Skip to content

Instantly share code, notes, and snippets.

@svbnet

svbnet/Deezer Keys.md

Last active June 30, 2024 18:48
Show Gist options
  • Save svbnet/b79b705a4c19d74896670c1ac7ad627e to your computer and use it in GitHub Desktop.
Save svbnet/b79b705a4c19d74896670c1ac7ad627e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Deezer Keys.md

Deezer Keys

Deezer is unique amongst most of the commercial music streaming services I've attempted to reverse engineer in that many keys are stored (obfuscated) on the client side, including the "DRM" used to encrypt tracks. With some reverse engineering effort, this makes it fairly trivial to implement clients and libraries.

Note that many keys and algorithms are implemented in a strange way - often the ASCII hex form of a key or hash is used rather than the raw bytes.

Logging in to Deezer using the mobile API

On the desktop versions of Deezer, logging in requires a Captcha. However, on the mobile versions no Captcha is required. This is because on mobile the app uses a different endpoint to log in, but encrypts the login parameters instead (using a hardcoded key). This details how to obtain the login parameter encryption key (what I call the "gateway key"). The gateway key is a 16 character ASCII uppercase string of numbers and letters.

Note that no keys will be posted here due to fear of DMCA takedowns. All keys are easily obtainable by downloading the Android APK or iOS IPA and inspecting the resources, and some keys can be obtained directly from the Deezer website JS source code. How to do that is left as an exercise to the reader.

Getting the API key

The API key is a plaintext string that's 64 characters long, and is sent with every request. Some app requests are sent over plain HTTP so it should be relatively easy to obtain them that way, otherwise you will have to scan the binaries. The API key is a random ASCII 64 character string of uppercase letters and numbers.

Getting the gateway key (Android)

The gateway key is stored inside an icon asset within the APK.

  1. Extract the file assets/icon2.png from the APK

  2. Run the following Python script with the path to the icon as the first argument:

     import sys

 MAGIC = b'PLTE'

 fpath = sys.argv[1]
 if not fpath:
     print('Usage: android_gw_key.py [path-to-icon2.png]\n')
     exit()

 icon_buf = bytearray(open(fpath, 'rb').read())
 magic_idx = icon_buf.find(MAGIC)
 if magic_idx < 0:
     print('Magic phrase not found!')
     exit()

 crypted = icon_buf[magic_idx:]
 out = bytearray(300)

 for i in range(len(out)):
     pm = i + len(MAGIC)
     if i >= 90:
         out[i - 90] = crypted[pm] ^ 0x40
     crypted[pm] = int((crypted[pm] + crypted[pm + 1] + crypted[pm + 2]) / 3)

 print(out[1:17].decode('utf8'))

  3. The key will be printed out.

Getting the gateway key (iOS)

The gateway key is stored plain in the iOS binary. One could easily extract it with the command strings Deezer | grep -E "^[A-Z0-9]{16}$" and looking for the first result that's non-repeating.

Getting track stream URLs and decrypting songs

To create stream URLs of any quality, you will need to find the "legacy URL" key. Alternatively, you may use the media API to get a stream restricted to your current subscription.

To decrypt songs, you will need to find the "track XOR" key.

Both of these are generated in the web player JS code. They are also floating out there on the web, included in the code of similar projects.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment