Piano and SME.sk

105 Replies

A more than a year ago I’ve created a proof of concept that allowed to read paid content on SME.sk. I upgraded it today
to not only read paid content for free but also to watch paid movies for free.

SME.sk is third most visited and biggest(?) news website in Slovakia. They are using Piano Media solution that allows website publishers to charge for their “premium” content.

Basically as a paying customer, you can read premium articles from columnists, watch premium videos (whole movies) and use discussion under articles.

So lets take a closer look at articles and videos security.

Articles

Paid articles are available for free in the mobile app. I think that they choose to not monetize mobile content because it will be against the App Store rules. But maybe I’m wrong. So if there is a content that it is for free in mobile app then there must be a way to “unlock” this content in desktop browsers. And in fact there is. Mobile app is just a simple feed reader that displays mobile web pages. I found out that feed in device logs and it looked liked this:

: FeedController loadFeed:http://s.sme.sk/export/phone/?t=hp&muid=XXXXXXXXXXXXXXXX
: >
: /section/Dnes dôležité
: FeedLoader: didLoadFeed:

Then I looked at the URL from log (Browser must identified himself as iPhone or Android = Safari on Mac OS X works fine)

http://s.sme.sk/export/phone/?t=hp&muid=XXXXXXXXXXXXXXXX

After a deeper analysis I found out that URL for article is:

http://s.sme.sk/export/phone/html/?cf=ARTICLE_ID

ARTICLE_ID is a number that can be found in article URL (http://sport.sme.sk/c/6775070/…).

I’ve created a simple Google Chrome extension that automaticly replaces paid content with “free” content from mobile app. Only implemented security is that there is a check for user agent string (UA) in the request. If UA is mobile then they return content if not they return nothing.






It is like to have open safe full of money behind painting and hope that the thief will not look behind the only painting in your room…

Videos

Videos are working on the same principle as articles. Only difference is that you can’t watch premium videos on mobile device. Premium videos are not in the XML feed for mobile app. But it doesn’t mean that if something isn’t visible that it doesn’t exists. Everything is on the server.

URL for videos is:

http://s.sme.sk/export/phone/html/?vf=VIDEO_ID

For example this is paid movie:

http://tv.sme.sk/v/26683/film-marhulovy-ostrov.html

This can’t be found in the mobile app. But it is prepared for mobile app on the server:

http://s.sme.sk/export/phone/html/?vf=26683

So once again I’ve implemented new functionality to my extension that automatically replaces paid content with “free” content. I was not happy how the mobile content was displayed so I’ve included HTML5 video player that will play video.

videos

Quality of the video is not the best as the video is intended for mobile devices where you don’t need big resolutions and also the network speed isn’t very good.

Instalation

  • Download extension (.zip)
  • Unzip downloaded file (.crx)
  • Type chrome://extensions in your Google Chrome browser
  • Drag and drop unziped (.crx) file to Google Chrome extensions tab

Before installation make sure that you uninstalled older version of this extension (if you have it).


Source code
All code is open source and dual licensed under GPL and MIT. Feel free to use it.
If you have any question feel free to ask.

Disclaimer

This extension was made only for test purposes. Buy Piano subscription.

I’m sending an email to guys from SME.sk with the link to this article . I hope they will fix this “security” issue.

UPDATE 2013.04.30 – It seems that no one cares at sme.sk about it.

UPDATE 2013.05.19 – Support for etrend.sk and hnonline.sk.

UPDATE 2014.05.18 – https://github.com/ejci/nepi-jano/raw/master/releases/nepi_jano_0.9.7.crx.zip

 

105 thoughts on “Piano and SME.sk

  1. Pingback: Návod ako prezerať platený obsah na sme.sk úplne zadarmo ! | Internetové riešenia - Lukáš Prelovský

    1. Miroslav Magda Post author

      neplanujem. cielom extension bolo len poukazat na chybu v implementacii na sme.sk. neplanujem sa dalej velmi vrtat v piane. mam aj ine projekty na ktorych pracujem. aj ked ma samozrejme zaujima ako budu mat spraveny “metered paywall”.

      Reply
    2. Miroslav Magda Post author

      Preveril som pravda.sk. Pravda.sk netrpi takou chybou ako sme.sk co sa ale neda povedat o hnonline.sk. Ti to maju rovnako zle ako sme.sk…

      Reply
    3. abc

      Uz nebude treba, pravda.sk od 1. maja uvolnuje cely obsah spod Piana, stranka bude zadarmo dostupna.

      Reply
  5. koky4

    este pred par dnami to islo aj vo firefoxe (subor sa skopcil na obdobne miesto ako do google chromu). dnes uz to ale pise: subor je pravdepodobne poskodeny. hm, co vy na to? robia v Sme uz nejake opatrenia :), alebo je chyba inde?

    Reply
    1. Miroslav Magda Post author

      Rozsirenie funguje iba na Google Chrome (ak to fungovalo aj na Firefoxe tak to bola skor nahoda ako zamer).
      Na Google Chrome je nadalej mozne citat clanky z platenej sekcie.

      Reply
    1. jan

      len niektore idu. tie co som chcel pozerat bud presunuli alebo vymazali zo serveru. konkretne Marhulovy ostrov.

      Reply
      1. Jan

        Je to jednoduche, Chrome po novom rozsirenie bohuzial blokuje. Predpokladam, ze nie je digitalne podpisane.

        Ja mam verziu : 33.0.1750.117 beta-m

        Pri adone uvadza : ”Nepochádza z Internetového obchodu Chrome.”
        Extensions that have been disabled are grayed out and you won’t be able to re-enable them.

        Reply
          1. Jan

            To mam stale, no ide to takto, ze som vymazal staru verziu 0.9.2. a znova pridal 0.9.6
            uvidime, kedy opat Chrome zablokuje addon.

          2. Miroslav Magda Post author

            Update proces je komplikovanejsi kedze nechcem dat extension do oficialneho google store.

            Google extension nezakazal. Google len obmedzuje extensions ktore nie su nainstalovane cez oficialny store. Je to hlavne kvoli bezpecnosti.

          3. Jan

            No tak bohuzial vydrzalo to len do restartu PC…
            Zda sa, ze iny sposob ako STORE nebude..

          4. Miroslav Magda Post author

            S tym neviem pomoct. Neevidujem takyto problem na mojich zariadeniach.

            Existuje velmi jednoducha moznost aby vam to fungovalo. Predplatte si Piano 🙂

          6. Jan

            No je to metoda, ktoru samozrejme vyuzivam…
            Vdaka, hodil som vyvojarsku verziu Chrome 35.XX… Vyskusam a dam vediet..

            Stale existuje riesenie.. Stiahnut Chrome 31-32.X a cez register zablokovat autoupdate. To si nechavam ako krajne riesenie.

  12. ondro

    Zdravim,
    mne to vypisuje ze ” Balik je neplatny” . Pricom to vobec dane rzsirenie nenainstaluje. Dakujem.

    Reply
    1. Miroslav Magda Post author

      HN chybu opravili v priebehu par dni od upozornenia na problem. V SME im to je jedno… Najlepsia cesta ale je bud si zaplatiti predplatne alebo necitat sme.sk. Nemyslim ze piano je az tak drahe…
      Kazdopadne extension bude updatnuta aby to znova fungovalo

      Reply
      1. ezkool

        Dakujem Ti velmi pekne. Good job!
        PS: Nebyt Teba, tak SME vobec necitam.. Pianu ani cent..

        Reply
  15. Jan

    Dobry den, Chrome DEV vo verzii36.0.1985.5 dev-m opat prestal fungovat, teraz neviem ci je problem v adone alebo opat v chrome..

    Reply
    1. Havoc

      Addon prestal fungovat vsade: Konzola hlasi: Error: Blocked a frame with origin “http://mp.pianomedia.eu” from accessing a cross-origin frame.

      Ale url to z kade to taha, funguje.

      Reply
  17. Lukas

    Zdravim, nepi jano 0.9.6 pre chrome prestal fungovat. Bol by som velmi poteseny keby ste si na to nasiel cas, ci uz skor alebo neskor. Dakujem

    Reply
  18. Misojogi

    Poprosim aj o verziu pre Firefox
    zial nakodovat to zo zdrojoveho kodu je mimo moje moznosti

    Reply
  22. Lukas

    Zdravim, dnes na obed mi chrome vypisal hlasku kde mi oznamilo ze vase dielo nie je z Chrome Web Store. Nemam moznost ho opät povolit. Vyzera to takto: http://postimg.org/image/iqc2oxm45/ Hladal som na nete ci niekto nema podobny problem ale nenasiel som nic. Vedeli by ste mi poradit? Dakujem

    Reply
    1. Miroslav Magda Post author

      Operacny system je Windows?
      Na Windows je pre Chrome striktnejsia politika pre “non google store” rozsirenia.
      Skus zaskrtnut “developer mode”. Pripadne ak to nepomohlo stiahni si .crx subor. Premenuj ho na .zip a rozbal ho niekde. Nasledne sa po zaskrtnuti “Developer mode” da nacitat adresar kde mas rozbalnu extension. Malo by to fungovat. Nepouzivam windows takze zial neviem overit spravnost postupu.

      Reply
      2. Lukas

        OS je windows 7. Chrome ma najnovsi update. S vasim navodom to opät funguje, dakujem! Dufam ze teraz s tym uz nebude problem.

        Reply
      3. Majo

        Jo mal som ten isty problem. Ten zip to riesi. Otazka co je lepsie. Toto alebo necitat sme… Trend to riesi celkom rozumne.

        Reply
  23. Martin

    Sme zas robilo niečo s pianom? doplnok zase nefunguje ale články vyzerajú byť odblokované

    Reply
      1. Martin

        nemám screenshot ale už to funguje 🙂 neviem kde bol zádrheľ niektoré články boli odblokované ale pri iných sa obraz zahmlil ako obvykle ale potom znova bola len hláška že si mám kúpiť piano+to že mám skúsiť novú verziu sme pre android a iPhone,

        Reply
  24. Mano

    Chrome zablokoval nepijano bez moznosti odblokovat ho, kedze nepochadza z oficialneho zdroja.
    Riesenie je pouzivat Canary release, pripadne prejst na Linux, pripadne ulozit nepijano do oficialneho storu do private modu, aby mali pristup iba ludia s linkom a link samozrejme publikovat.

    Reply
    1. Miroslav Magda Post author

      Extension sa da nainstalovat. Staci si precitat moj koment o par prispevkov vyssie.

      Extension neplanujem dat do store. Ak ale velmi chces pristupovat k clankom na sme.sk tak najjednoduchsie riesenie je zaplatit si piano (a najspravnejsie!).

      Reply
  25. zdeno

    Zdravim, najnovsim problemom v Chrome je, ze google odstavil vsetky (!) extenzie zo zdrojov mimo Google Play. Nepi Jano sa do store asi nedostane, ci?

    Reply
  27. leetplay

    opera bezi na rovnakom jadre ako chrome. install OPERA, add extention. treba to rozsirenie manualne povolit a funguje. bez problemov.

    Reply
    1. glassman

      mám Operu 12.16 (kôli pošt. klientovi v prehliadači). Neviem tam zapnúť “režim pre vývojárov” v rozšíreniach.

      Reply
  33. Igor

    Od 16. januára 2015 to uz nefunguje, aspon u mna.
    Hodil by sa updatik, ak sa to este da ohackovat, vopred dakujem 😀

    Reply
  34. Markoff

    tak aplikacia SME pre Android uz nefunguje a nenacita ani odomknute clanky, ak si SME mysli ze ma tym donuti upgradeovat tak sa chlapci prepocitali, aplikacia odinstalovana a SME bye bye, na tych par sprav zo Slovenska staci bezplatna neobmedzena aplikacia Teraz.sk

    Reply
          3. WizzX

            Ahoj, bol by som ochotny zaplatit tebe za “nepi-dennikn”plugin racej ako oficialnemu denniku

  38. Ondrej

    Uzasne, citat tieto komentare.. 😀 Chalan nieco urobi z vlastnej iniciativy, a ludia mu tu dobre ze nevynadaju, ze preco neurobi addon aj na youtube a youporn.. 😀 Och slovac.. Vsetko zadarmo, hned, na 110% a bez jedineho “dakujem”… Krasa.. 😉

    Reply
  41. Henrich

    Miroslav, vdaka!
    Nepijano uz dosluzilo – prekvapko, ze vydrzalo tak dlho. Nuz coze, znovu posudime, ci je plateny obsah sme hoden tych par centov. Nemat piano ma vsak pre mna jeden podstatny prinos: obmedzenie poctu diskusnych prispevkov vyrazne setri moj cas 😉

    Reply
  43. kvok

    teda aj ja by som bol rdasej ochotny zaplatit za nepi-jano ako za piano. lebo na rozdiel od piana, vy robite vasu pracu dobre.

    Reply
  44. durike

    tie clanky su stale dostupne sposobom opisanym v blogu, len by to chcelo ten plugin upravit, aby ich vedel rozoznat (aspon to mi vyslo po kratkom pozreti kodu). kazdopadne nemam s tymto ziadne skusenosti, tak sa do toho pustat nejdem.

    Reply
    1. juso

      Ako funguje nova verzia? Ked si stiahnem nepi-jano_0.11.0.xpi tak mi pri instalacii napise, ze add-on appears to be corrupt. Mozno to stahujem zo zlej stranky. Poradte.

      Reply

Leave a Reply to leetplay Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.