epically disabled decryption

2021-07-16 13:13:43 +02:00 · 2021-07-16 13:13:43 +02:00 · 96ccb5c218
parent ebfed57c9d
commit 96ccb5c218
1 changed files with 83 additions and 65 deletions
--- a/dzunlock.user.js
+++ b/dzunlock.user.js
@ -3,7 +3,7 @@
 // @namespace   io.github.uhwot.dzunlock
 // @description enables deezer hifi features lol
 // @author      uh wot
-// @version     1.1.6
+// @version     1.2
 // @license     GPL-3.0-only
 // @homepageURL https://git.freezer.life/uhwot/dzunlock
 // @downloadURL https://git.freezer.life/uhwot/dzunlock/raw/branch/master/dzunlock.user.js
@ -12,7 +12,6 @@
 // @match       https://www.deezer.com/search/*
 // @match       https://www.deezer.com/account/*
 // @match       https://www.deezer.com/smarttracklist/*
-// @require     https://cdnjs.cloudflare.com/ajax/libs/aes-js/3.1.2/index.min.js
 // @grant       GM_getValue
 // @grant       GM_setValue
 // @run-at      document-start
@ -87,52 +86,12 @@ fetchIntercept = {

 const clientId = '119915'
 const clientSecret = '2f5b4c9785ddc367975b83d90dc46f5c'
-const playerTokenKey = [102, 228, 95, 242, 215, 50, 122, 26, 57, 216, 206, 38, 164, 237, 200, 85]

 const formats = [
    { api: '320', gw: 'MP3_320' },
    { api: 'flac', gw: 'FLAC' }
 ]

-function str2bin(str) {
-    return Array.from(str).map(function (item) {
-        return item.charCodeAt(0);
-    })
-}
-
-function bin2str(bin) {
-    return String.fromCharCode.apply(String, bin);
-}
-
-function decryptHex(hex, key) {
-    hex = aesjs.utils.hex.toBytes(hex)
-    let aesEcb = new aesjs.ModeOfOperation.ecb(key)
-    return bin2str(aesEcb.decrypt(hex)).replace(/\0+$/, '')     // removes zero-padding
-}
-
-function encryptHex(str, key) {
-    // zero-padding
-    if (str.length % 16) {
-        str += '\x00'.repeat(16 - str.length % 16)
-    }
-
-    let aesEcb = new aesjs.ModeOfOperation.ecb(key)
-    return aesjs.utils.hex.fromBytes(aesEcb.encrypt(str2bin(str)))
-}
-
-function playerTokenPatch(playerToken) {
-    playerToken = JSON.parse(decryptHex(playerToken, playerTokenKey))
-
-    // enables 320/flac quality selection
-    playerToken.audio_qualities.wifi_streaming = ['low', 'standard', 'high', 'lossless']
-    // disables previews
-    playerToken.streaming = true
-
-    log(playerToken)
-
-    return encryptHex(JSON.stringify(playerToken), playerTokenKey)
-}
-
 async function renewAccessToken() {
    let url = `https://connect.deezer.com/oauth/access_token.php?grant_type=client_credentials&client_id=${clientId}&client_secret=${clientSecret}&output=json`
    let resp = await fetch(url)
@ -147,16 +106,16 @@ async function renewAccessToken() {

 window.addEventListener('DOMContentLoaded', (_) => {
    unsafeWindow.dzPlayer.setTrackList = (function (old) {
-        return async function (...args) {
+        return async function (data, ...args) {
            // don't get filesizes if account is hifi
            if (unsafeWindow.dzPlayer.user_status.lossless) {
-                return old(...args)
+                return old(data, ...args)
            }

            let batchList = []

-            for (let i = 0; i < args[0].data.length; i++) {
-                const id = Number(args[0].data[i].SNG_ID)
+            for (let i = 0; i < data.data.length; i++) {
+                const id = Number(data.data[i].SNG_ID)
                if (id >= 0) {      // we don't need filesizes for user-upped tracks
                    batchList.push({ 'relative_url': `/track/${id}` })
                }
@ -164,7 +123,7 @@ window.addEventListener('DOMContentLoaded', (_) => {

            // return if all the tracks are user-upped
            if (batchList.length === 0) {
-                return old(...args)
+                return old(data, ...args)
            }

            batchList = JSON.stringify(batchList)
@ -190,20 +149,20 @@ window.addEventListener('DOMContentLoaded', (_) => {

            let userUppedSoFar = 0

-            for (let i = 0; i < args[0].data.length; i++) {
-                const id = Number(args[0].data[i].SNG_ID)
+            for (let i = 0; i < data.data.length; i++) {
+                const id = Number(data.data[i].SNG_ID)
                if (id < 0) {      // user-uploaded track
                    userUppedSoFar++
                    continue
                }
                for (let j = 0; j < formats.length; j++) {
-                    args[0].data[i]['FILESIZE_' + formats[j].gw] = json.batch_result[i - userUppedSoFar]['filesize_' + formats[j].api]
+                    data.data[i]['FILESIZE_' + formats[j].gw] = json.batch_result[i - userUppedSoFar]['filesize_' + formats[j].api]
                }
            }

-            log(args)
+            log(data)

-            return old(...args)
+            return old(data, ...args)
        };
    })(unsafeWindow.dzPlayer.setTrackList);
 });
@ -237,23 +196,11 @@ fetchIntercept.register({
            // disables call to get_url endpoint and enables track url gen
            json.results.__DZR_GATEKEEPS__.use_media_service = false

-            json.results.PLAYER_TOKEN = playerTokenPatch(json.results.PLAYER_TOKEN)
-
            log(json)

            return new Response(JSON.stringify(json))
        }

-        if (response.url.startsWith('https://www.deezer.com/ajax/gw-light.php?method=log.listen')) {
-            const json = await response.json()
-
-            if (typeof json.results === 'string') {
-                json.results = playerTokenPatch(json.results)
-            }
-
-            return new Response(JSON.stringify(json))
-        }
-
        return response;
    },

@ -262,4 +209,75 @@ fetchIntercept.register({

        return Promise.reject(error);
    }
-});
+});
+
+worker_input = function(e) {
+    let json = e.data
+    if (typeof json !== 'object') {
+        json = JSON.parse(json)
+    }
+    //console.log("input", json)
+    input = json
+
+    if (json.message.md5) {
+        // track url gen
+
+        // decrypted track endpoint
+        json.message.cdn = 'https://cdns-proxy-{0}.dzcdn.net/api/1/'
+        worker.postMessage(JSON.stringify(json))
+        return
+    }
+    if (json.message.buffer) {
+        // track buffer decryption
+        // this code skips decryption entirely, since the track from the CDN is already unencrypted
+
+        let out = { message: { error: undefined } }
+        out['Symbol(PromisingWorker.id)'] = json['Symbol(PromisingWorker.id)']
+        out.message.result = json.message.buffer
+        //console.log("track buffer output", out)
+        postMessage(out)
+        return
+    }
+
+    worker.postMessage(e.data)
+}
+
+worker_output = function(e) {
+    let json = e.data
+    if (typeof json !== 'object') {
+        json = JSON.parse(json)
+    }
+
+    if (input) {
+        if (input.message.token && !input.message.id) {
+            // player token decryption
+
+            // enables 320/flac quality selection
+            json.message.result.audio_qualities.wifi_streaming = ['low', 'standard', 'high', 'lossless']
+            // disables previews
+            json.message.result.streaming = true
+
+            //console.log("player token output", json)
+            postMessage(JSON.stringify(json))
+            return
+        }
+    }
+
+    //console.log("output", json)
+    postMessage(e.data)
+}
+
+unsafeWindow.URL.createObjectURL = (function (old) {
+    return function (object) {
+        if (object instanceof Blob) {
+            let worker = `
+                let worker = new Worker('${old(object)}')
+                let input
+                worker.onmessage = ${String(worker_output)}
+                onmessage = ${String(worker_input)}
+            `
+            return old(new Blob([worker]))
+        }
+        return old(object);
+    };
+})(unsafeWindow.URL.createObjectURL);