Research Joyn scripts obfuscation

Alexey Berezin
3 min readMay 4, 2020
UI for TV series in Chrome

Joyn (previously 7TV) is German “Netflix” which has films, TV series and live TV.

Did you hear anything about code obfuscation? Let’s have a look at Joyn video player and how they use that in production.

Scripts and modules

Let’s open any TV series and see what scripts are in Network panel of DevTools. There are scripts which are loaded from

DevTools > Network with filter by


The module name is @vod/ad-tracker

It tracks ad events based on your advertising playback.


The module name is @vod/playback-source-fetcher

It requests with server config.

Result of /psf.json with API gateway, entitlement, provider and other specific metadata for playback


The module name is @vod/player-heartbeat-producer

It sends POST requests every 10 watched seconds with important information about the playback:

Real /beat request body


The module name is @vod/player-toolkit-loader

It’s a simple loader. It downloads players based on the player type (DASH, HLS, Tizen, WebOS and WebMAF), other scripts which are listed here (ad-tracker, ad-source-fetcher, playback-monitoring and player-heartbeat-producer), external scripts (e.g. iam from, etc.


The module name is @vod/player-toolkit-template