Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

Pandora

Name: Anonymous 2008-01-24 20:22

# pandora.com v15 xmlrpc encrypt/decrypt routines
# for data sent to /radio/xmlrpc/v15 in a POST
# usage:
#   _xmlrpc_request_ = pandora_decrypt(_POST_data_)
#   _POST_data_ = pandora_encrypt(_xmlrpc_request_)

P = [0x62b25781, 0x36c6e49e, 0x79cecc68, 0x16a94f4, 0xb23506e5, 0xf3209930, 0x31cc9e6f, 0xf9c1c6f, 0x3ada9d11, 0xf8b18ccf, 0x8788eb, 0x3433eb64, 0x1bccf5a3, 0xdf91b435, 0xa50ea6fa, 0x8c069dcc, 0x1ff83b56, 0xa75abeba]

S = [[],[],[],[]]

S[0] =see post >>2

S[1] =see post >>3

S[2] =see post >>4

S[3] =see post >>5

def blowfish_round_function(XL):
    F = S[0][XL>>24]
    F += S[1][(XL>>16)&0xff]
    F &= 0xffffffff
    F ^= S[2][(XL>>8)&0xff]
    F += S[3][XL&0xff]
    F &= 0xffffffff
    return F

def blowfish_block_decrypt(XL, XR):
    for i in xrange(17, 1, -1):
            XL ^= P[i]
            XR ^= blowfish_round_function(XL)
            XL, XR = XR, XL
    XL, XR = XR, XL
    XR ^= P[1]
    XL ^= P[0]
    return [XL, XR]

def blowfish_block_encrypt(XL, XR):
    for i in xrange(16):
            XL ^= P[i]
            XR ^= blowfish_round_function(XL)
            XL, XR = XR, XL
    XL, XR = XR, XL
    XR ^= P[16]
    XL ^= P[17]
    return [XL, XR]

def blowfish_intlist_decrypt(Li):
    Lo = []
    for i in xrange(0, len(Li), 2):
        Lo.extend(blowfish_block_decrypt(Li[i], Li[i+1]))
    return Lo

def blowfish_intlist_encrypt(Li):
    Lo = []
    for i in xrange(0, len(Li), 2):
        Lo.extend(blowfish_block_encrypt(Li[i], Li[i+1]))
    return Lo

def hexstr_to_intlist(H):
    L = []
    Hl = len(H)
    Hm = Hl%8
    for i in xrange(0, Hl-Hm, 8):
        L.append(int(H[i:i+8],16))
    if Hm > 0:
        L.append(int(H[Hl-Hm:]+('0'*(8-Hm)),16))
    return L

def intlist_to_hexstr(L):
    H = ""
    for I in L:
        s = hex(I).replace('0x','').replace('L','')
        H += ('0'*(8-len(s)))+s
    return H

def str_to_intlist(S):
    L = []
    Sl = len(s)
    Sm = Sl%4
    if Sm > 0:
        S += chr(0)*(4-Sm)
    for i in xrange(0, len(S), 4):
        L.append((ord(S[i])<<24)+(ord(S[i+1])<<16)+(ord(S[i+2])<<8)+ord(S[i+3]))
    return L

def intlist_to_str(L):
    S = ""
    for I in L:
        S += chr(I>>24&0xff)+chr(I>>16&0xff)+chr(I>>8&0xff)+chr(I&0xff)
    return S

def pandora_encrypt(S):
    return intlist_to_hexstr(blowfish_intlist_encrypt(str_to_intlist(S)))

def pandora_decrypt(H):
    return intlist_to_str(blowfish_intlist_decrypt(hexstr_to_intlist(H)))

Name: Anonymous 2008-02-16 21:56

Anyone?

Name: Anonymous 2008-02-16 22:10

Could someone here in the US do me a favour,
do me a favour,
favour
Sorry...in the US, we only do favors.

Name: Anonymous 2008-02-16 22:19

Also, the form doesn't do anything.  It said the instructions "have been successfully sent" several minutes ago, but nothing showed up on my phone.

Name: Anonymous 2008-02-16 22:21

>>123
Showed up right after I posted.

From:pandora-support@pandora.com
Subject: Pandora Trial Download
To download Pandora, press Options and select Go.
http://www.pandora.com/sprint

Name: Anonymous 2008-02-16 22:38

Umh, user agent spoofing isn't working for me. Are they checking if the requests come from Sprint/AT&T owned IP ranges?

Also, AT&T URL is, obviously http://www.pandora.com/att.

Name: Anonymous 2008-02-16 22:53

>>125
The built-in browser sends a key in the headers that the site can use to verify (and identify) the source if they have a contract with Sprint.  Viewing the page with that browser yields a jar/jad download link, but I can't extract the URL.  Viewing with Opera on the same phone shows the regular page.

Name: Anonymous 2008-02-16 23:01

>>126
What's the header name? Filling it with a random string should be enough to fool Pandora.

Name: Anonymous 2008-02-16 23:15

>>127
ClientID.  And it's [a-zA-Z]{12}@sprintpcs.com.

Unfortunately I've tried copying the exact headers my phone sends into a netcat session, and all I get is "Sorry.  Pandora does not support your device."

Name: Anonymous 2008-02-16 23:39

we need an anonymous reverse engineering board.

Name: Anonymous 2008-02-16 23:50

>>126
Can you spoof the headers in Opera somehow?

Name: Anonymous 2008-02-16 23:52

Well, there's always http://update.slimdevices.com/update/firmware/ to look at too. Some of those firmwares support streaming from Pandora.

Name: Anonymous 2008-02-17 7:22

>>129
This.

Name: Anonymous 2008-02-17 8:41

>>131
It's not done in the firmware, it's in the Squeezecenter software that runs on a separate PC. And it doesn't connect directly to Pandora, it goes through the Squeezenetwork web service.

You can download the source code at http://www.slimdevices.com/downloads/nightly/ and see for yourself (look at Slim\Plugin\Pandora and Slim\Networking), but I'm pretty sure it's a dead end.

Name: Anonymous 2008-02-17 9:12

>>126
If you download the file using that link, can you then copy it from your phone to your PC?

Name: Anonymous 2008-02-17 9:38

>>134
Nope.  No way to access application storage.  It's part of the J2ME security model.

I'll try whipping up a Java app later to spoof the request on the phone.

Name: Anonymous 2008-02-26 6:51

>>129,132
http://rechan.da.ru/gorp/

Name: Anonymous 2008-02-26 14:13

>>136
Shitty board wasshoi

Name: Anonymous 2008-02-26 16:45

XML Parsing Error: not well-formed
Location: http://rechan.da.ru/prog/
Line Number 1, Column 11543:

ENTERPRISE PIG DISGUSTING etc...

Name: Anonymous 2008-04-06 17:17

It's now v18, but the blowfish boxes and API is still the same. The changes to the flash player were just cosmetic, as far as I can tell.

Name: Anonymous 2008-04-06 22:29

>>139
A /gorp/ has appeared now.

Name: Anonymous 2008-04-07 12:08

>>140
Yes, but it's rubbish.

Name: Anonymous 2008-04-24 8:14

So, did anyone ever make anything useful out of all this?

Name: Anonymous 2008-04-24 8:20

>>142
/prog/ make something useful..? lol
Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -