As the music industry transitioned from physical to digital distribution, they have forgotten the one thing they hold most dear to them: Their DRM. Many browser-based music streaming services use no DRM to secure their music. By doing this, they leave their library of high quality songs free for the picking.
This presentation details the use of JavaScript to circumvent the security of several browser-based music streaming services. By reverse engineering the code for several music players, it is possible to mimic the music player to download songs rather than stream them. Many services that are too difficult or obfuscated to reverse engineer can still be exploited by intercepting streaming traffic and making identical requests to downloads songs. This presentation covers the basics of music streaming, demonstrates browser-based traffic logging to identify and download music files, and describes the use of JavaScript to mimic the legitimate player in order to bypass security. The end result is a Google-Chrome extension which will allow users to download songs as they stream them.
Franz Payer (@franz780) is a programmer at Tactical Network Solutions in Columbia, MD. At TNS, Franz develops for several research and development projects, including the company's commercial Reaver Pro software. Franz is a freshman at the University of Maryland, majoring in computer science in the Cybersecurity honors program. Prior to college, Franz led his highschool's cybersecurity team, gh0stsec. Cyberexplo.it