So, I am fresh off the high that is Hacker Summer Camp, DEF CON 2024, and I have started following up on some of the content. Jon DiMaggio, from Analyst1, presented his deep-dive research into the LockBit ransomware gang. Jon created aliases and took on the persona of an up-and-coming ransomware hacker to gain the trust of the ransomware gang leaders. It is an awesome story, and Jon tells it best, so I will not spoil it.
So, you’re asking, “What the F*** does this have to do with downloading private audio files from SoundCloud!” Well, Jon’s Ransomware Diaries has an audio version hosted on SoundCloud, and I wanted to download it to listen on my bike rides. Three of the four total audio files are not private, so I could easily download those, but the last one gave me trouble. Here is how I got around it.
What You Need To Download Private SoundCloud Audio Files
Luckily, the audio files I wanted to download were embedded in the Analyst1 website. The private file needs to be embedded for this to work. That is because if you review SoundCloud’s API documentation, you will see ‘secret_token‘ is needed to access private tracks. For the embedded audio track to play on the third-party site, the third-party site has to provide the ‘secret_token‘. Once we have the ‘secret_token‘ and the track name or number, we can use those to download the audio file.
Below are the first three audio files I wanted to download, but the fourth file is private.
However, from their website, I know there is a fourth file hosted by SoundCloud.
On this page, there is an embedded SoundCloud player which will have the ‘secret_token‘ we need.
Getting at the SoundCloud secret_token
We will now perform one of the most elite hacker tricks to get the data we need! We will go to the webpage with the embedded SoundCloud file, and then… hit F12.
In the developer tools(I am using Firefox, but it’s the same in Chrome), go to the Network tab, and use the gear symbol in the upper right-hand corner to turn on persistent logging, then use the trash can icon to clear the recent history.
Now that we have a clean log, go ahead and refresh the webpage. Since the ‘secret_token‘ is passed in the URL we can sort by domain name and add the URL filter “secret_token“
One of the filtered entries appears to be what we are looking for. Let’s open that GET request and review the request and response data.
The header data on the request contains all the data we need to access the audio file. However, we will not even need to interact with the SoundCloud API because our browser has already done this for us. On the same GET request, go to the “Response” tab to see the returned data from the API call.
In the response data, we have been given a URL with authorization to a “.M3U” file containing the audio streaming data. Right-click the URL data and copy the value.
Now, with this URL, we will use a VLC player to download the whole MP3 file. Open VLC Player, go to “Menu,” then “Convert / Save.”
Click on the “Network” tab, paste the URL we got from the web request, and click “Convert/Save”.
Now, select the output format, MP3, and an output file location, then click “Start”.
You will now see the time VLC player timer counting through the amount of the downloaded file. My 2-hour mp3 file took about a minute to download.
Boom! That is it, we now have an offline version of the audio file
Related posts:
Gray Hatting Spam: I did it for the Lulz!
Exim Worm(CVE-2019-10149) – When White Hats Go Gray
Home Network Security TAP Review
Lab: Breaking Guest WiFi
LetsDefend’s DFIR Challenge: Ransomware Attack Walk-Through
You Can Help Defend the Internet!
Bypass 2FA on Windows Servers via WinRM
Secure Windows Remote Management from 2FA Bypass
Tracers In The Dark – Book Review
The Active Directory Access Control List Explained
