mathieub/plex-premium-mock-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
plex-premium-mock-proxy/README.md

3.5 KiB
Raw Blame History

Plex Premium Hack

This repository contains a "mock" proxy that sits in your network and tricks Plex into thinking you have a Plex Premium subscription.

Requirements

  • A router that can redirect traffic (i.e. OPNsense, pfSense, DD-WRT...)
  • (alternative) a DNS server that can redirect traffic (some apps won't work due to DNS pinning)
  • A reverse proxy (i.e. Traefik, Nginx, Caddy...)
  • A Plex server (self-hosted)

What works?

  • PlexAmp mobile (download mode)

How to setup ?

Due to the nature of this hack, you'll have to :

  • generate a new certificate authority (CA) for the proxy
  • trust or patch the CA on clients and/or apps that will connect to your Plex server

1. Generate a new Certificate Authority (CA)

in writing...

2. Setup reverse proxy

In my case I'm using Traefik, so here is an example configuration :

tls:
  certificates:
    # use certificates generated in step 1
    - certFile: /etc/traefik/ssl/custom/plexfakeclients.crt
      keyFile: /etc/traefik/ssl/custom/plexfakeclients.key

http:
  routers:
    plex:
      entryPoints:
        - https
      service: plex
      rule: Host(`plex.<your-domain>.com`)
      # you may want to use TLS here too (don't use the custom CA cert generated in step 1)
    plex_proxy:
      entryPoints:
        - https
      service: plex_proxy
      rule: Host(`clients.plex.tv`) || Host(`plex.tv`)
      tls: { }

  services:
    plex:
      loadBalancer:
        servers:
          - url: http://<plex-machine-ip>:32400
    plex_proxy:
      loadBalancer:
        servers:
          - url: http://<machine-where-proxy-is>:8000

3. Redirect traffic

For this to work we need to redirect the domain clients.plex.tv and plex.tv to our proxy. This is easily done if you own a router that can do this but might be tricky if you don't.

Important

Mobile/desktop apps tends to use hardcoded DNS servers so if you don't have a router that can redirect traffic, you will not be able to use this hack. It might be possible to patch the app to use a custom DNS server but the apps are usually obfuscated and it's not easy to do so.

OPNsense / pfSense

First, find the IP address behind the plex domains.

dig clients.plex.tv +short
# 172.64.151.205
# 104.18.36.51

dig plex.tv +short
# 52.17.59.150
# 52.49.56.127

Then go into Firewall > Aliases and create two aliases:

  • plex_ips
    • Type: Host(s)
    • Content: <the 4 IPs you found above>
  • plex_do_not_proxy
    • Type: Host(s)
    • Content: and

Then go into Firewall > NAT > Port Forward and create a new rule:

  • Interface: LAN
  • Protocol: TCP
  • Source / Invert: [☑️]
  • Source: (select alias) plex_do_not_proxy
  • Source Port Range: any
  • Destination: (select alias) plex_ips
  • Destination Port Range: 443
  • Redirect Target IP: <your proxy server IP>
  • Redirect Target Port: 443

Finally go to Firewall > NAT > Outbound and create a new rule (select Hybrid mode if needed):

  • Interface: LAN
  • TCP/IP Version: IPv4
  • Protocol: any
  • Source address: any
  • Destination address:
  • Destination port : 443
  • Translation / target: Interface address
Test the redirection

Now if you try to go to https://clients.plex.tv/api/hack you should see a JSON response along the lines of :

{
  "status": "OK, Plex Pass features proxy enabled"
}

If you see the Plex "Oops, 404" page then something is wrong with your redirection or proxy.

Patch PlexAmp