Patched yet again

[doiraduc]

Hey! Thank you for your hard work. Unfortunately, some things have changed with the streaming sites that used Vidcloud and this doesn't work anymore.

Before, the embeds that the sites returned were rabbitstream.net if the site was using Vidcloud (e.g. sflix.to, flixhq.to, etc.) and megacloud.tv if the site was using Megacloud (e.g. sflix.is, 1flix.to, etc.)

First of all, the domains have changed, and the sites that used rabbitstream now return a mix of venusembed.site, grostembed.online and others (check and refresh multiple times to see: sflix.to/ajax/episode/sources/5437060). The sites that used Megacloud changed just the tld (megacloud.tube). The thing is, they seem to use the same player js so their source code might be shared, just the domain is different (also the xrax value is the same in all the embeds returned by the api). Second, the embeds no longer return the meta tag necessary for the getMeta function to run. So this is an issue too.

[oOICEMANOo]

Hey! Thank you for your hard work. Unfortunately, some things have changed with the streaming sites that used Vidcloud and this doesn't work anymore.

Before, the embeds that the sites returned were rabbitstream.net if the site was using Vidcloud (e.g. sflix.to, flixhq.to, etc.) and megacloud.tv if the site was using Megacloud (e.g. sflix.is, 1flix.to, etc.)

First of all, the domains have changed, and the sites that used rabbitstream now return a mix of venusembed.site, grostembed.online and others (check and refresh multiple times to see: sflix.to/ajax/episode/sources/5437060). The sites that used Megacloud changed just the tld (megacloud.tube). The thing is, they seem to use the same player js so their source code might be shared, just the domain is different (also the xrax value is the same in all the embeds returned by the api). Second, the embeds no longer return the meta tag necessary for the getMeta function to run. So this is an issue too.

I also just started digging into the latest changes to try and get something working, other than the rolling domain's it also looks like getMeta possibly needs updated from "fyq" to "j_crt". Then it seems like we're missing a few functions here's the errors I go and the code I added to get past the error (NOTE: Code added was a guess, I'm not sure if its correct or not) [LinkError: WebAssembly.instantiate(): Import #7 module="wbg" function="wbindgen_number_get" error: function import requires a callable] ADDED 'wbindgen_number_get': function(offset, index) { let obj = get(index); if (typeof obj === 'number') { getArr32()[offset / 4] = 1; getArr32()[(offset / 4) + 1] = obj; } else { getArr32()[offset / 4] = 0; } }, [LinkError: WebAssembly.instantiate(): Import #45 module="wbg" function="wbg_localStorage_3d538af21ea07fcc" error: function import requires a callable] ADDED 'wbg_localStorage_3d538af21ea07fcc': function(index) { return addToStack(fake_window.localStorage); }, [LinkError: WebAssembly.instantiate(): Import #50 module="wbg" function="wbindgen_is_object" error: function import requires a callable] ADDED 'wbindgen_is_object': function(arg0) { let val = get(arg0); let ret = typeof val === 'object' && val !== null; return ret; }, [LinkError: WebAssembly.instantiate(): Import #51 module="wbg" function="wbg_crypto_1d1f22824a6a080c" error: function import requires a callable] ADDED 'wbg_crypto_1d1f22824a6a080c': function(arg0) { const ret = get(arg0).crypto; return addToStack(ret); }, [LinkError: WebAssembly.instantiate(): Import #52 module="wbg" function="__wbg_process_4a72847cc503995b" error: function import requires a callable]

-- UNKNOWN --

[rzmic]

help anyone has resolved this? i really need it, temporary using puppeter so slow and unstable ;(

[jiamid]

I have completed the environment as much as possible and have been able to obtain pid, kversion, kid, and ktime, but the keys cannot be found. I hope it will be helpful to you. https://github.com/jiamid/wasm_service/blob/master/src/gap/rabbit_temp.ts

[luismendoza-ec]

@jairoxyz any luck?

[jiamid]

1.The current issue is that PID may also be incorrect,Unable to use the current PID to obtain sources. 2.window.navigate() should be after window.jwt_plugin(Q0),but the jwt_plugin is not fully operational.

[jiamid]

kversion and kid is same to my browser,but pid is only can use once，it is error。 I test canvas，but I am not very familiar with Canvas in JavaScript， it will be used in wbg_createElement_03cf347ddad1c8c0：create canvas element wbg_getContext_dfc91ab0837db1d1：get canvas.getContext('2d') __wbg_drawImage_cb13768a1bdc04bd：context2d.drawImage(img,) /images/image.png?v=0.1.0

[luismendoza-ec]

@jiamid yes, I noticed that sources are not retrieved with the KID, KVERSION and PID you get. I made a puppeteer solution that works more or less and noticed that the same happened when not using stealth mode and also when not sending referer header to getsources call. I tried the latter in your solution but no change. I think they make a stronger fingerprint with the wasm that cannot be made with the fake window object. I saw you import canvas but don't use it for anything - did you test with that?

Can you please your implementation with Puppeteer? I was thinking in a temp solution using a real chrome browser instance and with websockets.

[jiamid]

But imageData seems to change frequently.

[luismendoza-ec]

@jiamid image data changes? You mean the image.png itself or image data array inside code? Maybe it's what I saw in the Al variable in the navigate method? Will debug again and copy values.

@luismendoza-ec I'm fixing some stuff to make it more stable before I put it in git. Will let you know.

Jx-

I saw the images resources vary depending the "version" they request, so probably they have added some kind of tiny variation for the same file but in different versions.

Thanks!

[luismendoza-ec]

I did with emulation, not optimized yet, but giving me 2 secs in a regular server, in my local computer about 4 secs with a poor connection.

[fsmdeveloper]

I did with emulation, not optimized yet, but giving me 2 secs in a regular server, in my local computer about 4 secs with a poor connection.

Bro, how? can you shared the fixed code, please?

[jiamid]

I have new task to do. maybe size in this 1.500500 2.6550

发自我的iPhone

------------------ Original ------------------ From: JairoX @.> Date: Sun,Oct 27,2024 8:36 PM To: jiamid @.> Subject: Re: [drblgn/rabbit_wasm] Patched yet again (Issue #6)

@jiamid Hi there, any luck with those jwt_plugin and navigate calls? I checked the array of what looks like pixel values passed to the navigate function and it's length is 108760, so either a bigger image or something else.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

[luismendoza-ec]

Hello guys, thanks everyone for all the effort.

@jairoxyz what is beign send to jwt_plugin is the wasm file, internally the jwt_plugin is executing its functions and populating the required data.

@jairoxyz @jiamid We should make a group somewhere and discuss there, just in case someone related with this implementation is looking for this.

[luismendoza-ec]

1.500*500

Hi @jiamid ,

108760 divided by 4 (R, G, B, Alpha) is 27,190 pixels, so size could be 190 x 143 but the values don't really look like pixels cause Alpha should be 255: [0,97,115,109,1,0,0,0,1,240,1,32,96,2,127,127.........], so not sure. Could also be the array is generated by wasm and then reduced to keys array by the navigate function. Is still think some of the wasm functions are not complete because navigate should be available after groot and jwt_plugin. And your pid is wrong, so maybe it's a good idea to use canvas and a real window object, either from npm jsdom or puppeteer-real-browser. Just a few ideas :)

I did that, using a "real" window is giving still a wrong pid and my idea is that is just regarding the fingerprint they are detecting host, referer, ua

[luismendoza-ec]

Well, we can't know what you mean by real window if you don't share any of your code. What we do know is that they use code from here https://github.com/drbh/wasm-fingerprint for generating a fingerprint by drawing an image into a canvas. HTTP headers can be easily set, so that is not the problem.

I mean using the real chrome browser to debug all the script and wasm operations more closer.

Btw good one for the wasm-fingerprint, I was thinking to connect to the real browser with websockets and just change the xrax and force the process to produce a new fingerprint, but seems like they have controlled that also, probably playing with it more I will get it.

[jiamid]

@jairoxyz Can you call jwt_plugin to generate the navige() function ? I tested that image_data and dataURL are consistent for a certain period of time

[luismendoza-ec]

@jiamid no, wasn't able to get the navigate function. If the image data that is converted to data url changes with every call, it has to be generated inside the wasm by the canvas functions defined in the JS. There are several drawing functions that we haven't defined yet like fillRect and fillText. So maybe instead of the emojis they are now rendering something random made of text and shapes. Needs more debugging and all wbg functions need to be defined. I debugged wbg_getImageData and that returns the pixels of image.png, so that is OK.

Can we work together on this?

[jiamid]

fillRect and fillText is not used Very willing to cooperate

[luismendoza-ec]

fillRect and fillText is not used Very willing to cooperate 发自我的iPhone … ------------------ Original ------------------ From: Luis Mendoza @.> Date: Tue,Oct 29,2024 7:23 PM To: jiamid @.> Subject: Re: [drblgn/rabbit_wasm] Patched yet again (Issue #6) @jiamid no, wasn't able to get the navigate function. If the image data that is converted to data url changes with every call, it has to be generated inside the wasm by the canvas functions defined in the JS. There are several drawing functions that we haven't defined yet like fillRect and fillText. So maybe instead of the emojis they are now rendering something random made of text and shapes. Needs more debugging and all wbg functions need to be defined. I debugged wbg_getImageData and that returns the pixels of image.png, so that is OK. Can we work together on this? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

how can I contact you, we need to work under same project, so we can collaborate better, and if we do debug sessions we can easily get this done.

[oOICEMANOo]

also willing to help out, I started digging into this a few weeks ago and got tied up into other things now circling back, looks like some progress is happening which is great to see!

[luismendoza-ec]

Hey friends! It’s been a few interesting days trying to solve this, and JSDom and other techniques to represent things even close to what I need have made everything quite complicated. The validation and generation of the fingerprint is complex and depends on many factors, so even a minor change can prevent it from generating correctly.

The best solution I could implement (after temporarily handling Puppeteer and pools to intercept the HLS) is the following:

1. A single Puppeteer instance that doesn’t demand much from the system serves as the perfect sandbox, allowing all validations and WebAssembly (WASM) operations to run smoothly.
2. Injection of modified code to control certain aspects, validations, and shape the data exactly as I need it.
3. The browser’s connection to a socket hub that allows me to control it on demand (not to be confused with a reload operation).

What I’m practically doing is:

• Loading the site just once, letting resources and validations take place, and preventing resources that might later block from being released.
• Making this sandbox communicate via sockets to handle my requests.
• From my script that I want to scrape, I send the media ID I need.
• The sandbox (without any HTTP requests) generates the necessary fingerprint (which I’ve modified in certain parts to make unique).
• The sandbox responds with the fingerprint and other parameters needed for the request.
• From my script’s side, I make the request for the sources, and with the data obtained, apply the logic of their obfuscation to decrypt it.
• On the script’s side, I sanitize the URL and get it ready for consumption.

Requests:

• The browser only makes one to load the sandbox (resources, WASM, etc.).
• The script makes one to fetch the unique data of each embed and another to get the source (a JSON with the encrypted source). After that, I have the HLS.

I’ve tested it with some embeds, and it’s going well, and the best part is that it works in headless mode.

I’m leaving a few images and signing off (I need to sleep).

P.D.: I’ll improve a few things when I return with recharged energy. I know I can make it even better, but as it stands, it works very well.

[luismendoza-ec]

Hey @luismendoza-ec interesting but quiet complex solution :) I know for sure someone solved it by instantiating the wasm correctly in node.js but he won't share it. But it means it is possible the same way as @drblgn did.

My friend Jairo, it's likely that yes, at some point someone will achieve it. It's not an easy task, and they will have invested many hours, probably days, and they won't release it either.

My solution isn't complex; I have it well assembled, and it works well in multitasking. Honestly, I feel satisfied because it can handle thousands of executions without trouble.

But I tried to be practical; I barely use Puppeteer for the sandbox. Going further than that by trying to hook every call of the wasm and trying to guess through the many conditions they have to solve it without the sandbox would be investing more time into something that they're going to change at some point.

Imagine, being practical and efficient is solving this in such a way that it takes you less time than they take to release the next version, or your work will have been for nothing :)

[jiamid]

I try remove they，it can run success

[jiamid]

I think we should adopt the @luismendoza-ec method and achieve a good result through optimization. He's right, if we spend more time than they spend updating versions, it's meaningless.

[luismendoza-ec]

As I thought, @luismendoza-ec doesn't want to share anything ....

Let me understand you, Jairo. Throughout my development and testing, I tried to reach out to you, I wrote to you, left comments here, but got no response from you. On top of that, I shared a solution, but it seemed you weren’t interested at the time. Now it seems you’re tired of trying your way and want to use my solution, and you’re saying I don’t want to share?

Honestly, I’d rather keep my version private. None of you have shared anything concrete, just vague hints.

[WBRK-dev]

Is anyone interested in developing a public solution with me? I think the first iteration should definitely be build with a headless browser since that is just quicker to implement. After that if we think that it is possible to decrypt without a headless browser we can attempt that.

If anyone is interested then I can invite u to a repository to exchange discord handles and create a server if there are more than two?

[luismendoza-ec]

Is anyone interested in developing a public solution with me? I think the first iteration should definitely be build with a headless browser since that is just quicker to implement. After that if we think that it is possible to decrypt without a headless browser we can attempt that.

If anyone is interested then I can invite u to a repository to exchange discord handles and create a server if there are more than two?

I am interested.

[WBRK-dev]

@jairoxyz, @luismendoza-ec I have invited you both. In the issues page, you can find my Discord handle.

[justchokingaround]

can you invite me as well pls @WBRK-dev ? i'm not currently working on foss stuff but i'm interested in keeping up with this

[WBRK-dev]

@justchokingaround You have been invited.

[BominRahmani]

@WBRK-dev I'd love to keep up with this as well, not sure if i'll be able to work on it right now, but i'd love to see any further developments.

[Xross342]

Hello guys, I have a working rabbit stream fix BUT it only works on the browser with the no cors extension on, but it successfully decrypts rabbit stream without using a headless browser, i kinda don’t have time to work on it but I want to nicely ask. Can someone please implement the fixed into rabbit_wasm, you can dm me on discord for the code My discord is Zetsman192

[Xross342]

@justchokingaround You have been invited.

Interested

[Xross342]

Hello guys, I have a working rabbit stream fix BUT it only works on the browser with the no cors extension on, but it successfully decrypts rabbit stream without using a headless browser, i kinda don’t have time to work on it but I want to nicely ask. Can someone please implement the fixed into rabbit_wasm, you can dm me on discord for the code My discord is Zetsman192

Sorry, wrong discord. the right one ix xross342

[kelgr]

@WBRK-dev could you please provide discord server, im interested in the project