Reputation: 2766
How to get the token for streaming live video HLS
I'm trying to build a personal iOS app to watch some of my favorite TV channels. To do that, I analyze a website providing live TV service. I notice that they are using HLS protocol.
By using firebug, I can see the chunklist link, then I use MPMoviePlayerController or AVPlayerViewController to play the live video. It works perfectly.
Now, I also notice that each chunklist link contains a parameter "token" at the end of it. For example:
.../chunklist_b300000.m3u8?token=eyJoYXNoX3ZhbHVlIjogIjQ4OWUwMGIzN2Y4ZTNlYzRlZTI4Zjg0N2I3NjQxNDEyIiwgInNlcnZlcl90aW1lIjogMTQ1NDYyNjcxMCwgImNoYW5uZWxfaWQiOiAidnRjNyIsICJ2YWxpZF9taW51dGVzIjogMTQ0MH0
I can use this link many times and it still works. However, if I'm using the same token on two devices at the same time, it doesn't work well. And I guess, after a duration, say several days, the token will expire.
Therefore, I'd like to know how they generate the token. I tried to detect everything with firebug but I couldn't find out the answer. Here is the website:
livetv
Is there a standard way to generate the token? And how to fetch the new token every time I open my app?
Upvotes: 0
Views: 6901
Answers (1)
Reputation: 4447
There is no standard way of generating (secure) tokens.
Most servers generate the token by combining the ip, mac-addresss, a client uuid of some sort, and a secret keyworld. Then the result is hashed using a cryptographically strong algorithm like SHA-1 or SHA-3 and base64 encoded for ease of use.
Even you if knew the combining scheme and the hashing algorithm you still wouldn't know the secret keyword and you couldn't generate tokens by yourself.
Some servers generate a unique token that doesn't carry any info by itself. Rather the server associates it (using a database of some sort) with some internal information (like token validity, expiration date and so on). In this case the token itself is irrelevant only the state of the server matters.
A way of generating new tokens is to make requests to the server spoofing a normal/valid user with a browser and then parse the response to get the token.
Maybe this question is more appropriate for crypto or security stack exchange because it's not related to programming but rather to content protection.
Upvotes: 1
Related Questions
- Xcode - How to fix 'NSUnknownKeyException', Reason: "… this class is not key value coding-compliant for the key X" error?
- How can I make a UITextField move up when the keyboard is present - on starting to edit?
- How can I develop for iPhone using a Windows development machine?
- Get the length of a String
- How can I check for an active Internet connection on iOS or macOS?
- How can I disable the UITableView selection?
- How can I disable ARC for a single file in a project?
- Ffmpeg hls live streaming - How to generate shorter segments
- HLS (http live streaming) on Android 3.0 and seeking
- How can I convert iPhone-captured-video to HTTP Live Streaming files?