<david.weekly.org> July 3 2009
code The Napster Protocol
 
{ auf deutsch
en español
en français
 		}
  <d.w.o>
  about
  books
  code
  codecs
  mp3 book
  news
  pictures
  poems
  university
  wine
  writings
  video
  get my updates
don't email
This page is now wildly out of date, but is here for historical purposes.
If you were blocked from using Napster because of the Metallica lawsuit find out how to get your access back.

If your ISP / university has blocked your access to Napster, you may be interested in how to get around a Napster blockade.

I spent four hours reverse engineering the Napster protocol using the NetBoy Windows analysis suite. The results lie below. They are not fully complete, and probably won't ever, be, as the ongoing work at the OpenNap project has far, far more comprehensively documented the protocol, and continues to update and refine their work at a frequency that I have no desire to replicate. READ HERE for the most accurate documentation of the Napster protocol.

The below work will remain here for posterity and to just give you a rough feel for how the protocol works. Please note that I have replaced specific usernames with "username" or "myusername" to protect the privacy of others. For this reason, the packet sizes will not be correct...

Not Covered

  • How account setup is managed
  • Administrative commands
  • More details about sending/receiving files
  • When "User Error" or such messages are sent
february 23, 2000
  • modified the page to make it clear that this page is inactive (pointing people to OpenNap instead)
  • Added administrative commands list
january 26, 2000
  • corrected a few tidbits
january 23, 2000
  • initial document release

Network Configuration

Napster appears to have cubes at globalcenter and at AboveNet
Their main router at abovenet is 208.184.213.7

redirect servers: (server.napster.com:8875)
208.184.216.222
208.184.216.223

servers:
208.178.163.61 (globalcenter)
208.178.175.130-4 (globalcenter)
208.184.216.202,204-209,211-215,217-221 (abovenet @ sjc2:colo8)
208.49.239.242,7,8 (globalcenter)

ports: 4444,5555,6666,7777,8888
Interesting. Looks like their general strategy is to cluster in units of 5 IP block (corresponding to grouped rackmounts?) with 5 sets of port numbers for process redundancy on the servers. I bet they started with GlobalCenter, but decided to move in with Abovenet at their SJC2 colocation facility, now that they have their stuff together. That's where the organized clusters are. The Globalcenter unit looks like it's not in California, but connected via an OC48 line to Globalcenter's Herdon, VA node. (Thanks to Ben Byer!)

Protocol Breakdown

Initial Connection
DNS lookup server.napster.com
SYN (connect) -> 208.184.216.222
[connects port 8875 on server to 1876 locally]

RECEIVED 80 bytes of data: "208.49.239.247:5555" (zero-padded)
RECEIVED 6 0-bytes (Keepalive/synch)
RESPONDS with 2 0-size packets (ACK)

SYN (connect) -> 208.49.239.247
[connects port 5555 (surprise) to port 1877 locally]

SENT to server: 28 00 02 00 username password 23 "v2.0 BETA 5" 10 4398560
RECEIVED 6 0-bytes

RECEIVED 10 00 00 00 "Invalid Password"
RECEIVED 6 0-bytes

connects again to main server, who suggests 208.178.175.133:8888 this time (fails)
connects again to main server, who suggests 208.184.216.204 (succeeds)

RECIEVES
    00 00
    10 00 03 00 anon@napster.com
SENT 0A 00 0D 00 nuprin1715
RECEIVED 0E 00 D6 00 "979 147566 587"
Request for Chat List
SENT 00 00 69 02 (CHATLIST REQ)
RECEIVED
    26 00 6A 02 "Lobby 33 Welcome to the Lobby channel" 2E
    22 00 6A 02 "Rap 27 Welcome to the Rap channel 2E
    23 00 6A 02 "Game 0 Welcome to the Game channel" 2E
    24 00 6A 02 "Rock 14 Welcome to the Rock channel" 2E
    35 00 6A 02 "International 1 Welcome to the International channel" 2E
    ...
    35 00 6A 02 "RadioVersions 0 Welcome to the RadioVersions Channel" 2E
    00 00 69 02 (CHATLIST REQ)
Joining a Channel
SENT
    06 00 90 01 "Trance" (JOIN REQUEST)
RECEIVED
    00 00 00 00 00 00 (SYNC)
    06 00 95 01 "Trance" (JOIN GRANTED)
    1B (string size) 00 98 01 "Trance username #songs conn#" (USER LISTING)
    ...
    06 00 99 01 "Trance" (CHANNEL NAME)
    25 00 9A 01 "Trance Welcome to the Trance channel" 2E (CHANNEL DESC)

connection types:
    10 = T3 (or greater)
    9 = T1
    8 = DSL
    7 = Cable modem
    6 = 128k ISDN
    5 = 64k ISDN
    4 = 56k Modem
    3 = 33.6 Modem
    2 = 28.8 Modem
    1 = 14.4 Modem
    0 = Unknown
Talking on a Channel
SENT
    0C 00 92 01 Trance hello
    (size 00 92 01 channel message)
RECEIVED
    12 00 93 01 Trance myusername hello
    (size 00 93 01 channel user message)
Private Messages
SENT
    0B 00 CD 00 myusername hello
    (size 00 cd 00 touser message)
RECEIVED
    0B 00 CD 00 myusername hello
    (size 00 cd 00 fromuser message)
Whois Requests
SENT
    05 00 5B 02 username
RECEIVED
    3D 00 5C 02 username "User" 6025 "Trance " "Active" 127 0 0 10 "v2.0 BETA 5"
Leaving a Chat Room
SENT
    06 00 91 01 Trance
RECEIVED
    [6-byte ack]
Searching for Songs
SENT
    41 00 C8 00
        FILENAME CONTAINS "aaaa"
        MAX_RESULTS 123
        LINESPEED "AT BEST" 8
        BITRATE "AT LEAST" "128"
        FREQ "EQUAL TO" "32000"
RECEIVED
    00 00 CA 00 00 00 (NO RESULT)

RECEIVED (on different query)
    81 00 C9 00
    "c:\WINDOWS\DESKTOP\mp3s\Nirvana-Lithium.mp3"
        (32-byte checksum)
        (size in bytes)
        (bitrate in kbps)
        (freq)
        (duration in seconds)
        (username)
        (magic cookie - "643813570")
        (line speed)
    92 00 C9 00
    "G:\Program Files\napster\Music\NIRVANA - Smells Like
                Teen Spirit.mp3"
        (32-byte checksum)
        ...
    00 00 CA 00 00 00


[note] Even though Napster transmits the complete location of the file
(and it's also in the request) it seems to not have opened up any security
holes to date.

NOTE: ping time requirements not SENT to server (duh).
Hotlisting a User
SENT
    0E 00 CF 00 username
RECEIVED
    0E 00 2D 01 username (user is online)
    10 00 D1 00 username (user added to hotlist)
Listing a User's Files
SENT
    0E 00 D3 00 username
RECEIVED
    85 00 D4 00 username
        "D:\Nyhemladdade mp3 or\POWER-BEAT - Dance Club
                Megamixes.mp3"
        (32-byte checksum)
        (size in bytes)
        (kbps)
        (freq)
        (length in seconds)
    ...
    (size) 00 D5 00 (username)           (= END OF RESULTS)
Requesting a File
SENT
    2A 00 CB 00 username
        "C:\MP3\REM - Everybody Hurts.mp3"
RECEIVED
    5D 00 CC 00 username
        2965119704 (IP-address backward-form = A.B.C.D)
        6699 (port)
        "C:\MP3\REM - Everybody Hurts.mp3" (song)
        (32-byte checksum)
        (line speed)
[connect to A.B.C.D:6699]
RECEIVED from client
    31 00 00 00 00 00
SENT to client
    GET
RECEIVED from client
    00 00 00 00 00 00
SENT to client
    Myusername
    "C:\MP3\REM - Everybody Hurts.mp3"
    0 (port to connect to)
RECEIVED from client
    (size in bytes)
SENT to server
    00 00 DD 00  (give the go-ahead thru server)
RECEIVED from client
    [DATA]
Sending a File
[no information yet]

General Packet Format

    [chunksize]    [chunkinfo]    [data...]

CHUNKSIZE:
    Intel-endian 16-bit integer
    size of [data...] in bytes

CHUNKINFO: (hex)
    Intel-endian 16-bit integer.

   first byte:
    00 - login rejected
    02 - login requested
    03 - login accepted
    0D - challenge? (nuprin1715)
    2D - added to hotlist
    2E - browse error (user isn't online!)
    2F - remove user from hotlist OR user is offline
    5B - whois query
    5C - whois result
    5D - whois: user is offline!
    69 - list all channels
    6A - channel info
    90 - join channel
    91 - leave channel
    92 - send text to channel
    93 - receive text from channel
    94 - user error
    95 - join request granted
    96 - user has joined channel
    97 - user has left channel
    98 - username entry for list
    99 - channel name announcement
    9A - channel description
    C8 - send search query
    C9 - query result
    CA - end of query results
    CB - request file
    CC - download reply
    CD - send/receive private message
    CE - download error (they hung up!)
    CF - add user to hotlist
    D1 - user is online (on hotlist)
    D3 - query user's file listings
    D4 - listing entry
    D5 - end of entries
    D6 - update from server (SONGS USERS GIGABYTES)
    DA - begin transmssion?
    DD - starting to transmit?
    F4 - Give push goahead (when connect port is 0)
When you're requesting a file from another client, and they ask you to connect to port ZERO, they don't want you to pull the file from them; they want to push the file to you directly. If you receive this, send a 0-length F4 (Give Push Goahead) to the Napster server, and the other client will connect to you.

Napster Command List

This section appears courtesy Jesse Renhard. Note that most of the commands only apply to the server's administrators! 


/ban <user or address>
/unban <user or address>
/ping <user>
/unmuzzle <muzzled user>
/muzzle <user> [reason]
/setpassword <user> <password> [reason]
/setdataport <user> <new port>
/reloadconfig <config variable>
/setconfig <config variable>
/unnuke <nuked user>
/nuke <nuked user>
/kill <jerk>
/opsay <message to all ops>
/announce <message to all users>
/join <channel>
/setlinespeed <user> <new linespeed>
/setuserlevel <user> <new level>
/topic <channel> <topic>
  
  content & layout © copyright 1995-2008 -{ david e weekly }-