Emby食用


生成证书

证书使用在线签发或者自签发都行,记得要先保存根证书,服务器端客户端需要安装

搭建伪站

建议使用nginx,使用如下配置,都无需改什么,证书使用上面生成的证书

server {
     listen 443 ssl;
     server_name mb3admin.com;
     ssl_certificate /etc/pki/tls/mb3admin.com.cert.pem;
     ssl_certificate_key /etc/pki/tls/mb3admin.com.key.pem;
     ssl_session_timeout 5m;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
     ssl_prefer_server_ciphers on;
 #    location = /webdefault/images/logo.jpg {
 #    alias /usr/syno/share/nginx/logo.jpg;
 #           }
 #    location @error_page {
 #    root /usr/syno/share/nginx;
 #    rewrite (.*) /error.html break;
 #           }
 #    location ^~ /.well-known/acme-challenge {
 #    root /var/lib/letsencrypt;
 #    default_type text/plain;
 #           }
     location / {
     rewrite ^ / redirect;
            }
     location ~ ^/$ {
     rewrite / https://$host:443/ redirect;
            }
     add_header Access-Control-Allow-Origin *;
     add_header Access-Control-Allow-Headers *;
     add_header Access-Control-Allow-Method *;
     add_header Access-Control-Allow-Credentials true;
     location /admin/service/registration/validateDevice {
     default_type application/json;
     return 200 '{"cacheExpirationDays": 365,"message": "Device Valid","resultCode": "GOOD"}';
    }
     location /admin/service/registration/validate {
     default_type application/json;
     return 200 '{"featId":"","registered":true,"expDate":"2099-01-01","key":""}';
    }
     location /admin/service/registration/getStatus {
     default_type application/json;
     return 200 '{"deviceStatus":"0","planType":"Lifetime","subscriptions":{}}';
    }
}

劫持域名

客户端及服务端修改hosts,使得mb3admin.com及www.mb3admin.com域名指向伪站,如果是软路由可直接进行域名劫持,我使用的adguardhome。劫持后访问如下地址,正常返回json数据就代表劫持成功,打开emby页面查看应该就是会员了。
https://mb3admin.com/admin/service/registration/validateDevice
https://mb3admin.com/admin/service/registration/validateDevice/666

emby的验证是在使用会员功能的时候客户端会向mb3admin.com发送带有设备id和激活码的请求,服务器返回设备已激活的信息,客户端收到信息后启用会员功能
请求地址如下:
https://mb3admin.com/admin/service/registration/getStatus
https://mb3admin.com/admin/service/registration/validate
https://mb3admin.com/admin/service/registration/validateDevice

返回信息如下:

{"deviceStatus":"","planType":"","subscriptions":[]}
{"featId":"","registered":true,"expDate":"2099-01-01","key":""}
{"cacheExpirationDays": 7,"message": "Device Valid","resultCode": "GOOD"}

对应的是用户的会员状态,会员过期日期,会员设备验证。

收尾

非常重要,能不能使用硬解等功能还得看这一步,上面的会员验证用户浏览器层面,在服务器上curl https://mb3admin.com/admin/service/registration/validateDevice/666验证,因为根证书不信任,所以curl不能正确返回json信息,此时服务器端并没有验证成功;还需在服务器上添加信任根证书,否则硬解功能无法正常使用,将上面保存的根证书进行如下操作。

  • centos7

    yum install ca-certificates
    cp GMCert_RSACA01.cert.pem /etc/pki/ca-trust/source/anchors/mb3admin.pem
    ln -s /etc/pki/ca-trust/source/anchors/mb3admin.pem /etc/ssl/certs/mb3admin.pem
    update-ca-trust
    cp /opt/emby-server/etc/ssl/certs/ca-certificates.crt /opt/emby-server/etc/ssl/certs/ca-certificates.crt.bak
    #cp GMCert_RSACA01.cert.pem /opt/emby-server/etc/ssl/certs/ca-certificates.crt
    cat GMCert_RSACA01.cert.pem >> /opt/emby-server/etc/ssl/certs/ca-certificates.crt
    systemctl restart emby-server
  • Debian11

    cp GMCert_RSACA01.cert.pem /usr/local/share/ca-certificates/mb3admin.crt
    dpkg-reconfigure ca-certificates 选择yes后选新放入的证书然后回车
    update-ca-certificates
    cp /opt/emby-server/etc/ssl/certs/ca-certificates.crt /opt/emby-server/etc/ssl/certs/ca-certificates.crt.bak
    #cp GMCert_RSACA01.cert.pem /opt/emby-server/etc/ssl/certs/ca-certificates.crt
    cat GMCert_RSACA01.cert.pem >> /opt/emby-server/etc/ssl/certs/ca-certificates.crt
    systemctl restart emby-server

    此时再次curl https://mb3admin.com/admin/service/registration/validateDevice/666可以正常返回json信息,代表服务器端验证成功。

截止2022.1.27本文更新,最新版本4.6.7.0还可正常使用,且用且珍惜。什么时候彻底不能用了就转jellyfin吧,虽说字幕功能做的差了点,起码免费,其他功能也和emby差不多。

新版本的emby-server已经自带Intel的Vaap及Qsv驱动,如果使用常见intel的集显进行硬解,基本无需再额外装驱动即可正常硬解。使用本方法验证会员,无需修改emby组件即可达到开心目的。
如果出现无法正常刮削的情况,把/opt/emby-server/etc/ssl/certs/ca-certificates.crt换回原本的证书即可。

参考文章1 https://www.qzkyl.cn/post-515.html
参考文章2 https://www.imzhp.com/post/hacker-emby-for-pc
参考文章3 https://blog.jiawei.xin/?p=469

声明:Ethan's Blog|版权所有,违者必究|如未注明,均为原创|本网站采用BY-NC-SA协议进行授权

转载:转载请注明原文链接 - Emby食用


I love you more than I can say. I love you heart and soul. Why must I love you so much?