Hacking Warner Brothers Records
by c0z
This tutorial will teach you the methods involved in downloading the top three songs of most artists signed with Warner Brothers Records (WBR), directly from their own server, legally.
Background Information
Artists who sign with WBR get a nice little Flash site with all of their pictures, tour information, etc.
The majority of these sites have an applet that will allow you to play a small selection (usually three) of their hit songs in the background while you roam about their site. Some of these artists include HIM, My Chemical Romance, Static-X, Madonna, just to name a few.
The Exploit
By using a Flash decompiler and having a simple knowledge of ActionScript, we can reverse engineer Warner Brothers' website, gaining access to MP3s directly from their web server.
Target Acquisition
For this example I will use the band HIM, located at www.heartagram.com. The applet mentioned is in the lower-left hand corner of the page. The basic method discussed will apply for the majority of artists signed with WBR.
Research
First off, get the SWF file that the applet uses.
This can be done by viewing the source of the web page and finding the name of the applet. We can see that this page is little more than some CSS, a little JavaScript, and the Flash embedding.
The tag we are looking for is:
{param name="movie" value="HIM-site3.swf" /}
|
Voilà, www.heartagram.com/HIM-site3.swf. This file can be found in your temporary Internet files or you could just download it.
Decompile
Next you will need an SWF decompiler.
I prefer the Sothink SWF Decompiler. For the purpose of this demonstration, the demo will work fine. Proceed to open: HIM-site3.swf
In the right panel labeled "Resources" of the decompiler, open the "Action" tree. This contains all of the ActionScripts used to control the SWF. View the MainMovie code.
Basically, when this movie loads it runs a bandwidth test to determine which quality of song to start playing.
The URL to the file is then concatenated from variables and arrays starting on line 67 of the script.
// [onClipEvent of sprite 146 in frame 14] onClipEvent (load) { ptitle = new Array("KILLING LONELINESS", "WINGS OF A BUTTERFLY", "UNDER THE ROSE", "BEHIND THE CRIMSON DOOR"); palbum = new Array("FLASHBACK", "Flashback", "Flashback", "flashback"); pURL = new Array("killingloneliness", "wingsofabutterfly", "undertherose", "behindthecrimsondoor"); baseURL = "http://download.wbr.com/himtrax/audioswfs/"; hiSpeedURL = "_hi.swf"; loSpeedURL = "_lo.swf"; |
The base URL is the server the MP3s are hosted on.
This would be followed by an item from the pURL array and finally the bandwidth URL:
baseURL + pURL + hiSpeedURL 'http://download.whr.com/himtrax/audioswfs/' + 'killingloneliness' + '_hi.swf' |
http://download.wbr.com/himtrax/audioswfs/killingloneliness_hi.swf |
The next step is to download this file and open it in the SWF decompiler.
Extraction
In the Resources panel, open the "Sound" tree.
Select the only sound "streamsound 0" and check the box next to it to mark it for export.
Click the "Export Resource" button and select a location to save it to.
Rename your newly conquered MP3, take a deep breath, and laugh at the record company.
Congratulations. You saved 99 cents.
More artists hosted by Warner Brother's Records can be found at www.warnerbrosrecords.com
