Skip to content

fix(Spotify): Add Spoof client patch to fix various issues by using a web platform access token #5173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 55 commits into from
Jun 26, 2025
Merged

fix(Spotify): Add Spoof client patch to fix various issues by using a web platform access token #5173

merged 55 commits into from
Jun 26, 2025

Conversation

oSumAtrIX
Copy link
Member

@oSumAtrIX oSumAtrIX commented Jun 13, 2025
edited
Loading

  1. Login into webview
  2. Obtain a session token
  3. Return it to the app
  4. Handle refresh logic of the session via a webview by reusing cookies from login

Todo

  • Test if this even works
  • Obtain access token via a Javascript fetch hook on the player page (safer and more future proof), instead of making a manual request which is dangerous
  • Finish patch implementation such as correct places to hook and replacing the token
  • Refresh token logic (Maybe not needed to manually handle on web tokens)
  • Refactor to idiomatic ReVanced code (such as routes, utils)

@oSumAtrIX oSumAtrIX force-pushed the fix/spotify/spoof-client-info branch from 1263248 to 2bb60d5 Compare June 13, 2025 14:39
@Nuckyz Nuckyz self-requested a review June 13, 2025 14:41
@Nuckyz
Copy link
Member

Nuckyz commented Jun 13, 2025

I'll work on some of the TODOs as soon as possible.

@oSumAtrIX oSumAtrIX changed the title fix(Spotify): Add Spoof client info patch to fix various issues by using a web platform access token (#4937) fix(Spotify): Add Spoof client patch to fix various issues by using a web platform access token (#4937) Jun 13, 2025
@oSumAtrIX oSumAtrIX changed the title fix(Spotify): Add Spoof client patch to fix various issues by using a web platform access token (#4937) fix(Spotify): Add Spoof client patch to fix various issues by using a web platform access token Jun 13, 2025
@0xrxL
Copy link

0xrxL commented Jun 14, 2025
edited
Loading

I'm surprised that no one before ReVanced has thought to this solution. After all the advantages of PC platform are much older.

@oSumAtrIX Do you think this patch has weaknesses that can be used to fix it by Spotify?

@oSumAtrIX
Copy link
Member Author

Platform APIs are made regardless which can be binded to integrity checks or bound to platform auth keys. Abd server side heuristics can still determine invalid use of APIs such as skipping when no premium is active

@0xrxL
Copy link

0xrxL commented Jun 14, 2025

Platform APIs are made regardless which can be binded to integrity checks or bound to platform auth keys. Abd server side heuristics can still determine invalid use of APIs such as skipping when no premium is active

Theoretically PC platform it's unrestricted from shuffling and can be used without any further changes like premium enabling, and this will help to prevent unwanted fixes by Spotify.

@oSumAtrIX
Copy link
Member Author

oSumAtrIX commented Jun 14, 2025
edited
Loading

Android APIs are different from web APIs. This PR only spoofs the login API. I am currently working with Nuckyz on that. Also shuffle was one example of many. So what you said doesn't apply to the others

@TheD0tt0R0tt0
Copy link

The test build crashes on me after a 10-20 seconds it goes black screen without even showing the spotify logo and then it crashes
Screenshot_20250617-140019
Screenshot_20250617-140001

@oSumAtrIX
Copy link
Member Author

The context is obtained from layoutInflator, i don't think its an activity, but I am not sure

@LisoUseInAIKyrios LisoUseInAIKyrios force-pushed the fix/spotify/spoof-client-info branch from df5efc6 to 3bf1c17 Compare June 25, 2025 18:47
@LisoUseInAIKyrios LisoUseInAIKyrios force-pushed the fix/spotify/spoof-client-info branch from 3bf1c17 to d808675 Compare June 25, 2025 18:50
Nuckyz
Nuckyz reviewed Jun 25, 2025
View reviewed changes
gradle/wrapper/gradle-wrapper.properties
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sha256sum should be added again. There's a warning in every artificat build about it.

@Nuckyz
Copy link
Member

Nuckyz commented Jun 25, 2025

@LisoUseInAIKyrios Is there a reason for a single session refresh request instead of 3 attempts with lower time?

@LisoUseInAIKyrios
Copy link
Contributor

Not sure, I didn't write any if the code here and only refactored a little

@oSumAtrIX oSumAtrIX merged commit b7b75bb into dev Jun 26, 2025
1 check passed
@oSumAtrIX oSumAtrIX deleted the fix/spotify/spoof-client-info branch June 26, 2025 17:51
github-actions bot pushed a commit that referenced this pull request Jun 26, 2025
@semantic-release-bot
chore: Release v5.29.1-dev.1 [skip ci]
9a286b4 
## [5.29.1-dev.1](v5.29.0...v5.29.1-dev.1) (2025-06-26)

### Bug Fixes

* **Spotify:** Add `Spoof client` patch to fix various issues by using a web platform access token ([#5173](#5173)) ([b7b75bb](b7b75bb))
@ghost
Copy link

ghost commented Jun 27, 2025

I patched the latest version v9.0.56.591 and the webpage is not loading ever. This is happening with recommended patches and 2 more which are custom theme and lyrics provider.

@lightyisreal

This comment was marked as outdated.

Sign in to view
@oSumAtrIX
Copy link
Member Author

I patched the latest version v9.0.56.591 and the webpage is not loading ever. This is happening with recommended patches and 2 more which are custom theme and lyrics provider.

If the webview is not loading, your system WebView is broken or your Internet is causing it

@cyberboh
Copy link
Contributor

I patched the latest version v9.0.56.591 and the webpage is not loading ever. This is happening with recommended patches and 2 more which are custom theme and lyrics provider.

I don't have such issue. I patched same version yesterday, with 5.29.0 patches, no issue till now.
Open bug report with all information provided if you have the bug.

@ghost
Copy link

ghost commented Jun 27, 2025
edited by ghost
Loading

I patched the latest version v9.0.56.591 and the webpage is not loading ever. This is happening with recommended patches and 2 more which are custom theme and lyrics provider.

If the webview is not loading, your system WebView is broken or your Internet is causing it

I tried a patched version of someone and it loads, it's not loading when I patch it. I'm patching on revancify with the revanced source nothing is missing as I can see or I'm missing something. I used the latest pre-release.

@cyberboh
Copy link
Contributor

@Hiraerh Unofficiall tools are not supported.
Patch always with ReVanced cli or manager. And use full apk (not bundled apkm or xapk) from Apkmirror. All will be good.

@ghost

This comment was marked as off-topic.

Sign in to view
@ghost

This comment was marked as off-topic.

Sign in to view
@D4rKw1N

This comment was marked as off-topic.

Sign in to view
@oSumAtrIX

This comment was marked as off-topic.

Sign in to view
@cyberboh

This comment was marked as resolved.

Sign in to view
@ReVanced ReVanced locked as resolved and limited conversation to collaborators Jun 27, 2025
@oSumAtrIX oSumAtrIX requested review from Nuckyz, drobotk and LisoUseInAIKyrios and removed request for Nuckyz, drobotk and LisoUseInAIKyrios July 1, 2025 14:39
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@brosssh brosssh

@Nuckyz Nuckyz

@drobotk drobotk

@LisoUseInAIKyrios LisoUseInAIKyrios

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug(Spotify): App does not work, playlists are empty and don't play