emby unlock Emby Premiere for emby client

本文最后更新于：2024年8月9日晚上

There’s a solution suits every devices in our LAN network, that idea is to build a fake mb3admin.com server in your lan network.

Let’s get started:

Create init script:

# vim init_mb3admin.sh
#!/bin/bash
mkdir /opt/mb3admin/certs -p && cd /opt/mb3admin
openssl req -x509 -newkey rsa:2048 -days 36525 -nodes -subj '/CN=mb3admin.com' -addext "subjectAltName = DNS:www.mb3admin.com, DNS:mb3admin.com"  -out certs/emby.crt -keyout certs/emby.key
curl https://ssl-config.mozilla.org/ffdhe2048.txt > certs/ssl-dhparams.pem
cat > nginx.conf <<EOF
events {
  worker_connections  4096;  ## Default: 1024
}
http{
	server {
		listen 80;
		listen [::]:80;
		server_name mb3admin.com;

		return 301 https://mb3admin.com$request_uri;
	}

	server {
		listen 443 ssl http2;
		listen [::]:443 ssl http2;
		server_name mb3admin.com;
		
		# Generate with command above
		ssl_certificate /certs/emby.crt;
		ssl_certificate_key /certs/emby.key;
		ssl_session_timeout 1d;
		ssl_session_cache shared:SSL:10m;  # about 40000 sessions
		ssl_session_tickets off;

		# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /certs/ssl-dhparams.pem
		ssl_dhparam /certs/ssl-dhparams.pem;

		# intermediate configuration
		ssl_protocols TLSv1.2 TLSv1.3;
		ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
		ssl_prefer_server_ciphers off;

		location /admin/service/registration/validateDevice{
			default_type application/json;
			return 200 '{"cacheExpirationDays":3650,"message":"Device Valid (limit not checked)","resultCode":"GOOD"}';
		}

		location /admin/service/registration/validate {
			default_type application/json;
			return 200 '{"featId":"","registered":true,"expDate":"2099-01-01","key":""}';
		}

		location /admin/service/registration/getStatus {
			default_type application/json;
			return 200 '{"planType":"Lifetime","deviceStatus":0,"subscriptions":[]}';
		}

		location /admin/service/appstore/register {
			default_type application/json;
			return 200 '{"featId":"","registered":true,"expDate":"2099-01-01","key":""}';
		}

		location /emby/Plugins/SecurityInfo {
			default_type application/json;
			return 200 '{SupporterKey:"", IsMBSupporter:true}';
		}
		add_header Access-Control-Allow-Origin * always;
		add_header Access-Control-Allow-Headers * always;
		add_header Access-Control-Allow-Method * always;
		add_header Access-Control-Allow-Credentials true always;
	}
}
EOF

If you run nginx server on your local network, you can just put nginx.conf under /etc/nginx/conf.d/ and restart nginx server, it will works. But if you want use docker just like me, let’s continue:

Create Dockerfile to build docker image

# vim Dockerfile
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf
ADD certs /certs

⚡ root@homesrv /opt/mb3admin # docker build -t mb3admin .
Sending build context to Docker daemon  11.78kB
Step 1/3 : FROM nginx
 ---> 4f67c83422ec
Step 2/3 : COPY nginx.conf /etc/nginx/nginx.conf
 ---> Using cache
 ---> d24bf9ca6fba
Step 3/3 : ADD certs /certs
 ---> Using cache
 ---> a6e57f1e3978
Successfully built a6e57f1e3978
Successfully tagged mb3admin:latest
 ⚡ root@homesrv /opt/mb3admin # docker run --name mb3admin -p 443:443 --restart=always -itd mb3admin:latest

Change your DNS server

root@OpenWrt:~# grep mb3admin /etc/dnsmasq.conf
address=/mb3admin.com/192.168.3.20
root@OpenWrt:~# /etc/init.d/dnsmasq restart
udhcpc: started, v1.36.0
udhcpc: broadcasting discover
udhcpc: no lease, failing
root@OpenWrt:~# nslookup mb3admin.com
Server:		127.0.0.1
Address:	127.0.0.1:53

Name:	mb3admin.com
Address: 192.168.3.20
root@OpenWrt:~#

logon your emby server with emby client

When you see this page that means it worked and click OK and enjoy the moment. By the way, this is for client bypass, you should also bypass on the server side as well just like me.