Samuel
@samuelscheit.com
Developer (TypeScript, React-Native and reverse-engineering) | Founder spacebar.chat | CS Student TUMunich
https://samuelscheit.com
https://samuelscheit.com
🔓 Step 4: Decrypt the file
Request AES decryption key from the Accesspoint
Receive the raw key
Decrypt with AES-128-CTR
Done. You now have a DRM-free ready to play audio file.
Request AES decryption key from the Accesspoint
Receive the raw key
Decrypt with AES-128-CTR
Done. You now have a DRM-free ready to play audio file.
June 7, 2025 at 8:08 PM
🔓 Step 4: Decrypt the file
Request AES decryption key from the Accesspoint
Receive the raw key
Decrypt with AES-128-CTR
Done. You now have a DRM-free ready to play audio file.
Request AES decryption key from the Accesspoint
Receive the raw key
Decrypt with AES-128-CTR
Done. You now have a DRM-free ready to play audio file.
🎶 Step 3: Download the track
Request metadata from Spotify’s internal API
Receive links to multiple audio files (bitrate varies)
Download the file of your choice
Max 160kbps for free users, higher for premium
Request metadata from Spotify’s internal API
Receive links to multiple audio files (bitrate varies)
Download the file of your choice
Max 160kbps for free users, higher for premium
June 7, 2025 at 8:08 PM
🎶 Step 3: Download the track
Request metadata from Spotify’s internal API
Receive links to multiple audio files (bitrate varies)
Download the file of your choice
Max 160kbps for free users, higher for premium
Request metadata from Spotify’s internal API
Receive links to multiple audio files (bitrate varies)
Download the file of your choice
Max 160kbps for free users, higher for premium
👤 Step 2: Authenticate
Send username + password of the spotify account (premium OR free)
Receive ephemeral access token valid for 1 hour
Use this token to fetch metadata and download links for any track
Send username + password of the spotify account (premium OR free)
Receive ephemeral access token valid for 1 hour
Use this token to fetch metadata and download links for any track
June 7, 2025 at 8:08 PM
👤 Step 2: Authenticate
Send username + password of the spotify account (premium OR free)
Receive ephemeral access token valid for 1 hour
Use this token to fetch metadata and download links for any track
Send username + password of the spotify account (premium OR free)
Receive ephemeral access token valid for 1 hour
Use this token to fetch metadata and download links for any track
🔐 Step 1: Connect to Spotify’s Accesspoint API
Start a TCP connection
Perform a Diffie-Hellman handshake
Derive shared keys
Setup Shannon stream cipher for communication
Start a TCP connection
Perform a Diffie-Hellman handshake
Derive shared keys
Setup Shannon stream cipher for communication
June 7, 2025 at 8:08 PM
🔐 Step 1: Connect to Spotify’s Accesspoint API
Start a TCP connection
Perform a Diffie-Hellman handshake
Derive shared keys
Setup Shannon stream cipher for communication
Start a TCP connection
Perform a Diffie-Hellman handshake
Derive shared keys
Setup Shannon stream cipher for communication
/3 After exhausting all responsible disclosure options, I feel obligated to make this information public in the hope that it will finally prompt Spotify to take action and implement proper security measures.
June 7, 2025 at 8:05 PM
/3 After exhausting all responsible disclosure options, I feel obligated to make this information public in the hope that it will finally prompt Spotify to take action and implement proper security measures.
1/ Back in 2020, a researcher reported a flaw to Spotify:
Their Accesspoint API lets anyone with a valid account download and decrypt song data without any DRM or device attestation.
They dismissed it and didn't take any action for more than 5 years to address or fix the issue.
Their Accesspoint API lets anyone with a valid account download and decrypt song data without any DRM or device attestation.
They dismissed it and didn't take any action for more than 5 years to address or fix the issue.
June 7, 2025 at 8:04 PM
1/ Back in 2020, a researcher reported a flaw to Spotify:
Their Accesspoint API lets anyone with a valid account download and decrypt song data without any DRM or device attestation.
They dismissed it and didn't take any action for more than 5 years to address or fix the issue.
Their Accesspoint API lets anyone with a valid account download and decrypt song data without any DRM or device attestation.
They dismissed it and didn't take any action for more than 5 years to address or fix the issue.
Thanks for the shoutout.
If anyone wants to help with PR‘s, bug reports, docs writing feel free to contribute, I can use any help
github.com/SamuelScheit...
If anyone wants to help with PR‘s, bug reports, docs writing feel free to contribute, I can use any help
github.com/SamuelScheit...
November 7, 2024 at 9:36 PM
Thanks for the shoutout.
If anyone wants to help with PR‘s, bug reports, docs writing feel free to contribute, I can use any help
github.com/SamuelScheit...
If anyone wants to help with PR‘s, bug reports, docs writing feel free to contribute, I can use any help
github.com/SamuelScheit...
Concluding from the domain, I looked up OVH bare metal server prices and configured the $159/month server option.
It has the following specs:
- CPU: AMD EPYC 4464P - 12c/24t - 3.7GHz/5.4GHz
- RAM: 64GB DDR5
- SSD: 2x 960 GB
www.ovhcloud.com/en/bare-meta...
It has the following specs:
- CPU: AMD EPYC 4464P - 12c/24t - 3.7GHz/5.4GHz
- RAM: 64GB DDR5
- SSD: 2x 960 GB
www.ovhcloud.com/en/bare-meta...
Advance-3 Dedicated Server
Get an ADV-3 dedicated server to host your e-commerce store and other websites. vRack private network 100 Mbps + 500 GB storage + Anti-DDoS included.
www.ovhcloud.com
November 2, 2024 at 6:54 PM
Concluding from the domain, I looked up OVH bare metal server prices and configured the $159/month server option.
It has the following specs:
- CPU: AMD EPYC 4464P - 12c/24t - 3.7GHz/5.4GHz
- RAM: 64GB DDR5
- SSD: 2x 960 GB
www.ovhcloud.com/en/bare-meta...
It has the following specs:
- CPU: AMD EPYC 4464P - 12c/24t - 3.7GHz/5.4GHz
- RAM: 64GB DDR5
- SSD: 2x 960 GB
www.ovhcloud.com/en/bare-meta...