Join us on Discord!
You can help CodeWalrus stay online by donating here.

Listen to MP3 files but not download them

Started by PT_, April 15, 2017, 05:00:57 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

p2

loading the audio isnt shown in network analysis and the difect mp3 link is a 404, impressive.
Should block like 80-90% of the attempts to rip that song.

I think I hate you now <_<

QuoteGET /yMmdahsVJBDfQMy/a.mp3 HTTP/1.1
Host: www.oefenfiles.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Referer: http://www.oefenfiles.nl/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
  • Calculators owned: ti-83+, ti-84+, ti-84+, ti-84+se, ti-84+se(te), ti-nsphire, ti-nsphire CAS, ti-nsphire CX-CAS, ti-voyage, ti-voyage, Who reads this list anyways...?
Anyway war sucks. Just bring us your food instead of missiles  :P ~ DJ Omnimaga (11.10.2016 20:21:48)
if you cant get a jframe set up, draw stuff to it, and receive input, i can only imagine how horrible your game code is _._   ~ c4ooo (14.11.2016 22:44:07)
If they pull a Harambe on me tell my family I love them ~ u/Pwntear37d (AssangeWatch /r/)
make Walrii great again ~ DJ Omnimaga (28.11.2016 23:01:31)
God invented the pc, satan the smartphone I guess ~ p4nix (16.02.2017 22:51:49)

_iPhoenix_

#16
Challenge accepted.
Can I try? O.o

EDIT: It took me a grand 5-20 min.

Not that it's your fault, I just looked up a script to do it for me :P
  • Calculators owned: Two TI-84+ CE's
Please spam here: https://legend-of-iphoenix.github.io/spam/

"walruses are better than tuxedo chickens, all hail the great :walrii:" ~ me
Evolution of my avatar:

Yuki

It took me 2 minutes. Disable Javascript (which contain a simple script to delete the mp3 once used) and get the page before it gets to redirect to the nojs page.

That or just use wget or curl to download the page and scrape the mp3 url from source.
  • Calculators owned: TI-83+ (dead?), Casio Prizm (also dead???)
  • Consoles, mobile devices and vintage computers owned: A lot
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron

if you wanna throw money at me and/or CodeWalrus monthly it's here

gameblabla

#18
Quote from: PT_ on May 01, 2017, 11:22:38 AM
Can someone try to get the mp3 from this website WITHOUT recording it? http://www.oefenfiles.nl/ :D (I made something which should prevent downloading it, hopefully ;) )
But have you even followed the link i gave you earlier ?
Because what you did right now is no different than just using the audio tag.

When i loaded your page with Noscript, right off the bat, i could download the MP3.
And i could look at the source to also get the link...

You did all of that for absolutely nothing.

Unless of course you set up a honeypot or something...
The music is "Allegro from Duet in C Major" right ?
  • Calculators owned: None (used to own an Nspire and TI-89)

Travis

#19
Yeah, that was pretty trivial. I just checked the page HTML source and found the MP3 link immediately. (It's violin music.)

You're trying to solve the same problem that the music industry has been trying to solve for ages via DRM (and mostly failing ;)). I think the big commercial movie and streaming sites use some sort of DRM-based encryption that requires special browser plugins and the like. I haven't researched those, so I have no idea how they work or how effective they are.

The best you can really do is make it so that it takes enough effort to get a raw download that most people won't go to the trouble, while realizing that if someone really wants it badly enough, they'll eventually find a way anyway. If you're serious about it, you should consider applying for registered copyright on the works so that you can legally prove copyright infringement if someone does pirate them.
  • Calculators owned: TI-81, TI-82, TI-85, TI-86, TI-89, TI-89 Titanium, 2 × HP 50g

bb010g

Here are a couple of uBlock filters to take out your protection:

! Simple direct page block
|www.oefenfiles.nl/delete.php|
! Block the whole script, because it only handles the delayed deletion
||www.oefenfiles.nl/*/script.js
! Hypotheticals:
! Let's say you moved to generating the removal script inline.
www.oefenfiles.nl##script:contains(remove)
! What if you generate the function name randomly too?
! I can take advantage of the fact that all your directory names are 15 characters long, and generate to have the proper name hard-coded.
www.oefenfiles.nl##script:contains([a-zA-Z]{15})
! If you move to grabbing from the DOM, I can check for getElementById calls. You're not gonna win.

On the side, http://www.oefenfiles.nl/nojs.php is a quick way to get me to stop using your website.

Just use Bandcamp. I know I'm personally more likely to stream and buy music from there than from some crappy site that hates me and doesn't let me preview music in the way I prefer. (If you haven't used Bandcamp's mobile app for streaming & discovery, it's pretty nice.) You'd need much heavier DRM.
People turn to piracy when purchasing isn't easy, or they're broke/complete smegheads. The people you will get money from appreciate services that let them quickly evaluate and buy what they want to buy. iTunes helped kill piracy not through their DRM, but through providing a regular & simple way to purchase digital music.
  • Calculators owned: HP 50g, Prime, 28S, 35S, Casio Prizm, dead Nspire CX CAS

Dream of Omnimaga

The only solution is to not use javascript at all nor anything that can be disabled on the client side. Or to use an established service, eg Bandcamp, even though that isn't 100% piracy-proof either

EDIT On a side note, is the play button supposed to be grayed out on your website?
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

p2

U could send the audio in tiiiiny packages which the client side software will then put together.
But everyone will hate you for it!
  • Calculators owned: ti-83+, ti-84+, ti-84+, ti-84+se, ti-84+se(te), ti-nsphire, ti-nsphire CAS, ti-nsphire CX-CAS, ti-voyage, ti-voyage, Who reads this list anyways...?
Anyway war sucks. Just bring us your food instead of missiles  :P ~ DJ Omnimaga (11.10.2016 20:21:48)
if you cant get a jframe set up, draw stuff to it, and receive input, i can only imagine how horrible your game code is _._   ~ c4ooo (14.11.2016 22:44:07)
If they pull a Harambe on me tell my family I love them ~ u/Pwntear37d (AssangeWatch /r/)
make Walrii great again ~ DJ Omnimaga (28.11.2016 23:01:31)
God invented the pc, satan the smartphone I guess ~ p4nix (16.02.2017 22:51:49)

Dream of Omnimaga

Do you mean requiring a phone or desktop app to download audio from a website? I am subscribed to a music concert news website called Bandapp that requires an Android app in order to read my messages and I hate that. X.x
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

_iPhoenix_

You could perhaps encrypt the data to another format (i.e. a string), then read off tiny chunks to play it.
  • Calculators owned: Two TI-84+ CE's
Please spam here: https://legend-of-iphoenix.github.io/spam/

"walruses are better than tuxedo chickens, all hail the great :walrii:" ~ me
Evolution of my avatar:

kotu

Quote from: _iPhoenix_ on April 15, 2017, 09:43:09 PM
Also, you cannot stop me if I play it and record it (using a different device) while it is playing.

If you know someone is doing that to your music, you are a stalker with no life.

Or you can record it on the same PC by fiddling with  your soundcard settings and using a Wave Editor like Audacity or Soundforge.  8)
  • Calculators owned: TI 84+CE-T
  • Consoles, mobile devices and vintage computers owned: Sega Master System, Sony PlayStation 3
SUBSCRIBE TO THE FUTURERAVE.UK MAILING LIST
http://futurerave.uk

p2

Quote from: _iPhoenix_ on May 10, 2017, 07:33:39 PM
You could perhaps encrypt the data to another format (i.e. a string), then read off tiny chunks to play it.
NEVER put too much processing, like decrypting only for such purposes, on the client side (actually nor the server side), it's like the worst style of web dev ever x.x
You only do lots of client side processing if it's really necessary and inevitable.

many sites (for exsample german news sites) split their videos in 5sec fragments and lead them all and make the player turn them into one again. so while watching u dont notice, but if u want to download it... x.x
u can easily download the movie, but it's gonna be a few hundred separate tiny files which u would have to put together using a video cut software, the amount of work is really insame! (actually did thart once, but only once!)

using that method the amount of processing required is much smaller while the effect on pirates is huge, noone wants to download it there xD
  • Calculators owned: ti-83+, ti-84+, ti-84+, ti-84+se, ti-84+se(te), ti-nsphire, ti-nsphire CAS, ti-nsphire CX-CAS, ti-voyage, ti-voyage, Who reads this list anyways...?
Anyway war sucks. Just bring us your food instead of missiles  :P ~ DJ Omnimaga (11.10.2016 20:21:48)
if you cant get a jframe set up, draw stuff to it, and receive input, i can only imagine how horrible your game code is _._   ~ c4ooo (14.11.2016 22:44:07)
If they pull a Harambe on me tell my family I love them ~ u/Pwntear37d (AssangeWatch /r/)
make Walrii great again ~ DJ Omnimaga (28.11.2016 23:01:31)
God invented the pc, satan the smartphone I guess ~ p4nix (16.02.2017 22:51:49)

Travis

Quote from: p2 on May 10, 2017, 10:41:55 PM
many sites (for exsample german news sites) split their videos in 5sec fragments and lead them all and make the player turn them into one again. so while watching u dont notice, but if u want to download it... x.x
u can easily download the movie, but it's gonna be a few hundred separate tiny files which u would have to put together using a video cut software, the amount of work is really insame! (actually did thart once, but only once!)

That would be quite possible to automate via a script and the right tools, but it's true that most people likely wouldn't bother. Just remember that it still wouldn't necessarily stop someone who really wanted to pirate it.
  • Calculators owned: TI-81, TI-82, TI-85, TI-86, TI-89, TI-89 Titanium, 2 × HP 50g

_iPhoenix_

#28
Overdoing it is always an option.
Unless it's a calculator. Then you cannot afford to.
I should add this to my conceited quotes thread

Perhaps take the encrypted string and cut it up into 1 bit fragments and store them in random places on the site, but making them inaccessible to mortals.
In fact, why even stick to the same domain! Store it on every site you can!

kk I'm done now.
dammit I was ninja'd by Travis. By < 10 seconds, too
  • Calculators owned: Two TI-84+ CE's
Please spam here: https://legend-of-iphoenix.github.io/spam/

"walruses are better than tuxedo chickens, all hail the great :walrii:" ~ me
Evolution of my avatar:

Dream of Omnimaga

Quote from: p2 on May 10, 2017, 10:41:55 PM
Quote from: _iPhoenix_ on May 10, 2017, 07:33:39 PM
You could perhaps encrypt the data to another format (i.e. a string), then read off tiny chunks to play it.
NEVER put too much processing, like decrypting only for such purposes, on the client side (actually nor the server side), it's like the worst style of web dev ever x.x
You only do lots of client side processing if it's really necessary and inevitable.

many sites (for exsample german news sites) split their videos in 5sec fragments and lead them all and make the player turn them into one again. so while watching u dont notice, but if u want to download it... x.x
u can easily download the movie, but it's gonna be a few hundred separate tiny files which u would have to put together using a video cut software, the amount of work is really insame! (actually did thart once, but only once!)

using that method the amount of processing required is much smaller while the effect on pirates is huge, noone wants to download it there xD
It needs to be cross-platform compatible, though. It would suck if just for the sake of being secure and piracy-proof, the MP3 could only be streamed from 1 single browser.
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

Powered by EzPortal