Kodi Community Forum
Hulu Plugin Development Thread - Developers only! - Printable Version

+- Kodi Community Forum (https://forum.kodi.tv)
+-- Forum: Development (https://forum.kodi.tv/forumdisplay.php?fid=32)
+--- Forum: Add-ons (https://forum.kodi.tv/forumdisplay.php?fid=26)
+--- Thread: Hulu Plugin Development Thread - Developers only! (/showthread.php?tid=45888)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19


- TheEvilHammer - 2009-04-10

rwparris2 Wrote:Please try things before you wonder how they're done. This decrypting via javascript crap isn't what you think.

I've observed firsthand (with my own Hulu downloader script and via network traces) that the SMIL text is now being encrypted. I saw another post that said the decryption was done in JavaScript and had no reason to disbelieve it. If you have some knowledge as to how the new security measures work, maybe you'd care to enlighten us?


- TheEvilHammer - 2009-04-10

+1 to BlueCop's comments. My laptop (1.6 GHz) apparently isn't powerful enough to smoothly render full-screen HD video that's being played by a flash object inside a web browser, but my XBOX handles the same task with ease by playing the .flv file directly.


- rwparris2 - 2009-04-10

@ALL If we could keep the non development talk to a minimum I would appreciate. (I'm guilty of getting sidetracked as well)
If you guys feel like you have something to discuss that doesn't directly involve the development of this plugin, by all means start a new thread. But this is not the place to do it.

Quote:I've observed firsthand (with my own Hulu downloader script and via network traces) that the SMIL text is now being encrypted. I saw another post that said the decryption was done in JavaScript and had no reason to disbelieve it. If you have some knowledge as to how the new security measures work, maybe you'd care to enlighten us?
Shortly after engadget reported Hulu was doing this, I used firebug to get the smil's url and it was not encrypted.
However, using a something other than a browser to get the page's html (I used python) showed that the html itself was encrypted. If this has changed and they're now encrypting the SMIL, I apologize, and should have followed my own advice about trying it out myself before posting.


- mr.b - 2009-04-10

I've done this in the past and didn't come up with much, but I thought I'd spend a few minutes and search to see if I could find a wrapper to a decent javascript engine. Turns out that a guy named Paul Davis has written a python based wrapper for spidermonkey, the javascript engine used in mozilla. Here's a link to his project, I haven't had any time to play with it yet:

http://github.com/davisp/python-spidermonkey/tree/master

*Edit: A little more research shows that this may be based on John J. Lee's version written in 2003 and updated in 2008 by Atul Varma.


- TheEvilHammer - 2009-04-11

I've tried getting the SMIL data from Perl and via a web browser and I don't think it matters which method is used - it appears to be encrypted on the server. I just took a network trace while opening a Hulu page for a video clip and this is what I see:
  • My browser asks for the SMIL URL:
    Code:
    GET /select.ashx?pid=NqLzjA7jCLxY1DyL__tYFAIDOkkbmC_C&auth=bfc4624a9347df36ee40b7adc68550bc&v=435984533
  • The server responds with:
    Code:
    HTTP/1.0 302 Moved Temporarily
  • My browser then asks for a URL that I haven't seen before:
    Code:
    GET /if?r=482577786&t=3145515000&a=1448291597,831632526,641105713&ret=pixel

After some other traffic, the data starts to come back from the server and it looks like this:

Code:
ea3480c4063e04e6cee722fd27d288dd946b42b4c26fba534c74481ed6cfd6...

I see the same behavior when trying to use my Perl script.


- mr.b - 2009-04-13

I have an idea that should probably work and stay working long term. It's a bit of a kludge, but here goes. There's a nice bit of software called selenium that allows one to very easily script firefox. The gist is that there is a selenium server running and you can control the server with a script (script connects, then controls the browser by way of the server). This setup could be on on the same machine as XBMC or any other machine on the network. The way I see it working would be that a hulu plugin would initiate a python-based selenium script to open the correct episode URL. The scripted firefox browser would be configured such that its requests were proxied so that the hulu plugin could be on a time-based loop waiting to see the PID and AUTH in the proxy log. Once this is picked up, the hulu plugin could close the browser via the python based selenium script, and XBMC could request the RTMP stream directly. I'll agree that this is quite messy and would introduce a time delay while the user waits to get the pid/auth, but I'm pretty sure it'd work.


- abstraktion - 2009-04-13

@TheEvilHammer - Have you gotten any further with this? I get the same results as you, but they change when the &v is different. Based on player.swf the &v of 435984533 is guest or unknown user. It will change based or whether you are logged in. This has to be a vital clue, I have been klutzing around with this to no avail.


- TheEvilHammer - 2009-04-13

mr.b Wrote:I have an idea that should probably work and stay working long term. It's a bit of a kludge, but here goes. There's a nice bit of software called selenium that allows one to very easily script firefox. The gist is that there is a selenium server running and you can control the server with a script (script connects, then controls the browser by way of the server). This setup could be on on the same machine as XBMC or any other machine on the network. The way I see it working would be that a hulu plugin would initiate a python-based selenium script to open the correct episode URL. The scripted firefox browser would be configured such that its requests were proxied so that the hulu plugin could be on a time-based loop waiting to see the PID and AUTH in the proxy log. Once this is picked up, the hulu plugin could close the browser via the python based selenium script, and XBMC could request the RTMP stream directly. I'll agree that this is quite messy and would introduce a time delay while the user waits to get the pid/auth, but I'm pretty sure it'd work.

I don't think this is the big problem currently (though it is a problem in general). The new problem these days is that once you get the pid and auth values and request the SMIL data, that data comes back encrypted. As far as I know, the current working theory is that the Hulu web page decrypts this text via JavaScript, at which point it can parse out the proper RTMP link.

This is my understanding currently, based on random tidbits I've picked up on the Internetz. If any of this is wrong, someone please let me know. Smile

As for the pid and auth values, when I was downloading Hulu videos on my laptop via a Perl script about two weeks ago, I did something similar. I used HttpFox (a Firefox plugin) to monitor all the HTTP requests being sent and received as I opened a Hulu video page. If you filter for "select.ashx?pid=", it'll find the HTTP GET request corresponding to the SMIL XML file, at which point you can copy out the pid and auth values with ease.

I don't know much about Selenium, but it sounds like it could work. As an even lighter-weight approach, could you write a simple proxy server that just passed all the data through but logged the contents (or just the URL) of each packet?


- TheEvilHammer - 2009-04-13

abstraktion Wrote:@TheEvilHammer - Have you gotten any further with this? I get the same results as you, but they change when the &v is different. Based on player.swf the &v of 435984533 is guest or unknown user. It will change based or whether you are logged in. This has to be a vital clue, I have been klutzing around with this to no avail.

No, I haven't done anything with this lately.


- highlandsun - 2009-04-14

The SMIL is encrypted using AES, just like the PID. (Except it's a little more than that; there are a couple extra rounds of XORs in there as well.) Just use flare and decompile the player.swf file and you'll see how it all works.

That whole javascript thing is a red herring, it was talking about the RSS feed. That's using a completely different method of obfuscation from this SMIL file.


- Raketemensch - 2009-04-14

TheEvilHammer Wrote:[*]My browser then asks for a URL that I haven't seen before:
Code:
GET /if?r=482577786&t=3145515000&a=1448291597,831632526,641105713&ret=pixel

This has to be passed to the browser somehow... Have you checked the headers?


- TheEvilHammer - 2009-04-17

highlandsun Wrote:The SMIL is encrypted using AES, just like the PID. (Except it's a little more than that; there are a couple extra rounds of XORs in there as well.) Just use flare and decompile the player.swf file and you'll see how it all works.

That whole javascript thing is a red herring, it was talking about the RSS feed. That's using a completely different method of obfuscation from this SMIL file.

I've decompiled player.swf and poked around the source (over 32,000 lines in a single file!) for a little while now but I'm not finding anything that looks like decryption code. I found the function that assembles the URL of the SMIL data (urlForGetVideoInfo) but I don't see it called anywhere. I've also found what I think are functions and data structures related to encrypted XML (xmldecs, xmldecskeys, and secdecs), but I can't find any decryption code here either. In fact, the function that I expected to have the decryption code (secdecs) is basically worthless:

Code:
v1.secdecs = function (a1, a2, a3) {
    return a1;
};

Could you provide a little more insight as to where to look in the file?


- highlandsun - 2009-04-19

The actual decryption function is in sec.swf, same place the PID decrypter lives. The player.swf loads sec.swf and replaces the dummy secdecs function with the real one in sec.swf. Search for the string 'load sec.swf succeeded!' ...

the secdecs function and the PID dec function share some code (the AES ECB part) but decs does some additional munging on the result.


- TheEvilHammer - 2009-04-21

highlandsun Wrote:The actual decryption function is in sec.swf, same place the PID decrypter lives. The player.swf loads sec.swf and replaces the dummy secdecs function with the real one in sec.swf. Search for the string 'load sec.swf succeeded!' ...

the secdecs function and the PID dec function share some code (the AES ECB part) but decs does some additional munging on the result.

That would explain why I couldn't find the decryption code. Smile Thanks so much for the tip - I will look at sec.swf today.


- TheEvilHammer - 2009-04-21

Looks like I spoke too soon - I'm still having trouble with this. The text "sec.swf" doesn't appear anywhere in the source for player.swf. More importantly, when I try to decompile sec.swf with Flare, I get this error:

Code:
Input file doesn't appear to be a valid SWF file