from Hacker News

Console.fm: A Guide to Download the Tracks for Free

by filipmares on 7/12/11, 6:18 PM with 23 comments

  • by tuhin on 7/12/11, 6:39 PM

    They are sending a lot of info in that GET request:

    http://ak-media.soundcloud.com/xpO4gBZA21w4.128.mp3?AWSAcces...

    128 bitrate? Amazon access key Expires ?? No idea what gda is. Also their signature.

    This is security 101 right? Or is this normal for a service of this kind? Also are they officially using the Soundcloud API? if yes, is this one of the responses of the API?

  • by amanelis on 7/12/11, 7:27 PM

    A lot of these services can be gamed and all the songs can be downloaded. You can easily download every song from turntable.fm as well, its not rocket science. Open up the Chrome developer console and look at the network tab...

    We are working on securing/masking the url, but at the end of the day, Console.fm is not a true stream, so we cannot securely give the user the song with out the soundcloud .mp3

    Please voice any advice you have on this issue or help out, open to suggestions as to we are looking into a proper fix right now.

  • by headbiznatch on 7/12/11, 8:27 PM

    If a sound (like a stream) is playing on your computer, it can be ripped directly from the playback device. I've done it in the past with complete preservation of the sound's fidelity, but I suppose it might not always be possible.

  • by Andreasvb on 7/14/11, 10:58 AM

    It's much easier than that, just take any song link that's not playing and open in a new tab, or just choose "Save link as...", works in Google Chrome. :)

  • by mattcurry on 7/12/11, 7:24 PM

    Won't the new Pandora HTML5 site have this same problem?

  • by matthewcieplak on 7/12/11, 6:41 PM

    If you find a "hack" like this on a music website, keep it to your self. If you post about it, they'll try to fix it or obscure it but who knows if some guy at soundcloud will revoke their api key first or some major label dick will initiate legal proceedings forthwith. And then you've just kicked your favorite music site in the nuts, congratulations.

    By the way, if you can stream it, you can download it, on any service. One-time use streaming keys are no defense against right clicking. It's just a matter of how much patience you have to expose the underlying URL.