2023/12/23 Tencent, please fix it, it has been five months since the feedback.
How did you play this, bro?
No response as of 2023/09/24.
And now, one month has passed and still no response to the feedback.
Disclaimer#
The vulnerabilities and errors mentioned in this article are limited to technical aspects and do not involve any illegal activities or infringement of others' rights. When using the content described in this article, please comply with local laws, regulations, and ethical standards, and refrain from engaging in any illegal, malicious, or abusive behavior. The vulnerabilities and errors described in this article may be incomplete or incorrect. Please use the content described in this article at your own risk and take responsibility for the consequences of its use. The discovery of vulnerabilities and errors described in this article is not for profit, but for the purpose of technical exchange and mutual progress. Please do not use the content described in this article for any commercial activities or illegal profit-seeking behavior. The author of this article is not responsible for any direct or indirect losses resulting from the use of the content described in this article. Please assess the risks and take appropriate security measures when using the content described in this article, and comply with laws, regulations, and ethical standards, and refrain from engaging in any illegal, malicious, or abusive behavior. If you have any questions or need further assistance, please contact the author promptly.
Introduction#
This article does not have any technical content, it is just a chance discovery. It is known that QQ Music API does not restrict non-copyrighted songs, it should only be restricted on the client side.
Knowing the songmid, you can play almost any song, except for VIP songs.
It's not a big problem, it probably won't be fixed for 114514 days.
I discovered this issue in 2021 and provided feedback to QQ Music about the problem of playing non-copyrighted songs, but the issue has not been resolved until now.
I should try to salvage the cover songs that have been taken down, but it's a bit troublesome...
Discovery#
Recently, while I was listening to music, I randomly came across this:
Because I had previously searched for songs by ES, since 2023, Tencent has only had a few dozen songs with copyrights.
This doesn't make sense, shouldn't they be without copyrights? Why can I still listen to them?
Experimental Section#
All the following tests were done using the latest version of the client.
In the client, you can only play songs that you have liked or added to a playlist, the API does not have restrictions
QQ Music UWP#
Playable, downloadable
Download speed is too fast, couldn't capture it
Clicking on an album shows no copyright
QQ Music Mobile Version#
Playable, downloadable, smart scores cannot be played
Opening an album shows no copyright
Smart scores cannot be played after the countdown
QQ Music PC Version#
Playable, not downloadable, smart scores cannot be played
Shows copyright, playable
Download menu can be displayed, but
Download prompt says the service is not available
Smart scores prompt cannot be played
Reproduction with Postman#
You can use Fiddler to capture packets in QQ Music UWP, it is very useful
Then fill in the cookie, copy the request body and modify the songmid
Success
Modify it to another song without copyright
Search for https://c.y.qq.com/v8/fcg-bin/musicmall.fcg in the album page f12 to find songmid
Successfully reproduced
Of course, not all will be successful...
Some files may not exist on the server to begin with
No link returned