Home‎ > ‎Write-ups‎ > ‎

Because, 127.0.0.1, 1337

posted Sep 8, 2012, 3:21 AM by Israel Torres
Disclaimer: The contents herein are for informational purposes only. Do not do Bad Things (™).
So it's around 2AM and browsing /r/videos and come across this NSFW jewel ( http://www.reddit.com/r/videos/comments/zjp3i/what_all_music_videos_aspire_to_be/ ) which links to https://vimeo.com/14307779 - the video and music was quite appeasing and figured I'd download a copy for "offline viewing" - however it didn't offer a download option as some Vimeo videos do; so I loaded up youtube-dl ( http://rg3.github.com/youtube-dl/ ) but that didn't pan out I kept getting "ERROR: Unable to retrieve video webpage: HTTP Error 404: Not Found". 
I paused for a few moments and then recalling what I read from Practical Packet Analysis 2nd Edition by Chris Sanders ( http://nostarch.com/packet2.htm ) I loaded up Wireshark (http://www.wireshark.org) on my Mac and loaded up for capture by setting the wifi interface, and starting the live capture right before hitting the play button on the video.
Having the header info from the pcap at first I tried for the low fruit and mimic a browser using curl (i.e. curl -O --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" --referer https://vimeo.com/14307779 --location http://av.vimeo.com/{REDACT}/{REDACT}/{REDACT}.mp4aksessionid={REDACT}&token={REDACT}) - using the typical bells and whistles of curl (referer, location, user-agent) but that didn't work out either; it just paused so that was fruitless for a quick fix.
Next I cleared the packet buffer, and started the live capture again from the beginning. After the video was done I saved the stream from the pcap as test.mp4, and made a copy of the file in case my experimentation fails.

 After the files were saved I opened the extracted stream in UltraEdit for Mac ( http://www.ultraedit.com/products/mac-text-editor.html )
Comparing the TCP stream image to the hex data I chopped away the obvious text and noticed that the test.mp4 file still remained with a generic Quicktime MP4 icon (usually not good). 

So I kept removing one character at a time and saving the file each time… then suddently I saw the file change to an image! 

Without thinking I clicked it and it opened up in Quicktime and played normally all the way through! 

The only difference I noticed was that the original video stopped at 4:20 (coincidence - I think not as it was excessively fade to black to that specific time), and the carved .mp4 stopped at 4:19.

Lessons learned here: 
1. Don't bother purchasing silly third-party apps that state they can download vimeo vidoes. 
2. Don't waste time trying to workaround cheesy 'security features' (unless it's your only avenue). 
3. Instead invest that time learning how things work from the ground up to reap the rewards yourself. :)

Shoutz to MoltenAcoustics for posting the link on /r/videos.
Thanks to Vimeo for posing the challenge ;)
Extra Thanks to King Fantastic for the fantastic video production (I'm not bragg'n, I'm confess'n)
Special Thanks to Chris Sanders!

Israel Torres 2012-09-08
Comments