mathieub/plex-premium-mock-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
plex-premium-mock-proxy/README.md

132 lines
3.5 KiB
Markdown
Raw Blame History

# Plex Premium Hack
This repository contains a "mock" proxy that sits in your network and tricks Plex into thinking you have a Plex Premium
subscription.
### Requirements
- A router that **can redirect traffic** (i.e. OPNsense, pfSense, DD-WRT...)
- _(alternative) a DNS server that can redirect traffic (some apps won't work due to DNS pinning)_
- A reverse proxy (i.e. Traefik, Nginx, Caddy...)
- A Plex server (self-hosted)
### What works?
- PlexAmp mobile (download mode)
## How to setup ?
Due to the nature of this hack, you'll have to :
- generate a new certificate authority (CA) for the proxy
- trust or patch the CA on clients and/or apps that will connect to your Plex server
### 1. Generate a new Certificate Authority (CA)
in writing...
### 2. Setup reverse proxy
In my case I'm using Traefik, so here is an example configuration :
```yaml
tls:
certificates:
# use certificates generated in step 1
- certFile: /etc/traefik/ssl/custom/plexfakeclients.crt
keyFile: /etc/traefik/ssl/custom/plexfakeclients.key
http:
routers:
plex:
entryPoints:
- https
service: plex
rule: Host(`plex.<your-domain>.com`)
# you may want to use TLS here too (don't use the custom CA cert generated in step 1)
plex_proxy:
entryPoints:
- https
service: plex_proxy
rule: Host(`clients.plex.tv`) || Host(`plex.tv`)
tls: { }
services:
plex:
loadBalancer:
servers:
- url: http://<plex-machine-ip>:32400
plex_proxy:
loadBalancer:
servers:
- url: http://<machine-where-proxy-is>:8000
```
### 3. Redirect traffic
For this to work we need to redirect the domain `clients.plex.tv` and `plex.tv` to our proxy.
This is easily done if you own a router that can do this but might be tricky if you don't.
> [!IMPORTANT]
> Mobile/desktop apps tends to use hardcoded DNS servers so if you don't have a router that can redirect traffic, you
> will not be able to use this hack.
> It might be possible to patch the app to use a custom DNS server but the apps are usually obfuscated and it's not easy
> to do so.
#### OPNsense / pfSense
First, find the IP address behind the plex domains.
```bash
dig clients.plex.tv +short
# 172.64.151.205
# 104.18.36.51
dig plex.tv +short
# 52.17.59.150
# 52.49.56.127
```
Then go into `Firewall` > `Aliases` and create two aliases:
- `plex_ips`
- Type: Host(s)
- Content: <the 4 IPs you found above>
- `plex_do_not_proxy`
- Type: Host(s)
- Content: <your plex server IP> and <your proxy server IP>
Then go into `Firewall` > `NAT` > `Port Forward` and create a new rule:
- Interface: `LAN`
- Protocol: `TCP`
- Source / Invert: [☑️]
- Source: *(select alias)* `plex_do_not_proxy`
- Source Port Range: `any`
- Destination: *(select alias)* `plex_ips`
- Destination Port Range: `443`
- Redirect Target IP: `<your proxy server IP>`
- Redirect Target Port: `443`
Finally go to `Firewall` > `NAT` > `Outbound` and create a new rule *(select Hybrid mode if needed)*:
- Interface: `LAN`
- TCP/IP Version: `IPv4`
- Protocol: `any`
- Source address: `any`
- Destination address: <your proxy server IP>
- Destination port : `443`
- Translation / target: `Interface address`
##### Test the redirection
Now if you try to go to `https://clients.plex.tv/api/hack` you should see a JSON response along the lines of :
```json
{
"status": "OK, Plex Pass features proxy enabled"
}
```
If you see the Plex "Oops, 404" page then something is wrong with your redirection or proxy.
## Patch PlexAmp
Reference in New Issue View Git Blame Copy Permalink