Disclaimer

The Copyright Act of 1976 grants copyright holders “exclusive rights” to make copies of their work, distribute it and perform it publicly. And an individual user’s watching a stream — even if it’s unauthorized by the copyright holder — doesn’t technically violate these rights.¹ Plus, I have Prime Video membership. I just don’t use it that often.

Problem

When I was rewatching (Shaun of the Dead)[https://www.imdb.com/title/tt0365748/] on some mysterious website, I tried to fast forward a little, the same thing I have done for a zillion times. Instead, I was redirected to an third-party annoying page.

I would have let it go if the invisible button is gone after I click on it, but it really irritates me when this invisible ad redirector “shows up” every few seconds. I get it. Whoever is responsible for this periodical naughty behavior wants to create an authentic cinematic experience by making it extremely painful for people to pause, fast-forward, or adjust the volume. But you should not be the one to make the call. I should. So I decide to disable this annoying invisible button. It’s a little trickier than I expected.

Attempt 1 AdBlocker

Given the fact that clicking on any part of the screen would redirct I assume there should be a giant redirector element that overlaps the entire page, the first thing on my mind is to use my AdBlocker’s selector to block it. It turns out there isn’t one. That’s wierd.

Attempt 2 Developer Tool

So I decide to dive deeper using the developer tool. Wait, “Paused in debugger”? I keep clicking the F8 (Resume Script Execution), but it keeps back to this breakpoint “debugger”.
Obviously this page checks the width between the border and the inner page to detects whether the developer tool is being used. CLassic Anti-Debugger. “The more you hide, the more you stand out."² Done. By adding it to ignore list, the debugger no longer blocks the script from running even if it cries for help. Now let’s see how it works.

Attempt 3 Network Analysis

It seems that there are mainly 2 kinds of requests going on. One is the medix_xxx.ts, which contains the media data. The other, however, look much more suspicious, whose response contains a url. Let’s see where you leads to. Aha. Gotcha. This is exactly got me started. The Developer Tool allows me to trace back to the script that initiates it: 61650:1. This same script is also clearing my console. Now the only thing left is to locate this script and diable it. Before that, let’s take a look at the script. Complete mess. Let’s through it to a JavaScript Beautifier. A little better, but zero comment. It’s never meant to be understood or maintained. The developer tool told me that this snippet is the root cause, so I kept pressing Shift+F12 in VSCode to see who is referencing it and its parents, which finnally lead me to an aync function.

Disable Specific JavaScript

By searching 61650, I quickly located it in the HTML elements. I can’t disbale the whole JavaScript because it’s also used to stream, so uBlock comes in handy because it allows you to develop custome rules to block scripts such as those that . Done! I gained my control back!

When is streaming illegal? ↩︎
Quote from a reverse engineer Jason Batchelor ↩︎

How to Bypass the Invisible Malicious Ad Button