2023/12/23 Tencent, you should fix it, it has been five months since the feedback.
How did you play it, bro?
No reply as of 2023/09/24.
A month has passed and there is still no reply to the feedback.
Disclaimer#
The vulnerabilities and errors mentioned in this article are limited to technical aspects and do not involve any illegal activities or infringement of others' rights. When using the content described in this article, please comply with local laws, regulations, and ethical standards, and refrain from engaging in any illegal, malicious, or abusive behavior. The vulnerabilities and errors described in this article may be incomplete or incorrect. Please use the content described in this article at your own risk and take responsibility for the consequences of its use. The discovery of vulnerabilities and errors described in this article is not for profit, but for the purpose of technical exchange and mutual progress. Please do not use the content described in this article for any commercial activities or illegal profit-making activities. The author of this article does not assume any responsibility for any direct or indirect losses caused by the use of the content described in this article. When using the content described in this article, please assess the risks on your own and take appropriate security measures, comply with laws, regulations, and ethical standards, and refrain from engaging in any illegal, malicious, or abusive behavior. If you have any questions or need further assistance, please contact the author in a timely manner.
Introduction#
This article does not have any technical content. It was just accidentally discovered that the QQ Music API does not restrict the playback of copyrighted songs, except for VIP songs. It's not a big problem, and it probably won't be fixed for a long time.
This issue was discovered in 2021, and feedback was given to QQ Music about the problem of playing non-copyrighted songs, but the issue has not been resolved until now.
It's time to try to salvage the cover songs that have been taken down, but it's a bit troublesome...
Discovery#
Recently, while listening to music, I randomly came across this:
Because I had searched for ES songs before, Tencent has only a few dozen songs with copyright since some month in 2023.
This doesn't make sense. I thought there were no copyrights, so why can I still listen to them?
Experimental Part#
All the following tests were done using the latest version of the client.
Only songs that have been liked or added to a playlist can be played on the client, but there is no restriction in the API
QQ Music UWP#
Playable and downloadable.
The download speed is too fast, so I couldn't capture it.
Clicking on the album shows that it is not copyrighted.
QQ Music Mobile Version#
Playable and downloadable, but smart scores cannot be played.
Opening the album shows that it is not copyrighted.
Smart scores cannot be played after the countdown.
QQ Music PC Version#
Playable but not downloadable, and smart scores cannot be played.
Shows that it has copyright, but still playable.
The download menu can be displayed, but...
Download prompt says the service is not available.
Smart scores prompt cannot be played.
Reproduction with Postman#
You can use Fiddler to capture packets in QQ Music UWP, which is very useful.
Then fill in the cookie, copy the request body, and modify the songmid.
Success!
Modify it to another song without copyright.
Search for https://c.y.qq.com/v8/fcg-bin/musicmall.fcg in the album page's F12 search to find the songmid.
Reproduction is still successful.
Of course, not all of them will be successful...
Some files may not exist on the server.
No link returned.