You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a guide/general infodump of things I've found while poking through the VRV9517 modem, as supplied by Spark/Skinny in New Zealand, and maybe also under other names in different countries. What you see here is the extent of what I've found, mostly concentrated on decrypting the exported config file.
Deezer is unique amongst most of the commercial music streaming services I've attempted to reverse engineer in that many keys are stored (obfuscated) on the client side, including the "DRM" used to encrypt tracks. With some reverse engineering effort, this makes it fairly trivial to implement clients and libraries.
Note that many keys and algorithms are implemented in a strange way - often the ASCII hex form of a key or hash is used rather than the raw bytes.
Logging in to Deezer using the mobile API
On the desktop versions of Deezer, logging in requires a Captcha. However, on the mobile versions no Captcha is required. This is because on mobile the app uses a different endpoint to log in, but encrypts the login parameters instead (using a hardcoded key). This details how to obtain the login parameter encryption key (what I call the "gateway key"). The gateway key is a 16 character ASCII uppercase string of numbers and letters.
Note that no keys will be posted here due to fear of DMCA take