
Illegal streams, decrypting m3u8's, building a better stream experience (2018) - colinprince
https://blog.jonlu.ca/posts/illegal-streams
======
rasz
One of the pirate tv/movie streaming websites I look at from time to time also
switched from storing their videos directly in googledocs to encrypting it
first. Couple of years ago they simply used unlisted YT uploads for their
pirated material. Talk about zero cost hosting.

~~~
chocolatkey
I noticed a very interesting method one used recently where they stored video
segments (2-5MB) on google with the extension ".text.png". Interestingly the
files have valid PNG headers.

~~~
xnyan
On google as in on one of the various google hosting services or something
less intened-by-google like stuffing data in the "image" and somehow getting
it cached by the crawler?

~~~
chocolatkey
On google. And this is not using any of the proxies. Here is one such segment:
[https://lh3.googleusercontent.com/d/12xIEN-
mfboq4CSYJS8tKq4H...](https://lh3.googleusercontent.com/d/12xIEN-
mfboq4CSYJS8tKq4H9xmMIjDeL) ... And guess what, I just googled that URL to
check which service `/d/` is associated with, and lo and behlod, someone's
already explained what I was going to: [https://medium.com/@laurentmeyer/deep-
dive-in-the-illegal-st...](https://medium.com/@laurentmeyer/deep-dive-in-the-
illegal-streaming-world-cd11fae63497)

~~~
rwmurrayVT
The dude ventures out to torrent a video, gets interested, and then in
conclusion wants to tell Google engineers where he found it ??????????? That's
great ass covering on the end bit there.

~~~
chocolatkey
These sites are used to takedowns, whether it be because the Google account
got banned or abuse was detected. Pointing out a segment is not going to
change anything, if I can find this a hundred Google engineers can

~~~
rwmurrayVT
Not you, the person in the article. It just seems comical that they'd
intentionally go out of their way to torrent IP then turn it over to Google.

~~~
chocolatkey
Ah sorry I misunderstood

------
zzo38computer
"Unfortunately most common desktop players do not allow you to customize the
cookies and headers sent with your request." I would have thought to set up a
proxy and then to connect VLC to the proxy server.

They also mention encrypted servers. Can VLC make these authentication with
your own keys?

