Channel 4 downloader

[Diazole]

I couldn't find a working C4 script so I wrote my own - https://github.com/Diazole/c4-dl.

[lomero]

thanks for sharing your work with us

[A_n_g_e_l_a]

Installs pywidevine from rlaphoenix /pywidevine on github. That's a lot of back end for one little downloader - be careful folks. You might find your CDM being shared.

[Diazole]

What? It's completely open-source and you can view the code yourself...

[A_n_g_e_l_a]

What? It's completely open-source and you can view the code yourself...

Yes it is. That doesn't make it safe.
Pywidevine github README says it has facility for "Remote CDMs and Serving". Just be sure your CDM isn't the one being remotely served.

The code is voluminous and complex: weekend coders would need a lot of time to scrutinize and fully understand what is going on. Just saying be very careful. pywidevine also comes with pre-compiled binaries such as aria2c and mp4decrypt; if you are going to trust this software it would be as well to put your own original binaries in place of those supplied.

Edit:
I see you use a MIT license and only mention yourself.
Ralphoenix uses the GNU Public license version 3 and it says:-

5. Conveying Modified Source Versions.

You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.

[Diazole]

You shouldn't scaremonger. Pywidevine is highly documented and easy to read.

The CDM serve functionality has to be called and passed a config, host and port; it is designed to run on your local network. Sure, if you call serve and give it your CDM, listening IP and port, and then open up ports on your firewall/router you would expose yourself to the internet.

If you actually read the code in my script you'll see that the serve functionality is never called.

[A_n_g_e_l_a]

You shouldn't scaremonger. Pywidevine is highly documented and easy to read.

The CDM serve functionality has to be called and passed a config, host and port; it is designed to run on your local network. Sure, if you call serve and give it your CDM, listening IP and port, and then open up ports on your firewall/router you would expose yourself to the internet.

If you actually read the code in my script you'll see that the serve functionality is never called.

There are question marks about Rlaphoenix's code which is installed and which you do not mention in credit or otherwise. Just saying be careful everyone.
Also your code looks very much 'scene' derived - concerned with 'video type' and 'web-dl' labels - is that its origin?

[tuskacz]

That doesn't make it safe.

No kidding sherlock. Life is not safe also, you can be hit by car today without your will and no law will prevent it.
So spare others your nonsensical argument. Safety is an empty word as you never know all dependencies.

[codehound]

Good advice from A_n_g_e_l_a regards this. If you really haven't got your own ch4 script, or vt, use this not just with your own binaries, but take it a step further and use the original pywidevine.

[A_n_g_e_l_a]

That doesn't make it safe.

No kidding sherlock. Life is not safe also, you can be hit by car today without your will and no law will prevent it.
So spare others your nonsensical argument. Safety is an empty word as you never know all dependencies.

Well that's helpful and raised the tone of the debate. How do you do it Stanley?

[codehound]

Well that's helpful and raised the tone of the debate. How do you do it Stanley?

google-translate's got a lot to answer for...

[zeosle]

I couldn't find a working C4 script so I wrote my own - https://github.com/Diazole/c4-dl.

Whatever the case, @Diazole has done a good job of creating the code, and sharing it; for educational purposes and learning as well. Thanks @Diazole; I've already learnt alot going through the code. Thanks also for the caution by the other mates regarding the other secondary matters.

[darkw4v3]

No kidding sherlock. Life is not safe also, you can be hit by car today without your will and no law will prevent it.
So spare others your nonsensical argument. Safety is an empty word as you never know all dependencies.

Well, there it is, right there. The most ignorant piece of text I will read all day.


Доверяй, но проверяй.

[PRAGMA]

What? It's completely open-source and you can view the code yourself...

Yes it is. That doesn't make it safe.
Pywidevine github README says it has facility for "Remote CDMs and Serving". Just be sure your CDM isn't the one being remotely served.

The code is voluminous and complex: weekend coders would need a lot of time to scrutinize and fully understand what is going on. Just saying be very careful. pywidevine also comes with pre-compiled binaries such as aria2c and mp4decrypt; if you are going to trust this software it would be as well to put your own original binaries in place of those supplied.

Edit:
I see you use a MIT license and only mention yourself.
Ralphoenix uses the GNU Public license version 3 and it says:-

5. Conveying Modified Source Versions.

You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.

Hi, I'm rlaphoenix on GitHub.

All you're claims here are wrong and let me explain.

Pywidevine github README says it has facility for "Remote CDMs and Serving". Just be sure your CDM isn't the one being remotely served.

Yes. That feature allows YOU to explicitly share YOUR Provisions with the outside world. You would need to explicitly give someone a secret key, host, port, and provision filename for someone to be able to access your Provision. It's explicitly opt-in. You must even be running `pywidevine serve` command for it to be hosted. That feature tidbit simply refers to that. The ability to share your Provision with someone you know, and be able to use pywidevine to access said `serve`'d provision.

The code is voluminous and complex: weekend coders would need a lot of time to scrutinize and fully understand what is going on.

It's in my opinion and others, to be very documented. It gives a lot of example code as well as documentation all over the place. In fact, it's miles ahead more readable than any other "pywidevine" floating around.

Just saying be very careful.

Yeah, do. But the point is its open source, you can see the changes. There are even src packages distributed with each release version on both GitHub and PyPI for anyone to read into and check.

pywidevine also comes with pre-compiled binaries such as aria2c and mp4decrypt; if you are going to trust this software it would be as well to put your own original binaries in place of those supplied.

No it doesn't. It does not come with any pre-compiled binaries of any kind, at all, not even the required shaka-packager for the decrypt() method. You are confusing my pywidevine that is open-source with the `pywidevine` that is being bundled with a lot of shit code bases like nap36 and so on.

My pywidevine is not the same as that pywidevine. aria2c and mp4decrypt aren't even used at all in that codebase. A simple search in GitHub with the search bar would show you that.

[QUOTE=A_n_g_e_l_a;2667881]I see you use a MIT license and only mention yourself.
Ralphoenix uses the GNU Public license version 3 and it says:-

5. Conveying Modified Source Versions.

You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.

While you are thinking correctly here, which fair enough, but no I don't think his license has any issue here. Let me explain why. He isn't ever actually re-distributing or, nor modifying it. He simply has it in a requirements.txt file, meaning the user would run `pip install -r requirements.txt` and effectively download the original unmodified release from PyPI, which was uploaded by me. His license is fine. I think he may need to credit me however, but I don't give the slightest of shit about credit.

[PRAGMA]

Good advice from A_n_g_e_l_a regards this. If you really haven't got your own ch4 script, or vt, use this not just with your own binaries, but take it a step further and use the original pywidevine.

Original pywidevine floating around with nap36 e.t.c, is absolute dog shit. Take it from me who made github.com/rlaphoenix/pywidevine. I'm sure others who actually know what pywidevine (mine or otherwise) is doing, also agrees.

[A_n_g_e_l_a]

It does not come with any pre-compiled binaries of any kind, at all, not even the required shaka-packager for the decrypt() method..

...

[Attachment 66904 - Click to enlarge]

[Diazole]

It does not come with any pre-compiled binaries of any kind, at all, not even the required shaka-packager for the decrypt() method..

...

[Attachment 66904 - Click to enlarge]

that's not pywidevine...

[Quint]

Safety is an empty word as you never know all dependencies.

Regarding life: Yes. Regarding Software: No, you can know ALL dependencies. Fully deterministic.

[A_n_g_e_l_a]

that's not pywidevine...

No, my error, it's your original link https://github.com/Diazole/c4-dl - the topic of this thread; that's all! But you knew that - and played dumb.
Anyone with half a brain if going to be suspicious of included binaries aren't they now? Why did you put them in?

[Diazole]

Of course, everyone should build from source after reading it, or alternatively you trust the authors like you do with closed source software.

I could provide checksums for the bins or I could not provide them at all and inform users they have to retrieve them themselves if you think that's better?

[A_n_g_e_l_a]

I could provide checksums for the bins or I could not provide them at all and inform users they have to retrieve them themselves if you think that's better?

An old lecturer of mine had a mantra: "know your target audience". The guys here are a pretty sophisticated lot. I would imagine most have those binaries already in $PATH.

Also as you specify your code at the moment, calling .exe binaries, you are deliberately targeting windoze users.

[T33V33]

The guys here are a pretty sophisticated lot. I would imagine most have those binaries already in $PATH.

Based on the amount of seperate posts all asking the same or very similar questions I suspect not all are as sophisticated as you believe. It's pretty clear to me that lots of people want/need everything handing to them on a plate so they don't have to do any real work themselves. In an ideal world people would have the understanding about the risks of running binaries from an untrusted source. Sadly though you know full well that if the binaries hadn't been included in the git we would just end up with posts asking why the script was throwing errors (even putting clear instructions in a readme is not enough for some people).


As for pywidevine.... and I'm just generalising here... Everyone seems to trust the 'original' one with no issues even though most have no clue of its origin, but people seem unsure about Phoenix's one? But a lot of those same people have been practically begging for some of Phoenix's other scripts for months and trust those without issue?? (I don't mean just on these forums.. I see the same elsewhere). People are also more than happy to use other leaked scripts even when they are leaked by known scammers. Thinking about the 'collection' of CDMs, I'm also pretty sure Phoenix has no real interest in 'collecting' other people's L3s and anyone lucky enough to be in possession of a working L1 would surely at this point be one of those people who do know how best to keep it safe

[A_n_g_e_l_a]

Based on the amount of seperate posts all asking the same or very similar questions I suspect not all are as sophisticated as you believe.

This lot though, are a sub-set of VH users in that they have their own CDM, otherwide this channel4 downloader is not going to work. You got your own CDM are you saying you and others like you are unsophisticated?? Quelle horreur!

[Diazole]

Obtaining an L3 key pair is far from sophisticated when following a tutorial someone has written

[T33V33]

Based on the amount of seperate posts all asking the same or very similar questions I suspect not all are as sophisticated as you believe.

This lot though, are a sub-set of VH users in that they have their own CDM, otherwide this channel4 downloader is not going to work. You got your own CDM are you saying you and others like you are unsophisticated?? Quelle horreur!

Or rather than 'their own' they are still using one of the many 'shared' L3 CDMs that still work perfectly well

[PRAGMA]

It does not come with any pre-compiled binaries of any kind, at all, not even the required shaka-packager for the decrypt() method..

...

[Attachment 66904 - Click to enlarge]

That's his project that comes with them... Not mine...

[PRAGMA]

Of course, everyone should build from source after reading it, or alternatively you trust the authors like you do with closed source software.

I could provide checksums for the bins or I could not provide them at all and inform users they have to retrieve them themselves if you think that's better?

Just ignore this annoying guy

[PRAGMA]

The guys here are a pretty sophisticated lot. I would imagine most have those binaries already in $PATH.

Based on the amount of seperate posts all asking the same or very similar questions I suspect not all are as sophisticated as you believe. It's pretty clear to me that lots of people want/need everything handing to them on a plate so they don't have to do any real work themselves. In an ideal world people would have the understanding about the risks of running binaries from an untrusted source. Sadly though you know full well that if the binaries hadn't been included in the git we would just end up with posts asking why the script was throwing errors (even putting clear instructions in a readme is not enough for some people).


As for pywidevine.... and I'm just generalising here... Everyone seems to trust the 'original' one with no issues even though most have no clue of its origin, but people seem unsure about Phoenix's one? But a lot of those same people have been practically begging for some of Phoenix's other scripts for months and trust those without issue?? (I don't mean just on these forums.. I see the same elsewhere). People are also more than happy to use other leaked scripts even when they are leaked by known scammers. Thinking about the 'collection' of CDMs, I'm also pretty sure Phoenix has no real interest in 'collecting' other people's L3s and anyone lucky enough to be in possession of a working L1 would surely at this point be one of those people who do know how best to keep it safe

Well said.

[gadumuc]

i don't see why are we arguing here, the warning of the included bin is fine, anyone tests if the script works, if it works that is fine, why are we arguing about internet scripts which I believe 99% won't bother to care what's inside as long as it work and get things done.

[SnoopDawg]

I couldn't find a working C4 script so I wrote my own - https://github.com/Diazole/c4-dl.

Forgive my ignorance as I'm new to using youtube-dl etc but I would like to learn how to download videos from Channel 4. I've downloaded the zip from GitHub but I'm clueless as to how to install and use. Is there some instructions or a video, or something I should be reading to get started? I'm a software developer by trade so not totally alien to scripting but as I said this is new to me.