Unofficial Spotify Client for the Nintendo Switch (PoC)

(gbatemp.net)

162 points | by mogery 587 days ago

12 comments

  • lovingCranberry 587 days ago
    I tried to create a spotify client for the nintendo switch as my very first rust project. I initially wanted to use librespot as a backend. I gave up pretty quickly, things just went over my head and got too complex.

    Congrats to Mogery for releasing this!

    • mogery 587 days ago
      Thanks!

      Yeah, Rust and the Switch don't mesh together very well, at least for now. I was tempted to take that route also, but I ended up reimplementing librespot in C instead, which serves as the backend for this.

  • quenix 587 days ago
    I was under the impression that all audio Spotify serves is heavily DRM-ed and can only play with special hardware decoders which respect the DRM?

    How did was this person able to play the encrypted audio? Does this not let them effectively rip music from Spotify?

    • mogery 587 days ago
      Spotify DRM is basically security through obscurity. It's just AES-128-CTR over a plain old OGG file. The tricky part is figuring out the extremely odd protocol you have to request audio keys and track data through. That's all.
      • seabrookmx 587 days ago
        Sounds similar to many encrypted HLS streams you see on the internet.

        If you're savvy enough to watch the network tab in the browser devtools, you can grab the key and easily decrypt and assemble the chunks. You can even find reference implementations on github (hls.js for instance).

    • oceanplexian 587 days ago
      The DRM has been broken for years, and is still broken (I personally wrote a Rust client to grab music from Spotify in .ogg format) but their lawyers rabidly take down any reference to decrypting it on Github or anywhere else, because well, the implication.
      • arthurcolle 587 days ago
        A funny IASIP reference, you love to see it
    • matthewmacleod 587 days ago
      It's not, really – AFAIK the audio is just AES-encypted with a per-session key that you get when logging in (but it's been a long time since I looked). There are a bunch of open implementations, like https://github.com/librespot-org/librespot – I guess it's kind of an open secret that you could rip music if you really wanted to, and you certainly used to be able to do that with libspotify when it was still around. I imagine the lawyers will come for you if you're silly enough to bang on about it.

      Certainly there's no need for "special hardware decoders" – Spotify works on loads of devices that have no support for that kind of thing.

      • BonoboIO 587 days ago
        Does Spotify watermark their streams?
        • OccamsMirror 587 days ago
          They would be silly not to!
          • slim 586 days ago
            They would be silly if they do. That music is not their property and they have no exclusivity. Why would they care if it gets distributed elsewhere?
    • sneakymichael 587 days ago
      Just some context: Spotify's official iOS library used to serve streaming [unencrypted, 'raw'] PCM data to the app for playback[1]

      "The good old days"

      [1] Trace of this, from 2013: https://stackoverflow.com/questions/20614360/does-the-libspo...

    • OJFord 587 days ago
      I don't know how special those decoders could be, obviously not Spotify-specific. Unofficial clients that want to stick around tend to require a premium account, libspotify/spotifyd on Linux for example.
    • svnpenn 587 days ago
      You can download L3 CDM from GitHub, or even dump your own using wvdumper/dumper. Then its just a matter of making a request to Spotify License server, which returns key for decrypting.
    • cVaqw7V34imZ8yL 587 days ago
      Does your PC or phone have special hardware decoders from Spotify?

      Can you play Spotify on your PC or phone?

      • gambiting 586 days ago
        I mean, both your PC and your phone will have special DRM-compliant hardware decoders available. Whether Spotify is using those or not is another question, but yes, the CPUs in phones/PCs are equipped to decrypt DRM-secured content.

        (one "interesting" case around that was that some OnePlus phones couldn't play netflix in resolutions higher than 480p, because despite the Snapdragon chip supporting the DRM format required for higher resolutions, OnePlus never paid the licence to use it - so their phones couldn't decrypt the video. They did relent later and said they will enable the functionality for users who send in their phones, and it can only be flashed in person at their service centre, not via an OTA update. I always wondered how many people have done that)

      • quenix 585 days ago
        Yes, my PC and phone most definitely do.
    • micromacrofoot 587 days ago
      they just need to be a less convenient way to pirate music and no one will really bother, a lot of popular music gets pirated before it even hits Spotify anyway
  • AdmiralAsshat 587 days ago
    Score one for gbatemp still being around. Don't think I've thought of them since loading ROM fan translations onto your Nintendo DSLite flash-cart was a thing.
    • themoonisachees 587 days ago
      Gbatemp once saved me when i bootlooped my friend's phone trying to root it. I needed a stock rom to flash but who the fuck hosts a stock rom for an off-brand android? Turns out some russians do, and a gbatemp user linked it at some point and google scraped it.
  • darkwater 587 days ago
    Is this on a rooted Switch? Do you need any special HW revision to be able to install extra software like this? Will games still sork?
    • skeaker 587 days ago
      Yes, mostly yes, and yes. Early hardware revisions are easily hackable while later ones require a fairly expensive modchip. Games will run stock but depending on what software you load in Nintendo can detect modifications and ban you from online services if you're not careful.
  • thedebuglife 587 days ago
    Projects like these are why I love HN. What kind of issues did you run into developing this client?
    • mogery 587 days ago
      I haven't had any issues on the RE end, mostly because I didn't need to do a whole lot of it, as the librespot people have already paved the way. But I've still gotta figure out the new protocol the Spotify client uses for playlists and such, so... there are bound to be issues up ahead.

      Most of my issues stemmed from a lack of proper documentation.

      One time I screwed up the packet format and was pulling my hair out when the only response I got was "Invalid username/password" from the Spotify API (or something along those lines. been a while).

      The other times were more related to the Switch. Figuring out how networking and audio works, mostly. Hunting through the shit documentation and the source code of libnx to find out what I need to do. My audio implementation was either not playing anything or crashing for a long time in the beginning. I still have no clue what I did to solve it, which is unfortunate.

  • malermeister 586 days ago
    You mentioned needing to reverse engineer the API for browsing etc.

    I think you can just see what Spot [0] does instead!

    [0] https://github.com/xou816/spot

    • mogery 586 days ago
      Yeah, I've realized that the currently used API just lets you request a key for the public Spotify Web API, and I can just get the collection of the user and etc. from there.
  • zamalek 586 days ago
    I think this is why Spotify will still have a market, even if their upcoming hi-def offering isn't free, such as with Apple or Amazon. The latter two (and all other alternatives, Qobuz and Tidal) don't have an API and so can't be ported to arbitrary platforms; they are only hi-def on Windows, Apple*, and Android.

    Strawberry player is supposed to support Tidal, but I can't seem to pull the ClientID/ClientSecret key from the official client (I guess they closed that loophole).

    • rrdharan 586 days ago
      Apple Music does have a web API/version now…
    • mogery 586 days ago
      To be fair, any other platform could easily outdo Spotify in this regard, if they publicly documented their internal API. :D
      • indrora 586 days ago
        The thing is, Spotify had libspotify.

        It opened a whole bevvy of open and useful Spotify clients that worked amazingly and some that still do to this day. Mopidy, as well as a handful of amazing MPD-speaking daemons got me through college. The only conceit was that it required a premium account and yielding a third party client your authentication data. They had some issues with Facebook authentication as it was OIDC, but setting a user name and password on your account was a simple solution.

        The Spotify team has killed libspotify in preference for a Javascript browser or Mobile Device library (ios/ObjC or Android /kotlin) that uses the browser to authenticate over openID. It can only be a connect target, not query the full api, and depends heavily on the browser or native api to play the media.

      • notimetorelax 586 days ago
        Spotify exists to deliver music, other apps exist to lock users to their corresponding platforms.
        • giancarlostoro 586 days ago
          How does Tidal do this? My understanding is Tidal is a music platform like Spotify.
  • extraduder_ire 586 days ago
    Looking forward to this being able to run in the background, and be controlled from a tesla-overlay plugin.

    I assume it's inevitable, with the fervour of people in the switch homebrew scene.

  • neosavvy 587 days ago
    Legend. This is cool and awesome facecropping demo on your github.
  • axsharma 587 days ago
    How long 'til this gets DMCA'd...
    • mogery 587 days ago
      Spotify is actually fine with librespot existing (funnily enough, one of the main reasons the old API is still around is that librespot uses it, lol). So, I doubt it will ever get DMCA'd.
  • xeromal 587 days ago
    Good job kid!
  • excalibur 587 days ago
    Missed opportunity to rickroll everyone who installs it.