NBC Peacock Addon Request
#16
(2021-06-11, 00:28)matthuisman Wrote: you need to use Chrome dev tools and figure out how to re-create the "x-sky-signature" header that is used on some requests.

Ok, I'll see what I can do.  Thank you for the tip!
Reply
#17
had a bit more of a play last night.

I now have a script that can be used to confirm the correct hash function is used.
Just need to know the correct hash function now. That's the hard part.
On the android app, they have it in a compiled library called libhmac.so
The secret must be embedded in that file.
I tried to decompile that, but seems to be quite obfuscated.
I think they are using HMAC with SHA1 as the resulting hash is 20 bytes in length.
Which is then base64 encoded

I think the only hope is figuring out the Javascript function which again - is all over the place

Anyway, here is the Python3 code for testing for a valid hash function
Code:
import base64
import hmac
import hashlib

target_hex = '783073b3f84521b9cd79c4060f2b1fc95fd59e32'
target_b64 = 'eDBzs/hFIbnNecQGDysfyV/VnjI='

data = {
    'method': 'GET',
    'url': '/mytv/continuewatching',
    'response_code': '',
    'app_id': 'NBCU-ANDROID-v3',
    'version': '1.0',
    'params_md5': 'd410761c1e765123d77869967943877e',
    'timestamp': '1624262240',
    'payload_md5': 'd41d8cd98f00b204e9800998ecf8427e',
}

def hash_func(to_hash):
    key = bytearray('123456789', 'utf8')
    hashed = hmac.digest(key, to_hash.encode('utf8'), hashlib.sha1)
    return base64.b64encode(hashed).decode('utf8')

to_hash = '{method}\n{url}\n{response_code}\n{app_id}\n{version}\n{params_md5}\n{timestamp}\n{payload_md5}\n'.format(**data)
result = hash_func(to_hash)

if result == target_b64:
    print("SUCCESS: {}".format(result))
else:
    print("WRONG: {} (need: {})".format(result, result_b64))
Reply
#18
I tried with an US IP but got "unknown errors" that occurred.  Nice to see that people had more luck.
Reply



Logout Mark Read Team Forum Stats Members Help
NBC Peacock Addon Request0
This forum uses Lukasz Tkacz MyBB addons.