danielchc/docker-emby-bypass.md

## docker-emby-bypass.md

      
    Raw
  

              docker-emby-bypass.md
            
          
    Emby Premiere ByPass Docker container


❗
All the information provided on this tutorial are for educational purposes only. I'm not responsible for any misuse of this information. If you like the app buy it

Table of Contents


Compatibility
Getting Started

Local client bypass

Folder structure
Steps


Web client bypass

Folder structure
Steps


Docker compose setup

Folder structure
Steps


Apps

Emby Theater
Android


Miscellaneous

Update Emby version


Credits

Compatibility


Tested on version 4.8.0.75. Last update: January 28, 2024

This tutorial allows you to run Emby Premiere on:


Emby Premiere
Local device
Remote device


Web
✔️
✔️


Mobile
✔️
❌


Emby Theater
✔️ ?
❌


Other devices
❓
❌


Getting Started

1. Local client bypass

Folder structure

mb3admin
├── certs
│   ├── emby.crt
│   ├── emby.key
│   └── ssl-dhparams.pem
├── Dockerfile
└── nginx.conf

Steps


Create certs folder

mkdir certs

Generate a self-signed certificate for the fake mb3admin.com server to use:

openssl req -x509 -newkey rsa:2048 -days 36525 -nodes -subj '/CN=mb3admin.com' -addext "subjectAltName = DNS:www.mb3admin.com, DNS:mb3admin.com"  -out certs/emby.crt -keyout certs/emby.key

Download ssl-dhparams.pem

curl https://ssl-config.mozilla.org/ffdhe2048.txt > certs/ssl-dhparams.pem

Create nginx.conf file

events {
  worker_connections  4096;  ## Default: 1024
}
http{
	server {
		listen 80;
		listen [::]:80;
		server_name mb3admin.com;

		return 301 https://mb3admin.com$request_uri;
	}

	server {
		listen 443 ssl http2;
		listen [::]:443 ssl http2;
		server_name mb3admin.com;
		
		# Generate with command above
		ssl_certificate /certs/emby.crt;
		ssl_certificate_key /certs/emby.key;
		ssl_session_timeout 1d;
		ssl_session_cache shared:SSL:10m;  # about 40000 sessions
		ssl_session_tickets off;

		# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /certs/ssl-dhparams.pem
		ssl_dhparam /certs/ssl-dhparams.pem;

		# intermediate configuration
		ssl_protocols TLSv1.2 TLSv1.3;
		ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
		ssl_prefer_server_ciphers off;

		location /admin/service/registration/validateDevice{
			default_type application/json;
			return 200 '{"cacheExpirationDays":3650,"message":"Device Valid (limit not checked)","resultCode":"GOOD"}';
		}

		location /admin/service/registration/validate {
			default_type application/json;
			return 200 '{"featId":"","registered":true,"expDate":"2099-01-01","key":""}';
		}

		location /admin/service/registration/getStatus {
			default_type application/json;
			return 200 '{"planType":"Lifetime","deviceStatus":0,"subscriptions":[]}';
		}

		location /admin/service/appstore/register {
			default_type application/json;
			return 200 '{"featId":"","registered":true,"expDate":"2099-01-01","key":""}';
		}

		location /emby/Plugins/SecurityInfo {
			default_type application/json;
			return 200 '{SupporterKey:"", IsMBSupporter:true}';
		}
		add_header Access-Control-Allow-Origin * always;
		add_header Access-Control-Allow-Headers * always;
		add_header Access-Control-Allow-Method * always;
		add_header Access-Control-Allow-Credentials true always;
	}
}

Create Dockerfile file

FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf
ADD certs /certs
2. Web client bypass

Folder structure

server
├── Dockerfile
└── patch
    ├── emby.crt
    ├── ilasm
    └── ildasm

Steps


Copy emby.crt from ../mb3admin/certs to patch folder

cp ../mb3admin/certs/emby.crt patch

Download ilasm and ildasm for your architecture and copy in patch folder.


You can get it here for x86_64 architecture :  ilasm ildasm


You can get it here for arm64(Raspberry Pi 4) architecture. Just double click the binary file inside runtimes/linux-arm64/native and it will automatically download
:  ilasm ildasm


You can get it here for arm(Raspberry Pi <3) architecture. Just double click the binary file inside runtimes/linux-arm/native and it will automatically download
:  ilasm ildasm


Or you can download the deb package. You should unpack the .deb and find the executables in ./usr/bin/


Create Dockerfile file

FROM linuxserver/emby:beta

ADD patch /patch

RUN chmod +x /patch/ilasm
RUN chmod +x /patch/ildasm
RUN mkdir /patch/tmp

WORKDIR /patch/tmp

RUN /patch/ildasm /app/emby/system/Emby.Web.dll -out=Emby.Web.dll

RUN sed -i 's#ajax({url:"https://mb3admin.com/admin/service/registration/validateDevice?"+new URLSearchParams(params).toString(),type:"POST",dataType:"json"})#Promise.resolve(new Response('"'"'{"cacheExpirationDays":365,"message":"Device Valid","resultCode":"GOOD"}'"'"').json())#g' Emby.Web.dashboard_ui.modules.emby_apiclient.connectionmanager.js

RUN /patch/ilasm -dll Emby.Web.dll -out=/app/emby/system/Emby.Web.dll
RUN cat /patch/emby.crt >> /app/emby/etc/ssl/certs/ca-certificates.crt

3. Docker compose setup

Folder structure

.
├── docker-compose.yml
├── mb3admin
│   ├── certs
│   │   ├── emby.crt
│   │   ├── emby.key
│   │   └── ssl-dhparams.pem
│   ├── Dockerfile
│   └── nginx.conf
└── server
    ├── Dockerfile
    └── patch
        ├── emby.crt
        ├── ilasm
        └── ildasm

Steps


⚠️
It is mandatory that the server where the Emby server is running has a DNS configured that resolves mb3admin.com to the local IP of the nginx server.


Edit your local DNS (Pihole, Adguard, router, bind...) and rewrite mb3admin.com with local IP. If you can't do this, you can edit the hosts file of each device you're going to use Emby.


Windows: C:\Windows\System32\drivers\etc\hosts
Linux: /etc/hosts

<your_local_ip_adress_here> mb3admin.com


Create docker-compose.yml

---
version: "2.1"
services:
  emby:
      build: ./server
      container_name: emby
      environment:
        - PUID=1000
        - PGID=1000
        - TZ=Europe/London
      volumes:
        - ./config:/config
        - /media/tv:/data/tvshows
        - /media/movies:/data/movies
      ports:
        - 8096:8096
        - 8920:8920 #optional
      #dns: #Only if the dns of the local machine is different
      #  - <dns_ip> 
      restart: unless-stopped
  mb3admin:
      build: ./mb3admin
      container_name: mb3admin
      ports:
        - 443:443
      restart: unless-stopped

Start containers

docker compose up -d
Apps


⚠️ You MUST do the above steps for this to work

Emby Theater


Go to


Windows: %appdata%\Emby-Theater\system\electronapp
Linux: /opt/emby-theater/electron/resources/app/


Open main.js with text editor
After this

app.on('window-all-closed', function () {
    // On OS X it is common for applications and their menu bar
    // to stay active until the user quits explicitly with Cmd + Q
    if (process.platform != 'darwin') {
        app.quit();
    }
});
Add this:
app.on('certificate-error', (event, webContents, url, error, certificate, callback) => {
        event.preventDefault()
        callback(true)
})
Android

You DON'T NEED TO DO any extra steps to make it work on Android on local network. First time you open the app it will prompt a dialog to accept self-signed certificate. If this dialog does not appear you have done something wrong.

If you want it to work outside the local network, you need to get a modded apk
Miscellaneous

Update Emby version


Change to the folder where the docker-compose.yml file is
Build a new emby image

docker compose build emby --pull --no-cache

Restart container

docker compose up -d
Credits


https://gist.github.com/all3kcis/66909ed95755146a6969b32f21171642
https://mosarin.tech/archives/75/
https://github.com/acxcx/docker-emby

Special thanks for helping me improve this information to:


@potatoru
@orangejuice
@OrpheeGT
@senhan07
Emby Premiere	Local device	Remote device
Web	✔️	✔️
Mobile	✔️	❌
Emby Theater	✔️ ?	❌
Other devices	❓	❌