I recently subscribed to pluralsight and needed to access the videos out of their walled app. A quick look at lsof when pluralsight is running shows that it's accessing a cached video in my ~/Library.
A quick look at the psv file using the file command fails. Using hexdump doesn't reveal any magic strings. Time to look for other clues. Next step was to sign in onto their website and play videos using the browser and at the same time take a tcpdump..
Comparing the first few bytes from the website and from the PSV reveals something interesting
Aha, it looks like we have a simple XOR obfuscation with a key 0x65. Can we write a simple de-obfuscation script?
You bet!
Now I can play my learning videos on my TV w/out hooking up my laptop.
Monday, August 7, 2017
Subscribe to:
Posts (Atom)