Home News Latest Hulu get defensive!

Most Watched This Week

Hulu get defensive! PDF Print E-mail
Written by Martin Millmore   

I have come across an interesting development with Hulu this morning. They have started encoding the html that they send to people's browsers, and then decoding it using javascript before rendering it. An example of what they send now is this link, which returns;

%F2%9E%84%88%EE%99%81%9F%BD%89%D0%DC%A8%93%95%9B%AA%D7%81%99%EE%88

which is URL encoded characters (e.g. %F2 =242), which are in some way byte shifted from their original characters. They then run the character stream through a series of javascript functions to convert it back in to plain text before pushing it in to your browser using DHTML. That's quite a lot of effort just for fun, so I assume that is to stop screen scrapers from parsing content.

That means that no new programs will be added to Hulu in TunerFreeMCE at the moment, but your old list of programs should continue to work fine (I put in some defensive code recently to not wipe out the list if nothing was found Smile), and I am working on code to decode the new content.

Update- version 2.6.7 is now available to download to work round this new tactic.

Comments (5)
  • 2009-04-02 10:24:49 |122.164.74.xxx| Anonymous

    :D :) :( :0 :shock: :confused: 8) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :wink: :!: :?: :idea: :arrow:

  • 2009-04-02 13:09:01 |216.213.5.xxx| none  - I assume you have a decoder by now ...

    Javascript (using PRINT to show the output in
    the Spider Monkey interpreter).

    // VERSION ONE:
    // Each quadruplet of characters is packed into a 32 bit integer
    // giving an array one fourth the size of the original string
    // each element of which is XORed with a fixed 32 bit decoder
    // and then each 32 bit number is split into characters again.
    ================================================== ============
    text='dobfu__%F2%9E%84%...'
    var plainText=unescape(text.slice(7))
    decoder = 0xfeedface
    var textArray=[]
    for (var i = 0; (i+3) < plainText.length; i += 4)
    textArray.push(plainText.charCodeAt(i)+(plainText. charCodeAt(i+1)16&0xFF,i>>>24&0xFF);}).join('').re place(/\\0+$/,'')
    print(decodedText)


    // VERSION TWO:
    // An array of four decoding (XOR) bytes is successively
    // applied to each quadruplet of characters.
    ============================================
    text='dobfu__%F2%9E%84%88%E...'
    decoder=[0xce,0xfa,0xed,0xfe]
    var plainText=unescape(text.slice(7))
    decodedText=''
    var i ...

  • 2009-04-02 13:14:53 |216.213.5.xxx| none  - Rats.

    I see that the plain text post did not work. Alas.

  • 2009-04-02 14:23:17 |193.32.3.xxx| Martin  - Re: Rats

    Sorry, the security measures on the comments system blocked a lot of what you wrote. I got your e-mail though thanks.

  • 2009-04-02 16:41:54 |66.231.174.xxx| Michael  - Its worthless.

    They did it just to keep 3rd party software from using their content but it's useless, in fact any security done client side is useless. Boxee http://www.boxee.tv/ is up and running with the new update.

Write comment
Your Contact Details:
Comment:
[b] [i] [u] [url] [quote] [code] [img]   
:D:):(:0:shock::confused:8):lol::x:P:oops::cry::evil::twisted::roll::wink::!::?::idea::arrow:
Security
Please input the anti-spam code that you can read in the image.
Last Updated on Wednesday, 01 April 2009 19:07