No description
Find a file
2024-09-24 13:56:36 +02:00
.github/workflows rename github workflow about test and ignore some paths 2024-08-14 13:14:30 +02:00
src Replace all print calls with log crate calls 2024-09-24 13:45:41 +02:00
.dockerignore Add Docker support and update README (#13) 2024-08-14 12:58:44 +02:00
.gitignore Initial commit 2024-04-28 13:13:16 +01:00
Cargo.lock Replace all print calls with log crate calls 2024-09-24 13:45:41 +02:00
Cargo.toml Replace all print calls with log crate calls 2024-09-24 13:45:41 +02:00
docker-compose.yaml Use Docker's builtin tini process, to run as PID 1 and handle SIGTERMs/SIGINTs 2024-08-17 18:04:20 +01:00
Dockerfile Add Docker support and update README (#13) 2024-08-14 12:58:44 +02:00
inv_sig_helper.service Systemd service file (#22) 2024-09-22 18:43:22 +02:00
LICENSE Add LICENSE 2024-04-28 15:55:48 +01:00
README.md Update README.md to document logging config. 2024-09-24 13:56:36 +02:00

inv_sig_helper

inv_sig_helper is a Rust service that decrypts YouTube signatures and manages player information. It offers a TCP/Unix socket interface for signature decryption and related operations.

Features

  • Decrypt YouTube n and s signatures
  • Fetch and update YouTube player data
  • Provide signature timestamps and player status
  • Efficient signature decryption with multi-threaded JavaScript execution

A Dockerfile is included for containerized deployment.

And an official Docker image is available at quay.io/invidious/inv-sig-helper: https://quay.io/repository/invidious/inv-sig-helper

Production

Follow the official installation guide: https://github.com/iv-org/documentation/blob/master/docs/installation.md.

Development

Run the project using docker compose:

docker compose up -d

Or you can run it manually but not recommended since you won't lock down the container from potential code execution from Google:

  1. Build the image:

    docker build -t inv_sig_helper .
    
  2. Run the container:

    docker run -p 127.0.0.1:12999:12999 inv_sig_helper
    

Building and Running without Docker

Prerequisites

  • Rust 1.77 or later
  • Cargo
  • Patch
  • openssl-devel

Building

  1. Clone the repository and navigate to the project directory:

    git clone https://github.com/iv-org/inv_sig_helper.git
    cd inv_sig_helper
    
  2. Build the project:

    cargo build --release
    

Running

Warning

This service runs untrusted code directly from Google.

We recommend running sig_helper inside a locked down environment like an LXC container or a systemd service where only the strict necessary is allowed. An examplary systemd service file is provided in inv_sig_helper.service which creates a socket in /home/invidious/tmp/inv_sig_helper.sock.

Instructions

The service can run in Unix socket mode (default) or TCP mode:

  1. Unix socket mode:

    ./target/release/inv_sig_helper_rust
    

    This creates a Unix socket at /tmp/inv_sig_helper.sock.

  2. TCP mode:

    ./target/release/inv_sig_helper_rust --tcp [IP:PORT]
    

    If no IP:PORT is given, it defaults to 127.0.0.1:12999.

Troubleshooting

The log level can be configured using the RUST_LOG environment variable. Valid values are:

  • error
  • warn
  • info
  • debug
  • trace

The info log level is the default setting. Changing this to debug will provide detailed logs on each request for additional troubleshooting.

Protocol Format

All data-types bigger than 1 byte are stored in network endian (big-endian) unless stated otherwise.

Request Base

Name Size (bytes) Description
opcode 1 The operation code to perform, A list of operations currently supported (and their data) can be found in the Operations chapter
request_id 4 The ID for the current request, Used to distinguish responses in the current connection

The data afterwards depends on the supplied opcode, Please consult the Operations chapter for more information.

Response Base

Name Size (bytes) Description
request_id 4 The ID for the request that this response is meant for
size 4 Size of the response (excluding size of request id)

The data afterwards depends on the supplied opcode, Please consult the Operations chapter for more information.

Operations

FORCE_UPDATE (0x00)

Forces the server to re-fetch the YouTube player, and extract the necessary components from it (nsig function code, sig function code, signature timestamp).

Request

No additional data required

Response
Name Size (bytes) Description
status 2 The status code of the request: 0xF44F if successful, 0xFFFF if no updating is required (YouTube's player ID is equal to the server's current player ID), 0x0000 if an error occurred

DECRYPT_N_SIGNATURE (0x01)

Decrypt a provided n signature using the server's current nsig function code, and return the result (or an error).

Request
Name Size (bytes) Description
size 2 The size of the encrypted signature
string size The encrypted signature
Response
Name Size (bytes) Description
size 2 The size of the decrypted signature, 0x0000 if an error occurred
string size The decrypted signature

DECRYPT_SIGNATURE (0x02)

Decrypt a provided s signature using the server's current sig function code, and return the result (or an error).

Request
Name Size (bytes) Description
size 2 The size of the encrypted signature
string size The encrypted signature
Response
Name Size (bytes) Description
size 2 The size of the decrypted signature, 0x0000 if an error occurred
string size The decrypted signature

GET_SIGNATURE_TIMESTAMP (0x03)

Get the signature timestamp from the server's current player, and return it in the form of a 64-bit integer. If there's no player, it will return 0 in the timestamp (Please check with PLAYER_STATUS if the server has a player)

Request

No additional data required

Response
Name Size (bytes) Description
timestamp 8 The signature timestamp from the server's current player

PLAYER_STATUS (0x04)

Get the server's information about the current player.

Request

No additional data required

Response
Name Size (bytes) Description
has_player 1 If the server has a player, this variable will be 0xFF. or else, it will be 0x00
player_id 4 The server's current player ID. If the server has no player, this will always be 0x00000000

PLAYER_UPDATE_TIMESTAMP (0x05)

Get the time of the last player update, The time is represented as seconds since the last update

Request

No additional data required

Response
Name Size (bytes) Description
timestamp 8 Seconds since the last player update

License

This project is open source under the AGPL-3.0 license.