log of Logfish.net

The dutch public television hosts some of their programs online at www.uitzendinggemist.nl and they do it using the (yes, how stupid can they be) windows media format.

Because I don't use or own any Microsoft systems, I have to make due with reverse engineered FOSS solutions. No problem there, because gstreamer has a plugin and playing back the media will work most of the time.

However, I decided to switch to the new hardy development (pre-alpha) release of Ubuntu and that is where the trouble started. The browser browser plugin player didn't work anymore. I'm not sure what the problem is, but not willing to dive into it, I started to hack around the problem and see what kind of security they actually use on their site.

First there is the infamous Agent based security: if you don't include the Agent header in your HTTP request and you don't define the right agent, you won't get any information. Just a page containing copyright information. It always amazes me that people think this is something that protects your system. If you look at it as a security measure: I don't know of any person with bad intentions who doesn't forge their Agent field. So there is no reason to test for this. If they are good they would adhere to the law and not redistribute the content, if they are bad they will. The Agent field has nothing to do with that, at all!

So, we start with getting the playlist from the site. This is done by first looking at the Page Info in Firefox and check out the .asf link. Right click, copy and then run curl to see what is behind that request. Of course we need to mention the mighty overlord and honor His name to get to this content. The name I'm referring to is of course: Microsoft.

So, telling uitzendinggemist.nl you like Microsoft is enough to get the content. Then we continue on. The result of this command will be a listing in the form of a Media playlist:

Here we step on to the second piece of security: proprietary streaming protocols. This makes things even harder, but of course if you are a bad guy then saying Microsoft is already enough to get what you need. If you are a user, you want to see the content. Easiest way is to just play it in something like Totem, which should work if you have the right gstreamer plugins installed. Another is to dump the content by using gstreamer directly (my favorite) or mplayer (see the -dumpstream command).

The advantage of using gstreamer is that you can recode to almost anything and even start broadcasting it over the local network if you want. But that is more for the professionals. Let's just start with dumping the stream on disk for later viewing (and more robust caching for that matter):

Of course you could also use more of the gst plugins to create this whole thing, but this is just me hacking around. (Hints: neonhttpsrc, asfdemux, mmssrc, xvid, filesink) Don't forget that you may want to run ffmpeg2theora to recode the file into something you will probably be able to show your kids.

Well, that allows you to dump any mss link to the hd. Have fun!

PS If you are wondering what the md5= in the urls do? I don't know, but it doesn't seem to have anything to do with security. Probably something to do some user tracking.