Emby Premiere: ByPass Docker container

docker-emby-bypass.md

Emby Premiere ByPass Docker container

❗ All the information provided on this tutorial are for educational purposes only. I'm not responsible for any misuse of this information. If you like the app buy it

Table of Contents

• Compatibility
• Getting Started
  • Local client bypass
    • Folder structure
    • Steps
  • Web client bypass
    • Folder structure
    • Steps
  • Docker compose setup
    • Folder structure
    • Steps
• Apps
  • Emby Theater
  • Android
• Miscellaneous
  • Update Emby version
• Credits

Compatibility

Tested on version 4.8.0.75. Last update: January 28, 2024

This tutorial allows you to run Emby Premiere on:

Emby Premiere	Local device	Remote device
Web	✔️	✔️
Mobile	✔️	❌
Emby Theater	✔️ ?	❌
Other devices	❓	❌

Getting Started

1. Local client bypass

Folder structure

mb3admin
├── certs
│   ├── emby.crt
│   ├── emby.key
│   └── ssl-dhparams.pem
├── Dockerfile
└── nginx.conf

Steps

1. Create certs folder

mkdir certs

2. Generate a self-signed certificate for the fake mb3admin.com server to use:

openssl req -x509 -newkey rsa:2048 -days 36525 -nodes -subj '/CN=mb3admin.com' -addext "subjectAltName = DNS:www.mb3admin.com, DNS:mb3admin.com"  -out certs/emby.crt -keyout certs/emby.key

3. Download ssl-dhparams.pem

curl https://ssl-config.mozilla.org/ffdhe2048.txt > certs/ssl-dhparams.pem

4. Create nginx.conf file

events {
  worker_connections  4096;  ## Default: 1024
}
http{
	server {
		listen 80;
		listen [::]:80;
		server_name mb3admin.com;

		return 301 https://mb3admin.com$request_uri;
	}

	server {
		listen 443 ssl http2;
		listen [::]:443 ssl http2;
		server_name mb3admin.com;
		
		# Generate with command above
		ssl_certificate /certs/emby.crt;
		ssl_certificate_key /certs/emby.key;
		ssl_session_timeout 1d;
		ssl_session_cache shared:SSL:10m;  # about 40000 sessions
		ssl_session_tickets off;

		# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /certs/ssl-dhparams.pem
		ssl_dhparam /certs/ssl-dhparams.pem;

		# intermediate configuration
		ssl_protocols TLSv1.2 TLSv1.3;
		ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
		ssl_prefer_server_ciphers off;

		location /admin/service/registration/validateDevice{
			default_type application/json;
			return 200 '{"cacheExpirationDays":3650,"message":"Device Valid (limit not checked)","resultCode":"GOOD"}';
		}

		location /admin/service/registration/validate {
			default_type application/json;
			return 200 '{"featId":"","registered":true,"expDate":"2099-01-01","key":""}';
		}

		location /admin/service/registration/getStatus {
			default_type application/json;
			return 200 '{"planType":"Lifetime","deviceStatus":0,"subscriptions":[]}';
		}

		location /admin/service/appstore/register {
			default_type application/json;
			return 200 '{"featId":"","registered":true,"expDate":"2099-01-01","key":""}';
		}

		location /emby/Plugins/SecurityInfo {
			default_type application/json;
			return 200 '{SupporterKey:"", IsMBSupporter:true}';
		}
		add_header Access-Control-Allow-Origin * always;
		add_header Access-Control-Allow-Headers * always;
		add_header Access-Control-Allow-Method * always;
		add_header Access-Control-Allow-Credentials true always;
	}
}

5. Create Dockerfile file

FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf
ADD certs /certs

2. Web client bypass

Folder structure

server
├── Dockerfile
└── patch
    ├── emby.crt
    ├── ilasm
    └── ildasm

Steps

1. Copy emby.crt from ../mb3admin/certs to patch folder

cp ../mb3admin/certs/emby.crt patch

3. Download ilasm and ildasm for your architecture and copy in patch folder.

You can get it here for x86_64 architecture : ilasm ildasm

You can get it here for arm64(Raspberry Pi 4) architecture. Just double click the binary file inside runtimes/linux-arm64/native and it will automatically download : ilasm ildasm

You can get it here for arm(Raspberry Pi <3) architecture. Just double click the binary file inside runtimes/linux-arm/native and it will automatically download : ilasm ildasm

Or you can download the deb package. You should unpack the .deb and find the executables in ./usr/bin/

4. Create Dockerfile file

FROM linuxserver/emby:beta

ADD patch /patch

RUN chmod +x /patch/ilasm
RUN chmod +x /patch/ildasm
RUN mkdir /patch/tmp

WORKDIR /patch/tmp

RUN /patch/ildasm /app/emby/system/Emby.Web.dll -out=Emby.Web.dll

RUN sed -i 's#ajax({url:"https://mb3admin.com/admin/service/registration/validateDevice?"+new URLSearchParams(params).toString(),type:"POST",dataType:"json"})#Promise.resolve(new Response('"'"'{"cacheExpirationDays":365,"message":"Device Valid","resultCode":"GOOD"}'"'"').json())#g' Emby.Web.dashboard_ui.modules.emby_apiclient.connectionmanager.js

RUN /patch/ilasm -dll Emby.Web.dll -out=/app/emby/system/Emby.Web.dll
RUN cat /patch/emby.crt >> /app/emby/etc/ssl/certs/ca-certificates.crt

3. Docker compose setup

Folder structure

.
├── docker-compose.yml
├── mb3admin
│   ├── certs
│   │   ├── emby.crt
│   │   ├── emby.key
│   │   └── ssl-dhparams.pem
│   ├── Dockerfile
│   └── nginx.conf
└── server
    ├── Dockerfile
    └── patch
        ├── emby.crt
        ├── ilasm
        └── ildasm

Steps

⚠️ It is mandatory that the server where the Emby server is running has a DNS configured that resolves mb3admin.com to the local IP of the nginx server.

1. Edit your local DNS (Pihole, Adguard, router, bind...) and rewrite mb3admin.com with local IP. If you can't do this, you can edit the hosts file of each device you're going to use Emby.

• Windows: C:\Windows\System32\drivers\etc\hosts
• Linux: /etc/hosts

<your_local_ip_adress_here> mb3admin.com

2. Create docker-compose.yml

---
version: "2.1"
services:
  emby:
      build: ./server
      container_name: emby
      environment:
        - PUID=1000
        - PGID=1000
        - TZ=Europe/London
      volumes:
        - ./config:/config
        - /media/tv:/data/tvshows
        - /media/movies:/data/movies
      ports:
        - 8096:8096
        - 8920:8920 #optional
      #dns: #Only if the dns of the local machine is different
      #  - <dns_ip> 
      restart: unless-stopped
  mb3admin:
      build: ./mb3admin
      container_name: mb3admin
      ports:
        - 443:443
      restart: unless-stopped

3. Start containers

docker compose up -d

Apps

⚠️ You MUST do the above steps for this to work

Emby Theater

1. Go to

• Windows: %appdata%\Emby-Theater\system\electronapp
• Linux: /opt/emby-theater/electron/resources/app/

2. Open main.js with text editor
3. After this

app.on('window-all-closed', function () {
    // On OS X it is common for applications and their menu bar
    // to stay active until the user quits explicitly with Cmd + Q
    if (process.platform != 'darwin') {
        app.quit();
    }
});

Add this:

app.on('certificate-error', (event, webContents, url, error, certificate, callback) => {
        event.preventDefault()
        callback(true)
})

Android

You DON'T NEED TO DO any extra steps to make it work on Android on local network. First time you open the app it will prompt a dialog to accept self-signed certificate. If this dialog does not appear you have done something wrong.

If you want it to work outside the local network, you need to get a modded apk

Miscellaneous

Update Emby version

1. Change to the folder where the docker-compose.yml file is
2. Build a new emby image

docker compose build emby --pull --no-cache

3. Restart container

docker compose up -d

Credits

• https://gist.github.com/all3kcis/66909ed95755146a6969b32f21171642
• https://mosarin.tech/archives/75/
• https://github.com/acxcx/docker-emby

Special thanks for helping me improve this information to:

• @potatoru
• @orangejuice
• @OrpheeGT
• @senhan07

#0 building with "default" instance using docker driver

#1 [emby internal] load build definition from Dockerfile #1 transferring dockerfile: 704B done #1 DONE 0.0s

#2 [emby internal] load metadata for docker.io/linuxserver/emby:latest #2 DONE 0.8s

#3 [emby internal] load .dockerignore #3 transferring context: 2B done #3 DONE 0.0s

#4 [emby 1/10] FROM docker.io/linuxserver/emby:latest@sha256:ffee0c94adadd3f5c3afc41a8e165d558e76b618a5184bfe9b38cf9c510aa148 #4 DONE 0.0s

#5 [emby internal] load build context #5 transferring context: 126B done #5 DONE 0.0s

#6 [emby 4/10] RUN chmod +x /patch/ildasm #6 CACHED

#7 [emby 5/10] RUN mkdir /patch/tmp #7 CACHED

#8 [emby 3/10] RUN chmod +x /patch/ilasm #8 CACHED

#9 [emby 2/10] ADD patch /patch #9 CACHED

#10 [emby 6/10] WORKDIR /patch/tmp #10 CACHED

#11 [emby 7/10] RUN /patch/ildasm /app/emby/Emby.Web.dll -out=Emby.Web.dll #11 0.420 error : File '/app/emby/Emby.Web.dll' not found or not a PE file

** CONNECTION LOST **

any idea about this error?

They have moved the Emby.Web.dll file from folder, and made some change that has messed up the patch. You could try using a previous version.

In Dockerfile file change this line

FROM linuxserver/emby

to this

FROM linuxserver/emby:beta-version-4.8.0.66

Hi, not sure if its by design, but plugin catalog is not working. Keeps loading forever.

Is there a way to make it work? Or is that a sign that I did something wrong in the implementation?

Hi, not sure if its by design, but plugin catalog is not working. Keeps loading forever.

Is there a way to make it work? Or is that a sign that I did something wrong in the implementation?

Hi, not sure if its by design, but plugin catalog is not working. Keeps loading forever.
Is there a way to make it work? Or is that a sign that I did something wrong in the implementation?

This is mine

---

Hi, not sure if its by design, but plugin catalog is not working. Keeps loading forever.
Is there a way to make it work? Or is that a sign that I did something wrong in the implementation?

This is mine

Hi, found out that the DNS was not 100%, and some queries were going outside. Fixed, now all working.

@danielchc Maybe you can also add this for ARM64 build version, i have tested it and works fine on my RaspberryPi
Just double click the binary file and it will automatically download
ILAsm
ILDAsm

@danielchc Maybe you can also add this for ARM64 build version, i have tested it and works fine on my RaspberryPi Just double click the binary file and it will automatically download ILAsm ILDAsm

Thank you! I just updated the description :)

I had to install the crt on host machine for curl to work

cd /usr/local/share/ca-certificates/ && sudo mkdir mb3admin && sudo chmod 755 mb3admin/

Copy over emby.crt to /usr/local/share/ca-certificates/mb3admin and update certs on the machine with

sudo update-ca-certificates

HI.

Is it possible to run this on windows?

Hi, not sure if its by design, but plugin catalog is not working. Keeps loading forever.
Is there a way to make it work? Or is that a sign that I did something wrong in the implementation?

This is mine

Hi, found out that the DNS was not 100%, and some queries were going outside. Fixed, now all working.

What did you end up doing? I have the same problem with plugins not loading.

Hi :)
I'm using a docker on linux config, all OK except that I can't find where is the main.js file
I have those 2 containers running:
77492f43828c emby-mb3admin
ad6a91895724 emby-emby

in neither of the there isn't /opt/emby... /opt folder is just empty
How can I proceed?...
Thanks!

Hi :) I'm using a docker on linux config, all OK except that I can't find where is the main.js file I have those 2 containers running: 77492f43828c emby-mb3admin ad6a91895724 emby-emby

in neither of the there isn't /opt/emby... /opt folder is just empty How can I proceed?... Thanks!

You only need do that step if you use Emby Theater desktop application

ohhhh OK :)
so I don't see that ssl message, and I did follow those steps. another thing is that when I put the key, it loads forever.. but I don't see that message that I need premiere to use hw acceleration.
On my iPhone client, I still have that restriction for 1 minute, this should bypass that?

Thanks for the help and support :)

Just tested with [4.8.3.0] and patch still works :)

Thank you for the project, a solution regarding SSL is to use your own domain together with cloudflare's zerotrust. I can watch on any device from anywhere, as far as I tested Versão [4.9.0.11]

how can ai acheive this?.. I also have a fomain with zero trust on Cloudflare with a tunnel

Can anybody help me? I don't know if it's the right place to ask for it. But I wanted to edit Emby for Android app. I want to set my Emby server's remote address by default in the app so that the user can just download, install, and login with their account directly without having to enter the server's address manually. I have already tried it by editing manualserver.html and manualserver.js files which is also good but I want a direct method. Thanks.

did you manage to do it?

I would like to unlock so I can play more than 1 minute

This works even without patching the .dll file. Tested on 4.8.5.0. Any reason why the below lines are needed?

RUN /patch/ildasm /app/emby/system/Emby.Web.dll -out=Emby.Web.dll
RUN sed -i 's#ajax({url:"https://mb3admin.com/admin/service/registration/validateDevice?"+new URLSearchParams(params).toString(),type:"POST",dataType:"json"})#Promise.resolve(new Response('"'"'{"cacheExpirationDays":365,"message":"Device Valid","resultCode":"GOOD"}'"'"').json())#g' Emby.Web.dashboard_ui.modules.emby_apiclient.connectionmanager.js
RUN /patch/ilasm -dll Emby.Web.dll -out=/app/emby/system/Emby.Web.dll

This works even without patching the .dll file. Tested on 4.8.5.0. Any reason why the below lines are needed?

RUN /patch/ildasm /app/emby/system/Emby.Web.dll -out=Emby.Web.dll
RUN sed -i 's#ajax({url:"https://mb3admin.com/admin/service/registration/validateDevice?"+new URLSearchParams(params).toString(),type:"POST",dataType:"json"})#Promise.resolve(new Response('"'"'{"cacheExpirationDays":365,"message":"Device Valid","resultCode":"GOOD"}'"'"').json())#g' Emby.Web.dashboard_ui.modules.emby_apiclient.connectionmanager.js
RUN /patch/ilasm -dll Emby.Web.dll -out=/app/emby/system/Emby.Web.dll

Also confirmed without patching. One machine running Emby server 4.8.5.0, another machine running mb3admin, both Linux.

@satheshshiva @misuchiru03 You need this to access from outside local network as Premiere user (web only)

How do you make it works on an LG tv, or on a remote device like iPhone or iOS?

How do you make it works on an LG tv, or on a remote device like iPhone or iOS?

Connect your remote devices with VPN to your local network.