& videos

Discussion in 'iPod touch Hacks' started by rworne, Feb 12, 2008.

  1. rworne macrumors 6502a

    Jul 23, 2002
    As most know by now, YouTube (actually google's video servers) supply the iPod Touch and iPhone with videos in h.264 (MP4) format.

    I've been looking over the traffic between my iPT and Google using Wireshark and see that you can actually get ahold of the MP4 files directly from links supplied by Google.

    I've been downloading them for a while now, but my current method involves logging the iPT with a squid proxy and having a perl script parse the logs and present the user with links to the videos.

    What I really want is a method to search for and access the videos from the computer and cut the iPT out of the loop. Afterwards, I want to sync up the videos using iTunes. I know already that iTunes treats these videos just like any other MP4 file and will readily sync them with my iPT. uses Google's GData API for accessing YouTube videos. Google will not send out the links to the MP4's unless the device properly authenticates itself. The iPT does this when you perform a "search".

    When the search is performed, it passes over the GET request, user-agent, and a GoogleAuthentication login followed by a 180+ character string.

    This string appears unique to each device, we have two iPTs here and the key is different on both.

    If the key is accepted, an XML file is sent over with search results and links to the MP4's of the search results. If it is not accepted, it sends over a partially blank page or the regular RSS feed for that search with links to the FLV files.

    So it appears Google wants to restrict access to the MP4s to Apple devices only.

    I'm mainly interested in where this authentication key is kept, and if it can be found on the host system - such as in iTunes.

    I'll be posting later tonight with some packet dumps showing the exchanges and some of my discoveries.
  2. rworne thread starter macrumors 6502a

    Jul 23, 2002
    Well here's the info:

    Outgoing packet:
    GET /feeds/videos/?vq=iMac&start-index=1&max-results=25&orderby=relevance&format=2,3&client=ytapi-apple-iphone HTTP/1.1
    Accept: */*
    Accept-Language: en
    Accept-Encoding: gzip, deflate
    Cookie: s_vi=[CS]v1|475C83810000XXXX-A290A9E0000XXXX[CE]; s_nr=120042647XXXX
    User-Agent: Apple iPhone v1.1.3 YouTube v1.0.0.4A93
    Authorization: GoogleLogin auth= (184-byte monster key here)
    Connection: keep-alive

    Response comes back:

    HTTP/1.0 200 OK
    Content-Type: application/atom+xml; charset=UTF-8
    Cache-Control: max-age=0, must-revalidate, no-transform, private
    Last-Modified: Tue, 12 Feb 2008 06:00:24 GMT
    Date: Tue, 12 Feb 2008 06:00:24 GMT
    Server: GFE/1.3
    X-Cache: MISS from localhost
    Via: 1.0 localhost:3128 (squid/2.6.STABLE5)
    Connection: close

    What follows is XML data for an RSS feed containing the search results. Within that feed are links to the MP4 videos:

    So my main question is:

    When it passes this info - Authorization: GoogleLogin auth= (184-byte monster key removed), where does it get the key? As I mentioned before, this key is unique to each device, so Google can easily track who is viewing what.

    This info is required. If it is not provided, the feed returns nothing or at the very least an RSS feed of .flv files.

    Is this part of the private/public key used in the iPhone/iPod?
  3. Snips macrumors regular

    Jan 9, 2008
    Suffolk, UK
    Fascinating post, thanks for sharing your findings.

    Just sorry I don't have an answer for you :eek:

Share This Page