Monday, August 7, 2017

De-obfuscate videos from pluralsight

I recently subscribed to pluralsight and needed to access the videos out of their walled app. A quick look at lsof when pluralsight is running shows that it's accessing a cached video in my ~/Library.
A quick look at the psv file using the file command fails. Using hexdump doesn't reveal any magic strings. Time to look for other clues. Next step was to sign in onto their website and play videos using the browser and at the same time take a tcpdump..

Comparing the first few bytes from the website and from the PSV reveals something interesting

Aha, it looks like we have a simple XOR obfuscation with a key 0x65. Can we write  a simple de-obfuscation script?

You bet!

Now I can play my learning videos on my TV w/out hooking up my laptop.
Posted by at
Labels:

4 comments:

  1. UnknownFebruary 7, 2018 at 12:53 AM

    Hey,

    your code dosn't work at all. I've made necessary changes.

    However, because the logic is itself wrong, this does not work.

    Please help if you have some solution about decoding videos from PluralSight, it would be really helpful.

    Cheers,
    Rakesh

    ReplyDelete
  2. UnknownFebruary 7, 2018 at 12:55 AM

    import os
    from os.path import join, basename, normpath

    # Script taken from:
    # http://andorian.blogspot.in/2017/08/de-obfuscate-videos-from-pluralsight.html

    source_dir = r"D:\RK\Videos\Source"
    target_dir = r"D:\RK\Videos\PluralSight"

    def deobs_pluralsight(fpath, target_dir):
    fname = os.path.basename(fpath)
    target_fname = fname.replace('psv', 'mp4')
    target_file_path = os.path.join(target_dir, target_fname)

    with open(target_file_path, "wb") as ofh:
    for byte in bytearray(open(fpath, "rb").read()):
    #ofh.write(chr(byte ^ 101))
    ofh.write(bytes(byte ^ 101))

    def deobfuscate(dirname,fname):
    if fname:
    #for fname in fnames:
    fpath = os.path.join(dirname, fname)
    print ("Printing fPath: %s", fpath)
    deobs_pluralsight(fpath, target_dir)

    #if not os.path.isdir(target_dir):
    # mkpath(target_dir)

    for root, dirs, files in os.walk(source_dir):
    for fname in files:
    deobfuscate (root, fname)

    ReplyDelete
  3. hoooommmeeekkOctober 21, 2019 at 11:21 PM

    import os

    def deobs_pluralsight(fpath, target_dir):
    fname = os.path.basename(fpath)
    target_fname = fname.replace('psv', 'mp4')
    target_file_path = os.path.join(target_dir, target_fname)

    with open(target_file_path, "wb") as ofh:
    for byte in bytearray(open(fpath, "rb").read()):
    ofh.write(chr(byte ^ 101))


    def deobfuscate(arg,dirname,fnames):
    if fnames:
    for fname in fnames:
    fpath = os.path.join(dirname, fname)
    print fpath
    deobs_pluralsight(fpath, target_dir)

    source_dir = "/Users/homek/Library/Application Support/com.pluralsight.pluralsight-mac/ClipDownloads/"
    target_dir = "/Users/homek/Documents/learning/pluralsight"

    if not os.path.isdir(target_dir):
    os.makedirs(target_dir)

    os.path.walk(source_dir, deobfuscate, None)

    ReplyDelete

Subscribe to: Post Comments (Atom)