Reversing Wordpress Audioplayer url obfuscation
One of my favourite artists recently posted a new song to his blog. I wanted to download the mp3 file but he uses the Wordpress Audioplayer plugin, which obfuscates the original url of the file being played. The plugin is released under the open source MIT license so I had a look at the source code for decoding these urls. It turns out that the algorithm is really simple. Just look up each character in the obfuscated string in a key. Make a string of the position of each character’s position, represented as a six bit binary number, then just treat this string as a binary representation of an ordinary ascii string. My python version of the algorithm looks like this (download it):
def int2bin(n): assert n >= 0, "Number must be positive" res = "" if n == 0: return "0" while True: if n == 0: return res elif n % 2 == 0: res = "0" + res else: res = "1" + res n -= 1 n /= 2 def decode(source): key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-" binary = "" for char in source: code = key.find(char) # look up each char in the code key binary += int2bin(code).rjust(6, "0") # append char index as a six bit binary string chunks = [] # split string into segments of length 8 while len(binary) > 0: chunks.append(binary[:8]) binary = binary[8:] chars = [chr(int(x, 2)) for x in chunks] # convert the segments to chars return "".join(chars) # http://www.mabd.se/?p=682 test = "aHR0cDovL3d3dy5tYWJkLnNlL3VwbG9hZC8yMDEwLzEyL0RlbWVudG9yZXIubXAzA" print(test, decode(test))
