Paid Cources can be accessed for free with slight Modification

[arshackerofficial]

all paid course can be accessed for free because it has just a single attribute change. set attribute "free" to true and thats almost it.

Anyone can use this script to do so.

Steps :-

1. Logout from your account
2. go to any course
3. paste this in web console and run it
4. thats it, course will be available for free.

This bug should be patched as soon as possible.

Js Code (https://pastebin.com/2pXCUgmY)

I also reported this on discord but someone deleted my report

[arshackerofficial]

In Other ways :-

Set free="true" in video-player

Get Video id from global-data

There Can be Video id for youtube or vimeo

If there is value for Vimeo, Add this in video-player - wrapper - vid html element

''

If there is value for Youtube, Add this in video-player - wrapper - vid html element

<iframe src="https://youtube.com/embed/VIDEO-ID-HERE" allow="autoplay; fullscreen; picture-in-picture" allowfullscreen="" width="426" height="240" frameborder="0"></iframe> // set video

OR Use this script, https://pastebin.com/2pXCUgmY

[MiracleAig]

I can confirm that this works, and this needs to be fixed immediately before someone abuses this and starts to post pirated courses on a website.

[khaled-0]

Pro courses are only this simple userscript away. Imagine using client side validation bruh.

// ==UserScript==
// @name         Freeship
// @namespace    lemons
// @version      1.2
// @description  Unlock all Fireship PRO courses/lessons.
// @author       lemons
// @match        https://fireship.io/*
// @icon         https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/325/fire_1f525.png
// @grant        none
// ==/UserScript==

setInterval(() => {
    document.querySelectorAll("[free=\"\"]").forEach(el => el.setAttribute("free", true)) // set all elements with the attribute free set to "" to true

    if (document.querySelector("if-access [slot=\"granted\"]")) { // replace HOW TO ENROLL to YOU HAVE ACCESS
        document.querySelector("if-access [slot=\"denied\"]").remove()
        document.querySelector("if-access [slot=\"granted\"]").setAttribute("slot", "denied")
    }

    if (document.querySelector("video-player")?.shadowRoot?.querySelector(".vid")?.innerHTML) return; // return if no video player
    const vimeoId = document.querySelector("global-data").vimeo; // get id for vimeo video
    const youtubeId = document.querySelector("global-data").youtube; // get id for vimeo video

    if (vimeoId) { // if there is an id,
        document.querySelector("video-player").setAttribute("free", true) // set free to true
        document.querySelector("video-player").shadowRoot.querySelector(".vid").innerHTML = `<iframe src="https://player.vimeo.com/video/${vimeoId}" allow="autoplay; fullscreen; picture-in-picture" allowfullscreen="" title="${location.pathname.split("/")[3]}" width="426" height="240" frameborder="0"></iframe>` // set video
    }
    if (youtubeId) { // if there is an id,
        document.querySelector("video-player").setAttribute("free", true) // set free to true
        document.querySelector("video-player").shadowRoot.querySelector(".vid").innerHTML = `<iframe src="https://youtube.com/embed/${youtubeId}" allow="autoplay; fullscreen; picture-in-picture" allowfullscreen="" title="${location.pathname.split("/")[3]}" width="426" height="240" frameborder="0"></iframe>` // set video
    }
}, 100)

[TangentSquared]

I also confirm that it works. I got to this website and tried the code it contained. The hack worked successfully so I wrote an email to hello@fireship.io and came here to post an issue but found this.

[archuser555]

this seems like some serious and weird vuln, hope it will be fixed soon :)

[lem6ns]

Seems like they are already aware of this but have not taken action. Weird!

(i made this)

[arshackerofficial]

You shouldn't have posted it publicly. @lem6ns

[lem6ns]

You shouldn't have posted it publicly. @lem6ns

I wasn't the first person to do this. This issue has been brought up many times before, like in #304 and #901. It has also been brought up a couple times in their discord as well.

This issue can be mitigated by using DRM such as Widevine or VDOcipher, or using SSR and having the videos in an environment variable to render only if they have PRO.

[tisaconundrum2]

Bruh! This still hasn't been fixed :(

[ashuvssut]

Seems people downloaded all the pro content and are posting drive links everywhere like hacksnation website

This fix should be implemented for future pro courses

[tisaconundrum2]

I wonder if it's a systematic thing that Jeff is doing. He's letting them get away with it because despite the pirating, it actually brings more viewers and interested people to his content. 🤷

[arshackerofficial]

@tisaconundrum2 yes it could be a possibility but he should fix this issue. this isnt good for people who are paying for it.

[StanleyY7]

A potential fix could be to use a secret value instead of Boolean for the variable free. Secret value can be set as an ENV variable and code can be altered so free=SECRET_VALUE would work (of course we would not know what the secret value would be and most likely it would be a hashed value of a word/sentence/key). Logic of free would be if (free === SECRET_VALUE){ does what being true does} else {does what free === false would do}; To make more secure can also add checking to see if user is logged in (token auth perhaps checking cookie is valid, session id etc...), as user should not be able to access paid content without being logged in/authenticated.

[TangentSquared]

I wonder if it's a systematic thing that Jeff is doing. He's letting them get away with it because despite the pirating, it actually brings more viewers and interested people to his content. 🤷

I think it's not the case because if Jeff really wanted to get more views and interests, he would rather make the courses free.

[archuser555]

im curios, isn't this an open source project? can't someone pull request a fix?

[ashuvssut]

There's no maintainer I guess... I have a small fix PR which is still not reviewed by anyone. I dont think its gonna be fixed anytime soon. It has been more than a year. This issue is still not fixed

[ghost]

I also confirm that it works. I got to this website and tried the code it contained. The hack worked successfully so I wrote an email to hello@fireship.io and came here to post an issue but found this.

At this point, I think he is porously allowing it Also stop being an opp

[itse4elhaam]

I can confirm that this is working, it's very weird to see that no one is maintaining this repo as well as it should be maintained.

Maybe writing a bunch of emails to Jeff might help or reaching him through social media, has anyone here tried reaching him out on any social media platform?

[ghost]

I can confirm that this is working, it's very weird to see that no one is maintaining this repo as well as it should be maintained.

Maybe writing a bunch of emails to Jeff might help or reaching him through social media, has anyone here tried reaching him out on any social media platform?

Stop being an opp blud

[im-nihal]

holy moly.. i tried this and it works🔥🔥🔥 and what's surprising is that it still hasn't been fixed.

[erftube]

he doesn't care

[0xFlo]

me: looks for a coupon code, finds a repro to access the course for free instead tries out the script: still works paid the $20 because Jeff doesn't fix this despite knowing about it <3

[ghost]

me: looks for a coupon code, finds a repro to access the course for free instead tries out the script: still works paid the $20 because Jeff doesn't fix this despite knowing about it <3

proof u brought it or your lying

[0xFlo]

me: looks for a coupon code, finds a repro to access the course for free instead tries out the script: still works paid the $20 because Jeff doesn't fix this despite knowing about it <3

proof u brought it or your lying

[arshackerofficial]

Don't Fight😂 @BlueIncog @0xFlo

[ghost]

me: looks for a coupon code, finds a repro to access the course for free instead tries out the script: still works paid the $20 because Jeff doesn't fix this despite knowing about it <3

proof u brought it or your lying

20 well spent

[heoun]

This is now patched I believe?

[ghost]

This is now patched I believe?

no, still works

[PhantomDaDev]

i think it's patched cuz it doesn't work

[PhantomDaDev]

i tried a different method it works

[Durgeshityar]

i thinks its fixed now by pasting the scripts it unlocks courses but it says "Oops! The embed code for this video is not valid " what did you try ?

[PhantomDaDev]

you can get the vimeo/yt embed for the vid from this repo. then u can use the 2nd comment in this issue to get the vid

[im-a-blobfish]

i managed to fix the original JS script to work now (github copilot chat cooked this up)

https://pastebin.com/cSVcSAm5

[SOf1AN3]

i managed to fix the original JS script to work now (github copilot chat cooked this up)

https://pastebin.com/cSVcSAm5

That's working ! thanks man

[eik-1]

@im-a-blobfish this is not working bro

[ajay47k]

wathcing you all

[ghost]

@ajay47k who is u lil bro

[L3atross]

This script works https://greasyfork.org/en/scripts/455330-freeship

[SMAntony]

me: looks for a coupon code, finds a repro to access the course for free instead tries out the script: still works paid the $20 because Jeff doesn't fix this despite knowing about it <3

I think the same. Thor (PirateSoftware) said in a video, that most people who pirate do not have enough money to support the creators. Perhaps Jeff shares a similar sentiment. Much love for Jeff <3