32 api c++ code if it does in fact work!

I've went back to my original design, as I would rather have the program do all the communication with myspace itself! that way no need for injecting code into web browsers!!

letting the browser deal with the communication and just copying the recieved mp3 to a file works

but doing all the communication and downloading within the app itself is much preferred..

MyspaceStreamRip.png

whatever you type in the "FriendID" box is made like yours into a url like so "http://myspace.com/[friendid]"

It connects to "myspace.com" on port 80

then sends a packet like this: (in place of [friendid] is whatever was typed in the box IT DOESNT have to be a friendid it can be the URL as well)

GET /[friendid] HTTP/1.1
Host: www.myspace.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Accept: text/html, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: identity
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

Now what that does is download the html code for the myspace page! then we close the connection to myspace.com

now its searches that html code for this string 'DisplayFriendId":'

on every myspace page that string is contined in the code, after that string, there is the friendid! that is why what you type does not have to be a friendID because we get the friend ID from here!

Now that we have the friend ID we can get the XML file which contains the information about the music contained on that myspace page

next we connect to "mediaservices.myspace.com" now and send a packet like this: (in place of [actualfriendid] is where the friendID we took from the page code goes)

GET /services/media/musicplayerxml.ashx?b=[actualfriendid] HTTP/1.1
Accept: */*
Connection: close
Host: mediaservices.myspace.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

now that gives me the XML file!

here's what I recieve from mediaservices.myspace.com

HTTP/1.1 200 OK
Date: Tue, 09 Sep 2008 04:27:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Server: 7ad285b8625584e58754c7c1ad04648e879a3f5575ffdf37
Set-Cookie: SessionDDF2=3dd7ae63ee3b8bd504f4e78e9bdd88fa858963d53533bcc9; domain=.myspace.com; path=/; expires=Thursday, 09-Sep-38 04:27:09 GMT
X-AspNet-Version: 2.0.50727
Set-Cookie: MSCulture=IP=76.16.46.164&IPCulture=en-US&PreferredCulture=en-US&PreferredCulturePending=&Country=VVM=&ForcedExpiration=633565060292939496&timeZone=0&USRLOC=QXJlYUNvZGU9ODQ3JkNpdHk9VmVybm9uIEhpbGxzJkNvdW50cnlDb2RlPVVTJkNvdW50c
nlOYW1lPVVuaXRlZCBTdGF0ZXMmRG1hQ29kZT02MDImTGF0aXR1ZGU9NDIuMjMyNSZMb25naXR1ZGU9L
T
g3Ljk2MzUmUG9zdGFsQ29kZT02MDA2MSZSZWdpb25OYW1lPUlM; domain=.myspace.com; expires=Tue, 16-Sep-2008 04:27:09 GMT; path=/
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Content-Length: 6593

<?xml version="1.0" encoding="iso-8859-1"?>
<profile>
<timestamp><![CDATA[1220934429]]></timestamp>
<name><![CDATA[Joel (deadmau5)]]></name>
<playstoday><![CDATA[7155]]></playstoday>
<downloadedtoday><![CDATA[0]]></downloadedtoday>
<totalplays><![CDATA[1912510]]></totalplays>
<autoplay><![CDATA[0]]></autoplay>
<allowadd><![CDATA[1]]></allowadd>
<playlist><song bsid="120463335" title="slip" songid="0" plays="113086" comments="" rate="" downloadable=""
imagename="http://b0.ac-images.myspacecdn.com/02125/04/27/2125237240_m.jpg" imagedesc="n/a<br>2008 mau5trap" filename="zqy9eyoxDqcMoPhCMGeGQcsclKB4EibE2KIUMnu2lMvl/A7eBFJOyb0a+r3XUD2TngQdxteTwPoXO95NlZWo2LLQE2Lz/XCJ7JL5M6Fx+1c=" url="http://media.myspace.com/services/media/mediahitcounter.ashx?i=MIGdBgorBgEEAYI3WAPpoIGOMIGLBgorBgEEAYI3WAMBoH0wewIDAgABAgJmAwICAMAECO%2fALxNOXOq5BBAjHMlV0zNlRbBdrFefkdXSBFCEJ6ybsTSBeMcDqLInjGmeyP94wpZzueGjLucbgyK5D
r1ao0jSUb1LeCcBM7iEvMCtH0RELk%2b%2b9pPeR6YnNZwdq6cDD29VG6Q%2fggO91qd%2fUQ%3d%3d" lyrics="" purl="" durl="http://cache11-music01.myspacecdn.com/87/std_26ce5e4cadd68083e78edff4a5f1eb0b.mp3" token="/VRi+9ysUkuwSyHoZkWJJJtCIEWUPpXesvhUZL4Yf1VoM9onqIfrDa7ZCzGV6MX1O+ucS/sfgaG2Wl76MTzHDk/0XnegCO7WbQrc56FWacQ=" curl="http://cache11-music01.myspacecdn.com/87/std_26ce5e4cadd68083e78edff4a5f1eb0b.mp3?bandid=4809789&songid=120463335&p=OTgvNzkvNDgwOTc4OS80ODA5Nzg5Xzk4MzA4OGM5"/><song bsid="117144631" title="Sometimes things get yeah" songid="0" plays="117322" comments="" rate="" downloadable=""
imagename="http://b7.ac-images.myspacecdn.com/02120/74/84/2120424847_m.jpg" imagedesc="n/a<br>2008 mau5trap" filename="grQ4a1eVJviZNO+4nIUImLbwg2BvVDWCsTInCs2zvGI4O8hupqxC+Ge94edVrK+6oirJAT42URGb
Ca5r28Tdu5BkRiJGZlqD+YAJxUVZxjU=" url="http://media.myspace.com/services/media/mediahitcounter.ashx?i=MIGdBgorBgEEAYI3WAPpoIGOMIGLBgorBgEEAYI3WAMBoH0wewIDAgABAgJmAwICAMAECFQE0CjD8Q%2bKBBB5%2bucsEjFXaF0wkeMsKwZUBFCd03YGg%2bETspo0ow9HXm9BFrXcb%2fAFv3YrVSqvvbapF3HX202vVZyLOCV9xtDY%2bQN6UEWndnG%2bLF4Ycp12hZY9A1L%2bs2y3FKWM4OYabSg9Vw%3d%3d" lyrics="" purl="" durl="http://cache10-music01.myspacecdn.com/79/std_a97a91f2dfdad074f5ba669957c18653.mp3" token="ZKuOb59Q7d8DL723Bjqwy9VuqtAK4qM5c9jzfSxg8Fw5ov/hYqawGYC3tJbKRRLwV/U0ce6EAea6+GyhFcx2oxsquOUM/scF/Z3s74HckFU=" curl="http://content.music.myspace.com/music.ashx?bandid=4809789&songid=117144631&p=OTgvNzkvNDgwOTc4OS80ODA5Nzg5X2Y0NjIwYmM0"/><song bsid="116159413" title="Brazil" songid="0" plays="82880" comments="" rate="" downloadable=""
imagename="http://b1.ac-images.myspacecdn.com/02118/11/13/2118753111_m.jpg" imagedesc="to be announced<br>2008 mau5trap" filename="6IF76dBOmq3V7ZoEmTgl//eJFoRULshyhXld6IiEs6aGhp9SWf+ruxsQ4KuB71SpXPZxZvEj+5Nrwx47UbsPkrSWt5GgfikRvWE70+
zQsZo=" url="http://media.myspace.com/services/media/mediahitcounter.ashx?i=MIGdBgorBgEEAYI3WAPpoIGOMIGLBgorBgEEAYI3WAMBoH0wewIDAgABAgJmAwICAMAECBj8tOqfge
nsBBDzoJGzZkWURfOw8cyvHe97BFBGYf5%2f2Fu%2bLKgkMvYZNo6gFwjSVMVKPaPNzDlQ4pgzoV5L66y62Ted3Gyvd2Q87FShmmPXVD9ncecNr2AZaSdIWk
Z7WsNnhtsufCQL%2bTwHcQ%3d%3d" lyrics="" purl="" durl="http://cache11-music01.myspacecdn.com/85/std_db01cccca4cf9bbd6007a051d00acd0a.mp3" token="rTEujgA9zcqBY+ixXDya/0e1oirfNsig0ykIGmmCe9ZjrpmaZYIaga7M8XqTn7QGlbEg4nDPvZVJkCsnuZW93fp3Vkg4bPMeI2DQ0
yqpFAQ=" curl="http://cache11-music01.myspacecdn.com/85/std_db01cccca4cf9bbd6007a051d00acd0a.mp3?bandid=4809789&songid=116159413&p=OTgvNzkvNDgwOTc4OS80ODA5Nzg5X2RiN2FkYWUx"/><song bsid="116222010" title="BRAZIL second edit" songid="0" plays="75172" comments="" rate="" downloadable=""
imagename="http://b4.ac-images.myspacecdn.com/02118/46/10/2118850164_m.jpg" imagedesc="to be announced<br>2008 mau5trap" filename="E2yGKyp3w5RMVEN28dvV6AU4FD1grdlj7RGYv5udt0atsR7sFJBi+frvNQY7G5DclIj6SkjPEcAD
K63m4RAB4SKwbbAYZXupuVJnMiTTzEs=" url="http://media.myspace.com/services/media/mediahitcounter.ashx?i=MIGdBgorBgEEAYI3WAPpoIGOMIGLBgorBgEEAYI3WAMBoH0wewIDAgABAgJmAwICAMAECE2UHZfSAi
F%2fBBA4woR8fEmTQKgvlySxt2g6BFCxYo%2flzXhzn1Gj%2faY%2bp0K8MP8F8GHPXdkzSetVjj7X8g0u%2fxtkj7UQCRfIU90nJMZsBp6KzxdxF8CIdxD1HJUbN9m697PrXBoG%2b67yYWRmnQ%3d%3d" lyrics="" purl="" durl="http://cache10-music01.myspacecdn.com/76/std_49aef9c8edacd96e75d6f4fc7fa55ab1.mp3" token="raaT1DxRFJeofj0KsGVreoG4iWYpfQ3RDQ0ltctF+vigjWvceouyinuVbysa3hfzB0uXL/gNYdYTgQllZuI8b33VlxjUJwjhLlqSR2opm4Y=" curl="http://content.music.myspace.com/music.ashx?bandid=4809789&songid=116222010&p=OTgvNzkvNDgwOTc4OS80ODA5Nzg5XzlkMzU4MmYw"/><song bsid="100340823" title="Give it up for me" songid="0" plays="345830" comments="" rate="" downloadable=""
imagename="http://b3.ac-images.myspacecdn.com/02092/35/95/2092945953_m.jpg" imagedesc="n/a<br>2008 mau5trap recordings" filename="iYNbNofRq60OMswP1sYPiw4C6qZX2YWFRtnwHxzQFs45eVWF33QR/dVtVdG+2GhwtLv8tufaInwpSsM9orlS8+Vdakz58p8PeGfQs8rAJhM=" url="http://media.myspace.com/services/media/mediahitcounter.ashx?i=MIGdBgorBgEEAYI3WAPpoIGOMIGLBgorBgEEAYI3WAMBoH0wewIDAgABAgJmAwICAMAECEk6dXzg%2butxBBC5%2bscQhBZo89zossaBcP3fBFAhKIXe17%2f5B8q07RY1SCt7vcC9HrZJ%2bjBndoZEbtxyUpYyhzObQJkQixrb5oZdZQONzdirRnBB6HxLwqkqaIJSJPEoUllYTOlwiCp63%2f8nmQ%3d%3d" lyrics="" purl="" durl="http://cache03-music02.myspacecdn.com/23/std_ec6d4f4289fe4bad5209ceb17a592b52.mp3" token="fD1L7Svr3WFgeaRQkFE5w8GgmRfGWVFtyLOK9Z1dAJEefWJTgdc4QeY9t3byFHRkDvG2dM0CLkEI
0/9XIaX5Zzc7RGAvqVpIIdmIgq3dAZ8=" curl="http://cache03-music02.myspacecdn.com/23/std_ec6d4f4289fe4bad5209ceb17a592b52.mp3?bandid=4809789&songid=100340823&p=OTgvNzkvNDgwOTc4OS80ODA5Nzg5X2ExOWMyNTUy"/><song bsid="93197148" title="Creep" songid="0" plays="228545" comments="" rate="" downloadable=""
imagename="http://b5.ac-images.myspacecdn.com/02081/51/12/2081362115_m.jpg" imagedesc="to be announced<br>2008 mau5trap" filename="q+HTawHxL8ORZdLfnTQxgtKriCaSrwyt00kC9ojhhi8MurNY2yMvD5Bq4R1N9P5Ax7gAId9ctua2
XpxtqyNBp1iAuv7cGXBFjRPJZZ+Sshc=" url="http://media.myspace.com/services/media/mediahitcounter.ashx?i=MIGdBgorBgEEAYI3WAPpoIGOMIGLBgorBgEEAYI3WAMBoH0wewIDAgABAgJmAwICAMAECMW9AgxvJm
ZXBBCIBv9Y8xo51uU0wz5PggIcBFB%2fFJqZ0u1Tt6Xx0AStMExfRgeOkFOrwJZVMLzvRN1B8uovk9fLFsKKyHfkb02jWMFrlGtIB0XQ626Q5H
thlycSjfx%2b9ocpuMWZXYbPh500Cw%3d%3d" lyrics="" purl="" durl="http://cache02-music01.myspacecdn.com/11/std_a91c08fa32a7a62a5701419525045913.mp3" token="2UnOUpArfTaSa26RIf6NN940PvVaPetkzF8cqAIlJER2aWcKXkL52eO5E6jo++uoE4XZcXiroPub
DhU/rFzrgRiXPgBeLcBzRSxWRqXukH8=" curl="http://cache02-music01.myspacecdn.com/11/std_a91c08fa32a7a62a5701419525045913.mp3?bandid=4809789&songid=93197148&p=OTgvNzkvNDgwOTc4OS80ODA5Nzg5XzcyOTQzM2U0"/>
</playlist>
</profile>

are the cookies required? that could be one of my problems lol, but it wont be too hard to copy those cookies to memory and store them so they can be sent out with the final packet to download the mp3...

There is lots of data contained in that XML file... The problem is im not sure what is EVERYTHING I need to take from the XML data in order to communicate with myspace properly enough for the download to go through? could you clear that up for me m0zzie?

I extract the artist name after '<name><![CDATA[' until ']' is reached

then I copy all the song names into a memory buffer and display them in the list box, display the artist after "Artist: " the number of songs is also displayed (not on the gui yet but in a debug print ;))

numsongs.png

Now heres where the hard part is, downloading the mp3... When download is clicked I tried a series of things to get to the final URL of the mp3 to download... which currently do not work and result in a 404: not found error... thats myspace's way of telling you nope your program doesn't work yet, your not doing something right!

Have a look at my source code:

http://popeax.com/download/apps/MyspaceStreamRip.zip

You can see my attempt at getting it to work under "DownloadThread"

Its a DevCPP project so you'll need that to compile it!

My winsock classes, make things a bit easier for me...

m0zzie what timezone are you in? let me know so I can be online when you are online ;)

oh and yes it did not work on ANY myspace music page I tried! all 404 error!

I tested with "http://myspace.com/deadmau5", "http://myspace.com/djinphinity", "http://myspace.com/hollywoodundead" and other one I can't think of right now...

none worked! but It does list the songs and other info 100% correctly! mine lists the songs correctly too! but I can't get either one your program or mine to actually download the mp3

Could it have anything to do with the VMware being Windows Server 2008? Are there any dependencies your program requires that my VMware might not have?

EDIT: once I get my app to actually work I plan on having the download button create a download window, where all the bytes recieved (which make up the mp3 file) are stored into a buffer, and there's a progressbar in the window showing what percent of the download is complete! and once its complete the mp3 file is saved into a folder somewhere with the song title .mp3...

this way you can download multiple songs at once, with each download creating a new window

heres a pic of me using your app in a VMware. It does work to an extent because it DOES infact list the songs properly! it just doesn't download properly!

musicspace.png

Link to comment
Share on other sites

the process you just described is exactly what mine does ;)

grabs the xml listing and goes from there.. i've added you on msn so i'll discuss more with you when i see you online

i'm in sydney, australia by the way - time as of writing this is 4.30pm.

Link to comment
Share on other sites

hey check this out, here is the dumped output of all the received packets and all the sent packets from my app! made using something I created...

http://popeax.com/download/apps/recvdpackets.txt

http://popeax.com/download/apps/sentpackets.txt

:lol: see if you can spot out whats going wrong

by the way: what version of winsock do you use? 2.2?

EDIT: I'm getting there! I'm starting to figure things out!

check this out:

"http://cache10-music01.myspacecdn.com/79/std_a97a91f2dfdad074f5ba669957c18653.mp3?bandid=4809789&songid=117144631&token=1221034478_afae2e606f122e1edb45bee680bd5403&p=aHR0cDovL2NhY2hlMTAtbXVzaWMwMS5teXNwYWNlY2RuLmNvbS83OS9zdGRfYTk3YTkxZjJkZm

RhZDA3NGY1YmE2Njk5NTdjMTg2NTMubXAz&a=0"

you know how the final url you need looks like that right?

Well I figured out where you get what you put for "p=" from

see what looks like chicken scratch in that url for "p"

well take that string out of there so you have "aHR0cDovL2NhY2hlMTAtbXVzaWMwMS5teXNwYWNlY2RuLmNvbS83OS9zdGRfYTk3YTkxZjJkZmR

hZDA3NGY1YmE2Njk5NTdjMTg2NTMubXAz"

well it actually means something and the reason why it doesn't look like it is because its encoded with base64

decode it and it looks like this

"http://cache10-music01.myspacecdn.com/79/std_a97a91f2dfdad074f5ba669957c18653.mp3"

:)

Now why would myspace put that in the url? its the same as the url... lol it seems uneccessary to me!

heres the site that I used once I started getting the feeling that things are encoded:

http://www.motobit.com/util/base64-decoder...1&acharset=

it'll encode or decode, I'll have to add that functionality base64 encoding into my app (maybe decoding too if its needed for the token)

However I still haven't figured out the most important thing, where you get the "token" from...

the tokens look something like this:

1216843224_6262e2bab7497608a7da4db07d056a0f

they always look very similar to that with the "_" in it and everything... but where does that come from? I don't see anywhere in any output I receive from myspace include that?

if you encode that you get "MTIxNjg0MzIyNF82MjYyZTJiYWI3NDk3NjA4YTdkYTRkYjA3ZDA1NmEwZg=="

but I still don't see that anywhere neither!

At first I thought this url gives you the token

"http://mediaservices.myspace.com/services/media/token.ashx?b=4809789&s=117144631&f=0"

but now I'm not so sure...

it seems to give a so called "token" which does not look anything like a real token

&lt;?xml version="1.0" encoding="iso-8859-1"?&gt;&lt;token&gt;YKNNJ+HN07ujRbbbAVR/sL+lckFGZ88tqrDqW0hUKOITLj3fHX4wbMeb0MbvB8o+n4hh5I7R9EzqZcBRU7rjB9qZi3n0F1wvHS9m
wjfzdLY=&lt;/token&gt;

I at first thought it is just the token in an encoded form, but base64 decoding it results in garbage

`£M'áÍÓ»£E¶ÛT°¿¥rAFgÏ-ª°ê[HT(â.=ß~0lÇ›ÐÆïÊ&gt;ŸˆaäŽÑôLêeÀQSºãÚ™‹yô\//fÂ7ót¶

So either they use a different encoding for the token, or thats not a token at all and its just fake token to make it harder to figure out!

by then again why would the myspace flash player get that token.ashx page every single time it plays an mp3?

Anyway for anyone that wants to help figure this out here's a little rundown of what happens when you load a myspace page with music on it...

The page loads, then the SWF myspace music player loads because of this sent request:

GET /music/musicplayer.swf?n=aHR0cDovL211c2ljLm15c3BhY2UuY29t&amp;t=07/DWABcDfpwn3wkYUdi1QMJGUgwHPU/rxqjTsUiDB1MnIUFzW+tMMWWax09CTG4MJWH/YPOVGXLq6IxuyQETg==&amp;u=LTE=&amp;a=0&amp;d=NDgwOTc4OV4xMjIxMDA5NDc2 HTTP/1.1

how is this url put together? I'm not entirely sure, as I don't know where the "t=" part is gotten from

but the "n=" to my knowledge always stays the same:

decoded encoded

"http://music.myspace.com" = "aHR0cDovL211c2ljLm15c3BhY2UuY29t"

the "u="

decoded encoded

"_" = "=LTE="

for "d="

encoded

"NDgwOTc4OV4xMjIxMDA5NDc2" = "4809789^1221009476"

1221009476 is a number im not sure about where that came from either ... but the 4809789 is obviously the friendid

but as I said im not sure what to put for "t=" and it does seem to change, so thats something that has to be figured out...

but anyway "t=" maybe "t" for token? just a thought ;)

ok so after the flash player is loaded, in order to display what songs the user has on their page it has to get that info from somewhere right?

it downloads the XML file containing this data with a url like this

http://mediaservices.myspace.com/services/....ashx?b=4809789

now the flash player reads it, and displays the songs and the images + other info

I wasn't able to decode anything from the xml file except whats after "p=" fields

"OTgvNzkvNDgwOTc4OS80ODA5Nzg5Xzk4MzA4OGM5" = "98/79/4809789/4809789_983088c9"

not sure what that's for, the 4809789's in there are just the friendid, but the other numbers im not sure where they go...

next the flash player calls does this:

GET /services/media/mediahitcounter.ashx?i=MIGdBgorBgEEAYI3WAOnoIGOMIGLBgorBgEEAYI3WAMBoH0wewIDAgABAgJmAwICAMAECArxL39qOY
1eBBB2R6ObLL8eRidugDvDnXx9BFDUdpyGvsaN8Ery7gc8KQkrU6XTxmt%2f4FCgl5CNiIC%2fN2aYubNzuWtvv8olNbXP%2bS88RUpnTEBa8vywxDM3ZL5%2bfzNAATv7GIvAoLHp4Y%2blAA%3d%3d HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://lads.myspace.com/music/musicplayer.swf?n=aHR0cDovL211c2ljLm15c3BhY2UuY29t&amp;t=n0lg7yFgG+AVdbF3EjtGnsGE+2zgnWOo6z3frBb+sGPs+GZrKlB5ZjjH5
x-flash-version: 9,0,124,0
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: mediaservices.myspace.com
Connection: Keep-Alive

again im not sure where the value for "i" came from... am I missing something here? is more data being sent and recieved than is showing in my packet logs?

Im not sure why this url is called, or if its even neccessary... but I'm assuming all it does is just add 1 to the number of plays for that song ;)

then it does a call to token.ashx (which i'm not sure what I'm supposed to do with the xml it gives, as the token it gives isn't correct, or at least not in its proper form)

GET /services/media/token.ashx?b=4809789&amp;s=120463335&amp;f=0 HTTP/1.1

then last but not least it gets the mp3 file and starts playing it in the flash player :)

note the referer! I think its needed along with the token else it wont work!

GET /87/std_26ce5e4cadd68083e78edff4a5f1eb0b.mp3?bandid=4809789&amp;songid=120463335&amp;token=1221034142_900cb4ad8c0b9e6c9894fd247d158470&amp;p=aHR0cDovL2NhY2hlMTEtbXVzaWMwMS5teXNwYWNlY2RuLmNvbS84Ny9zdGRfMjZjZTVlNGNhZG
Q2ODA4M2U3OGVkZmY0YTVmMWViMGIubXAz&amp;a=0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://lads.myspace.com/music/musicplayer.swf?n=aHR0cDovL211c2ljLm15c3BhY2UuY29t&amp;t=n0lg7yFgG+AVdbF3EjtGnsGE+2zgnWOo6z3frBb+sGPs+GZrKlB5ZjjH5
x-flash-version: 9,0,124,0
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: cache11-music01.myspacecdn.com
Connection: Keep-Alive

I also noticed when the music starts playing it sends this too:

start_beacon.txt? even another thing to be confused about! "c=ihavenoidea"

GET /music/start_beacon.txt?c=28261405 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://lads.myspace.com/music/musicplayer.swf?n=aHR0cDovL211c2ljLm15c3BhY2UuY29t&amp;t=n0lg7yFgG+AVdbF3EjtGnsGE+2zgnWOo6z3frBb+sGPs+GZrKlB5ZjjH5
x-flash-version: 9,0,124,0
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: lads.myspace.com
Connection: Keep-Alive

So now my main problem is figuring out where the token is located at, I'm thinking they used different encoding for the token then other things...

If someone figures it out! Let me know! I need the token :)

Link to comment
Share on other sites

Well m0zzie! I was going to talk to you that one day on MSN at 7, but I wasn't at home like I thought I would be!

So anyways even without your help I still managed to pull it off! Version 2.0 of my app is released! and it can download multiple songs at once!

so even if you app did work, it still can only download 1 song at a time ;)

Link to comment
Share on other sites

Nothing personal I just don't feel comfortable running exe's that don't include the source code, I prefer to compile executable from source myself before running them... If I see the source code and compile it myself I know there's nothing harmful in it...

Do you run Windows? If so, when did you get the Windows source to compile it?

Link to comment
Share on other sites

Well I meant I don't feel comfortable running exe's from a source that hasn't proved them self trustworthy! Even though I really doubt m0zzie would post malicious code. Still I don't really know him, so until he proves himself trustworthy, he's going to be VMware'd ;)

Microshaft on the other hand are very trustworthy! Even though they don't provide the source code, that is simply for commercial reasons! So they can keep selling their software. If they provided the source, no body would buy it and just compile windows themselves from source... So for commercial software you can't really give out source, but the people buying your software have to trust you. So you have to build up that trust if you want your software to sell...

Software that is provided FREE on the other hand I believe should be open source! Since your providing it for free anyway and have no plans to go commercial with it, whats the harm in giving out the source?

Link to comment
Share on other sites

Software that is provided FREE on the other hand I believe should be open source! Since your providing it for free anyway and have no plans to go commercial with it, whats the harm in giving out the source?

I write free software but I don't give out the source because you get people that edit it and put their names on it, or "borrow" code from it without giving credit where it's due.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...