Emby Premiere: ByPass Docker container

docker-emby-bypass.md

Emby Premiere ByPass Docker container

❗ All the information provided on this tutorial are for educational purposes only. I'm not responsible for any misuse of this information. If you like the app buy it

Table of Contents

• Compatibility
• Getting Started
  • Local client bypass
    • Folder structure
    • Steps
  • Web client bypass
    • Folder structure
    • Steps
  • Docker compose setup
    • Folder structure
    • Steps
• Apps
  • Emby Theater
  • Android
• Miscellaneous
  • Update Emby version
• Credits

Compatibility

Tested on version 4.8.0.75. Last update: January 28, 2024

This tutorial allows you to run Emby Premiere on:

Emby Premiere	Local device	Remote device
Web	✔️	✔️
Mobile	✔️	❌
Emby Theater	✔️ ?	❌
Other devices	❓	❌

Getting Started

1. Local client bypass

Folder structure

mb3admin
├── certs
│   ├── emby.crt
│   ├── emby.key
│   └── ssl-dhparams.pem
├── Dockerfile
└── nginx.conf

Steps

1. Create certs folder

mkdir certs

2. Generate a self-signed certificate for the fake mb3admin.com server to use:

openssl req -x509 -newkey rsa:2048 -days 36525 -nodes -subj '/CN=mb3admin.com' -addext "subjectAltName = DNS:www.mb3admin.com, DNS:mb3admin.com"  -out certs/emby.crt -keyout certs/emby.key

3. Download ssl-dhparams.pem

curl https://ssl-config.mozilla.org/ffdhe2048.txt > certs/ssl-dhparams.pem

4. Create nginx.conf file

events {
  worker_connections  4096;  ## Default: 1024
}
http{
	server {
		listen 80;
		listen [::]:80;
		server_name mb3admin.com;

		return 301 https://mb3admin.com$request_uri;
	}

	server {
		listen 443 ssl http2;
		listen [::]:443 ssl http2;
		server_name mb3admin.com;
		
		# Generate with command above
		ssl_certificate /certs/emby.crt;
		ssl_certificate_key /certs/emby.key;
		ssl_session_timeout 1d;
		ssl_session_cache shared:SSL:10m;  # about 40000 sessions
		ssl_session_tickets off;

		# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /certs/ssl-dhparams.pem
		ssl_dhparam /certs/ssl-dhparams.pem;

		# intermediate configuration
		ssl_protocols TLSv1.2 TLSv1.3;
		ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
		ssl_prefer_server_ciphers off;

		location /admin/service/registration/validateDevice{
			default_type application/json;
			return 200 '{"cacheExpirationDays":3650,"message":"Device Valid (limit not checked)","resultCode":"GOOD"}';
		}

		location /admin/service/registration/validate {
			default_type application/json;
			return 200 '{"featId":"","registered":true,"expDate":"2099-01-01","key":""}';
		}

		location /admin/service/registration/getStatus {
			default_type application/json;
			return 200 '{"planType":"Lifetime","deviceStatus":0,"subscriptions":[]}';
		}

		location /admin/service/appstore/register {
			default_type application/json;
			return 200 '{"featId":"","registered":true,"expDate":"2099-01-01","key":""}';
		}

		location /emby/Plugins/SecurityInfo {
			default_type application/json;
			return 200 '{SupporterKey:"", IsMBSupporter:true}';
		}
		add_header Access-Control-Allow-Origin * always;
		add_header Access-Control-Allow-Headers * always;
		add_header Access-Control-Allow-Method * always;
		add_header Access-Control-Allow-Credentials true always;
	}
}

5. Create Dockerfile file

FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf
ADD certs /certs

2. Web client bypass

Folder structure

server
├── Dockerfile
└── patch
    ├── emby.crt
    ├── ilasm
    └── ildasm

Steps

1. Copy emby.crt from ../mb3admin/certs to patch folder

cp ../mb3admin/certs/emby.crt patch

3. Download ilasm and ildasm for your architecture and copy in patch folder.

You can get it here for x86_64 architecture : ilasm ildasm

You can get it here for arm64(Raspberry Pi 4) architecture. Just double click the binary file inside runtimes/linux-arm64/native and it will automatically download : ilasm ildasm

You can get it here for arm(Raspberry Pi <3) architecture. Just double click the binary file inside runtimes/linux-arm/native and it will automatically download : ilasm ildasm

Or you can download the deb package. You should unpack the .deb and find the executables in ./usr/bin/

4. Create Dockerfile file

FROM linuxserver/emby:beta

ADD patch /patch

RUN chmod +x /patch/ilasm
RUN chmod +x /patch/ildasm
RUN mkdir /patch/tmp

WORKDIR /patch/tmp

RUN /patch/ildasm /app/emby/system/Emby.Web.dll -out=Emby.Web.dll

RUN sed -i 's#ajax({url:"https://mb3admin.com/admin/service/registration/validateDevice?"+new URLSearchParams(params).toString(),type:"POST",dataType:"json"})#Promise.resolve(new Response('"'"'{"cacheExpirationDays":365,"message":"Device Valid","resultCode":"GOOD"}'"'"').json())#g' Emby.Web.dashboard_ui.modules.emby_apiclient.connectionmanager.js

RUN /patch/ilasm -dll Emby.Web.dll -out=/app/emby/system/Emby.Web.dll
RUN cat /patch/emby.crt >> /app/emby/etc/ssl/certs/ca-certificates.crt

3. Docker compose setup

Folder structure

.
├── docker-compose.yml
├── mb3admin
│   ├── certs
│   │   ├── emby.crt
│   │   ├── emby.key
│   │   └── ssl-dhparams.pem
│   ├── Dockerfile
│   └── nginx.conf
└── server
    ├── Dockerfile
    └── patch
        ├── emby.crt
        ├── ilasm
        └── ildasm

Steps

⚠️ It is mandatory that the server where the Emby server is running has a DNS configured that resolves mb3admin.com to the local IP of the nginx server.

1. Edit your local DNS (Pihole, Adguard, router, bind...) and rewrite mb3admin.com with local IP. If you can't do this, you can edit the hosts file of each device you're going to use Emby.

• Windows: C:\Windows\System32\drivers\etc\hosts
• Linux: /etc/hosts

<your_local_ip_adress_here> mb3admin.com

2. Create docker-compose.yml

---
version: "2.1"
services:
  emby:
      build: ./server
      container_name: emby
      environment:
        - PUID=1000
        - PGID=1000
        - TZ=Europe/London
      volumes:
        - ./config:/config
        - /media/tv:/data/tvshows
        - /media/movies:/data/movies
      ports:
        - 8096:8096
        - 8920:8920 #optional
      #dns: #Only if the dns of the local machine is different
      #  - <dns_ip> 
      restart: unless-stopped
  mb3admin:
      build: ./mb3admin
      container_name: mb3admin
      ports:
        - 443:443
      restart: unless-stopped

3. Start containers

docker compose up -d

Apps

⚠️ You MUST do the above steps for this to work

Emby Theater

1. Go to

• Windows: %appdata%\Emby-Theater\system\electronapp
• Linux: /opt/emby-theater/electron/resources/app/

2. Open main.js with text editor
3. After this

app.on('window-all-closed', function () {
    // On OS X it is common for applications and their menu bar
    // to stay active until the user quits explicitly with Cmd + Q
    if (process.platform != 'darwin') {
        app.quit();
    }
});

Add this:

app.on('certificate-error', (event, webContents, url, error, certificate, callback) => {
        event.preventDefault()
        callback(true)
})

Android

You DON'T NEED TO DO any extra steps to make it work on Android on local network. First time you open the app it will prompt a dialog to accept self-signed certificate. If this dialog does not appear you have done something wrong.

If you want it to work outside the local network, you need to get a modded apk

Miscellaneous

Update Emby version

1. Change to the folder where the docker-compose.yml file is
2. Build a new emby image

docker compose build emby --pull --no-cache

3. Restart container

docker compose up -d

Credits

• https://gist.github.com/all3kcis/66909ed95755146a6969b32f21171642
• https://mosarin.tech/archives/75/
• https://github.com/acxcx/docker-emby

Special thanks for helping me improve this information to:

• @potatoru
• @orangejuice
• @OrpheeGT
• @senhan07

Can anybody help me? I don't know if it's the right place to ask for it. But I wanted to edit Emby for Android app. I want to set my Emby server's remote address by default in the app so that the user can just download, install, and login with their account directly without having to enter the server's address manually. I have already tried it by editing manualserver.html and manualserver.js files which is also good but I want a direct method. Thanks.

did you manage to do it?

I would like to unlock so I can play more than 1 minute

This works even without patching the .dll file. Tested on 4.8.5.0. Any reason why the below lines are needed?

RUN /patch/ildasm /app/emby/system/Emby.Web.dll -out=Emby.Web.dll
RUN sed -i 's#ajax({url:"https://mb3admin.com/admin/service/registration/validateDevice?"+new URLSearchParams(params).toString(),type:"POST",dataType:"json"})#Promise.resolve(new Response('"'"'{"cacheExpirationDays":365,"message":"Device Valid","resultCode":"GOOD"}'"'"').json())#g' Emby.Web.dashboard_ui.modules.emby_apiclient.connectionmanager.js
RUN /patch/ilasm -dll Emby.Web.dll -out=/app/emby/system/Emby.Web.dll

This works even without patching the .dll file. Tested on 4.8.5.0. Any reason why the below lines are needed?

RUN /patch/ildasm /app/emby/system/Emby.Web.dll -out=Emby.Web.dll
RUN sed -i 's#ajax({url:"https://mb3admin.com/admin/service/registration/validateDevice?"+new URLSearchParams(params).toString(),type:"POST",dataType:"json"})#Promise.resolve(new Response('"'"'{"cacheExpirationDays":365,"message":"Device Valid","resultCode":"GOOD"}'"'"').json())#g' Emby.Web.dashboard_ui.modules.emby_apiclient.connectionmanager.js
RUN /patch/ilasm -dll Emby.Web.dll -out=/app/emby/system/Emby.Web.dll

Also confirmed without patching. One machine running Emby server 4.8.5.0, another machine running mb3admin, both Linux.

@satheshshiva @misuchiru03 You need this to access from outside local network as Premiere user (web only)

How do you make it works on an LG tv, or on a remote device like iPhone or iOS?

How do you make it works on an LG tv, or on a remote device like iPhone or iOS?

Connect your remote devices with VPN to your local network.