Hacking Rdio

It all started innocently enough. Last day of work before a two-week vacation. I use Rdio all the time for music while programming. Embarrassingly so in fact.

So in preparation for my trip, I was trying to download some of the talks from DjangoCon Europe for my flight for offline enjoyment. Using one of these pieces of software I noticed that it was able to download the current song I was listening to on Rdio.

So 3 flights later and 4 days without reliable internet later. I managed to reproduce the fluke that I randomly ran into.

Here is how I did it.

Poking around.

Once I saw that software I was using to offline videos was downloading Rdio songs. I popped over into the inspector and took a look at the network tab and saw that they are sending a file called full-192.mp3 which mean full song at a bitrate of 192K.

Hmm. Okay.

Rolling up my Sleeves

So I decided to crack out some tools. First I needed to get a better understanding of the communication between Rdio’s servers and my machine.

Enter mitmproxy, which is a man-in-the-middle proxy for HTTP. This gave me a bit more of an understanding of the traffic Rdio is sending around and eventually allowed me to script a way to download full mp3 versions of any song on their service.

On to the details.

As you can see in the image above; We were also able to capture the GET request being sent for the full-192.mp3 which returns the entire song being requested. That’s all good.

What's awesome is the response below.

Yep, the entire content of the full-192.mp3!!

Once you have reached this point a little (under 10 lines) script is all that is needed to download the full mp3 to your computer.

Hopefully, the Rdio Team gets a handle on this soon.

Edit: The same bug occurs in their “native” application as well on OSX.

Edit 2: My intention here is not to be malicious. It is to point out this bug and see that it gets resolved and hopefully, they will get it fixed soon. I love Rdio as a service.