[RELEASE] Hulu (Video) Plugin for XBMC

[RELEASE] Hulu (Video) Plugin for XBMC - Printable Version

+- Kodi Community Forum (https://forum.kodi.tv)
+-- Forum: Support (https://forum.kodi.tv/forumdisplay.php?fid=33)
+--- Forum: Add-on Support (https://forum.kodi.tv/forumdisplay.php?fid=27)
+---- Forum: Video Add-ons (https://forum.kodi.tv/forumdisplay.php?fid=154)
+---- Thread: [RELEASE] Hulu (Video) Plugin for XBMC (/showthread.php?tid=42041)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47

- elwig - 2009-02-19

heyas

can someone confirm these PIDs are correct?

URL: http://www.hulu.com/watch/43405/family-guy-the-man-with-two-brians
PID: tkZDMTeYiZvqZTmTv1Bc3CmNMJnNjhEF

URL: http://www.hulu.com/watch/56972/heroes-trust-and-blood
PID: Y_jW38tecJlXH6n77uxR4osxRM6qCagy

If so can you also confirm that the PID is static for the life of the video? So the task of getting PIDs can be done once then reused...

If someone can download those PIDs using rtmpdump then were sorted

- rwparris2 - 2009-02-19

elwig Wrote:heyas

can someone confirm these PIDs are correct?

URL: http://www.hulu.com/watch/43405/family-guy-the-man-with-two-brians
PID: tkZDMTeYiZvqZTmTv1Bc3CmNMJnNjhEF

URL: http://www.hulu.com/watch/56972/heroes-trust-and-blood
PID: Y_jW38tecJlXH6n77uxR4osxRM6qCagy

If so can you also confirm that the PID is static for the life of the video? So the task of getting PIDs can be done once then reused...

If someone can download those PIDs using rtmpdump then were sorted

confirmed. what did you do to get them?

- whirlind - 2009-02-19

elwig Wrote:heyas

can someone confirm these PIDs are correct?

. . .

URL: http://www.hulu.com/watch/56972/heroes-trust-and-blood
PID: Y_jW38tecJlXH6n77uxR4osxRM6qCagy

Using the Live HTTP headers plugin in Firefox, I can confirm the above PID was used when I played the video, as the following URLs were retrieved during playback:

Code:
http://t.hulu.com/beacon/v2/playbackdelivery?pid=Y%5FjW38tecJlXH6n77uxR4osxRM6qCagy&cp=NBC&dp=Hulu&cb=18256

http://hulu.112.2o7.net/b/ss/huludev/0/FAS-1.3/s63314001271501?[AQB]&ndh=1&t=19%2F1%2F2009%209%3A2%3A22%204%20300&ce=ISO%2D8859%2D1&ns=hulu&cc=USD&events=event12&c3=Trust%20and%20Blood&v3=Trust%20and%20Blood&c4=Y%5FjW38tecJlXH6n77uxR4osxRM6qCagy&v4=Y%5FjW38tecJlXH6n77uxR4osxRM6qCagy&c11=9%3A00&c12=Thursday&c13=weekday&c15=Hulu&v15=Hulu&c17=http%3A%2F%2Fwww%2Ehulu%2Ecom%2F&v17=http%3A%2F%2Fwww%2Ehulu%2Ecom%2F&c18=Hulu&v18=Hulu&c19=NBC&v19=NBC&c20=Full%20Episode&v20=Full%20Episode&c22=00%3A41%3A48&v22=00%3A41%3A48&c24=Hulu%3AY%5FjW38tecJlXH6n77uxR4osxRM6qCagy&v24=Hulu%3AY%5FjW38tecJlXH6n77uxR4osxRM6qCagy&s=1920x1200&[AEQ]?

- angrycamel - 2009-02-19

I've been looking at the sec.sfw decompiled ActionScript and it definitely looks like decryption code using public keys from the static var copyrighted_strings array.

I have never written any python, but could this AS be ported to Python and implemented in the script? Or maybe we can just poll this sec.swf for the correct PID. To do that though, I need to look more into how it communicates the in/outs.

Just some food for thought.

PS - I am curious how Elwig came up with those PID's too.

- mr.b - 2009-02-19

I took a cursory look at a trace from a browsing session with the tamper data plugin for firefox (great plugin for this type of thing btw). I'm seeing what ptaylor is talking about regarding the sec.swf. What I haven't figured out is sec.swf references an R class that I cannot find anywhere else. Did anyone find it?

- ptaylor - 2009-02-19

rwparris2 Wrote:confirmed. what did you do to get them?

You should be able to pick them out of a tcpdump when viewing a video via a browser. I did so last night with wireshark. I was thinking that perhaps something could be automated to learn the pids and store them in a central database.

- angrycamel - 2009-02-19

mr.b Wrote:I took a cursory look at a trace from a browsing session with the tamper data plugin for firefox (great plugin for this type of thing btw). I'm seeing what ptaylor is talking about regarding the sec.swf. What I haven't figured out is sec.swf references an R class that I cannot find anywhere else. Did anyone find it?

The sec.swf is compiled with 3 classes: R.as, S.as, and RD.as. It's there, I'm looking at it now.

EDIT: Take a look at the decompiled sec.swf over at pastebin: http://pastebin.com/m31a5dd32

How i found PID's - LittleBear1981 - 2009-02-19

using adblock plus.. i play the stream in a popout.. right click on ABP and select open blockable items... lots of info in there.. even saw a few PID's

i can confirm all pid's posted using this technique.

- mr.b - 2009-02-19

this is definitely clunky, but, if one wanted to script a browser session in order to find and record pids, doing so with selenium is very very easy. I think it'd be very easy for hulu to come along and change pids on us though.

- angrycamel - 2009-02-19

Storing the decrypted PID's will be a maintenance nightmare. We really need to learn how to decrypt them ourselves and I believe the code I put in pastebin does it.

sec.swf - rectalogic - 2009-02-19

ptaylor Wrote:There is a separate swf file (sec.swf) that gets pulled down in the video viewing process that seems to include code looking for the "~", and lots of code that does all sorts of calculations. It may just be something to throw us off the scent though...

Yeah, I think they put the encryption logic in sec.swf so they can change it often independent of the player.swf code itself.

It looks like you need to call e.g. S.dec("a9d2af515205989ce1d8bd20fa36db2c29a307b089a3351401012878b8b399d9~39474f6e3096ab2e5252d39741bd99994a4f0750bac32ef01c2c79a4845a5d37") with the <pid> element and get back tkZDMTeYiZvqZTmTv1Bc3CmNMJnNjhEF.

I wrote an mtasc app that loads sec.swf and decrypts a pid. I don't have an easy way to get the input pid in via the command line yet though.

Compile the AS2 using mtasc, run it using adl from the AIR 1.5 SDK.

DecryptPid.as, compile via:

mtasc -version 9 -swf DecryptPid.swf -main -header 20:20:1 DecryptPid.as

Code:
class DecryptPid {

    var pid:String;

    function DecryptPid() {

    }

    function decrypt(pid:String) {

        this.pid = pid;

        var loader:MovieClipLoader = new MovieClipLoader();

        loader.addListener(this);

        var sec:MovieClip = _root.createEmptyMovieClip("sec", 10)

        sec._lockroot = true;

        loader.loadClip("http://www.hulu.com/sec.swf", sec);

    }

    function onLoadInit(sec:MovieClip) {

        var s:String = sec.dec(this.pid);

        trace(this.pid + "  =  " + s)

    }

    static function main(mc) {

        (new DecryptPid()).decrypt("a9d2af515205989ce1d8bd20fa36db2c29a307b089a3351401012878b8b399d9~39474f6e3096ab2e5252d39741bd99994a4f0750bac32ef01c2c79a4845a5d37");

    }

}

To run this, use adl from AIR SDK with this DecryptPid.xml

Code:
<?xml version='1.0' encoding='utf-8'?>

<application xmlns="http://ns.adobe.com/air/application/1.5">

    <id>com.rectalogic.DecryptPid</id>

    <filename>DecryptPid</filename>

    <initialWindow>

        <content>DecryptPid.swf</content>

        <visible>false</visible>

    </initialWindow>

</application>

e.g.:
$ air-1.5/bin/adl DecryptPid.xml
a9d2af515205989ce1d8bd20fa36db2c29a307b089a3351401012878b8b399d9~39474f6e3096ab2e5252d39741bd99994a4f0750bac32ef01c2c79a4845a5d37 = tkZDMTeYiZvqZTmTv1Bc3CmNMJnNjhEF

mtasc is here http://www.mtasc.org/
AIR SDK is here http://www.adobe.com/products/air/tools/sdk/

- mr.b - 2009-02-19

nothing here

- angrycamel - 2009-02-19

rectalogic Wrote:I wrote an mtasc app that loads sec.swf and decrypts a pid. I don't have an easy way to get the input pid in via the command line yet though.

Great work, rectalogic. I'm not really an ActionScript guy, but is it possible to create a swf that will take in a parameter off the command line (I know this much is possible) then output the results in XML as the result of the page. For instance, I call decryptPDI.swf at whatever url passing in an encryoted PID and it just returns as the result of the url, XML content that contains the decrypted PID?

- mr.b - 2009-02-19

since this is not running from within an SWF file (in a browser), it might be easier to have the code pic up a list of encrypted PIDs in a file (xml maybe) and do it in a batch type process.

- rectalogic - 2009-02-19

angrycamel Wrote:Great work, rectalogic. I'm not really an ActionScript guy, but is it possible to create a swf that will take in a parameter off the command line (I know this much is possible) then output the results in XML as the result of the page. For instance, I call decryptPDI.swf at whatever url passing in an encryoted PID and it just returns as the result of the url, XML content that contains the decrypted PID?

Yes, but to access the command line we need an AS3 host swf which get the args from parameters then load the AS2 swf I wrote and pass it the args as query-string. Not too complicated, I'll look at it tonight.

Another approach other than using the AIR SDK would be to use Boxees open source flashlib http://dl.boxee.tv/flashlib-shared-src.tar.gz - i.e. use this to write a small app that loaded and ran the swf to spit out the decrypted pid. This could then be invoked from a Python XBMC plugin to do the decryption.