

Console.fm: A Guide to Download the Tracks for Free - filipmares
http://filipmares.com/consolefm-a-guide-to-download-the-tracks-for

======
tuhin
They are sending a lot of info in that GET request:

[http://ak-media.soundcloud.com/xpO4gBZA21w4.128.mp3?AWSAcces...](http://ak-
media.soundcloud.com/xpO4gBZA21w4.128.mp3?AWSAccessKeyId=AKIAJBHW5FB4ERKUQUOQ&Expires=1310495722&Signature=YIddxc8yGkcdbF6vyjka9IEE76I%3D&__gda__=1310495722_4fb2680493e23ee860f4be0ae99888b7)

128 bitrate? Amazon access key Expires ?? No idea what gda is. Also their
signature.

This is security 101 right? Or is this normal for a service of this kind? Also
are they officially using the Soundcloud API? if yes, is this one of the
responses of the API?

~~~
filipmares
not sure on the security implications, but this could have easily been masked
through some backend call.

~~~
amanelis
what suggestions do you have on masking the url, would love to hear your
input.

~~~
arctangent
Proxy it through a URL on your box i.e. make <http://myserver.com/song_id>
point through to <http://soundcloud.com/song_id?secret=params>

~~~
Sujan
Solving what?

Only way to really hide the info would be to really stream all content through
their box. Then they just could host it themselves in the first place...

~~~
arctangent
This hides your API key from other people.

------
amanelis
A lot of these services can be gamed and all the songs can be downloaded. You
can easily download every song from turntable.fm as well, its not rocket
science. Open up the Chrome developer console and look at the network tab...

We are working on securing/masking the url, but at the end of the day,
Console.fm is not a true stream, so we cannot securely give the user the song
with out the soundcloud .mp3

Please voice any advice you have on this issue or help out, open to
suggestions as to we are looking into a proper fix right now.

------
headbiznatch
If a sound (like a stream) is playing on your computer, it can be ripped
directly from the playback device. I've done it in the past with complete
preservation of the sound's fidelity, but I suppose it might not always be
possible.

------
Andreasvb
It's much easier than that, just take any song link that's not playing and
open in a new tab, or just choose "Save link as...", works in Google Chrome.
:)

------
mattcurry
Won't the new Pandora HTML5 site have this same problem?

~~~
ericmoritz
I thought they were going to get around this by using a hidden flash player
but most reports I've seen says it's going to be pure HTML5. I wouldn't put it
past tech writers to get something wrong but if it is as they say and is pure
HTML5, then yes it could be done.

------
matthewcieplak
If you find a "hack" like this on a music website, keep it to your self. If
you post about it, they'll try to fix it or obscure it but who knows if some
guy at soundcloud will revoke their api key first or some major label dick
will initiate legal proceedings forthwith. And then you've just kicked your
favorite music site in the nuts, congratulations.

By the way, if you can stream it, you can download it, on any service. One-
time use streaming keys are no defense against right clicking. It's just a
matter of how much patience you have to expose the underlying URL.

~~~
filipmares
Can you download the stream from Grooveshark? DRMed flash.

~~~
amanelis
I have never actually tried to download the songs on grooveshark, I'm sure its
possible though.

~~~
filipmares
Let me know if you find out. I think it's much harder than the process
outlined in the post.

~~~
amanelis
yeah grooveshark is a tad more complicated. I can assure you, we will figure
something out by the end of today that will close this issue.

looks to me like grooveshark is giving a stream.

~~~
filipmares
good to hear.

