Research Joyn scripts obfuscation
--
Joyn (previously 7TV) is German “Netflix” which has films, TV series and live TV.
Did you hear anything about code obfuscation? Let’s have a look at Joyn video player and how they use that in production.
Scripts and modules
Let’s open any TV series and see what scripts are in Network panel of DevTools. There are scripts which are loaded from static.t1p-vod-playout-prod.aws.route71.net
ad-tracker.min.js
The module name is @vod/ad-tracker
It tracks ad events based on your advertising playback.
playback-source-fetcher.min.js
The module name is @vod/playback-source-fetcher
It requests https://static.t1p-vod-playout-prod.aws.route71.net/playback-source-fetcher/config/psf.json with server config.
player-heartbeat-producer.min.js
The module name is @vod/player-heartbeat-producer
It sends POST requests https://heartbeats.prd.data.s.joyn.de/beat every 10 watched seconds with important information about the playback:
player-toolkit-loader.min.js
The module name is @vod/player-toolkit-loader
It’s a simple loader. It downloads players based on the player type (DASH, HLS, Tizen, WebOS and WebMAF), other scripts which are listed here (ad-tracker, ad-source-fetcher, playback-monitoring and player-heartbeat-producer), external scripts (e.g. iam from ioam.de), etc.
playback-monitoring.min.js
The module name is @vod/player-toolkit-template