/ Web Dev Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Hacking Rdio Postmortem

DZone's Guide to

Hacking Rdio Postmortem

by
Mahdi Yusuf
·
Jun. 23, 12 · Web Dev Zone
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Learn how to build modern digital experience apps with Crafter CMS. Download this eBook now. Brought to you in partnership with Crafter Software

The following post was a post I made couple of days ago. Then took it down once I realized the affect it had on the Rdio team. 

The Rdio team has taken steps to rate limit the downloading in the way described in the following post. Which means its still possible but extremely slow to download. I am sure there are other illegal ways to get music you want. 

On a personal note, I learned quite a bit from this experience. 

It all started innocently enough. Last day of work before a two week vacation. I use Rdio all the time for music while programming. Embarrassingly so in fact.

So in preparation for my trip, I was trying to download some of the talks from DjangoCon Europe for my flight for offline enjoyment. Using one of these pieces of software I noticed that it was able to download the current song I was listening to on Rdio. 

So 3 flights later and 4 days without reliable internet later. I managed to reproduce the fluke that I randomly ran into. 

Here is how I did it. 

Poking around.

Once I saw that software I was using to offline videos was downloading Rdio songs. I popped over into the inspector and took a look at the network tab and saw that they are sending a file called full-192.mp3 which means full song at a bitrate of 192K. 

Hmm. Okay.

Rolling up my Sleeves

So I decided to crack out some tools. First I needed to get a better understanding of the communication between Rdio’s servers and my machine. 

Enter mitmproxy, which is a man-in-the-middle proxy for HTTP. This gave me a bit more of an understanding of the traffic Rdio is sending around and eventually allowed me to script a way to download full mp3 versions of any song on their service. 

On to the details. 

As you can see in the image above; We were also able to capture the GET request being sent for the full-192.mp3 which returns the entire song being requested.  That’s all good. 

Whats awesome is the response below. 

Yep, the entire content of the full-192.mp3!!


Once you have reached this point a little (under 10 lines) script is all that is needed to download the full mp3 to your computer. 

Hopefully the Rdio Team gets a handle on this soon. 

Edit: Same bug occurs in their “native” application as well on OSX.  

Edit 2: My intention here is not to be malicious. It is to point out this bug and see that it gets resolved and hopefully they will get it fixed soon. I love Rdio as a service. 

Crafter is a modern CMS platform for building modern websites and content-rich digital experiences. Download this eBook now. Brought to you in partnership with Crafter Software.

Like This Article? Read More From DZone

Incident Resolution When You WannaCry
The Scrum Product Owner Theses
Top 5 Free Tools for Rapid Web App Development

Free DZone Refcard

Node.js
DOWNLOAD
Topics:

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Mahdi Yusuf, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Web Dev Partner Resources

A Developer's Primer to Improving Build-Time Quality
Learn How Qlik Tech Cracked Search
Delphi and C++Builder on Raspberry Pi & SBC
[eBook] Guide to Modern Object Pascal
Windows 10: The Big New Opportunity for Developers
Getting Started with Node.js, Docker, and Kubernetes
Create Data Driven Apps Faster by Eliminating Query Writing
Building and Optimizing Multi-Channel Web Experiences
A Guide to Modern Java Web Development with Crafter CMS
A Guide to Responsive Web Dev and Testing Strategies
Running Node.js Applications with systemd
Qlik PlaygroundTM: A free coding environment to simplify data driven development

Web Dev Partner Resources

A Developer's Primer to Improving Build-Time Quality
Learn How Qlik Tech Cracked Search
Delphi and C++Builder on Raspberry Pi & SBC
[eBook] Guide to Modern Object Pascal
THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone