bug(YouTube): Spoof app signature - various side effects

[JUANHDA-CX]

Type

Cosmetic

Description

• [x] Video is not added to the history properly Fixed in latest patch
• [x] Audio playback forced in feed Fixed
• [x] Subtitles sometimes don't appear in correct location Fixed
• [x] Playback issues with some videos: home feed autoplay, playlists, opening videos from push notifications, opening some external video links Fixed
• [x] Endscreen cards are always hidden Fixed
• [x] Built in YouTube download feature does not work for long videos or downloading multiple videos at once Fixed
• [x] Download button is hidden in old layout Fixed
• [x] Ambient mode does not work Fixed
• [x] Shared clips do not playback from the clipped time region Fixed
• [x] Autoplayed videos from feed are added to history Fixed
• [x] Seekbar preview thumbnails are in low quality Fixed
• [x] Home feed autoplay does not show close caption text Fixed
• [x] Zoom to fill sometimes does not work Fixed

[n1cKz1]

@oSumAtrIX thumbnail preview over the seekbar is broken again after yesterday's update. Wasn't sure whether or not to create a new issue for this

[LisoUseInAIKyrios]

I've noticed if you have YouTube premium, you can usually turn off signature spoofing without any problems. That only applies if someone cares enough to pay to fix the issue.

[n1cKz1]

I'm one of the few fortunate ones to have never experienced the buffering issue (yet), so i don't need to turn it on, but the thing is when i disable it it usually just turns itself back on mid-video anyway

[LisoUseInAIKyrios]

@n1cKz1 it turns itself on if it encounters playback issues. So you have been experiencing the issue, but you haven't noticed because it's auto enabling the fix.

[n1cKz1]

I doubt it since this behavior only started after yesterday's patches, i could disable it just fine before that, and i still can on the forked version

[LisoUseInAIKyrios]

Yesterdays patch only changed the spoofed protobuf values. Everything else about the patch is still the same.

It's more likely YouTube rolled out the change to your account at about the same time.

[n1cKz1]

Welp looks like you are right. Seems like it auto enables in the forked version now as well, so i guess i officially joined the club. Still a hell of a coincidence

[LisoUseInAIKyrios]

Since the spoof is now enabled by default, the auto enable functionality could be removed.

Or maybe change the 4xx status detection to instead only show a toast (and not auto enable spoofing). And only show the toast once per video, or once per app session.

[n1cKz1]

I know the seekbar thumbnail issue is now listed as a side effect/limitation, that being said could a fix be possible in the future?

[Domiiniik]

Will the seekbar issue recieve any kind of workaround fix or at least any attampt to fix it from the devs? This issue is sooo annoying now damn it. :( :(

[Domiiniik]

One more thing: Download button in Old UI layouts shows up normally now and downloading videos seems to function propertly as well, so this side effect can now be crossed out or removed.

[LisoUseInAIKyrios]

It may or may not be possible to add seekbar thumbnails client side if the server does not specify to show thumbnails. I tried looking for the code that handles the seekbar thumbnails, but after an hour I could not find anything promising. YouTube is heavily obfuscate and finding any desired code can be very time consuming.

Can always pay for premium, and then spoofing is usually not required. If by chance someone lives in a cheap country like Turkey or India then premium is cheap. An unpopular opinion for broke users who want everything for free, but it is a solution.

[oSumAtrIX]

@Domiiniik I assume Built in YouTube download feature sometimes does not work will also work then?

[Domiiniik]

I Have tested the download faature on my friends Premium account and it looks fine as of now. Hopefully seeking issue can be somehow more looked into by other devs as well, its the only huge problem right now and really noticable.

[Domiiniik]

It may or may not be possible to add seekbar thumbnails client side if the server does not specify to show thumbnails. I tried looking for the code that handles the seekbar thumbnails, but after an hour I could not find anything promising. YouTube is heavily obfuscate and finding any desired code can be very time consuming.

Can always pay for premium, and then spoofing is usually not required. If by chance someone lives in a cheap country like Turkey or India then premium is cheap. An unpopular opinion for broke users who want everything for free, but it is a solution.

Yeah sure but to be honest 50% out of 100% reVanced users are using it to get and enable most "Premium only" features features for free as they can't afford it or they don't have a credit card available.

[LisoUseInAIKyrios]

I was able to find the code for the thumbnail preview (YoutubeScrubbedPreviewView), and was successful in forcing the seekbar thumbnails to show up when seeking (for 18.19.35 override acqg#h with a true return value). Doing this also fixes chapter names not showing up when seeking.

But...the client does not have any data for the video thumbnails, so it always shows an empty thumbnail box. It may or may not be possible to force the client to fetch or locally generate the seekbar thumbnails. In usual YouTube fashion the responsible code involves many heavily obfuscated data objects with overly complex code control flow.

At a minimum, fixing the chapter titles during seeking is possible. More work is needed, but it looks halfway promising.

[n1cKz1]

Very nice, appreciate the effort

[oSumAtrIX]

@LisoUseInAIKyrios Since we are spoofing the request to receive the video model that delivers both, the video stream as well as metadata such as the thumbnails, we would have to send two requests. One for playing the video and another for retrieving the metadata for the thumbnails. It may also be possible that both are retrieved separately. The response from our forget request might return data that is used to make another request to retrieve the thumbnails. This data might be able to be spoofed

[SodaWithoutSparkles]

Would "sending 2 requests for a single video" be a detection method for spoofing signatures?

[oSumAtrIX]

@SodaWithoutSparkles Sebding two requests is not a viable solution under any circumstance.

[SodaWithoutSparkles]

I was refering to this part

we would have to send two requests. One for playing the video and another for retrieving the metadata for the thumbnails. It may also be possible that both are retrieved separately.

[oSumAtrIX]

Yes, sending the same request twice is not a viable solution. Instead the client should be spoofed properly.

[johnconner122]

Can't play Reels/Stories after latest update.

[LisoUseInAIKyrios]

Stories were discontinued on June 26th. The last stories still on the site will be pulled 7 days after they were posted. So next week all stories will be gone.

[Domiiniik]

Any update on the seeking issue?

[alagga]

Another issue I'm facing since 2-3 revanced updates: Videos autoplayed in feed get automatically added to watch history. Disabling signature spoofing resolved that.

[SodaWithoutSparkles]

Another issue I'm facing since 2-3 revanced updates: Videos autoplayed in feed get automatically added to watch history. Disabling signature spoofing resolved that.

I can reproduce the issue. I guess this is due to the way that the request was spoofed.

[pep0w]

Why would spoof signature remove the seekbar previews? This wasn't the case in older versions...

[LisoUseInAIKyrios]

@q1k the spoof was changed to fix playback issues (the old spoof method no longer works reliably)

(Is your profile picture a photo of yourself?)

[xDARKxDEVILx]

@q1k the spoof was changed to fix playback issues (the old spoof method no longer works reliably)

(Is your profile picture a photo of yourself?)

Is it possible to bring back the old spoof as an option?as i didn't have any problem with it like many other users and now i regret updating ReVanced

[LisoUseInAIKyrios]

Yeah it could be a toggle to switch the prior spoof, with a default to use the latest more compatible mode (no seekbar preview)

[xDARKxDEVILx]

Yeah it could be a toggle to switch the prior spoof, with a default to use the latest more compatible mode (no seekbar preview)

Please do it if possible since it looks like this issue will last for quite some time like the others

[oSumAtrIX]

An input box where the spoofed string can be entered would also work.

[n1cKz1]

Is it possible to bring back the old spoof as an option?

This would be great. I'm among those who have no playback issue with the old spoofing option, so not having to deal with the whole seekbar thumbnail not showing up thing would be nice. Also

It may or may not be possible to force the client to fetch or locally generate the seekbar thumbnails. In usual YouTube fashion the responsible code involves many heavily obfuscated data objects with overly complex code control flow. At a minimum, fixing the chapter titles during seeking is possible. More work is needed, but it looks halfway promising.

Any update on this?

[PalmDevs]

An input box where the spoofed string can be entered would also work.

How about a radio list option like the spoof version setting, but also have an option for a custom signature? That could be more friendly to users.

[LisoUseInAIKyrios]

An input box where the spoofed string can be entered would also work.

How about a radio list option like the spoof version setting, but also have an option for a custom signature? That could be more friendly to users.

Are there any additional spoof strings that can be used? As far as I know there's only 2 that work (incognito mode and shorts, and shorts fails for some users). If there are additional valid spoofs that are useful, they should be presented like the app version spoof with descriptions. I think it's poor form to throw this issue at the user with "here's a text field. You can enter values here. It's really confusing, and you'll never guess what values might work. Try google searching what to do with this one (good luck!)"

[oSumAtrIX]

The text box solution allows for the maximum flexibility but is less straightforward than a list item that you can simply click. To prevent any mistakes, a reset button can be present

[SodaWithoutSparkles]

I actually prefer a text field, because a hotfix could be issued to resolve any problems quickly by just telling users to replace the text.

A good compromise would be 3 radio buttons: one for the old (v1) spoof, one for the new (v2) spoof, and one for a custom value. Then it would solve this once and for all. In case yet another spoof is needed, either add a new new (v3) spoof, or just use the custom value box.

[LisoUseInAIKyrios]

But is there any additional spoof values that can be used? If there isn't any additional spoof values, then why allow the user to enter text? Hot fixes should be handled by repatching with the updated spoof values and not by asking the user to change a text field.

Of note, the spoofed value has only changed once (a month ago or so when the stories/shorts spoof stopped working for some users).

If there is additional spoof values that might be desirable, they should be an in app option to begin with and not a theoretically use case of "Reddit says for me to copy paste in this text string"

[tusharsnx]

Also it seems like a delay to on going problem. If there's any need to add a text box we can do it in follow up PR.

[pep0w]

The text option is nice so we can change the spoof value without repatching.

[kazimmt]

The text option is nice so we can change the spoof value without repatching.

Do you know any other value than these 2?

[pep0w]

The text option is nice so we can change the spoof value without repatching.

Do you know any other value than these 2?

Does it matter? Revanced loves dropping support for the older app versions for no apparent reason, and there is no way to repatch it again. This way we don't have to patch the terrible new version of the youtube app in case another value is found.

[SodaWithoutSparkles]

The reason behind the text field (for me) are

1. revanced patches are slow to roll out, even when it released to dev builds...
2. dev builds are not (easily) available to normal users w/o cli
3. facilities a quicker debug process by asking volunteers with playback issues to test with the new value w/o repatch
4. No need to repatch when spoof value changed, saving time

For reason 1&2 you may argue that it is a manager problem not patches problem, but then we are just delaying the issue by waiting for manager to solve it, which currently doesnt even having a timeline.

[trmdi]

What about a textbox and some buttons below. Clicking on those buttons sets the textbox string and apply it ?

[oSumAtrIX]

Tbf client spoof is still only a workaround yet to be patched by YouTube ASAP. There's no real benefit in using a textbox. Having a switch between "new" and "old" spoof should be good enough.

[LisoUseInAIKyrios]

Should spoof signature verification be renamed to something more intuitive?

Maybe "Enable playback fix" or some other more descriptive name?

I see users turn spoofing off, they ignore the warning that playback will be broken, and then forget about that warning when videos endlessly buffer at 1 minute mark. If the setting name was more descriptive they might better figure out why the setting must be enabled, and if they do turn it off it's more obvious why playback is now broken.

Additionally the user dialog could mention that spoofing is required unless the user has YouTube Premium. As then it presents an immediate solution to those who really want the thumbnail preview and avoid the other limitations: the user simply pays a few bucks a month and then no spoofing is needed.

[oSumAtrIX]

How about "Spoof client" matching the patch name? The description could give some more information, such as that it fixes playback. In case it is renamed, internal classes and identifiers should also be renamed accordingly.

[LisoUseInAIKyrios]

That could also work, if the summary completely described the situation. Ie: the summary off text could be something like:

Client not spoofed. Videos may not playback correctly

[LisoUseInAIKyrios]

Today I have debugged and found a params. Can anyone test it ? CA8wAg==

The spoofed value works and seekbar thumbnails show up (need to also remove the integration code that hides the seekbar thumbnail). But, my account does not have issues playing without spoofing. So I cannot verify if playback works correctly and someone else would need to try. (Or maybe this was already tried, which is why the comment is now deleted?)