How to crack a Hash or other workaround ideas?

related to programming for xlobby, code samples, examples etc.

How to crack a Hash or other workaround ideas?

Postby P3rv3rt B3ar on Fri May 04, 2007 3:59 am

Ok as some of u might know im building a multizoning pandora plugin. Multizoning is based on workaround idea, about routing players output signal to different physical ouputs, i had a long time ago and it is working fine.

Also it seems i was rather hasty on other thread mentioning about rumors circling around that Pandora will start to block outside US listeners IPs on may 3rd, because atleast mine seems to be still working without a hitch. Anybody can shed more light on this? somebody has their access denied or has received email from pandora?

Anyway since it was still working, i worked whole night on plugin and its now on point i can play on different stations on different zones, i can command all of them separately trough pervtalk, I get stations lists for needed user acounts made to xml database format for xlobby automaticly, and i can receive now playing information trough pervtalk. Only thing still needed to be done is station change command, that ofcourse is mandatory, and i dont believe it will present itself as too formidable obstacle.

Seems all good, but i encountered today a slight problem, unlike everything else which works zone by zone basis... getting nowplaying information out from pandora doesnt seem to support multizoning, atleast without good workaround. If i use Pandora api v2 to get nowplaying song information i cant get individual data, atleast if each player is using same acount. Now it could mayby work if i make each player to use separate pandora acounts, but problem with that, is it might not be that easy to figure out how these pandora acount cookies work, besides it is still unknown to me if its even possible to run several players with different acounts on same machine without somekind of compartmentlization (with system acounts mayby?) also it would be pain in the ass for enduser, all this acount management and station synchronization and still in the end of the day, might not work.

Forgetting the api... i can access individually player by player basis something called Song ID or SID of currently playing song. it seems to be S followed by around 5 to 6 decimal digits. Now if i only could map that song ID to pandora sites song information pages i could just put the internal little web client i wrote from scratch to work and fetch this information for individual players. Song URLs in pandora site are identified by fixed length hexadecimal number if i remember corectly it was around 8 bytes long, in anycase it had considerably larger information content than SID.

So immeaditly i thought about three possible mapping between numbers:

1. just datatype conversion... could URL-ID be just SID in LONG type represented as HEX? or mayby SID in ASCII represented in hex?

Well if it would be ASCII u wouldnt expect to see variable length string turn into fixed length hex presentation. Also if it would be LONG u would expect some leading or trailing zeros or ones or atleast somekind of pattern, but rather it seems that URL-ID is sparsely populated space indeed all that points to second option: hash.

2. Hash, if they can hash it... i can hash it, if i just know the right function... Ive been studying learning software on countless courses, so doesnt take long to figure out that mayby u could use this kind of soft to break the hash function? Sure i could write a genetic algorithm or support vector machine or about dozen other algorithms which are smarter than their maker, but as a lazy bear, id like to know if something like that exists already? something to break a hash? i mean i have plenty of teaching material... as song is played theres new pair of these wacky numbers out of the black box...

3. Also could be possible that theres no logic what-so-ever mayby whenever pandora gets new song random URL-ID is determined for it and running SID given to it and these two numbers are based away together, and fetch each time some poor soul plays a song...

This one wouldnt leave much room for cleverness... i would need to make brute force aproach and base the pair as its played... mayby it could be distributed by running pervtalk in P2P... damn this is aproach i really wouldnt like to take.

Anybody knows anything about these two numbers? or how acounts work? or any other creative solutions for the dilemma?
P3rv3rt B3ar
Posts: 1364
Joined: Fri Apr 07, 2006 9:52 pm
Location: West Coast Funland