User-Agent based on URL path

  • Apart from the fact that debugging SmartTV web applications is very painful, when you add to the mix some DRM magic (and as I have stated previously) it just becomes a clusterfuck.

    Now, for some reason a live TV stream which works on LG doesn't work on our beloved Sammy hardware. How you debug this consists of different attack vectors, but the first one when all you get is a blank screen when there should be a video is to get a laptop, bridge the eth connection, plug the TV to it and fire up Wireshark.

    Now, luckily for us, we have some VoD which do work so we can start from that and the first thing that strikes me as weird is the following

    GET /VoD/1234.ism/Manifest
    User-Agent:  samsungsmooth-agent
    GET /Live/4321/Manifest
    User-Agent: Lavf/xxxx

    Since you're pretty intelligent, you might see that .ism thing and say: "It can't be, it has to be something else" which is what I thought at first. That's why I tried downloading the Manifest file (a XML) and changed the file's encoding, EOL, etc.

    Then I gave up:

    GET localhost/foo.ism/Manifest
    User-Agent: samsungsmooth-agent

    Now, I don't know what's happening inside Sammy's player because it's a blackbox, but it sure is a undefined to use something differently if there's a .ism in the URL.

  • Discourse touched me in a no-no place

    I can't tell for sure from how you've reported it, but is the result dependent on that User-Agent, or is it something that's just there to indicate what device you were testing with?

    If DRM means “check the user agent string”, we're straight into 🤦 territory…

  • I'm going to take a wild guess — specially because I'm not sure I understand 100% of what you're doing — but I'm going to claim that the "sm" in "ism" stands for "samsung manifest".

    The "i" I don't know. Maybe "incompetent" or "imbecile".

  • Filed under: red avatars

  • kills Dumbledore

    @Zecc said:

    Filed under: red avatars


  • Red is still the predominant non-neutral colour in your avatar:

  • kills Dumbledore


  • Well, now that's disappointing:

    File Type: IIS Smooth Streaming Manifest File

    Now I'm wondering if Samsung were trying to handle IIS-served files differently.

  • Yes. But based on the path, not on what an intelligent being would do but based on the response.

  • Here's the fix since you people seem to understand code better than words:

    var y = url.split('/');
    y[3] = y[3] + '.ism';
    url = y.join('/');

  • @Eldelshell said:

    Yes. But based on the path, not on what an intelligent being would do but based on the response.

    I'm questioning the why, not the how.

    Why would the device use two different user agent strings. And why do you need it to havea particular value? I guess it's a compatibility thing?

    (if it's for DRM, check @dkf's facepalm remark, although DRM doesn't have to be limited to only checking the user-agent. Also, compatibility metadata would be better passed elsewhere, too)

    It's also not clear to me how you can make a request depending on the response unless there's been some handshaking before. 😕❓

  • SockDev

    @Zecc said:

    Red is still the predominant non-neutral colour in your avatar:

    fine then. i'll break the combo!

  • Given the "smooth" in both names, I'd guess Samsung uses a specific piece of code to download and process .ism files; a piece of code that comes with its own agent (or at least its own download routine with an hard-coded agent string).

Log in to reply

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.