Skip to main content

Reverse engineering Pubvn apps for fun and... larger-screen-fun

It's Friday night and the wifeTM wanted to watch Games of Thrones on the TV (via Chromecast). Should be easy right? We have lots of apps installed for exactly this purpose: Netflix, HBO Now, Flix, etc. None of them worked though...

  • Netflix just doesn't have HBO contents like GoT.
  • HBO Now works but it requires a US proxy to watch and there is no way to tell the Chromecast to go through a proxy.
  • Flix, a promising local app, good with TV streaming but not series.
So we had to settle to use HBO Now and Google Chrome's cast tab feature to have it on the big screen. A complicated setup, and slow. The casting was broken a few times during the episode, probably because of wifi interferences. This problem needs some engineering!

Proxy Those Apps

First order of business would be proxy their apps to catch all network requests. I used Charles with their iOS app. At first I thought it would be tricky if they use https or certificate pinning but it turned out everything runs through http. After a few taps on the apps, the flow looks something like this:

  1. `filmlist` api for search
  2. `filmdetail` to get a movie's episodes
  3. Finally use `filmmedia` for the mp4 url
After a few hours or so, I had gotten the mp4 casting on my TV. Success? Not yet.

Subtitles

Hmm, subtitles are important, we really need those (especially for GoT). Chromecast supports subtitles in WebVTT format (which is good) but apparently Pubvn only has SRT. Also, the subtitles url is protected with some weird authentication hashing. Almost gave up, I tried to proxy their Android app and found out that this app uses a slightly different api. Best of all, Android subtitles don't require authentication, they have some custom made encoding instead.

New plan:
  • Switch to use Android api endpoints
  • Decompile their apk to get the SRT decoder.
  • Put that decoder on Heroku with WebVTT converter
Complicated but now we have working mp4 and WebVTT urls. For some reason, Chromecast failed to play with subtitles turned on though...

CORS

Another couple hours passed by until I found out that both urls must have CORS headers. Probably the video player needs more data from the movie stream when it renders subtitles, I don't know.

It's easy to add those headers for the subtitles, we just need to update the Heroku app. But for the movie itself... It is hard, we don't control Pubvn servers so there is no ways to add those CORS headers (I asked them, no answer so far). I guess we can run a CORS proxy and play the movie from there? Just to be safe, let route the srt through that proxy too (so Pubvn servers will see our requests all from one IP).

Hah! Now we have movie with subtitles fully working on Chromecast! I have to keep 2 servers running though: the Heroku app and the CORS proxy.

Source: elitedaily.com
Repositories if you are interested:

Comments

Popular posts from this blog

IMAP module for PHP in Mac OS X Mountain Lion

So here it comes again. I have recently upgraded to Mountain Lion and for whatever reason, Apple decided to nuked all my previous PHP (among other things) configurations so I have to setup IMAP in PHP again. A simple Google search may point you to this post with detailed instruction for Lion however, some steps have been changed a bit...

Step 1: Install prerequisites You may choose to download Xcode (FREE) from the App Store then go to menu Xcode > menu item Preferences > tab Downloads, select to install Command Line Tools OR you can go to Apple Developer to get it, you may need to login.

Step 2: Compile IMAP Get the IMAP source code from University of Washington website. Please do me a favor and check that website for the latest version, it's good practice. If you that lazy, try to click the "y" to get direct link to 2007f version.

Extract the package and open the Terminal to the new directory before executing these command:

make osx EXTRACFLAGS="-arch i386 -a…

OAuth with Google, Twitter and... Facebook!

This is sick!

Just a few days ago, I ran into OAuth as I want to get my GMail feed based on Google Data API. I succeeded. With a little help of an OAuth open source (here, available in several programming languages).

Then I remember that I once heard that Twitter also uses OAuth as an authentication option so I turned into Twitter and had a good read. Finally, I found out that they are basically the same (hehe, it's obvious since OAuth 1.0 is a worldwide standard). I had an idea of writing a universal class which can handle both Google and Twitter OAuth functionalities. It's not too hard. I took most of the idea from the PHP example (here, PHP only). I also made a small script which accepts URI to send and intercept response from Google & Twitter servers.

At that moment, I was so excited with all the ideas but actually it has no real world benefit so I just left it there... Until today, in the F8 (says "fate") conference of Facebook, I was stunned finding out tha…

What the Hell Is Going on in Vietnam?

I have just read this: What the Hell Is Going on in Indonesia via TechCrunch. The author (Sarah Lacy, one of my favourite) took her chance in Indonesia to find out why there is such a great growth in Internet usage in that South East Asia country. It was a good read.

There are some interesting parts like

I grilled them on some basic questions to bring you a Web-in-Indonesia primer. But before we get to those, here’s what impressed me the most about this small-but-tightly-knit community: It’s incredibly collegial. Plenty of research has shown that the biggest reason Silicon Valley beat Boston as a venture capital and startup hot spot was because culturally it was open, trading employees, funding, mentorship and ideas among competitors. It’s not uncommon to see Web competitors in the Valley having dinner together and generally discussing business challenges, before they go back to the office for some late night coding to bury one another in the market.I laughed so hard reading this!  But…