Trying to make an IE for pbs.org

[yasoob]

Hey now i am making an IE for pbs.org . Right now i am using this video for testing [http://video.pbs.org/video/2365006249/] . While monitoring the network calls i got this call

Request URL:http://urs.pbs.org/redirect/dbca29b492624eb0a6205356b24c331b/?format=json

The response received from this call gives the rtmp url but i am not able to figure out where does "dbca29b492624eb0a6205356b24c331b" in the url come from. I hope someone can provide me a friendly response so that i can make an IE for pbs.org . It was a feature request by someone #870

( @FiloSottile @jaimeMF )

[jaimeMF]

You should look into http://video.pbs.org/videoPlayerInfo/2365006249, I think the releaseURL can be useful, but I don't know how to extract from it

[yasoob]

@jaimeMF you are right. It is an AES encrypted string which on decryption gives us the link to the rtmp file. We need python's pycrypto module but it is not preinstalled with python. What do you suggest ? Should i go forward and make an IE for it ?

[yasoob]

Huff trying to decrypt it was extremely difficult but it was making me curious so I spent whole day to decrypt it and on the way i learned a lot about AES. My test code is

>>>from Crypto.Cipher import AES
>>> mode = AES.MODE_CBC
>>> key = "RPz~i4p*FQmx>t76"    #It always remains the same
>>> ciphertext = "fYnB4RRXOlKpOevYTYIRbcCozQwAJl/eVBk7CxBWGVUAMMVWYeKjtM7UKEDmdfzIZhDEAtA82Gw4+M//xC2jcSIj9Wj5QVLKGgSCUvgWBP8="      #Its part of the encrypted release url
>>> iv = "D385C9991923AFD1BEC657CF7A93E5D7"     #Its part of the encrypted release url
>>> import binascii
>>> iv = binascii.unhexlify(iv)
>>> decryptor = AES.new(key, mode, iv)
>>> iv
'\xd3\x85\xc9\x99\x19#\xaf\xd1\xbe\xc6W\xcfz\x93\xe5\xd7'
>>> len(iv)
16
>>> import base64
>>> ciphertext = base64.b64decode(ciphertext)
>>> ciphertext
'}\x89\xc1\xe1\x14W:R\xa99\xeb\xd8M\x82\x11m\xc0\xa8\xcd\x0c\x00&_\xdeT\x19;\x0b\x10V\x19U\x000\xc5Va\xe2\xa3\xb4\xce\xd4(@\xe6u\xfc\xc8f\x10\xc4\x02\xd0<\xd8l8\xf8\xcf\xff\xc4-\xa3q"#\xf5h\xf9AR\xca\x1a\x04\x82R\xf8\x16\x04\xff'
>>> len(ciphertext)
80
>>> plaintext = decryptor.decrypt(ciphertext)
>>> plaintext
'http://urs.pbs.org/redirect/dbca29b492624eb0a6205356b24c331b/&player=portal\x05\x05\x05\x05\x05'
>>> exit()

so what do you say now ? I took a little help from http://stackoverflow.com/questions/11499224/aes-decryption-using-pycrypto and another perl script (I dont know perl :p ) (@jaimeMF @phihag @FiloSottile)

[FiloSottile]

The \x05\x05\x05\x05\x05 at the end is padding. Scrub it with

plaintext = plaintext[:-ord(plaintext)]

[FiloSottile]

The problem now is that we can't depend on external libraries... I'm tempted to implement a Public Domain AES.

[yasoob]

okay i guess thats the way to go then. But who is gonna find and implement it now ?

[FiloSottile]

I have a CBC implementation somewhere, and I love implementing crypto stuff
^^ (also, here it is not security critical, so I can screw up without
worrying)

So I'll probably do it, but not this week I'm afraid (exams!)

[yasoob]

lolz yup you can screw :D and btw it doesnt matter you can do it next week. I can wait .

[denobisipsis]

You don't need to decrypt the releaseURL, you simply have it decrypted at

http://video.pbs.org/videoInfo/<>/?format=jsonp&callback=video_info.

Anyway, in php the code

$releaseurl=explode("$",$releaseurl);
$iv=$releaseurl[1];
$redir=base64_decode($releaseurl[2]);

$key = 'RPz~i4p*FQmx>t76'; //

     $iv=pack("H*",$iv);
     $cypher = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
     mcrypt_generic_init($cypher, $key, $iv); 
     $linkredir = mdecrypt_generic($cypher, $redir);
     mcrypt_generic_deinit($cypher);
     mcrypt_module_close($cypher);

[denobisipsis]

Mistake:

you don't have the same redirected url but 2.

The first one (releaseURL) gives you a rtmp link,

but the json a direct download link, although from one to the other the conversion it's easy

[jaimeMF]

@denobis thanks for the hint, an extractor has been added.