Update protobuf definitions and endpoints to use current official client ones. #734
Replies: 18 comments 56 replies
-
|
One note: The best gRPC library in Rust is probably tonic (from the tokio stack). It uses prost instead of protobuf, so it might be better to switch. |
Beta Was this translation helpful? Give feedback.
-
|
Never done that so I can't promise I can help, but I might give it a try, it sounds interesting! Is there a place where you (and others) will be uploading your findings? |
Beta Was this translation helpful? Give feedback.
-
|
Ok, so what I'm going to do is dedicate a comment to each endpoint that I reverse. I'll attach screenshots of the decoded protobufs (request/response) where it may be helpful, and reference the endpoint, along with the proto definitions. The proto files I'm using I extracted earlier, available here. The proto descriptor is useful for anyone looking to do their own poking around, uploaded here. Alternatively, you can compile if from the proto definitions above using a variant of the command:
|
Beta Was this translation helpful? Give feedback.
-
Extended Metadata Endpoint (Protobuf)Endpoint: Proto definitions (refer to
Decoded Request Screenshot
Decoded Response Screenshot
|
Beta Was this translation helpful? Give feedback.
-
User Customisation Endpoint (Protobuf)Endpoint: Proto definitions (refer to
NotesI didn't think much of ths endpoint initially, it seemed to just be a bunch of A/B test flags, but on closer inspection, it appears to carry a bunch of possibly useful information. Besides feature flags (one of which is Spotify HiFi), it has buffer parameters, prefetch configuration, account status and permissions, api base urls, etc. Instead of a screenshot, I've posted the request/response json below (converted from protobuf) Request PayloadResponse Payload |
Beta Was this translation helpful? Give feedback.
-
Connect State EndpointEndpoint: Proto definitions (
NotesTo implement the repeat single/context functonality on the client, one needs to look at the
Also, there are some other fields within the device message such as The device-state endpoint needs quite a bit more exploration, and probably warrants a thread of its own, as it seems to be the bucket into which Spotify is dumping most of the player state used when syncing up devices. |
Beta Was this translation helpful? Give feedback.
-
|
The request is not encrypted, you might be seeing the gzipped version if it starts with |
Beta Was this translation helpful? Give feedback.
-
The comma-separated values probably map to Spotify's loudness levels. This is old documentation from the net:
Currently Spotify only documents the LUFS value and no longer the dB gain. Where dB is assumed to be dBFS and LUFS is k-weighted. So the documentation above is indicative but not necessarily normative. If you add 3 dB to the comma-separated you're more-or-less meeting the indicative documented values. I'd have to think harder what the first "1" and last "-2.0" indicate. Taking a guess: "1" for the scheme version number and "-2.0" for the -2 dB true peak that Spotify targets. @sashahilton00 general question: so I understand |
Beta Was this translation helpful? Give feedback.
-
|
Ping me if you need any help. |
Beta Was this translation helpful? Give feedback.
-
|
@roderickvd that's a good question. From the issue emails I've been getting from librespot-java, it looks like @devgianlu and co. have put quite a bit of work into reverse engineering chunks of the new API, hence in some cases the stuff I post here has likely been reverse engineered in part or fully over at librespot-java. @devgianlu would be best placed to answer the question of what has been reverse engineered that we can use, something of note is the dealer endpoint, which if we want to support group listening at some point, will need to be added, as thisis where group listening context seems to be published to. Other than that, it just sends pingpong requests unless I am missing something. My reverse engineering is simply me capturing and examining the network traffic between desktop <-> Spotify, so what I post should be useful enough as a reference, but in terms of what we focus on, we should probably look to discussions and their upvotes, along with features that we thnk are going to be increasingly important when working out what to prioritise. In my mind, there are a few things that are must haves before the library hits
Besides the above, there are other things that would be 'nice to have', but are by no means essential. Things like extended metadata can be added in later versions, the above is just some of the stuff which I think is required for it to be released as stable. If people have a different view, I'm open to changing my mind. In the meantime, I will keep documenting the protocols when I have a moment and adding them here, since it's just grunt work that I can do when I have an hour or two spare. Anyone else feel free to do the same. |
Beta Was this translation helpful? Give feedback.
-
Just don't hurry, in the end no one cares whether it's librespot 0.x.y or librespot 1.x.y they use.
I never meant it this way. Even with a few backends less, the Actually I don't care how this separation is executed. It could even mostly stay as is, except for the Other options could be:
What makes not much sense imo is just splitting a few backends off but keeping basic functionality. It wouldn't remove that much burden from librespot. Especially, having two different applications doing basically the same thing, but one with fewer backends, seem like an unnecessary duplication. (I could even imagine having no standalone librespot anymore, but this is more a question of organization and naming than anything else) I hope I was able to explain my point of view. |
Beta Was this translation helpful? Give feedback.
-
|
Looking back, the above is a bit of a roaming response, but hopefully it provides some clarification on why I'm spending the time to examine the latest protocols and the overall direction that I'm working to as a basis. |
Beta Was this translation helpful? Give feedback.
-
Yes I appreciate it. In fact great to get some guidance, have a list of tasks that we can split up. I mean just hold my beer for the backends, but for this new API I'm still unsure what to do or where to start. So really just set me up with something and I'll be keen to get on it. I even suggest organising a meeting on chat or heck even video to identify and divide up the work. I'm all game.
Assuming the goal is to reach feature-parity with official Spotify clients, then I'd say yes (regardless of being targeted for 1.0.0 or sometime later).
For this and other audio and playback points, it would be great if someone could merge #692. I'll then first play catch-up with the PR's concerning dithering and volume control (they're now diverging). Then I can continue on these other points.
I agree, I don't there's anything in Rodio that we need over cpal. @Johannesd3 wrote a quick draft at https://gist.github.com/Johannesd3/920dd5558ca04142c81ff022c5daa95a, it shouldn't take too long to get this up to spec.
Again I can take this on having merged #692.
I think @Johannesd3 is now the king of threads 😉
For sure!
When all this decoupled into the I know I supported the idea previously but thinking about it objectively, I'm starting to doubt it.
It'd be nice to map things out. Could even do release management in GitHub. |
Beta Was this translation helpful? Give feedback.
-
Client Token Endpoint (Protobuf)Endpoint: Proto Definitions missing. NotesThis endpoint is where the client token is retrieved from, which is subsequently used in a multitude of requests. The request/response are shown below. Further investigation is required to determne the proto definitions, which will be updated accordingly in the request/response once discovered.
RequestResponse |
Beta Was this translation helpful? Give feedback.
-
You are right, they should be updated
Yes, thank you, also that's my version too
here's the java/go versions and cpp ver #include <iostream>
#include <cstring>
#include <chrono>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/sha.h>
#ifdef _WIN32
#define __bswap_64(x) _byteswap_uint64(x)
#endif // _WIN32
#define arr2long(x) *reinterpret_cast<unsigned long long *>(x)
void convertToCharArray(unsigned char *arr, long long a)
{
int i = 0;
for (i = 0; i < 8; ++i)
{
arr[i] = (unsigned char)((((unsigned long long)a) >> (56 - (8 * i))) & 0xFFu);
}
}
int solveHashCash(unsigned char *ctx, size_t ctx_len, unsigned char *prefix, size_t prefix_len, int length, unsigned char *dst, std::chrono::duration<int64_t, std::micro>::rep &elapsed)
{
unsigned char md[20];
SHA1(ctx, ctx_len, md); // SHA1("")
unsigned char concat[16];
std::chrono::steady_clock::time_point begin = std::chrono::steady_clock::now();
unsigned long long counter = 0LL;
unsigned long long target = __bswap_64(arr2long(md + 12));
do
{
convertToCharArray(&concat[0], (target + counter));
convertToCharArray(&concat[8], (counter));
SHA_CTX ctx;
SHA1_Init(&ctx);
SHA1_Update(&ctx, prefix, 16);
SHA1_Update(&ctx, concat, 16);
SHA1_Final(md, &ctx);
counter++;
// } while ((__bswap_64(array2long(md + 12)) & ~(-1 << length)) != 0);
} while (!(__builtin_ctz(__bswap_64(arr2long(md + 12))) >= length));
elapsed = std::chrono::duration_cast<std::chrono::nanoseconds>(std::chrono::steady_clock::now() - begin).count();
memcpy(dst, concat, 16);
return 16;
}
int length = 999;
unsigned char prefix[16] = {0xff, 0xdf, ...};
unsigned char dst[16];
std::chrono::duration<int64_t, std::micro>::rep elapsed;
int len = solveHashCash(NULL, 0, prefix, 16, length, dst, elapsed);
for (size_t count = 0; count < sizeof dst / sizeof *dst; count++)
printf("%02x", dst[count]);
printf("\nelapsed: %ld\n\n", elapsed);
whatever you prefer, SHA1 |
Beta Was this translation helpful? Give feedback.
-
|
@StefanV85 you're pinging me but isn't everything you're asking already implemented in @SuisChan kind of you to offer the help. With regards to the updated protobuf, isn't most of that in https://github.com/librespot-org/librespot/blob/new-api/protocol/proto/connectivity.proto already? Extracted from 1.1.33.569 around June last year. I did a protobuf update last month from 1.1.73.517 but that didn't have it. If you've got a newer one to share, a PR for |
Beta Was this translation helpful? Give feedback.
-
Almost, one of the minor changes is adding NativeWindowsData (partially) and changing NativeAndroidData to be compatible with mobile client_token requests, and it's not newer, just rewritten ) |
Beta Was this translation helpful? Give feedback.
-
Also I have plans to create a PR with Grain / HC (Fingerprint / PoWScheme) implementation, but since this is part of the old API does it make sense? |
Beta Was this translation helpful? Give feedback.
-
|
I don't know? What would this bring to the table? |
Beta Was this translation helpful? Give feedback.
-
|
I thought it already was, just realised it's still in issues. Will move it. |
Beta Was this translation helpful? Give feedback.
-
|
Just FYI, many endpoints do not like getting gzipped content and will return 400. |
Beta Was this translation helpful? Give feedback.
-
|
OK guys I'm eager to take this on but am going to need a bit of initiation. I looked at librespot-org/librespot-java#105 but from where I'm at it's overwhelming. Where do I start without turning this into an endless break-fest? Really please set me up with some clear and bounded tasks, I'm happy to take them on. I'll likely become more self-sufficient fast but for now I just don't know where to start. |
Beta Was this translation helpful? Give feedback.
-
|
@Johannesd3 try starting a group session and you'll see activity |
Beta Was this translation helpful? Give feedback.
-
|
Sorry for inconvenience, but I printed it to stdout while looking at stderr. |
Beta Was this translation helpful? Give feedback.
-
|
So, here's my first attempt of websocket support: https://github.com/Johannesd3/librespot/tree/new-api/core/src/dealer
Thanks for your help! |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
|
@Johannesd3 great going man. I suggest we make a @devgianlu well gzipping spurious messages whilst streaming hundreds kbps of music does seem like over-optimization 😆 but might as well be a good netizen. |
Beta Was this translation helpful? Give feedback.
-
|
@devgianlu I'm dipping my toes porting the new Spotify API from |
Beta Was this translation helpful? Give feedback.
-
|
librespot-java is getting |
Beta Was this translation helpful? Give feedback.
-
|
Having dumped all Mercury packets I get (so even without subscribing, like you say "it should just arrive") all that arrives on connection is "hm://remote/user/xxx/" and then "hm://metadata/3/track/xxx". |
Beta Was this translation helpful? Give feedback.
-
|
Just to be clear this is without the websocket. When you said "you should be able to get it even through Hermes" I thought that would be possible and a nice intermediate step before doing the dealer. But if it doesn't work that way then onto the websocket dealer it is. |
Beta Was this translation helpful? Give feedback.
-
|
|
Beta Was this translation helpful? Give feedback.
-
|
No not new, |
Beta Was this translation helpful? Give feedback.
-
|
For reference this is today's <?xml version='1.0' encoding='utf-8'?>
<products>
<product>
<type>premium</type>
<ab-ad-player-targeting>1</ab-ad-player-targeting>
<ab-android-push-notifications>1</ab-android-push-notifications>
<ab-browse-music-tuesday>1</ab-browse-music-tuesday>
<ab-collection-bookmark-model>1</ab-collection-bookmark-model>
<ab-collection-followed-artists-only>0</ab-collection-followed-artists-only>
<ab-collection-hide-unavailable-albums>0</ab-collection-hide-unavailable-albums>
<ab-collection-offline-mode>0</ab-collection-offline-mode>
<ab-collection-union>1</ab-collection-union>
<ab-desktop-hide-follow>0</ab-desktop-hide-follow>
<ab-mobile-discover>0</ab-mobile-discover>
<ab-mobile-running-onlymanualmode>only-manual</ab-mobile-running-onlymanualmode>
<ab-mobile-running-tempo-detection>Control</ab-mobile-running-tempo-detection>
<ab-mobile-social-feed>1</ab-mobile-social-feed>
<ab-mobile-startpage>0</ab-mobile-startpage>
<ab-moments-experience>0</ab-moments-experience>
<ab-new-share-flow>0</ab-new-share-flow>
<ab-play-history>0</ab-play-history>
<ab-sugarpills-sanity-check>0</ab-sugarpills-sanity-check>
<ab-test-group>705</ab-test-group>
<ab-watch-now>0</ab-watch-now>
<ab_recently_played_feature_time_filter_threshold>com.spotify.gaia=30,driving-mode=120,spotify%3Ainternal%3Astartpage=30</ab_recently_played_feature_time_filter_threshold>
<ad-formats-preroll-video>0</ad-formats-preroll-video>
<ad-formats-video-takeover>0</ad-formats-video-takeover>
<ad-persist-reward-time>0</ad-persist-reward-time>
<ad-session-persistence>1</ad-session-persistence>
<ads>0</ads>
<allow-override-internal-prefs>0</allow-override-internal-prefs>
<ap-resolve-pods>0</ap-resolve-pods>
<app-developer>0</app-developer>
<arsenal_country>1</arsenal_country>
<audio-preview-url-template>https://p.scdn.co/mp3-preview/{id}</audio-preview-url-template>
<browse-overview-enabled>1</browse-overview-enabled>
<buffering-strategy>2</buffering-strategy>
<buffering-strategy-parameters>0.8:0.2:0.0:0.0:0.0:0.0:1.0:10:10:2000:10000:10485760</buffering-strategy-parameters>
<capper-profile></capper-profile>
<capping-bar-threshold>3601</capping-bar-threshold>
<catalogue>premium</catalogue>
<collection>1</collection>
<enable-annotations-read>0</enable-annotations-read>
<enable-autostart>1</enable-autostart>
<enable-crossfade>1</enable-crossfade>
<enable-gapless>1</enable-gapless>
<expiry>1</expiry>
<explicit-content>1</explicit-content>
<fb-grant-permission-local-render>0</fb-grant-permission-local-render>
<fb-info-confirmation>control</fb-info-confirmation>
<financial-product>pr:premium,tc:0,rt:v2_NL_default_new-family-master_14.99_EUR_default</financial-product>
<head-file-caching>1</head-file-caching>
<head-files>1</head-files>
<head-files-url>http://heads4-ak.spotify.com.edgesuite.net/head/{file_id}</head-files-url>
<high-bitrate>1</high-bitrate>
<image-url>https://i.scdn.co/image/{file_id}</image-url>
<incognito_mode_timeout>21600</incognito_mode_timeout>
<india-experience>0</india-experience>
<instant-search>0</instant-search>
<instant-search-expand-sidebar>0</instant-search-expand-sidebar>
<is_email_verified>1</is_email_verified>
<is_maybe_in_social_session>0</is_maybe_in_social_session>
<key-caching-max-count>10000</key-caching-max-count>
<key-caching-max-offline-seconds>1800</key-caching-max-offline-seconds>
<lastfm-session></lastfm-session>
<libspotify>1</libspotify>
<license-acceptance-grace-days>30</license-acceptance-grace-days>
<license-agreements></license-agreements>
<local-files-import>0</local-files-import>
<metadata-link-lookup-modes>0</metadata-link-lookup-modes>
<mobile>1</mobile>
<mobile-browse>0</mobile-browse>
<mobile-login>1</mobile-login>
<mobile-payment>0</mobile-payment>
<name>Spotify Premium</name>
<network-operator-premium-activation>1</network-operator-premium-activation>
<nft-disabled>1</nft-disabled>
<npt-disabled>2</npt-disabled>
<offline>1</offline>
<on-demand>1</on-demand>
<pause-after>0</pause-after>
<payment-state></payment-state>
<payments-cancel-state-interstitial>0</payments-cancel-state-interstitial>
<payments-initial-campaign>default</payments-initial-campaign>
<payments-latest-reusable-provider>adyen_ideal;2020-06-02</payments-latest-reusable-provider>
<payments-locked-state>0</payments-locked-state>
<player-license>premium</player-license>
<playlist-annotations-markup>0</playlist-annotations-markup>
<playlist-folders>1</playlist-folders>
<preferred-locale>nl-nl</preferred-locale>
<prefetch-keys>1</prefetch-keys>
<prefetch-strategy>8</prefetch-strategy>
<prefetch-window-max>2</prefetch-window-max>
<public-toplist>1</public-toplist>
<publish-activity>1</publish-activity>
<publish-playlist>1</publish-playlist>
<radio>1</radio>
<remote-control>0</remote-control>
<send-email>1</send-email>
<shows-collection>0</shows-collection>
<shows-collection-jam>0</shows-collection-jam>
<shuffle>0</shuffle>
<shuffle-algorithm>1</shuffle-algorithm>
<sidebar-navigation-enabled>0</sidebar-navigation-enabled>
<storage-size-config>10240,90,500,3</storage-size-config>
<streaming>1</streaming>
<streaming-rules></streaming-rules>
<taste-onboarding-disabled>0</taste-onboarding-disabled>
<track-cap>0</track-cap>
<ugc-abuse-report>0</ugc-abuse-report>
<ugc-abuse-report-url>https://support.spotify.com/abuse/?uri={uri}</ugc-abuse-report-url>
<unrestricted>1</unrestricted>
<use-fb-publish-backend>2</use-fb-publish-backend>
<use-pl3>0</use-pl3>
<use-playlist-uris>0</use-playlist-uris>
<user-profile-show-invitation-codes>0</user-profile-show-invitation-codes>
<video-cdn-sampling>1</video-cdn-sampling>
<video-device-blacklisted>0</video-device-blacklisted>
<video-initial-bitrate>200000</video-initial-bitrate>
<video-keyframe-url>http://keyframes-fa.cdn.spotify.com/keyframes/v1/sources/{source_id}/keyframe/heights/{height}/timestamps/{timestamp_ms}.jpg</video-keyframe-url>
<video-manifest-url>https://spclient.wg.spotify.com/manifests/v3/{type}/sources/{source_id}</video-manifest-url>
<video-wifi-initial-bitrate>800000</video-wifi-initial-bitrate>
<wanted-licenses></wanted-licenses>
<widevine-license-url>https://spclient.wg.spotify.com/widevine-license/v1/video/license</widevine-license-url>
</product>
</products> |
Beta Was this translation helpful? Give feedback.
-
|
i'm working on an other project. but this thread helps me a lot. thank you very much. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks. You might also be interested in #917. |
Beta Was this translation helpful? Give feedback.
-
|
Connecting as a client, I see more messages being pushed, like these ones when you favourite songs: When you create a playlist and add a track to it, remove one, rename it: I can't remember what this was, I think they arrived seemingly randomly as I was just playing a track: |
Beta Was this translation helpful? Give feedback.
-
Over the course of the past few years, Spotify has updated it's protobufs several times, along with its endpoints. This was to be expected as they continued to add functionality, nonetheless librespot is now pretty significantly diverged from the protobuf definitions that are in use in the official clients, and possibly at higher risk of experiencing issues with endpoints being depreciated at short notice, such as the recent issues Facebook login flow (admittedly not due to protobuf definition issues though).
Furthermore, newer functionality such as canvas, context management, streaming groups, etc. is implemented in the newer
proto3definitions, attached below.Given that Spotify is slowly standardising to HTTP/Websockets/GRPC transports, and moving away from Hermes, it may be good for this project in the long run if we were to try to follow suit. To this end, further reverse engineering of the current endpoints that are in use will need to be carried out, and the existing code updated where necessary. As a side effect of this, my gut tells me that a number of the smaller issues/feature requests (eg. repeat functionality only partially working, more 'spotify-like' normalization, etc.) will be easier to implement once we are using their up to date APIs.
I will start investigating when I get some free time, and add to this comment accordingly with any findings that I turn up. Anyone else is also invited to crack out
spotify-dissectand start digging through the network traffic. If the log of notes starts to become unwieldy we can always form some sort of to-do list or stick the information in a wiki page temporarily.The latest protobufs: spotify_protobufs.zip
Beta Was this translation helpful? Give feedback.
All reactions