Hacking Rdio Postmortem
Hacking Rdio Postmortem
Join the DZone community and get the full member experience.Join For Free
Classify programming languages: Build a model that predicts a code's programming language based on its text. Content provided by IBM Developer.
The following post was a post I made couple of days ago. Then took it down once I realized the affect it had on the Rdio team.
The Rdio team has taken steps to rate limit the downloading in the way described in the following post. Which means its still possible but extremely slow to download. I am sure there are other illegal ways to get music you want.
On a personal note, I learned quite a bit from this experience.
It all started innocently enough. Last day of work before a two week vacation. I use Rdio all the time for music while programming. Embarrassingly so in fact.
So in preparation for my trip, I was trying to download some of the talks from DjangoCon Europe for my flight for offline enjoyment. Using one of these pieces of software I noticed that it was able to download the current song I was listening to on Rdio.
So 3 flights later and 4 days without reliable internet later. I managed to reproduce the fluke that I randomly ran into.
Here is how I did it.
Once I saw that software I was using to offline videos was downloading Rdio songs. I popped over into the inspector and took a look at the network tab and saw that they are sending a file called full-192.mp3 which means full song at a bitrate of 192K.
Rolling up my Sleeves
So I decided to crack out some tools. First I needed to get a better understanding of the communication between Rdio’s servers and my machine.
Enter mitmproxy, which is a man-in-the-middle proxy for HTTP. This gave me a bit more of an understanding of the traffic Rdio is sending around and eventually allowed me to script a way to download full mp3 versions of any song on their service.
On to the details.
As you can see in the image above; We were also able to capture the GET request being sent for the full-192.mp3 which returns the entire song being requested. That’s all good.
Whats awesome is the response below.
Yep, the entire content of the full-192.mp3!!
Once you have reached this point a little (under 10 lines) script is all that is needed to download the full mp3 to your computer.
Hopefully the Rdio Team gets a handle on this soon.
Edit: Same bug occurs in their “native” application as well on OSX.
Edit 2: My intention here is not to be malicious. It is to point out this bug and see that it gets resolved and hopefully they will get it fixed soon. I love Rdio as a service.
Published at DZone with permission of Mahdi Yusuf , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.