Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Soundcloud login. retrieve access_token through reverse engineered web flow authentication.
import time
import random
import requests
import sys
import getpass
import random
# signature generation
def signp(a, i, s, w, u, l, b, k, c, n, r, e, t):
d = '-'.join([str(mInt) for mInt in [a, i, s, w, u, l, b, k]])
#print(d)
#n = _KEY = '0763ed7314c69015fd4a0dc16bbf4b90'
y = '8' #some kind of version??
p = n + y + d + r + e + t + d + n
h = p
#print(h)
m = 8011470
f = 0
for f in range(f, len(h)):
m = (m >> 1) + ((1 & m) << 23)
m += ord(h[f])
m &= 16777215
#print(m)
out = str(y) + ':' + str(d) + ':' + format(m, 'x') + ':' + str(c)
return out
clid = 'EXLwg5lHTO2dslU5EePe3xkw0m1h86Cd' #"wNHGoG6RrCXPaRsA49blO9sZxs98xaQ6" #"T5R4kgWS2PRf6lzLyIravUMnKlbIxQag" 'EXLwg5lHTO2dslU5EePe3xkw0m1h86Cd'
user = input("User: ")
password = getpass.getpass()
sig_soft = signp(33, 1, 193702, 748, 2073600, 1046, 2, 2, 4, "0763ed7314c69015fd4a0dc16bbf4b90", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36", user, clid)
print(sig_soft)
'''
def genDevIdAlt():
return "-".join(["{:06d}".format(random.randint(0, 999999)) for i in range(4)])
'''
def genDevId():
def genNumBlock():
return ''.join([str(random.randrange(10)) for i in range(6)])
return '-'.join([genNumBlock() for i in range(4)])
print(genDevId())
login_form_soft = {
'client_id': clid,
'recaptcha_pubkey': 'null',
'recaptcha_response': 'null',
'credentials': {
'identifier': user,
'password': password
},
'signature': sig_soft,
'device_id': genDevId(),
'user_agent': "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"
}
# retrieves access_token
r = requests.post("https://api-auth.soundcloud.com/web-auth/sign-in/password?client_id="+clid, json=login_form_soft)
print(r.text)
@PaulRennerbs

This comment has been minimized.

Copy link

@PaulRennerbs PaulRennerbs commented Jan 21, 2021

Nice but it returns a 401 Response :/

@blackjack4494

This comment has been minimized.

Copy link
Owner Author

@blackjack4494 blackjack4494 commented Jun 28, 2021

Nice but it returns a 401 Response :/

They added some heavy fraud check. I am almost done with the new implementation. They just went insane to protect the login...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment