2023/12/23 Tencent, please fix it. It has been five months since the feedback.
How did you play this, bro?
No reply as of 2023/09/24.
And now, one month has passed and still no response to the feedback.
Disclaimer#
The vulnerabilities and errors mentioned in this article are limited to technical aspects and do not involve any illegal activities or infringement of others' rights. When using the content described in this article, please comply with local laws, regulations, and ethical standards, and refrain from engaging in any illegal, malicious, or abusive behavior. The vulnerabilities and errors described in this article may be incomplete or incorrect. Please use the content described in this article at your own risk and take responsibility for the consequences of its use. The discovery of vulnerabilities and errors described in this article is not for profit, but for the purpose of technical exchange and mutual progress. Please do not use the content described in this article for any commercial activities or illegal profit-seeking behavior. The author of this article does not assume any responsibility for any direct or indirect losses resulting from the use of the content described in this article. Please evaluate the risks and take appropriate security measures when using the content described in this article, and comply with laws, regulations, and ethical standards, refraining from engaging in any illegal, malicious, or abusive behavior. If you have any questions or need further assistance, please contact the author in a timely manner.
Introduction#
This article does not have any technical content. It was just accidentally discovered that the QQ Music API does not restrict the playback of copyrighted songs, except for VIP songs. It's not a big problem, and it probably won't be fixed for a long time.
This issue was discovered in 2021, and feedback was given to QQ Music about the problem of playing songs without copyright. However, this issue has not been resolved until now.
It's time to try to salvage the cover songs that have been taken down, but it's a bit troublesome...
Discovery#
Recently, while listening to music, I randomly came across this:
Because I had searched for ES songs before, I knew that Tencent only had a few dozen songs with copyright since some month in 2023.
This doesn't make sense. I thought there were no copyrights, so why can I still listen to them?
Experimental Part#
All the following tests were conducted using the latest version of the client.
The client can only play songs that have been liked or added to a playlist, but the API has no restrictions
QQ Music UWP#
Playable and downloadable.
The download speed is too fast, so I couldn't capture it.
Clicking on an album shows that it is not copyrighted.
QQ Music Mobile Version#
Playable and downloadable, but smart scores cannot be played.
Opening an album shows that it is not copyrighted.
Smart scores cannot be played after the countdown.
QQ Music PC Version#
Playable, not downloadable, and smart scores cannot be played.
Shows that it has copyright and can be played.
The download menu can be displayed, but...
The download prompt says the service is not available.
Smart scores cannot be played.
Reproduction with Postman#
You can use Fiddler to capture packets in QQ Music UWP, which is very useful.
Then, fill in the cookie, copy the request body, and modify the songmid.
Success!
Modify it to another song without copyright.
Search for https://c.y.qq.com/v8/fcg-bin/musicmall.fcg in the album page's F12 search to find the songmid.
Successfully reproduced.
Of course, not all of them will be successful...
Some files may not exist on the server.
No link is returned.