First - it's a non-security post.

Background

Rally Monte-Carlo 2019. WRC AllLive claims to show LIVE all actions and all crashes, but only crashing thing was AllLive itself.

WRC+ AllLive Heartbeat Error

With brief investigations it's clear, that problem was somewhere in their authentication system (crm.wrc.com). Users weren't able to log in to plus.wrc.com but some who were authenticated said, that they can still see live stream. So, where is the stream?

Update 2019-02-14 - Rally Sweden

Seems, that WRC+ have made some changes and previous solution didn't work anymore. They like to play some games? Me too. Solution updated.

Disclaimer

With instructions above I don't recommend to hack or misuse WRC+ AllLive services. Use it only for your own valid and paid account and do not share your own user specific URLs.

To be clear - I am paying customer for WRC+ AllLive and in general happy with the service. BUT! As a rallyfan, if rally-action is LIVE, stream exists and I can not see it because their service is just does not work, I want to have alternative solution. They didn't find solution in 2 days, I found my own.

All images below are taken from WRC+.

Solution

This solution helps you only if you were able to log in once and start the video. If site is already so broken that you can not log in and/or start video, then it's also too late for this solution.

In short solution:

  • you need m3u8 player, for example Chrome extension
  • authenticate to WRC+, navigate to ALL LIVE page and press "play" button for the video which stream URL you want to get
  • open browser developer toolbar console and paste command:
location.href=document.getElementById('videoplayer').src;
  • you are redirected to new page, open again console and paste command (updated for Rally Sweden):
location.href=sravvplPlayerInstances[0]['_activeVideoHandler']['currentUrl'];
  • if it didn't work or you need more detailed instructions, keep reading

Note - previosly last command was:

location.href=sravvplPlayerInstances[0]['_streamInCurrentLoadProcess'];

you need m3u8 player

As stream is in m3u8 format, you need player for that. I used "Play HLS M3u8" plugin for Chrome:
https://chrome.google.com/webstore/detail/play-hls-m3u8/ckblfoghkjhaclegefojbgllenffajdc/

Log in to WRC+

Authenticate (log in) to https://plus.wrc.com/en/ and click "ALL LIVE".

You should be on the address:

https://plus.wrc.com/en/live-stages/live/

Use Chrome Developer tools

We going to send few JavaScript commands for browser so we need to open console - just press F12 or ctrl+shift+I in your browser and find console tab.

Warning! As it is mainly security blog I need to explain something: be really really careful when someone instructing you to enter some JavaScript program code to your browser console. It may contain program code which takes over your browser or current website account.

In thise case we going to use just redirect command location.href.

Start video

First, start video which stream you want to get - it does not matter, is it live stream or video from archive.

Command to console

Copy-paste line above to browser console, and press enter:

location.href=document.getElementById('videoplayer').src;

WRC AllLive Chrome Console

Page with video player

You should be redirected now to address with only video functionality:

https://plus.wrc.com/club/checklogin.php?v... parameters ...

... but it still has heartbeat solution to ruin it all.

If you are on address, like https://plus.wrc.com/player.php?view=1207 then you probably didn't hit the play button for start video.

Redirect to stream

Open again browser console and redirect page to stream address (updated for Rally Sweden):

location.href=sravvplPlayerInstances[0]['_activeVideoHandler']['currentUrl'];

WRC+ AllLive from player to stream

or if you just want to detect the address, then command to console is:

location.href=sravvplPlayerInstances[0]['_activeVideoHandler']['currentUrl'];

Address should start with:

https://wrcplusmsl4.akamaized.net/hls/live/...

Disclaimer 2

Technically, you can use it even when you are not logged in. But I recommend to not share your URLs with public the Internet as it may contain information about you (your WRC+ account user).

Solution is valid at the moment - 2019-01-25. If WRC+ or any other part of that system make changes in their HTML or JavaScript code, this solution probably does not work anymore and needs some update.

Edit: Solution is valid again - 2019-02-14. If they make again changes, it again will not work and need to find new solution.

Done. Enjoy.

If now WRC+ services like crm.wrc.com or heartbeat etc does not work anymore, you are safe.

WRC+ AllLive via Chrome m3u8 player


Comments

comments powered by Disqus