Netlog Rhythmbox Plugin

As announced in the preious post I was working on a plugin for rhythmbox to allow automatic sending of currently playing songs to your netlog account. It's a bit hacky and my python isn't that good but it seems to work pretty stable. It lacks of any way of showing error messages though, gonna change that some time. 

So for everybody interested check it out at http://code.google.com/p/netlog-rhythmbox-plugin/

** IMPORTANT**

You have to change the server field in configuration to your local version of netlog.

Netlogs Musictool Secrets

So... this post is about the Netlog Music Tool. An ingenious little app which sends netlog the info on the music you're listening to(link). It's pretty nice, you get to show people what music you listen to and netlog gets to collect more data on you, a totally win-win situation. There's only one slight problem with this, the tool is limited to windows and winamp, media player and itunes..... yeah, I kinda don't agree with that even if they have a mac version now. Especially when seeing the simple protocol used for this tool you wonder why they can't simply make it public and let everybody write plugins for the player of their choice. So I decided to do the little bit of reversing required to use the protocol and give netlog the possibility to collect data from songbird/ryhthmbox/foobar2000/etc users :D

The whole process works by sending HTTP POSTS to "http://de.api.netlog.com/comcore-api/apiserver/action=callMethod&format=json2". You'll need to substitute de with you're local version because netlog seems to have seperated databases for different countries, at least you can't login when using the wrong countries version of netlog. When requesting the ticket the server sends you the domain for your region in the header. There is nothing you have to take care of whatsoever with the HTTP packets. The tool uses "MusicToo 0.3 (OS info)" for the User-Agent but it's not required.

The whole communication is very simple, as said you send POST requests to aforementioned address in which you specify methods and some paramters. The methods are executed and you get a JSON formatted response sent back to you. 

afaik there are 5 methods that are used:

• auth.getTicket
  
• auth.login
• auth.logout
• music.playSong
• users.getLoggedInUser

auth.getTicket

First thing you need to do is get a ticket from the server, the post looks something like this:

app_version=0.3-Win&appid=com.netlog.musictool&method=auth.getTicket&version=1.0

The app_version seems to be changeable, didn't try changing the other parameters. This will when successful return a JSON object similar to this one:

{"response":{"ticket":"d88b6e6e5284b9e9ce8b83626f13ac5d"}}

All POST's either return a "response" object when successful or an "error" object in case an error occurs. Error objects usually have a value set for error_code and an error_message with info on the error.

auth.login
Now it gets interestin, this as nobody could have guessed is the login process,

key=0cc175b9c0f1b6a831c399e269772661&method=auth.login&nickname=XYZ&requestId=6&sig=3d0c823b4a43502de149ae88edf6cba4&ticket=d88b6e6e5284b9e9ce8b83626f13ac5d

also the introduction of netlogs great way to secure themselves from evil people using their API create their own plugins for players netlog doesn't want to support. 

They have this great value with the name of "sig" in all of the coming POST's. It's basicly a MD5 hash of all of the values in this POST chained together plus something I call the "api-key". This "api-key"for now is c2b5e31e3c938c186f093420a8fd44a1.

So to calculate sig for the above posted case (+ is string concat here)

md5( "0cc175b9c0f1b6a831c399e269772661"+

"auth.login"+

"XYZ"+

"6"+

 "d88b6e6e5284b9e9ce8b83626f13ac5d"+

 "c2b5e31e3c938c186f093420a8fd44a1")

The values need to be added up in alphabetical order of their key values. So the value of the key which is first in alphabet gets used first for the sig

A bit on the other values:

• requestId: just a counting number for the requests you sent, appears in every packet except getTicket
• key: md5( ticket+md5(password)) 
• nickname: I'm keeping this one a secret -.-

On successful login you will receive a response object with the value true for "login"

auth.logout

To end the session

method=auth.logout&requestId=9&sig=e721ea1120ea47a9ae2adc84d9eed56c&ticket=fbd96748737a08201c888d8436921966

On success the response object will have the value "valid" set for "logout"

song.playSong

This POST is the one that actually tells netlog what song you are listening to. May look a bit messy. It's noteworthy that the values to calculate the sig are used before they are converted to urlencoding. The response only contains the url to the artist page on netlog.

album=Neurons:%20Fire%20At%20Will&artist=paniq&comments=http://www.jamendo.com/&genre=Blues&length=198&method=music.playSong&play_time=1233670526&requestId=7&send_time=1233670530&sig=9ce84799314e0b1aaf671b53527b2bda&ticket=d88b6e6e5284b9e9ce8b83626f13ac5d&title=Neurons:%20Fire%20At%20Will&year=2008

• length: songlength in seconds
• play_time: time at which the song was played in unixtime
• send_time: time the info is sent in unixtime

users.getLoggedInUser

It's sent every 5 minutes. Kind of a keep-alive/check if still logged in I guess. More info on this would be appreciated.

method=users.getLoggedInUser&requestId=5&sig=62d9b6338208dc761854b656150f702e&ticket=59256284102186d715bc11a9ed815b4f

the response object only contains the uid

I hope this helped somebody and I'm hoping to see lots of plugins for the many great music players that are not supported by netlog.

I am working on a ryhthmbox plugin atm which will be finished in a few days I hope. I'll post it here once it's done.

Last but not least I sure hope I didn't miss the api documentation for this on the site :P

I don't know why I'm doing this :(

So first post and I have no idea why I have a blog. Going to post some projects I'm working on I guess let's see. Also thanks to the guys who took stuff.blogspot.com and somestuff.blogspot.com for their incredibly useful empty blogs. <3>Also i wonder why somebody would read my blog and how anybody would find his way here. So if against all odds you are not me please leave a comment to inflate my ego by telling me how you found your way here :D.