Skip to content

Instantly share code, notes, and snippets.

@andyw8

andyw8/melodics-song-storage.md

Created February 16, 2026 01:28
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save andyw8/a22611765070140a60473870391b7677 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save andyw8/a22611765070140a60473870391b7677 to your computer and use it in GitHub Desktop.
Download ZIP
# How Melodics Stores Song Data
Raw
melodics-song-storage.md

How Melodics Stores Song Data

Overview: "Self Esteem" by The Offspring

This document explains how the Melodics app stores songs like "Self Esteem" on macOS.

1. Directory Structure

~/Library/Application Support/Melodics/Melodics/42VGQ2OQOL01/
├── data/drums/songs/
│   ├── lessons.json          # Index of all drum songs with metadata
│   └── lesson/
│       └── DJ3LZP3NV45N.json # Individual lesson file for each difficulty
├── data/drums/instrument/
│   ├── selfesteem_dr_t.json  # Backing track instrument config
│   └── samples/
│       └── selfesteem_dr_t_sample.json # Sample mappings
├── midi/                     # 837 .mpk files (encrypted MIDI packages)
└── samples/                  # 733 .spk files (encrypted sample packages)

2. Data Organization

lessons.json

Contains an index of all songs with metadata:

  • Song title, artist ("Self Esteem" by The Offspring)
  • Difficulty levels (Beginner, Intermediate)
  • Grade, genres, tags
  • Preview URLs, album art
  • UIDs for each lesson version

Individual Lesson Files

Each lesson file (e.g., DJ3LZP3NV45N.json) contains:

Musical data:

  • BPM (105)
  • Time signature (4/4)
  • Key signature

Download links:

  • URLs for MIDI (.mpk) files
  • URLs for sample (.spk) files

Song structure:

  • Array of "steps" (Intro, Verse, Chorus, Bridge, etc.)
  • Each step includes:
    • Number of bars
    • Description
    • User progress/scores

MIDI references for each section:

  • backing_midi: Background track (e.g., "B1.mid")
  • user_midi_left: Left-hand part (e.g., "LH1.mid")
  • user_midi_right: Right-hand part (e.g., "RH1.mid")

Instrument configurations:

  • References to JSON files for drum kits and backing tracks

Sample mappings:

  • MIDI note numbers → audio file paths

Download secret:

  • Field download_secret (e.g., "8sa78sa786jk352") - possibly for decryption

3. File Formats

.mpk files

  • Melodics Package files containing MIDI data
  • Encrypted with proprietary encryption scheme
  • Stored with MD5-like hash names for caching/security
  • File size: ~10-20KB for typical song

.spk files

  • Sample Package files containing audio samples
  • Encrypted with proprietary encryption scheme
  • Stored with MD5-like hash names

4. How It Works Together

For "Self Esteem - Beginner" level:

  1. Metadata in lessons.json points to lesson UID DJ3LZP3NV45N
  2. Lesson file DJ3LZP3NV45N.json defines the song structure with 7 steps (sections)
  3. Each step references MIDI files:
    • B1-B7 for backing tracks
    • LH1-LH7/RH1-RH7 for user parts (left/right hand)
  4. Sample configs map MIDI notes to audio files (drums, backing track stems)
  5. The .mpk and .spk files are downloaded and cached with hash names

5. Architecture Benefits

The system cleverly separates:

  • What to play (JSON configuration)
  • How it sounds (sample mappings)
  • The actual data (encrypted .mpk/.spk files)

This allows Melodics to:

  • Update songs without redistributing large files
  • Share samples across multiple lessons
  • Protect content while keeping it locally cached for performance
  • Organize lessons by difficulty while reusing the same backing tracks

6. Encryption Investigation

Attempted Decryption Methods

The following methods were tested to extract MIDI from .mpk files:

❌ Failed Attempts:

  1. Simple XOR with download_secret
  2. XOR with hashed secret (MD5, SHA256 of secret)
  3. AES Encryption:
    • AES-128/256 ECB mode
    • AES-128 CBC mode (with IV from file header)
    • Keys derived from MD5/SHA256 of secret
  4. Combined keys:
    • secret + file hash
    • secret + lesson UID
  5. Compression:
    • zlib decompression
    • gzip decompression

Findings

The .mpk and .spk files use a proprietary encryption/obfuscation scheme that:

  • Is not standard XOR, AES, or simple compression
  • Likely serves as DRM to protect licensed content
  • Would require reverse engineering the Melodics binary to decrypt

File Analysis

File structure observations:

  • No standard magic bytes (not MIDI "MThd", not ZIP "PK")
  • File starts with: 384321e7... (varies by file)
  • Appears to be encrypted or heavily obfuscated
  • The download_secret field may be part of the encryption scheme but not in a straightforward way

7. Options for Extracting MIDI

Option 1: Reverse Engineering (Advanced)

Use disassemblers to analyze the Melodics binary:

  • Tools: Hopper, Ghidra, IDA Pro
  • Target: /Applications/Melodics.app/Contents/MacOS/Melodics
  • Goal: Find the decryption routine in the C++ code

Option 2: Runtime Hooking (Intermediate)

Intercept decrypted data at runtime:

  • Tool: Frida or similar dynamic instrumentation
  • Method: Hook the process and capture MIDI data after decryption
  • Advantage: Don't need to understand the encryption

Option 3: Community Resources

  • Search for existing tools: "melodics mpk decrypt"
  • Check GitHub for reverse engineering projects
  • Look for community forums discussing Melodics data extraction

Option 4: Official Export (Recommended)

  • Check if Melodics offers MIDI export feature
  • Contact Melodics support about exporting practice data
  • May be available as a paid feature or for educational use

Example: Self Esteem Lesson Data

{
  "uid": "DJ3LZP3NV45N",
  "song_title": "Self Esteem",
  "artist": "The Offspring",
  "title": "Beginner",
  "grade": 5,
  "bpm": 105,
  "beatsperbar": 4,
  "genres": ["Rock"],
  "tags": ["1/8 notes"],
  "download_secret": "8sa78sa786jk352",
  "download_midi_link": "https://api-cdn.melodics.com/assets/lessons-download/4161bb4287d84d0cf3cad8605f1ebfa3.mpk",
  "steps": [
    {
      "title": "Intro",
      "bars": 7,
      "backing_midi": "B1.mid",
      "user_midi_left": "LH1.mid",
      "user_midi_right": "RH1.mid"
    }
  ]
}

File Locations

  • Application: /Applications/Melodics.app
  • User data: ~/Library/Application Support/Melodics/Melodics/
  • User ID directory: 42VGQ2OQOL01 (varies by user/session)
  • Cached MIDI files: ~/Library/Application Support/Melodics/Melodics/42VGQ2OQOL01/midi/*.mpk
  • Cached samples: ~/Library/Application Support/Melodics/Melodics/42VGQ2OQOL01/samples/*.spk

Conclusion

While the song metadata and structure are stored in easily readable JSON format, the actual MIDI and audio data are protected by proprietary encryption. Extracting this data would require either reverse engineering the application or using runtime interception techniques. For legitimate use cases, contacting Melodics for official export options is recommended.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment