Getting Tidal login data

Getting Tidal login data

O!MPD uses Tidal’s limited input devices authorization. It requires 2 parameters: client_id and client_secret. In O!MPD I used some well-known values found on the Internet. Unfortunately Tidal regularly blocks them – probably because they are widely used for not allowed activity (like downloading files). After successive block, I decided to get my own pair from my Fire TV stick. Since I couldn’t find step-by-step instruction, I had to find and connect information from many web sites, but finally I succeed. Below I’ll try to briefly describe how I did it.

Disclaimer

The user assumes all responsibility and risk for the use of information in this webside. I accept no liability or responsibility to any person as a consequence of any reliance upon the information contained in this site. All information provided here are only for personal and education purposes.

Used tools

  1. Fire TV stick 4k Max with Fire OS 7.2.5.5 (it also might work with other Android TV systems, but I didn’t check that)
  2. Fiddler Everywhere 3.0.1 (30-day trial) – you can also use Charles Proxy (I checked it in version 3.12.3)
  3. Android Debug Bridge (adb) – I used version 28.0.2-debian installed on my RaspberryPi
  4. apktool 2.6.0
  5. keytool from Java JRE
  6. apksigner.jar from Android Studio build-tool
  7. Tidal apk for Android TV (since I failed with version available in Amazon’s Appstore, I used older version found at www.apkmirror.com: com.aspiro.tidal_2.14.0-947_minAPI21.apk)

Let’s go

Basically you have to sniff communication between Tidal app and Tidal server. This communication is encrypted, so you need to make Tidal app to trust your certificate (from Fiddler Everywhere) and redirect traffic from Fire TV to computer where Fiddler is installed.

All the programs I used here I run on Windows 10. One exception is adb which I had already installed on RaspberryPi. I think it can be run on Windows machine as well.

First install adb and configure Fire TV to work with it. It’s well described here.

Next download and configure Fiddler Everywhere. Configuration is described here (skip Inspecting the Android Application Traffic section for now).
Some hints for Fire TV:

  • to open proxy menu on Fire TV: on remote press and hold select and down buttons for 5 sec. then release them and press menu. Alternatively you can run command:
    adb shell am start -n com.amazon.ssm/.ControlPanel
  • to install the root certificate of Fiddler Everywhere download it as described on Fiddler page mentioned above and use adb to install it (it’s one-line command):
    adb shell am start -a "android.intent.action.VIEW" -d "file:///storage/emulated/0/Downloader/FiddlerRoot.cer" -t "application/x-x509-ca-cert"
    After running this command Amazon’s login page appears – you have to login to confirm certificate installation.
    Please mind the path where FiddlerRoot.cer is downloaded – I use web browser from Downloader app which stores files in /storage/emulated/0/Downloader/ folder. In your case this may be different folder.

Next step is to prepare Tidal app. Download apk file and extract it using apktool:
apktool d com.aspiro.tidal_2.14.0-947_minAPI21.apk
Edit com.aspiro.tidal_2.14.0-947_minAPI21\res\xml\network_security_config.xml as described here.
Rebuild application:
apktool b com.aspiro.tidal_2.14.0-947_minAPI21
You can find your rebuilt apk in: com.aspiro.tidal_2.14.0-947_minAPI21\dist folder. Next you need to sign this apk:

  • generate key (it’s one-line command):
    keytool -genkey -v -keystore tidal-key.keystore -alias tidal-key -keyalg RSA -keysize 2048 -validity 10000
  • sign apk with this key using apksigner.jar (it’s one-line command):
    java -jar C:\Users\[your_user_name]\AppData\Local\Android\Sdk\build-tools\32.0.0\lib\apksigner.jar sign -ks tidal-key.keystore com.aspiro.tidal_2.14.0-947_minAPI21.apk

Now you can install it on FireTV:
adb install com.aspiro.tidal_2.14.0-947_minAPI21.apk

Once apk is installed, run it an try to login to Tidal (make sure Fiddler is up and running). You should see information to open Tidal web page and enter 5-letter code. You don’t have to do this. Instead go to Fiddler and, if everything is working OK, you should see decrypted communication between Tidal app and Tidal server:

Click https://auth.tidal.com/v1/oauth/token and in the right panel you should be able to read client_id and client_secret.

That’s it.

6 thoughts on “Getting Tidal login data

  1. Paul F

    Great guide!

    A handful of issues I had:

    I couldn’t get the certificate signing to work on Mac OS, I kept getting an “Invalid or corrupt JAR file” error. Swapping the package over to Windows, generating the key and signing it there and swapping back worked fine.

    When you install the apk on your Fire TV, you have to make sure to turn off the proxy first, or the Amazon login page won’t show up and the installation will fail.

  2. Martin

    Thanks Artur, this is a helpful writeup. There are however still some working client id/secrets to be found (which I use for now).
    Bringing most of the setting to the GUI is very helpful! Also in the Tidal case :-). Thanks!

  3. Daniele G

    Why cannot I sniff communication between Tidal server and a client installed on my local computer?
    This entire procedure looks very over complicated to me.

    1. Artur Sierżant Post author

      To connect to Tidal O!MPD uses Tidal’s limited input devices authorization. It requires 2 parameters: client_id and client_secret that can be acquired only by sniffing communication between Tidal server and device that uses that kind of authorization – like FireTV (basically any device that doesn’t have keyboard, I guess). Any application (like client on Windows or client in web browser) uses different authorization – the one I cannot use in O!MPD because it is too complicated and, to be honest, I don’t know if anyone figured it out.

      Regards
      Artur

    1. Artur Sierżant Post author

      Hi,

      actually tidalapi uses the same method as ompd (oauth for limited input devices) – you still need client_id and client_secret. The difference is that in tidalapi these are placed in code (in encrypted form).

      Regards
      Artur

Leave a Reply

Your email address will not be published. Required fields are marked *