Skip to content

Usage

Jump to bottom
CrazeeGhost edited this page Jul 15, 2024 · 9 revisions

1. Extract Stalker connection details from STB box.

To extract all the authentication details, use wireshark to capture HTTP requests and analyse them by hand. I used capture filter port 80 and tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420 and display filter http.request.method == GET. You will likely want to use MITM attack using arpspoof. You will also need to restart TV box when capturing requests to see your TV box logging into stalker portal with stored authentication details. If you are smart/lucky enough, you can use port mirroring on your router and wireshark on the mirrored-to port. Anyway, you must capture the traffic in any way you can.

Tip: In wireshark you need to find HTTP request containing action=get_profile which contains most of the details. For username/password pair, you should search for URL containing action=do_auth, which might not exist if you do not require credentials for authentication with Stalker middleware (in such case, remove username and password fields from your config, or leave them both empty). All of this can be filtered out using single display filter http.request.full_uri contains "action=do_auth" or http.request.full_uri contains "action=get_profile".

You will need the following details extracted from the wireshark logs (see stalkerhek.example.yml file):

  • URL address/location: If the request URL is something like http://domain.example.com/stalker_portal/server/load.php?... then you will use http://domain.example.com/stalker_portal/server/load.php. If the request URL is like http://domain.example.com/portal.php?..., then you will use http://domain.example.com/portal.php.
  • model - from request headers
  • sn (serial number) - from URL
  • device_id - from URL
  • device_id2 - from URL
  • signature - from URL
  • mac - from request headers
  • login - from URL
  • password - from URL
  • timezone - from request headers
  • location (URL address) - from URL
  • token - from request headers, next to "Bearer ". Does not matter that much since stalker server should issue new token if provided is in use.
  • watchdog - Determines whether stalkerhek executes watchdog updates of it's own and provides watchdog update interval in minutes. Some devices (MAG boxes) and apps will issue watchdog updates of their own so this helps reduce redundant requests to your provider. It also reduces the run-time footprint of this application as it eliminates the need of the watchdog thread altogether. Defaults to 0
  • device_id_auth - Determines whether stalkerhek should attempt authroization via device IDs in case username and password and not provided. Defaults to false

All this info will be visible in the URLs or request headers (everything should exist in wireshark capture).

2. Configuration

Create configuration file as per below commands:

cp stalkerhek.example.yml stalkerhek.yml

vim stalkerhek.yml

Note: For proxy:rewrite configuration option documentation, see Services section of this wiki.

3. Build application

First, you have to download & install Golang.

sudo apt install golang

To ensure Golang is installed successfully, test it with go version command -

$ go version

Then build the application and test it:

go build -ldflags="-s -w" -o "stalkerhek" ./cmd/stalkerhek/main.go

./stalkerhek -help

./stalkerhek -config stalkerhek.yml

If you decide to edit the code, you can quickly test if it works without compiling it:

go run ./cmd/stalkerhek/main.go -help

go run ./cmd/stalkerhek/main.go -config stalkerhek.yml

4. Using application

HLS service

I suggest first testing with CURL:

curl http://<ipaddr>:9999/iptv

If you see there are channels loaded, use above URL in TiviMate (M3u) / VLC.

Proxy service

Check if you can get response using CURL from the real Stalker middleware URL:

curl http://example.com/stalker_portal/server/load.php

Do the same, but replace host:port with this service host:port as per below example:

curl http://<ipaddr>:8888/stalker_portal/server/load.php

You should get the same response.

If response was the same, it means proxy service is working and you can now use this proxy service URL as stalker portal URL.

Note that this service is not appending, but replacing values on-the-fly. It means you have to provide some credentials in the client application. In other words, add any fake details to your Stalker IPTV client's configuration.

Instructions for Kodi: In Kodi Stalker add-on configuration, use Portal URL in the same format as you tested with CURL above http://<ipaddr>:8888/stalker_portal/server/load.php. Add any fake username/password, any numbers/letters in device IDs, serial numbers etc. Restart Kodi and 🎉.

Instructions for Mag Boxes / OTT Navigator / STBEmu / STBEmuPro: Stalker URL is - http://<ipaddr>:8888/stalker_portal/c/. Add any fake username/password, any numbers/letters in device IDs, serial numbers etc. Restart and 🎉.

5. Installation guidelines

  1. Copy/paste file stalkerhek.service to /etc/systemd/system/stalkerhek.service
  2. Edit /etc/systemd/system/stalkerhek.service and replace myuser with your non-root user. Also change paths if necessary
  3. Execute systemctl daemon-reload
  4. Use systemctl <enable/disable/start/stop> stalkerhek.service to manage this service.
Clone this wiki locally