From 7785e8c60404a2bb715dd7be3c83474a389397fd Mon Sep 17 00:00:00 2001
From: UrloMythus <urlo30@proton.me>
Date: Sun, 11 Jan 2026 14:29:22 +0100
Subject: [PATCH] new version

---
 mediaflow_proxy/configs.py                    |   29 +-
 mediaflow_proxy/extractors/F16Px.py           |  104 ++
 mediaflow_proxy/extractors/base.py            |  117 +-
 mediaflow_proxy/extractors/dlhd.py            |  791 +++++-------
 mediaflow_proxy/extractors/factory.py         |   21 +-
 mediaflow_proxy/extractors/filelions.py       |    3 +-
 mediaflow_proxy/extractors/filemoon.py        |   52 +
 mediaflow_proxy/extractors/lulustream.py      |   27 +
 mediaflow_proxy/extractors/sportsonline.py    |  195 +++
 mediaflow_proxy/extractors/streamwish.py      |   81 ++
 mediaflow_proxy/extractors/turbovidplay.py    |   68 +
 mediaflow_proxy/extractors/vavoo.py           |   99 +-
 mediaflow_proxy/extractors/vidmoly.py         |   63 +
 mediaflow_proxy/extractors/vidoza.py          |   73 ++
 mediaflow_proxy/extractors/voe.py             |   68 +
 mediaflow_proxy/handlers.py                   |   31 +-
 mediaflow_proxy/mpd_processor.py              |   52 +-
 mediaflow_proxy/routes/extractor.py           |   38 +-
 mediaflow_proxy/routes/playlist_builder.py    |  209 ++-
 mediaflow_proxy/routes/proxy.py               |  396 +++++-
 mediaflow_proxy/schemas.py                    |   15 +-
 .../__pycache__/all_debrid.cpython-313.pyc    |  Bin 3375 -> 0 bytes
 .../__pycache__/base.cpython-313.pyc          |  Bin 1615 -> 0 bytes
 .../__pycache__/real_debrid.cpython-313.pyc   |  Bin 2539 -> 0 bytes
 mediaflow_proxy/static/index.html             |   11 +-
 mediaflow_proxy/static/playlist_builder.html  |   17 +-
 mediaflow_proxy/static/speedtest.js           |    8 +-
 mediaflow_proxy/utils/aes.py                  |   39 +
 mediaflow_proxy/utils/aesgcm.py               |  193 +++
 mediaflow_proxy/utils/cache_utils.py          |   67 +-
 mediaflow_proxy/utils/codec.py                |  465 +++++++
 mediaflow_proxy/utils/compat.py               |  231 ++++
 mediaflow_proxy/utils/constanttime.py         |  218 ++++
 mediaflow_proxy/utils/cryptomath.py           |  366 ++++++
 mediaflow_proxy/utils/deprecations.py         |  218 ++++
 mediaflow_proxy/utils/hls_prebuffer.py        |  317 +++--
 mediaflow_proxy/utils/hls_utils.py            |   54 +
 mediaflow_proxy/utils/http_utils.py           |  154 ++-
 mediaflow_proxy/utils/m3u8_processor.py       |   23 +-
 mediaflow_proxy/utils/mpd_utils.py            |   10 +-
 mediaflow_proxy/utils/python_aes.py           |  122 ++
 mediaflow_proxy/utils/python_aesgcm.py        |   12 +
 mediaflow_proxy/utils/rijndael.py             | 1118 +++++++++++++++++
 mediaflow_proxy/utils/tlshashlib.py           |   32 +
 mediaflow_proxy/utils/tlshmac.py              |   88 ++
 45 files changed, 5463 insertions(+), 832 deletions(-)
 create mode 100644 mediaflow_proxy/extractors/F16Px.py
 create mode 100644 mediaflow_proxy/extractors/filemoon.py
 create mode 100644 mediaflow_proxy/extractors/lulustream.py
 create mode 100644 mediaflow_proxy/extractors/sportsonline.py
 create mode 100644 mediaflow_proxy/extractors/streamwish.py
 create mode 100644 mediaflow_proxy/extractors/turbovidplay.py
 create mode 100644 mediaflow_proxy/extractors/vidmoly.py
 create mode 100644 mediaflow_proxy/extractors/vidoza.py
 create mode 100644 mediaflow_proxy/extractors/voe.py
 delete mode 100644 mediaflow_proxy/speedtest/providers/__pycache__/all_debrid.cpython-313.pyc
 delete mode 100644 mediaflow_proxy/speedtest/providers/__pycache__/base.cpython-313.pyc
 delete mode 100644 mediaflow_proxy/speedtest/providers/__pycache__/real_debrid.cpython-313.pyc
 create mode 100644 mediaflow_proxy/utils/aes.py
 create mode 100644 mediaflow_proxy/utils/aesgcm.py
 create mode 100644 mediaflow_proxy/utils/codec.py
 create mode 100644 mediaflow_proxy/utils/compat.py
 create mode 100644 mediaflow_proxy/utils/constanttime.py
 create mode 100644 mediaflow_proxy/utils/cryptomath.py
 create mode 100644 mediaflow_proxy/utils/deprecations.py
 create mode 100644 mediaflow_proxy/utils/hls_utils.py
 create mode 100644 mediaflow_proxy/utils/python_aes.py
 create mode 100644 mediaflow_proxy/utils/python_aesgcm.py
 create mode 100644 mediaflow_proxy/utils/rijndael.py
 create mode 100644 mediaflow_proxy/utils/tlshashlib.py
 create mode 100644 mediaflow_proxy/utils/tlshmac.py

diff --git a/mediaflow_proxy/configs.py b/mediaflow_proxy/configs.py
index 049105a..bae1ddf 100644
--- a/mediaflow_proxy/configs.py
+++ b/mediaflow_proxy/configs.py
@@ -19,11 +19,14 @@ class TransportConfig(BaseSettings):
     proxy_url: Optional[str] = Field(
         None, description="Primary proxy URL. Example: socks5://user:pass@proxy:1080 or http://proxy:8080"
     )
+    disable_ssl_verification_globally: bool = Field(
+        False, description="Disable SSL verification for all requests globally."
+    )
     all_proxy: bool = Field(False, description="Enable proxy for all routes by default")
     transport_routes: Dict[str, RouteConfig] = Field(
         default_factory=dict, description="Pattern-based route configuration"
     )
-    timeout: int = Field(30, description="Timeout for HTTP requests in seconds")
+    timeout: int = Field(60, description="Timeout for HTTP requests in seconds")
 
     def get_mounts(
         self, async_http: bool = True
@@ -33,11 +36,13 @@ class TransportConfig(BaseSettings):
         """
         mounts = {}
         transport_cls = httpx.AsyncHTTPTransport if async_http else httpx.HTTPTransport
+        global_verify = not self.disable_ssl_verification_globally
 
         # Configure specific routes
         for pattern, route in self.transport_routes.items():
             mounts[pattern] = transport_cls(
-                verify=route.verify_ssl, proxy=route.proxy_url or self.proxy_url if route.proxy else None
+                verify=route.verify_ssl if global_verify else False,
+                proxy=route.proxy_url or self.proxy_url if route.proxy else None,
             )
 
         # Hardcoded configuration for jxoplay.xyz domain - SSL verification disabled
@@ -45,9 +50,23 @@ class TransportConfig(BaseSettings):
             verify=False, proxy=self.proxy_url if self.all_proxy else None
         )
 
+        mounts["all://dlhd.dad"] = transport_cls(
+            verify=False, proxy=self.proxy_url if self.all_proxy else None
+        )
+        
+        mounts["all://*.newkso.ru"] = transport_cls(
+            verify=False, proxy=self.proxy_url if self.all_proxy else None
+        )
+
+        # Apply global settings for proxy and SSL
+        default_proxy_url = self.proxy_url if self.all_proxy else None
+        if default_proxy_url or not global_verify:
+            mounts["all://"] = transport_cls(proxy=default_proxy_url, verify=global_verify)
+
         # Set default proxy for all routes if enabled
-        if self.all_proxy:
-            mounts["all://"] = transport_cls(proxy=self.proxy_url)
+        # This part is now handled above to combine proxy and SSL settings
+        # if self.all_proxy:
+        #     mounts["all://"] = transport_cls(proxy=self.proxy_url)
 
         return mounts
 
@@ -78,6 +97,8 @@ class Settings(BaseSettings):
     dash_prebuffer_cache_size: int = 50  # Maximum number of segments to cache in memory.
     dash_prebuffer_max_memory_percent: int = 80  # Maximum percentage of system memory to use for DASH pre-buffer cache.
     dash_prebuffer_emergency_threshold: int = 90  # Emergency threshold percentage to trigger aggressive cache cleanup.
+    mpd_live_init_cache_ttl: int = 0  # TTL (seconds) for live init segment cache; 0 disables caching.
+    mpd_live_playlist_depth: int = 8  # Number of recent segments to expose per live playlist variant.
 
     user_agent: str = (
         "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"  # The user agent to use for HTTP requests.
diff --git a/mediaflow_proxy/extractors/F16Px.py b/mediaflow_proxy/extractors/F16Px.py
new file mode 100644
index 0000000..fbb7708
--- /dev/null
+++ b/mediaflow_proxy/extractors/F16Px.py
@@ -0,0 +1,104 @@
+# https://github.com/Gujal00/ResolveURL/blob/55c7f66524ebd65bc1f88650614e627b00167fa0/script.module.resolveurl/lib/resolveurl/plugins/f16px.py
+
+import base64
+import json
+import re
+from typing import Dict, Any
+from urllib.parse import urlparse
+
+from mediaflow_proxy.extractors.base import BaseExtractor, ExtractorError
+from mediaflow_proxy.utils import python_aesgcm
+
+
+class F16PxExtractor(BaseExtractor):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.mediaflow_endpoint = "hls_manifest_proxy"
+
+    @staticmethod
+    def _b64url_decode(value: str) -> bytes:
+        # base64url -> base64
+        value = value.replace("-", "+").replace("_", "/")
+        padding = (-len(value)) % 4
+        if padding:
+            value += "=" * padding
+        return base64.b64decode(value)
+
+    def _join_key_parts(self, parts) -> bytes:
+        return b"".join(self._b64url_decode(p) for p in parts)
+
+    async def extract(self, url: str) -> Dict[str, Any]:
+        parsed = urlparse(url)
+        host = parsed.netloc
+        origin = f"{parsed.scheme}://{parsed.netloc}"
+
+        match = re.search(r"/e/([A-Za-z0-9]+)", parsed.path or "")
+        if not match:
+            raise ExtractorError("F16PX: Invalid embed URL")
+
+        media_id = match.group(1)
+        api_url = f"https://{host}/api/videos/{media_id}/embed/playback"
+
+        headers = self.base_headers.copy()
+        headers["referer"] = f"https://{host}/"
+
+        resp = await self._make_request(api_url, headers=headers)
+        try:
+            data = resp.json()
+        except Exception:
+            raise ExtractorError("F16PX: Invalid JSON response")
+
+        # Case 1: plain sources
+        if "sources" in data and data["sources"]:
+            src = data["sources"][0].get("url")
+            if not src:
+                raise ExtractorError("F16PX: Empty source URL")
+            return {
+                "destination_url": src,
+                "request_headers": headers,
+                "mediaflow_endpoint": self.mediaflow_endpoint,
+            }
+
+        # Case 2: encrypted playback
+        pb = data.get("playback")
+        if not pb:
+            raise ExtractorError("F16PX: No playback data")
+
+        try:
+            iv = self._b64url_decode(pb["iv"])             # nonce
+            key = self._join_key_parts(pb["key_parts"])    # AES key
+            payload = self._b64url_decode(pb["payload"])   # ciphertext + tag
+
+            cipher = python_aesgcm.new(key)
+            decrypted = cipher.open(iv, payload)  # AAD = '' like ResolveURL
+
+            if decrypted is None:
+                raise ExtractorError("F16PX: GCM authentication failed")
+
+            decrypted_json = json.loads(decrypted.decode("utf-8", "ignore"))
+
+        except ExtractorError:
+            raise
+        except Exception as e:
+            raise ExtractorError(f"F16PX: Decryption failed ({e})")
+
+        sources = decrypted_json.get("sources") or []
+        if not sources:
+            raise ExtractorError("F16PX: No sources after decryption")
+
+        best = sources[0].get("url")
+        if not best:
+            raise ExtractorError("F16PX: Empty source URL after decryption")
+
+        self.base_headers.clear()
+        self.base_headers["referer"] = f"{origin}/"
+        self.base_headers["origin"] = origin
+        self.base_headers["Accept-Language"] = "en-US,en;q=0.5"
+        self.base_headers["Accept"] = "*/*"
+        self.base_headers['user-agent'] = 'Mozilla/5.0 (X11; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0'
+
+        return {
+            "destination_url": best,
+            "request_headers": self.base_headers,
+            "mediaflow_endpoint": self.mediaflow_endpoint,
+        }
diff --git a/mediaflow_proxy/extractors/base.py b/mediaflow_proxy/extractors/base.py
index 359fc5d..0e271a7 100644
--- a/mediaflow_proxy/extractors/base.py
+++ b/mediaflow_proxy/extractors/base.py
@@ -1,48 +1,121 @@
 from abc import ABC, abstractmethod
 from typing import Dict, Optional, Any
 
+import asyncio
 import httpx
+import logging
 
 from mediaflow_proxy.configs import settings
-from mediaflow_proxy.utils.http_utils import create_httpx_client
+from mediaflow_proxy.utils.http_utils import create_httpx_client, DownloadError
+
+logger = logging.getLogger(__name__)
 
 
 class ExtractorError(Exception):
     """Base exception for all extractors."""
-
     pass
 
 
 class BaseExtractor(ABC):
-    """Base class for all URL extractors."""
+    """Base class for all URL extractors.
+
+    Improvements:
+    - Built-in retry/backoff for transient network errors
+    - Configurable timeouts and per-request overrides
+    - Better logging of non-200 responses and body previews for debugging
+    """
 
     def __init__(self, request_headers: dict):
         self.base_headers = {
             "user-agent": settings.user_agent,
         }
         self.mediaflow_endpoint = "proxy_stream_endpoint"
-        self.base_headers.update(request_headers)
+        # merge incoming headers (e.g. Accept-Language / Referer) with default base headers
+        self.base_headers.update(request_headers or {})
 
     async def _make_request(
-        self, url: str, method: str = "GET", headers: Optional[Dict] = None, **kwargs
+        self,
+        url: str,
+        method: str = "GET",
+        headers: Optional[Dict] = None,
+        timeout: Optional[float] = None,
+        retries: int = 3,
+        backoff_factor: float = 0.5,
+        raise_on_status: bool = True,
+        **kwargs,
     ) -> httpx.Response:
-        """Make HTTP request with error handling."""
-        try:
-            async with create_httpx_client() as client:
-                request_headers = self.base_headers.copy()
-                request_headers.update(headers or {})
-                response = await client.request(
-                    method,
-                    url,
-                    headers=request_headers,
-                    **kwargs,
-                )
-                response.raise_for_status()
-                return response
-        except httpx.HTTPError as e:
-            raise ExtractorError(f"HTTP request failed for URL {url}: {str(e)}")
-        except Exception as e:
-            raise ExtractorError(f"Request failed for URL {url}: {str(e)}")
+        """
+        Make HTTP request with retry and timeout support.
+
+        Parameters
+        ----------
+        timeout : float | None
+            Seconds to wait for the request (applied to httpx.Timeout). Defaults to 15s.
+        retries : int
+            Number of attempts for transient errors.
+        backoff_factor : float
+            Base for exponential backoff between retries.
+        raise_on_status : bool
+            If True, HTTP non-2xx raises DownloadError (preserves status code).
+        """
+        attempt = 0
+        last_exc = None
+
+        # build request headers merging base and per-request
+        request_headers = self.base_headers.copy()
+        if headers:
+            request_headers.update(headers)
+
+        timeout_cfg = httpx.Timeout(timeout or 15.0)
+
+        while attempt < retries:
+            try:
+                async with create_httpx_client(timeout=timeout_cfg) as client:
+                    response = await client.request(
+                        method,
+                        url,
+                        headers=request_headers,
+                        **kwargs,
+                    )
+
+                    if raise_on_status:
+                        try:
+                            response.raise_for_status()
+                        except httpx.HTTPStatusError as e:
+                            # Provide a short body preview for debugging
+                            body_preview = ""
+                            try:
+                                body_preview = e.response.text[:500]
+                            except Exception:
+                                body_preview = "<unreadable body>"
+                            logger.debug(
+                                "HTTPStatusError for %s (status=%s) -- body preview: %s",
+                                url,
+                                e.response.status_code,
+                                body_preview,
+                            )
+                            raise DownloadError(e.response.status_code, f"HTTP error {e.response.status_code} while requesting {url}")
+                    return response
+
+            except DownloadError:
+                # Do not retry on explicit HTTP status errors (they are intentional)
+                raise
+            except (httpx.ReadTimeout, httpx.ConnectTimeout, httpx.NetworkError, httpx.TransportError) as e:
+                # Transient network error — retry with backoff
+                last_exc = e
+                attempt += 1
+                sleep_for = backoff_factor * (2 ** (attempt - 1))
+                logger.warning("Transient network error (attempt %s/%s) for %s: %s — retrying in %.1fs",
+                               attempt, retries, url, e, sleep_for)
+                await asyncio.sleep(sleep_for)
+                continue
+            except Exception as e:
+                # Unexpected exception — wrap as ExtractorError to keep interface consistent
+                logger.exception("Unhandled exception while requesting %s: %s", url, e)
+                raise ExtractorError(f"Request failed for URL {url}: {str(e)}")
+
+        logger.error("All retries failed for %s: %s", url, last_exc)
+        raise ExtractorError(f"Request failed for URL {url}: {str(last_exc)}")
 
     @abstractmethod
     async def extract(self, url: str, **kwargs) -> Dict[str, Any]:
diff --git a/mediaflow_proxy/extractors/dlhd.py b/mediaflow_proxy/extractors/dlhd.py
index 2d58d5a..940e696 100644
--- a/mediaflow_proxy/extractors/dlhd.py
+++ b/mediaflow_proxy/extractors/dlhd.py
@@ -1,543 +1,332 @@
 import re
 import base64
 import logging
-from typing import Any, Dict, Optional
-from urllib.parse import urlparse, quote, urlunparse
+
+from typing import Any, Dict, Optional, List
+from urllib.parse import urlparse, quote_plus, urljoin
+
+
+import httpx
+
 
 from mediaflow_proxy.extractors.base import BaseExtractor, ExtractorError
 
+
 logger = logging.getLogger(__name__)
 
+# Silenzia l'errore ConnectionResetError su Windows
+logging.getLogger('asyncio').setLevel(logging.CRITICAL)
+
 
 class DLHDExtractor(BaseExtractor):
-    """DLHD (DaddyLive) URL extractor for M3U8 streams."""
+    """DLHD (DaddyLive) URL extractor for M3U8 streams.
+
+
+    Notes:
+    - Multi-domain support for daddylive.sx / dlhd.dad
+    - Robust extraction of auth parameters and server lookup
+    - Uses retries/timeouts via BaseExtractor where possible
+    - Multi-iframe fallback for resilience
+    """
+
 
     def __init__(self, request_headers: dict):
         super().__init__(request_headers)
-        # Default to HLS proxy endpoint
         self.mediaflow_endpoint = "hls_manifest_proxy"
-        # Cache for the resolved base URL to avoid repeated network calls
-        self._cached_base_url = None
-        # Store iframe context for newkso.ru requests
-        self._iframe_context = None
+        self._iframe_context: Optional[str] = None
 
-    def _get_headers_for_url(self, url: str, base_headers: dict) -> dict:
-        """Get appropriate headers for the given URL, applying newkso.ru specific headers if needed."""
-        headers = base_headers.copy()
-        
-        # Check if URL contains newkso.ru domain
-        parsed_url = urlparse(url)
-        if "newkso.ru" in parsed_url.netloc:
-            # Use iframe URL as referer if available, otherwise use the newkso domain itself
-            if self._iframe_context:
-                iframe_origin = f"https://{urlparse(self._iframe_context).netloc}"
-                newkso_headers = {
-                    'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36',
-                    'Referer': self._iframe_context,
-                    'Origin': iframe_origin
-                }
-                logger.info(f"Applied newkso.ru specific headers with iframe context for URL: {url}")
-                logger.debug(f"Headers applied: {newkso_headers}")
-            else:
-                # Fallback to newkso domain itself
-                newkso_origin = f"{parsed_url.scheme}://{parsed_url.netloc}"
-                newkso_headers = {
-                    'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36',
-                    'Referer': newkso_origin,
-                    'Origin': newkso_origin
-                }
-                logger.info(f"Applied newkso.ru specific headers (fallback) for URL: {url}")
-                logger.debug(f"Headers applied: {newkso_headers}")
+
+
+    async def _make_request(self, url: str, method: str = "GET", headers: Optional[Dict] = None, **kwargs) -> Any:
+        """Override to disable SSL verification for this extractor and use fetch_with_retry if available."""
+        from mediaflow_proxy.utils.http_utils import create_httpx_client, fetch_with_retry
+
+
+        timeout = kwargs.pop("timeout", 15)
+        retries = kwargs.pop("retries", 3)
+        backoff_factor = kwargs.pop("backoff_factor", 0.5)
+
+
+        async with create_httpx_client(verify=False, timeout=httpx.Timeout(timeout)) as client:
+            try:
+                return await fetch_with_retry(client, method, url, headers or {}, timeout=timeout)
+            except Exception:
+                logger.debug("fetch_with_retry failed or unavailable; falling back to direct request for %s", url)
+                response = await client.request(method, url, headers=headers or {}, timeout=timeout)
+                response.raise_for_status()
+                return response
+
+
+    async def _extract_lovecdn_stream(self, iframe_url: str, iframe_content: str, headers: dict) -> Dict[str, Any]:
+        """
+        Estrattore alternativo per iframe lovecdn.ru che usa un formato diverso.
+        """
+        try:
+            # Cerca pattern di stream URL diretto
+            m3u8_patterns = [
+                r'["\']([^"\']*\.m3u8[^"\']*)["\']',
+                r'source[:\s]+["\']([^"\']+)["\']',
+                r'file[:\s]+["\']([^"\']+\.m3u8[^"\']*)["\']',
+                r'hlsManifestUrl[:\s]*["\']([^"\']+)["\']',
+            ]
             
-            headers.update(newkso_headers)
-        
-        return headers
+            stream_url = None
+            for pattern in m3u8_patterns:
+                matches = re.findall(pattern, iframe_content)
+                for match in matches:
+                    if '.m3u8' in match and match.startswith('http'):
+                        stream_url = match
+                        logger.info(f"Found direct m3u8 URL: {stream_url}")
+                        break
+                if stream_url:
+                    break
+            
+            # Pattern 2: Cerca costruzione dinamica URL
+            if not stream_url:
+                channel_match = re.search(r'(?:stream|channel)["\s:=]+["\']([^"\']+)["\']', iframe_content)
+                server_match = re.search(r'(?:server|domain|host)["\s:=]+["\']([^"\']+)["\']', iframe_content)
+                
+                if channel_match:
+                    channel_name = channel_match.group(1)
+                    server = server_match.group(1) if server_match else 'newkso.ru'
+                    stream_url = f"https://{server}/{channel_name}/mono.m3u8"
+                    logger.info(f"Constructed stream URL: {stream_url}")
+            
+            if not stream_url:
+                # Fallback: cerca qualsiasi URL che sembri uno stream
+                url_pattern = r'https?://[^\s"\'<>]+\.m3u8[^\s"\'<>]*'
+                matches = re.findall(url_pattern, iframe_content)
+                if matches:
+                    stream_url = matches[0]
+                    logger.info(f"Found fallback stream URL: {stream_url}")
+            
+            if not stream_url:
+                raise ExtractorError(f"Could not find stream URL in lovecdn.ru iframe")
+            
+            # Usa iframe URL come referer
+            iframe_origin = f"https://{urlparse(iframe_url).netloc}"
+            stream_headers = {
+                'User-Agent': headers['User-Agent'],
+                'Referer': iframe_url,
+                'Origin': iframe_origin
+            }
+            
+            # Determina endpoint in base al dominio dello stream
+            endpoint = "hls_key_proxy"
 
-    async def _make_request(self, url: str, method: str = "GET", headers: dict = None, **kwargs):
-        """Override _make_request to apply newkso.ru specific headers when needed."""
-        request_headers = headers or {}
+            logger.info(f"Using lovecdn.ru stream with endpoint: {endpoint}")
+            
+            return {
+                "destination_url": stream_url,
+                "request_headers": stream_headers,
+                "mediaflow_endpoint": endpoint,
+            }
+            
+        except Exception as e:
+            raise ExtractorError(f"Failed to extract lovecdn.ru stream: {e}")
+
+    async def _extract_new_auth_flow(self, iframe_url: str, iframe_content: str, headers: dict) -> Dict[str, Any]:
+        """Handles the new authentication flow found in recent updates."""
         
-        # Apply newkso.ru specific headers if the URL contains newkso.ru
-        final_headers = self._get_headers_for_url(url, request_headers)
+        def _extract_params(js: str) -> Dict[str, Optional[str]]:
+            params = {}
+            patterns = {
+                "channel_key": r'(?:const|var|let)\s+(?:CHANNEL_KEY|channelKey)\s*=\s*["\']([^"\']+)["\']',
+                "auth_token": r'(?:const|var|let)\s+AUTH_TOKEN\s*=\s*["\']([^"\']+)["\']',
+                "auth_country": r'(?:const|var|let)\s+AUTH_COUNTRY\s*=\s*["\']([^"\']+)["\']',
+                "auth_ts": r'(?:const|var|let)\s+AUTH_TS\s*=\s*["\']([^"\']+)["\']',
+                "auth_expiry": r'(?:const|var|let)\s+AUTH_EXPIRY\s*=\s*["\']([^"\']+)["\']',
+            }
+            for key, pattern in patterns.items():
+                match = re.search(pattern, js)
+                params[key] = match.group(1) if match else None
+            return params
+
+        params = _extract_params(iframe_content)
         
-        return await super()._make_request(url, method, final_headers, **kwargs)
+        missing_params = [k for k, v in params.items() if not v]
+        if missing_params:
+            # This is not an error, just means it's not the new flow
+            raise ExtractorError(f"Not the new auth flow: missing params {missing_params}")
+
+        logger.info("New auth flow detected. Proceeding with POST auth.")
+        
+        # 1. Initial Auth POST
+        auth_url = 'https://security.newkso.ru/auth2.php'
+        # Use files parameter to force multipart/form-data which is required by the server
+        # (None, value) tells httpx to send it as a form field, not a file upload
+        multipart_data = {
+            'channelKey': (None, params["channel_key"]),
+            'country': (None, params["auth_country"]),
+            'timestamp': (None, params["auth_ts"]),
+            'expiry': (None, params["auth_expiry"]),
+            'token': (None, params["auth_token"]),
+        }
+
+        iframe_origin = f"https://{urlparse(iframe_url).netloc}"
+        auth_headers = headers.copy()
+        auth_headers.update({
+            'Accept': '*/*',
+            'Accept-Language': 'en-US,en;q=0.9',
+            'Origin': iframe_origin,
+            'Referer': iframe_url,
+            'Sec-Fetch-Dest': 'empty',
+            'Sec-Fetch-Mode': 'cors',
+            'Sec-Fetch-Site': 'cross-site',
+            'Priority': 'u=1, i',
+        })
+        
+        from mediaflow_proxy.utils.http_utils import create_httpx_client
+        try:
+            async with create_httpx_client(verify=False) as client:
+                # Note: using 'files' instead of 'data' to ensure multipart/form-data Content-Type
+                auth_resp = await client.post(auth_url, files=multipart_data, headers=auth_headers, timeout=12)
+                auth_resp.raise_for_status()
+                auth_data = auth_resp.json()
+                if not (auth_data.get("valid") or auth_data.get("success")):
+                    raise ExtractorError(f"Initial auth failed with response: {auth_data}")
+            logger.info("New auth flow: Initial auth successful.")
+        except Exception as e:
+            raise ExtractorError(f"New auth flow failed during initial auth POST: {e}")
+
+        # 2. Server Lookup
+        server_lookup_url = f"https://{urlparse(iframe_url).netloc}/server_lookup.js?channel_id={params['channel_key']}"
+        try:
+            # Use _make_request as it handles retries and expects JSON
+            lookup_resp = await self._make_request(server_lookup_url, headers=headers, timeout=10)
+            server_data = lookup_resp.json()
+            server_key = server_data.get('server_key')
+            if not server_key:
+                raise ExtractorError(f"No server_key in lookup response: {server_data}")
+            logger.info(f"New auth flow: Server lookup successful - Server key: {server_key}")
+        except Exception as e:
+            raise ExtractorError(f"New auth flow failed during server lookup: {e}")
+
+        # 3. Build final stream URL
+        channel_key = params['channel_key']
+        auth_token = params['auth_token']
+        # The JS logic uses .css, not .m3u8
+        if server_key == 'top1/cdn':
+            stream_url = f'https://top1.newkso.ru/top1/cdn/{channel_key}/mono.css'
+        else:
+            stream_url = f'https://{server_key}new.newkso.ru/{server_key}/{channel_key}/mono.css'
+        
+        logger.info(f'New auth flow: Constructed stream URL: {stream_url}')
+
+        stream_headers = {
+            'User-Agent': headers['User-Agent'],
+            'Referer': iframe_url,
+            'Origin': iframe_origin,
+            'Authorization': f'Bearer {auth_token}',
+            'X-Channel-Key': channel_key
+        }
+
+        return {
+            "destination_url": stream_url,
+            "request_headers": stream_headers,
+            "mediaflow_endpoint": "hls_manifest_proxy",
+        }
 
     async def extract(self, url: str, **kwargs) -> Dict[str, Any]:
-        """Extract DLHD stream URL and required headers (logica tvproxy adattata async, con fallback su endpoint alternativi)."""
-        from urllib.parse import urlparse, quote_plus
+        """Main extraction flow: resolve base, fetch players, extract iframe, auth and final m3u8."""
+        baseurl = "https://dlhd.dad/"
 
-        async def get_daddylive_base_url():
-            if self._cached_base_url:
-                return self._cached_base_url
-            try:
-                resp = await self._make_request("https://daddylive.sx/")
-                # resp.url is the final URL after redirects
-                base_url = str(resp.url)
-                if not base_url.endswith('/'):
-                    base_url += '/'
-                self._cached_base_url = base_url
-                return base_url
-            except Exception:
-                # Fallback to default if request fails
-                return "https://daddylive.sx/"
-
-        def extract_channel_id(url):
-            match_premium = re.search(r'/premium(\d+)/mono\.m3u8$', url)
-            if match_premium:
-                return match_premium.group(1)
-            # Handle both normal and URL-encoded patterns
-            match_player = re.search(r'/(?:watch|stream|cast|player)/stream-(\d+)\.php', url)
-            if match_player:
-                return match_player.group(1)
-            # Handle URL-encoded patterns like %2Fstream%2Fstream-123.php or just stream-123.php
-            match_encoded = re.search(r'(?:%2F|/)stream-(\d+)\.php', url, re.IGNORECASE)
-            if match_encoded:
-                return match_encoded.group(1)
-            # Handle direct stream- pattern without path
-            match_direct = re.search(r'stream-(\d+)\.php', url)
-            if match_direct:
-                return match_direct.group(1)
+        def extract_channel_id(u: str) -> Optional[str]:
+            match_watch_id = re.search(r'watch\.php\?id=(\d+)', u)
+            if match_watch_id:
+                return match_watch_id.group(1)
             return None
 
-        async def try_endpoint(baseurl, endpoint, channel_id):
-            stream_url = f"{baseurl}{endpoint}stream-{channel_id}.php"
+
+        async def get_stream_data(initial_url: str):
             daddy_origin = urlparse(baseurl).scheme + "://" + urlparse(baseurl).netloc
             daddylive_headers = {
                 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36',
                 'Referer': baseurl,
                 'Origin': daddy_origin
             }
-            # 1. Richiesta alla pagina stream/cast/player/watch
-            resp1 = await self._make_request(stream_url, headers=daddylive_headers)
-            # 2. Estrai link Player 2
-            iframes = re.findall(r'<a[^>]*href="([^"]+)"[^>]*>\s*<button[^>]*>\s*Player\s*2\s*</button>', resp1.text)
-            if not iframes:
-                raise ExtractorError("No Player 2 link found")
-            url2 = iframes[0]
-            url2 = baseurl + url2
-            url2 = url2.replace('//cast', '/cast')
-            daddylive_headers['Referer'] = url2
-            daddylive_headers['Origin'] = url2
-            # 3. Richiesta alla pagina Player 2
-            resp2 = await self._make_request(url2, headers=daddylive_headers)
-            # 4. Estrai iframe
-            iframes2 = re.findall(r'iframe src="([^"]*)', resp2.text)
-            if not iframes2:
-                raise ExtractorError("No iframe found in Player 2 page")
-            iframe_url = iframes2[0]
-            # Store iframe context for newkso.ru requests
-            self._iframe_context = iframe_url
-            resp3 = await self._make_request(iframe_url, headers=daddylive_headers)
-            iframe_content = resp3.text
-            # 5. Estrai parametri auth (robusto) - Handle both old and new formats
-            def extract_var_old_format(js, name):
-                # Try multiple patterns for variable extraction (old format)
-                patterns = [
-                    rf'var (?:__)?{name}\s*=\s*atob\("([^"]+)"\)',
-                    rf'var (?:__)?{name}\s*=\s*atob\(\'([^\']+)\'\)',
-                    rf'(?:var\s+)?(?:__)?{name}\s*=\s*atob\s*\(\s*["\']([^"\']+)["\']\s*\)',
-                    rf'(?:let|const)\s+(?:__)?{name}\s*=\s*atob\s*\(\s*["\']([^"\']+)["\']\s*\)'
-                ]
-                for pattern in patterns:
-                    m = re.search(pattern, js)
-                    if m:
-                        try:
-                            return base64.b64decode(m.group(1)).decode('utf-8')
-                        except Exception as decode_error:
-                            logger.warning(f"Failed to decode base64 for variable {name}: {decode_error}")
-                            continue
-                return None
-            
-            def extract_xjz_format(js):
-                """Extract parameters from the new XJZ base64-encoded JSON format."""
+
+
+            # 1. Request initial page
+            resp1 = await self._make_request(initial_url, headers=daddylive_headers, timeout=15)
+            player_links = re.findall(r'<button[^>]*data-url="([^"]+)"[^>]*>Player\s*\d+</button>', resp1.text)
+            if not player_links:
+                raise ExtractorError("No player links found on the page.")
+
+
+            # Prova tutti i player e raccogli tutti gli iframe validi
+            last_player_error = None
+            iframe_candidates = []
+
+            for player_url in player_links:
                 try:
-                    # Look for the XJZ variable assignment
-                    xjz_pattern = r'const\s+XJZ\s*=\s*["\']([^"\']+)["\']'
-                    match = re.search(xjz_pattern, js)
-                    if not match:
-                        return None
-                    xjz_b64 = match.group(1)
-                    import json
-                    # Decode the first base64 layer (JSON)
-                    xjz_json = base64.b64decode(xjz_b64).decode('utf-8')
-                    xjz_obj = json.loads(xjz_json)
-                    # Each value is also base64-encoded, decode each
-                    decoded = {}
-                    for k, v in xjz_obj.items():
-                        try:
-                            decoded[k] = base64.b64decode(v).decode('utf-8')
-                        except Exception as e:
-                            logger.warning(f"Failed to decode XJZ field {k}: {e}")
-                            decoded[k] = v
-                    return decoded
-                except Exception as e:
-                    logger.warning(f"Failed to extract XJZ format: {e}")
-                    return None
+                    if not player_url.startswith('http'):
+                        player_url = baseurl + player_url.lstrip('/')
 
-            def extract_bundle_format(js):
-                """Extract parameters from new BUNDLE format (legacy fallback)."""
+
+                    daddylive_headers['Referer'] = player_url
+                    daddylive_headers['Origin'] = player_url
+                    resp2 = await self._make_request(player_url, headers=daddylive_headers, timeout=12)
+                    iframes2 = re.findall(r'<iframe.*?src="([^"]*)"', resp2.text)
+
+                    # Raccogli tutti gli iframe trovati
+                    for iframe in iframes2:
+                        if iframe not in iframe_candidates:
+                            iframe_candidates.append(iframe)
+                            logger.info(f"Found iframe candidate: {iframe}")
+
+                except Exception as e:
+                    last_player_error = e
+                    logger.warning(f"Failed to process player link {player_url}: {e}")
+                    continue
+
+
+            if not iframe_candidates:
+                if last_player_error:
+                    raise ExtractorError(f"All player links failed. Last error: {last_player_error}")
+                raise ExtractorError("No valid iframe found in any player page")
+
+
+            # Prova ogni iframe finché uno non funziona
+            last_iframe_error = None
+
+            for iframe_candidate in iframe_candidates:
                 try:
-                    bundle_patterns = [
-                        r'const\s+BUNDLE\s*=\s*["\']([^"\']+)["\']',
-                        r'var\s+BUNDLE\s*=\s*["\']([^"\']+)["\']',
-                        r'let\s+BUNDLE\s*=\s*["\']([^"\']+)["\']'
-                    ]
-                    bundle_data = None
-                    for pattern in bundle_patterns:
-                        match = re.search(pattern, js)
-                        if match:
-                            bundle_data = match.group(1)
-                            break
-                    if not bundle_data:
-                        return None
-                    import json
-                    bundle_json = base64.b64decode(bundle_data).decode('utf-8')
-                    bundle_obj = json.loads(bundle_json)
-                    decoded_bundle = {}
-                    for key, value in bundle_obj.items():
-                        try:
-                            decoded_bundle[key] = base64.b64decode(value).decode('utf-8')
-                        except Exception as e:
-                            logger.warning(f"Failed to decode bundle field {key}: {e}")
-                            decoded_bundle[key] = value
-                    return decoded_bundle
+                    logger.info(f"Trying iframe: {iframe_candidate}")
+
+                    iframe_domain = urlparse(iframe_candidate).netloc
+                    if not iframe_domain:
+                        logger.warning(f"Invalid iframe URL format: {iframe_candidate}")
+                        continue
+
+                    self._iframe_context = iframe_candidate
+                    resp3 = await self._make_request(iframe_candidate, headers=daddylive_headers, timeout=12)
+                    iframe_content = resp3.text
+                    logger.info(f"Successfully loaded iframe from: {iframe_domain}")
+
+                    if 'lovecdn.ru' in iframe_domain:
+                        logger.info("Detected lovecdn.ru iframe - using alternative extraction")
+                        return await self._extract_lovecdn_stream(iframe_candidate, iframe_content, daddylive_headers)
+                    else:
+                        logger.info("Attempting new auth flow extraction.")
+                        return await self._extract_new_auth_flow(iframe_candidate, iframe_content, daddylive_headers)
+
                 except Exception as e:
-                    logger.warning(f"Failed to extract bundle format: {e}")
-                    return None
-            
-            # Try multiple patterns for channel key extraction
-            channel_key = None
-            channel_key_patterns = [
-                r'const\s+CHANNEL_KEY\s*=\s*["\']([^"\']+)["\']',
-                r'var\s+CHANNEL_KEY\s*=\s*["\']([^"\']+)["\']',
-                r'let\s+CHANNEL_KEY\s*=\s*["\']([^"\']+)["\']',
-                r'channelKey\s*=\s*["\']([^"\']+)["\']',
-                r'var\s+channelKey\s*=\s*["\']([^"\']+)["\']',
-                r'(?:let|const)\s+channelKey\s*=\s*["\']([^"\']+)["\']'
-            ]
-            for pattern in channel_key_patterns:
-                match = re.search(pattern, iframe_content)
-                if match:
-                    channel_key = match.group(1)
-                    break
-            
-            # Try new XJZ format first
-            xjz_data = extract_xjz_format(iframe_content)
-            if xjz_data:
-                logger.info("Using new XJZ format for parameter extraction")
-                auth_host = xjz_data.get('b_host')
-                auth_php = xjz_data.get('b_script')
-                auth_ts = xjz_data.get('b_ts')
-                auth_rnd = xjz_data.get('b_rnd')
-                auth_sig = xjz_data.get('b_sig')
-                logger.debug(f"XJZ data extracted: {xjz_data}")
-            else:
-                # Try bundle format (legacy fallback)
-                bundle_data = extract_bundle_format(iframe_content)
-                if bundle_data:
-                    logger.info("Using BUNDLE format for parameter extraction")
-                    auth_host = bundle_data.get('b_host')
-                    auth_php = bundle_data.get('b_script')
-                    auth_ts = bundle_data.get('b_ts')
-                    auth_rnd = bundle_data.get('b_rnd')
-                    auth_sig = bundle_data.get('b_sig')
-                    logger.debug(f"Bundle data extracted: {bundle_data}")
-                else:
-                    logger.info("Falling back to old format for parameter extraction")
-                    # Fall back to old format
-                    auth_ts = extract_var_old_format(iframe_content, 'c')
-                    auth_rnd = extract_var_old_format(iframe_content, 'd')
-                    auth_sig = extract_var_old_format(iframe_content, 'e')
-                    auth_host = extract_var_old_format(iframe_content, 'a')
-                    auth_php = extract_var_old_format(iframe_content, 'b')
+                    logger.warning(f"Failed to process iframe {iframe_candidate}: {e}")
+                    last_iframe_error = e
+                    continue
 
-            # Log what we found for debugging
-            logger.debug(f"Extracted parameters: channel_key={channel_key}, auth_ts={auth_ts}, auth_rnd={auth_rnd}, auth_sig={auth_sig}, auth_host={auth_host}, auth_php={auth_php}")
+            raise ExtractorError(f"All iframe candidates failed. Last error: {last_iframe_error}")
 
-            # Check which parameters are missing
-            missing_params = []
-            if not channel_key:
-                missing_params.append('channel_key/CHANNEL_KEY')
-            if not auth_ts:
-                missing_params.append('auth_ts (var c / b_ts)')
-            if not auth_rnd:
-                missing_params.append('auth_rnd (var d / b_rnd)')
-            if not auth_sig:
-                missing_params.append('auth_sig (var e / b_sig)')
-            if not auth_host:
-                missing_params.append('auth_host (var a / b_host)')
-            if not auth_php:
-                missing_params.append('auth_php (var b / b_script)')
-
-            if missing_params:
-                logger.error(f"Missing parameters: {', '.join(missing_params)}")
-                # Log a portion of the iframe content for debugging (first 2000 chars)
-                logger.debug(f"Iframe content sample: {iframe_content[:2000]}")
-                raise ExtractorError(f"Error extracting parameters: missing {', '.join(missing_params)}")
-            auth_sig = quote_plus(auth_sig)
-            # 6. Richiesta auth
-            # Se il sito fornisce ancora /a.php ma ora serve /auth.php, sostituisci
-            # Normalize and robustly replace any variant of a.php with /auth.php
-            if auth_php:
-                normalized_auth_php = auth_php.strip().lstrip('/')
-                if normalized_auth_php == 'a.php':
-                    logger.info("Sostituisco qualunque variante di a.php con /auth.php per compatibilità.")
-                    auth_php = '/auth.php'
-            # Unisci host e script senza doppio slash
-            if auth_host.endswith('/') and auth_php.startswith('/'):
-                auth_url = f'{auth_host[:-1]}{auth_php}'
-            elif not auth_host.endswith('/') and not auth_php.startswith('/'):
-                auth_url = f'{auth_host}/{auth_php}'
-            else:
-                auth_url = f'{auth_host}{auth_php}'
-            auth_url = f'{auth_url}?channel_id={channel_key}&ts={auth_ts}&rnd={auth_rnd}&sig={auth_sig}'
-            auth_resp = await self._make_request(auth_url, headers=daddylive_headers)
-            # 7. Lookup server - Extract host parameter
-            host = None
-            host_patterns = [
-                r'(?s)m3u8 =.*?:.*?:.*?".*?".*?"([^"]*)',  # Original pattern
-                r'm3u8\s*=.*?"([^"]*)"',  # Simplified m3u8 pattern
-                r'host["\']?\s*[:=]\s*["\']([^"\']*)',  # host: or host= pattern
-                r'["\']([^"\']*\.newkso\.ru[^"\']*)',  # Direct newkso.ru pattern
-                r'["\']([^"\']*\/premium\d+[^"\']*)',  # premium path pattern
-                r'url.*?["\']([^"\']*newkso[^"\']*)',  # URL with newkso
-            ]
-            
-            for pattern in host_patterns:
-                matches = re.findall(pattern, iframe_content)
-                if matches:
-                    host = matches[0]
-                    logger.debug(f"Found host with pattern '{pattern}': {host}")
-                    break
-            
-            if not host:
-                logger.error("Failed to extract host from iframe content")
-                logger.debug(f"Iframe content for host extraction: {iframe_content[:2000]}")
-                # Try to find any newkso.ru related URLs
-                potential_hosts = re.findall(r'["\']([^"\']*newkso[^"\']*)', iframe_content)
-                if potential_hosts:
-                    logger.debug(f"Potential host URLs found: {potential_hosts}")
-                raise ExtractorError("Failed to extract host parameter")
-            
-            # Extract server lookup URL from fetchWithRetry call (dynamic extraction)
-            server_lookup = None
-            
-            # Look for the server_lookup.php pattern in JavaScript
-            if "fetchWithRetry('/server_lookup.php?channel_id='" in iframe_content:
-                server_lookup = '/server_lookup.php?channel_id='
-                logger.debug('Found server lookup URL: /server_lookup.php?channel_id=')
-            elif '/server_lookup.php' in iframe_content:
-                # Try to extract the full path
-                js_lines = iframe_content.split('\n')
-                for js_line in js_lines:
-                    if 'server_lookup.php' in js_line and 'fetchWithRetry' in js_line:
-                        # Extract the URL from the fetchWithRetry call
-                        start = js_line.find("'")
-                        if start != -1:
-                            end = js_line.find("'", start + 1)
-                            if end != -1:
-                                potential_url = js_line[start+1:end]
-                                if 'server_lookup' in potential_url:
-                                    server_lookup = potential_url
-                                    logger.debug(f'Extracted server lookup URL: {server_lookup}')
-                                    break
-            
-            if not server_lookup:
-                logger.error('Failed to extract server lookup URL from iframe content')
-                logger.debug(f'Iframe content sample: {iframe_content[:2000]}')
-                raise ExtractorError('Failed to extract server lookup URL')
-            
-            server_lookup_url = f"https://{urlparse(iframe_url).netloc}{server_lookup}{channel_key}"
-            logger.debug(f"Server lookup URL: {server_lookup_url}")
-            
-            try:
-                lookup_resp = await self._make_request(server_lookup_url, headers=daddylive_headers)
-                server_data = lookup_resp.json()
-                server_key = server_data.get('server_key')
-                if not server_key:
-                    logger.error(f"No server_key in response: {server_data}")
-                    raise ExtractorError("Failed to get server key from lookup response")
-                
-                logger.info(f"Server lookup successful - Server key: {server_key}")
-            except Exception as lookup_error:
-                logger.error(f"Server lookup request failed: {lookup_error}")
-                raise ExtractorError(f"Server lookup failed: {str(lookup_error)}")
-            
-            referer_raw = f'https://{urlparse(iframe_url).netloc}'
-            
-            # Extract URL construction logic dynamically from JavaScript
-            # Simple approach: look for newkso.ru URLs and construct based on server_key
-            
-            # Check if we have the special case server_key
-            if server_key == 'top1/cdn':
-                clean_m3u8_url = f'https://top1.newkso.ru/top1/cdn/{channel_key}/mono.m3u8'
-                logger.info(f'Using special case URL for server_key \'top1/cdn\': {clean_m3u8_url}')
-            else:
-                clean_m3u8_url = f'https://{server_key}new.newkso.ru/{server_key}/{channel_key}/mono.m3u8'
-                logger.info(f'Using general case URL for server_key \'{server_key}\': {clean_m3u8_url}')
-            
-            logger.info(f'Generated stream URL: {clean_m3u8_url}')
-            logger.debug(f'Server key: {server_key}, Channel key: {channel_key}')
-            
-            # Check if the final stream URL is on newkso.ru domain
-            if "newkso.ru" in clean_m3u8_url:
-                # For newkso.ru streams, use iframe URL as referer
-                stream_headers = {
-                    'User-Agent': daddylive_headers['User-Agent'],
-                    'Referer': iframe_url,
-                    'Origin': referer_raw
-                }
-                logger.info(f"Applied iframe-specific headers for newkso.ru stream URL: {clean_m3u8_url}")
-                logger.debug(f"Stream headers for newkso.ru: {stream_headers}")
-            else:
-                # For other domains, use the original logic
-                stream_headers = {
-                    'User-Agent': daddylive_headers['User-Agent'],
-                    'Referer': referer_raw,
-                    'Origin': referer_raw
-                }
-            return {
-                "destination_url": clean_m3u8_url,
-                "request_headers": stream_headers,
-                "mediaflow_endpoint": self.mediaflow_endpoint,
-            }
 
         try:
-            clean_url = url
-            channel_id = extract_channel_id(clean_url)
+            channel_id = extract_channel_id(url)
             if not channel_id:
-                raise ExtractorError(f"Unable to extract channel ID from {clean_url}")
+                raise ExtractorError(f"Unable to extract channel ID from {url}")
+
+            logger.info(f"Using base domain: {baseurl}")
+            return await get_stream_data(url)
+
 
-            baseurl = await get_daddylive_base_url()
-            endpoints = ["stream/", "cast/", "player/", "watch/"]
-            last_exc = None
-            for endpoint in endpoints:
-                try:
-                    return await try_endpoint(baseurl, endpoint, channel_id)
-                except Exception as exc:
-                    last_exc = exc
-                    continue
-            raise ExtractorError(f"Extraction failed: {str(last_exc)}")
         except Exception as e:
             raise ExtractorError(f"Extraction failed: {str(e)}")
-
-    async def _lookup_server(
-        self, lookup_url_base: str, auth_url_base: str, auth_data: Dict[str, str], headers: Dict[str, str]
-    ) -> str:
-        """Lookup server information and generate stream URL."""
-        try:
-            # Construct server lookup URL
-            server_lookup_url = f"{lookup_url_base}/server_lookup.php?channel_id={quote(auth_data['channel_key'])}"
-
-            # Make server lookup request
-            server_response = await self._make_request(server_lookup_url, headers=headers)
-
-            server_data = server_response.json()
-            server_key = server_data.get("server_key")
-
-            if not server_key:
-                raise ExtractorError("Failed to get server key")
-
-            # Extract domain parts from auth URL for constructing stream URL
-            auth_domain_parts = urlparse(auth_url_base).netloc.split(".")
-            domain_suffix = ".".join(auth_domain_parts[1:]) if len(auth_domain_parts) > 1 else auth_domain_parts[0]
-
-            # Generate the m3u8 URL based on server response pattern
-            if "/" in server_key:
-                # Handle special case like "top1/cdn"
-                parts = server_key.split("/")
-                return f"https://{parts[0]}.{domain_suffix}/{server_key}/{auth_data['channel_key']}/mono.m3u8"
-            else:
-                # Handle normal case
-                return f"https://{server_key}new.{domain_suffix}/{server_key}/{auth_data['channel_key']}/mono.m3u8"
-
-        except Exception as e:
-            raise ExtractorError(f"Server lookup failed: {str(e)}")
-
-    def _extract_auth_data(self, html_content: str) -> Dict[str, str]:
-        """Extract authentication data from player page."""
-        try:
-            channel_key_match = re.search(r'var\s+channelKey\s*=\s*["\']([^"\']+)["\']', html_content)
-            if not channel_key_match:
-                return {}
-            channel_key = channel_key_match.group(1)
-
-            # New pattern with atob
-            auth_ts_match = re.search(r'var\s+__c\s*=\s*atob\([\'"]([^\'"]+)[\'"]\)', html_content)
-            auth_rnd_match = re.search(r'var\s+__d\s*=\s*atob\([\'"]([^\'"]+)[\'"]\)', html_content)
-            auth_sig_match = re.search(r'var\s+__e\s*=\s*atob\([\'"]([^\'"]+)[\'"]\)', html_content)
-
-            if auth_ts_match and auth_rnd_match and auth_sig_match:
-                return {
-                    "channel_key": channel_key,
-                    "auth_ts": base64.b64decode(auth_ts_match.group(1)).decode("utf-8"),
-                    "auth_rnd": base64.b64decode(auth_rnd_match.group(1)).decode("utf-8"),
-                    "auth_sig": base64.b64decode(auth_sig_match.group(1)).decode("utf-8"),
-                }
-
-            # Original pattern
-            auth_ts_match = re.search(r'var\s+authTs\s*=\s*["\']([^"\']+)["\']', html_content)
-            auth_rnd_match = re.search(r'var\s+authRnd\s*=\s*["\']([^"\']+)["\']', html_content)
-            auth_sig_match = re.search(r'var\s+authSig\s*=\s*["\']([^"\']+)["\']', html_content)
-
-            if auth_ts_match and auth_rnd_match and auth_sig_match:
-                return {
-                    "channel_key": channel_key,
-                    "auth_ts": auth_ts_match.group(1),
-                    "auth_rnd": auth_rnd_match.group(1),
-                    "auth_sig": auth_sig_match.group(1),
-                }
-            return {}
-        except Exception:
-            return {}
-
-    def _extract_auth_url_base(self, html_content: str) -> Optional[str]:
-        """Extract auth URL base from player page script content."""
-        try:
-            # New atob pattern for auth base URL
-            auth_url_base_match = re.search(r'var\s+__a\s*=\s*atob\([\'"]([^\'"]+)[\'"]\)', html_content)
-            if auth_url_base_match:
-                decoded_url = base64.b64decode(auth_url_base_match.group(1)).decode("utf-8")
-                return decoded_url.strip().rstrip("/")
-
-            # Look for auth URL or domain in fetchWithRetry call or similar patterns
-            auth_url_match = re.search(r'fetchWithRetry\([\'"]([^\'"]*/auth\.php)', html_content)
-
-            if auth_url_match:
-                auth_url = auth_url_match.group(1)
-                # Extract base URL up to the auth.php part
-                return auth_url.split("/auth.php")[0]
-
-            # Try finding domain directly
-            domain_match = re.search(r'[\'"]https://([^/\'\"]+)(?:/[^\'\"]*)?/auth\.php', html_content)
-
-            if domain_match:
-                return f"https://{domain_match.group(1)}"
-
-            return None
-        except Exception:
-            return None
-
-    def _get_origin(self, url: str) -> str:
-        """Extract origin from URL."""
-        parsed = urlparse(url)
-        return f"{parsed.scheme}://{parsed.netloc}"
-
-    def _derive_auth_url_base(self, player_domain: str) -> Optional[str]:
-        """Attempt to derive auth URL base from player domain."""
-        try:
-            # Typical pattern is to use a subdomain for auth domain
-            parsed = urlparse(player_domain)
-            domain_parts = parsed.netloc.split(".")
-
-            # Get the top-level domain and second-level domain
-            if len(domain_parts) >= 2:
-                base_domain = ".".join(domain_parts[-2:])
-                # Try common subdomains for auth
-                for prefix in ["auth", "api", "cdn"]:
-                    potential_auth_domain = f"https://{prefix}.{base_domain}"
-                    return potential_auth_domain
-
-            return None
-        except Exception:
-            return None
diff --git a/mediaflow_proxy/extractors/factory.py b/mediaflow_proxy/extractors/factory.py
index f9b1ba1..042f3ac 100644
--- a/mediaflow_proxy/extractors/factory.py
+++ b/mediaflow_proxy/extractors/factory.py
@@ -3,17 +3,27 @@ from typing import Dict, Type
 from mediaflow_proxy.extractors.base import BaseExtractor, ExtractorError
 from mediaflow_proxy.extractors.dlhd import DLHDExtractor
 from mediaflow_proxy.extractors.doodstream import DoodStreamExtractor
+from mediaflow_proxy.extractors.sportsonline import SportsonlineExtractor
 from mediaflow_proxy.extractors.filelions import FileLionsExtractor
+from mediaflow_proxy.extractors.filemoon import FileMoonExtractor
+from mediaflow_proxy.extractors.F16Px import F16PxExtractor
 from mediaflow_proxy.extractors.livetv import LiveTVExtractor
+from mediaflow_proxy.extractors.lulustream import LuluStreamExtractor
 from mediaflow_proxy.extractors.maxstream import MaxstreamExtractor
 from mediaflow_proxy.extractors.mixdrop import MixdropExtractor
 from mediaflow_proxy.extractors.okru import OkruExtractor
 from mediaflow_proxy.extractors.streamtape import StreamtapeExtractor
+from mediaflow_proxy.extractors.streamwish import StreamWishExtractor
 from mediaflow_proxy.extractors.supervideo import SupervideoExtractor
+from mediaflow_proxy.extractors.turbovidplay import TurboVidPlayExtractor
 from mediaflow_proxy.extractors.uqload import UqloadExtractor
 from mediaflow_proxy.extractors.vavoo import VavooExtractor
+from mediaflow_proxy.extractors.vidmoly import VidmolyExtractor
+from mediaflow_proxy.extractors.vidoza import VidozaExtractor
 from mediaflow_proxy.extractors.vixcloud import VixCloudExtractor
 from mediaflow_proxy.extractors.fastream import FastreamExtractor
+from mediaflow_proxy.extractors.voe import VoeExtractor
+
 
 class ExtractorFactory:
     """Factory for creating URL extractors."""
@@ -21,17 +31,26 @@ class ExtractorFactory:
     _extractors: Dict[str, Type[BaseExtractor]] = {
         "Doodstream": DoodStreamExtractor,
         "FileLions": FileLionsExtractor,
+        "FileMoon": FileMoonExtractor,
+        "F16Px": F16PxExtractor,
         "Uqload": UqloadExtractor,
         "Mixdrop": MixdropExtractor,
         "Streamtape": StreamtapeExtractor,
+        "StreamWish": StreamWishExtractor,
         "Supervideo": SupervideoExtractor,
+        "TurboVidPlay": TurboVidPlayExtractor,
         "VixCloud": VixCloudExtractor,
         "Okru": OkruExtractor,
         "Maxstream": MaxstreamExtractor,
         "LiveTV": LiveTVExtractor,
+        "LuluStream": LuluStreamExtractor,
         "DLHD": DLHDExtractor,
         "Vavoo": VavooExtractor,
-        "Fastream": FastreamExtractor
+        "Vidmoly": VidmolyExtractor,
+        "Vidoza": VidozaExtractor,
+        "Fastream": FastreamExtractor,
+        "Voe": VoeExtractor,
+        "Sportsonline": SportsonlineExtractor,
     }
 
     @classmethod
diff --git a/mediaflow_proxy/extractors/filelions.py b/mediaflow_proxy/extractors/filelions.py
index 6f68763..25271ed 100644
--- a/mediaflow_proxy/extractors/filelions.py
+++ b/mediaflow_proxy/extractors/filelions.py
@@ -12,7 +12,8 @@ class FileLionsExtractor(BaseExtractor):
         headers  = {}
         patterns = [ # See https://github.com/Gujal00/ResolveURL/blob/master/script.module.resolveurl/lib/resolveurl/plugins/filelions.py
             r'''sources:\s*\[{file:\s*["'](?P<url>[^"']+)''',
-            r'''["']hls[24]["']:\s*["'](?P<url>[^"']+)'''
+            r'''["']hls4["']:\s*["'](?P<url>[^"']+)''',
+            r'''["']hls2["']:\s*["'](?P<url>[^"']+)'''
         ]
 
         final_url = await eval_solver(self, url, headers, patterns)
diff --git a/mediaflow_proxy/extractors/filemoon.py b/mediaflow_proxy/extractors/filemoon.py
new file mode 100644
index 0000000..808042a
--- /dev/null
+++ b/mediaflow_proxy/extractors/filemoon.py
@@ -0,0 +1,52 @@
+import re
+from typing import Dict, Any
+from urllib.parse import urlparse, urljoin
+
+from mediaflow_proxy.extractors.base import BaseExtractor, ExtractorError
+from mediaflow_proxy.utils.packed import eval_solver
+
+
+class FileMoonExtractor(BaseExtractor):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.mediaflow_endpoint = "hls_manifest_proxy"
+
+    async def extract(self, url: str, **kwargs) -> Dict[str, Any]:
+        response = await self._make_request(url)
+
+        pattern = r'iframe.*?src=["\'](.*?)["\']'
+        match = re.search(pattern, response.text, re.DOTALL)
+        if not match:
+            raise ExtractorError("Failed to extract iframe URL")
+
+        iframe_url = match.group(1)
+
+        parsed = urlparse(str(response.url))
+        base_url = f"{parsed.scheme}://{parsed.netloc}"
+
+        if iframe_url.startswith("//"):
+            iframe_url = f"{parsed.scheme}:{iframe_url}"
+        elif not urlparse(iframe_url).scheme:
+            iframe_url = urljoin(base_url, iframe_url)
+
+        headers = {"Referer": url}
+        patterns = [r'file:"(.*?)"']
+
+        final_url = await eval_solver(
+            self,
+            iframe_url,
+            headers,
+            patterns,
+        )
+
+        test_resp = await self._make_request(final_url, headers=headers)
+        if test_resp.status_code == 404:
+            raise ExtractorError("Stream not found (404)")
+
+        self.base_headers["referer"] = url
+
+        return {
+            "destination_url": final_url,
+            "request_headers": self.base_headers,
+            "mediaflow_endpoint": self.mediaflow_endpoint,
+        }
diff --git a/mediaflow_proxy/extractors/lulustream.py b/mediaflow_proxy/extractors/lulustream.py
new file mode 100644
index 0000000..4c1d4c9
--- /dev/null
+++ b/mediaflow_proxy/extractors/lulustream.py
@@ -0,0 +1,27 @@
+import re
+from typing import Dict, Any
+
+from mediaflow_proxy.extractors.base import BaseExtractor, ExtractorError
+
+
+class LuluStreamExtractor(BaseExtractor):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.mediaflow_endpoint = "hls_manifest_proxy"
+
+    async def extract(self, url: str, **kwargs) -> Dict[str, Any]:
+        response = await self._make_request(url)
+
+        # See https://github.com/Gujal00/ResolveURL/blob/master/script.module.resolveurl/lib/resolveurl/plugins/lulustream.py
+        pattern = r'''sources:\s*\[{file:\s*["'](?P<url>[^"']+)'''
+        match = re.search(pattern, response.text, re.DOTALL)
+        if not match:
+            raise ExtractorError("Failed to extract source URL")
+        final_url = match.group(1)
+
+        self.base_headers["referer"] = url
+        return {
+            "destination_url": final_url,
+            "request_headers": self.base_headers,
+            "mediaflow_endpoint": self.mediaflow_endpoint,
+        }
diff --git a/mediaflow_proxy/extractors/sportsonline.py b/mediaflow_proxy/extractors/sportsonline.py
new file mode 100644
index 0000000..f1c3b90
--- /dev/null
+++ b/mediaflow_proxy/extractors/sportsonline.py
@@ -0,0 +1,195 @@
+import re
+import logging
+from typing import Any, Dict, Optional
+from urllib.parse import urlparse
+
+from mediaflow_proxy.extractors.base import BaseExtractor, ExtractorError
+from mediaflow_proxy.utils.packed import detect, unpack
+
+logger = logging.getLogger(__name__)
+
+
+class SportsonlineExtractor(BaseExtractor):
+    """Sportsonline/Sportzonline URL extractor for M3U8 streams.
+
+    Strategy:
+    1. Fetch page -> find first <iframe src="...">
+    2. Fetch iframe with Referer=https://sportzonline.st/
+    3. Collect packed eval blocks; if >=2 use second (index 1) else first.
+    4. Unpack P.A.C.K.E.R. and search var src="...m3u8".
+    5. Return final m3u8 with referer header.
+
+    Notes:
+    - Multi-domain support for sportzonline.(st|bz|cc|top) and sportsonline.(si|sn)
+    - Uses P.A.C.K.E.R. unpacking from utils.packed module
+    - Returns streams suitable for hls_manifest_proxy endpoint
+    """
+
+    def __init__(self, request_headers: dict):
+        super().__init__(request_headers)
+        self.mediaflow_endpoint = "hls_manifest_proxy"
+
+    def _detect_packed_blocks(self, html: str) -> list[str]:
+        """
+        Detect and extract packed eval blocks from HTML.
+        Replicates the TypeScript logic: /eval\(function(.+?.+)/g
+        """
+        # Find all eval(function...) blocks - more greedy to capture full packed code
+        pattern = re.compile(r"eval\(function\(p,a,c,k,e,.*?\)\)(?:\s*;|\s*<)", re.DOTALL)
+        raw_matches = pattern.findall(html)
+        
+        # If no matches with the strict pattern, try a more relaxed one
+        if not raw_matches:
+            # Try to find eval(function and capture until we find the closing ))
+            pattern = re.compile(r"eval\(function\(p,a,c,k,e,[dr]\).*?\}\(.*?\)\)", re.DOTALL)
+            raw_matches = pattern.findall(html)
+        
+        return raw_matches
+
+    async def extract(self, url: str, **kwargs) -> Dict[str, Any]:
+        """Main extraction flow: fetch page, extract iframe, unpack and find m3u8."""
+        try:
+            # Step 1: Fetch main page
+            logger.info(f"Fetching main page: {url}")
+            main_response = await self._make_request(url, timeout=15)
+            main_html = main_response.text
+
+            # Extract first iframe
+            iframe_match = re.search(r'<iframe\s+src=["\']([^"\']+)["\']', main_html, re.IGNORECASE)
+            if not iframe_match:
+                raise ExtractorError("No iframe found on the page")
+
+            iframe_url = iframe_match.group(1)
+            
+            # Normalize iframe URL
+            if iframe_url.startswith('//'):
+                iframe_url = 'https:' + iframe_url
+            elif iframe_url.startswith('/'):
+                parsed_main = urlparse(url)
+                iframe_url = f"{parsed_main.scheme}://{parsed_main.netloc}{iframe_url}"
+            
+            logger.info(f"Found iframe URL: {iframe_url}")
+
+            # Step 2: Fetch iframe with Referer
+            iframe_headers = {
+                'Referer': 'https://sportzonline.st/',
+                'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0 Safari/537.36',
+                'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+                'Accept-Language': 'en-US,en;q=0.9,it;q=0.8',
+                'Cache-Control': 'no-cache'
+            }
+            
+            iframe_response = await self._make_request(iframe_url, headers=iframe_headers, timeout=15)
+            iframe_html = iframe_response.text
+
+            logger.debug(f"Iframe HTML length: {len(iframe_html)}")
+
+            # Step 3: Detect packed blocks
+            packed_blocks = self._detect_packed_blocks(iframe_html)
+            
+            logger.info(f"Found {len(packed_blocks)} packed blocks")
+            
+            if not packed_blocks:
+                logger.warning("No packed blocks found, trying direct m3u8 search")
+                # Fallback: try direct m3u8 search
+                direct_match = re.search(r'(https?://[^\s"\'>]+\.m3u8[^\s"\'>]*)', iframe_html)
+                if direct_match:
+                    m3u8_url = direct_match.group(1)
+                    logger.info(f"Found direct m3u8 URL: {m3u8_url}")
+                    
+                    return {
+                        "destination_url": m3u8_url,
+                        "request_headers": {
+                            'Referer': iframe_url,
+                            'User-Agent': iframe_headers['User-Agent']
+                        },
+                        "mediaflow_endpoint": self.mediaflow_endpoint,
+                    }
+                else:
+                    raise ExtractorError("No packed blocks or direct m3u8 URL found")
+
+            logger.info(f"Found {len(packed_blocks)} packed blocks")
+
+            # Choose block: if >=2 use second (index 1), else first (index 0)
+            chosen_idx = 1 if len(packed_blocks) > 1 else 0
+            m3u8_url = None
+            unpacked_code = None
+
+            logger.info(f"Chosen packed block index: {chosen_idx}")
+
+            # Try to unpack chosen block
+            try:
+                unpacked_code = unpack(packed_blocks[chosen_idx])
+                logger.info(f"Successfully unpacked block {chosen_idx}")
+                logger.debug(f"Unpacked code preview: {unpacked_code[:500] if unpacked_code else 'empty'}")
+            except Exception as e:
+                logger.warning(f"Failed to unpack block {chosen_idx}: {e}")
+
+            # Search for var src="...m3u8" with multiple patterns
+            if unpacked_code:
+                # Try multiple patterns as in the TypeScript version
+                patterns = [
+                    r'var\s+src\s*=\s*["\']([^"\']+)["\']',  # var src="..."
+                    r'src\s*=\s*["\']([^"\']+\.m3u8[^"\']*)["\']',  # src="...m3u8"
+                    r'file\s*:\s*["\']([^"\']+\.m3u8[^"\']*)["\']',  # file: "...m3u8"
+                    r'["\']([^"\']*https?://[^"\']+\.m3u8[^"\']*)["\']',  # any m3u8 URL
+                ]
+                
+                for pattern in patterns:
+                    src_match = re.search(pattern, unpacked_code)
+                    if src_match:
+                        m3u8_url = src_match.group(1)
+                        # Verify it looks like a valid m3u8 URL
+                        if '.m3u8' in m3u8_url or 'http' in m3u8_url:
+                            break
+                        m3u8_url = None
+
+            # If not found, try all other blocks
+            if not m3u8_url:
+                logger.info("m3u8 not found in chosen block, trying all blocks")
+                for i, block in enumerate(packed_blocks):
+                    if i == chosen_idx:
+                        continue
+                    try:
+                        unpacked_code = unpack(block)
+                        # Use the same patterns as above
+                        for pattern in [
+                            r'var\s+src\s*=\s*["\']([^"\']+)["\']',
+                            r'src\s*=\s*["\']([^"\']+\.m3u8[^"\']*)["\']',
+                            r'file\s*:\s*["\']([^"\']+\.m3u8[^"\']*)["\']',
+                            r'["\']([^"\']*https?://[^"\']+\.m3u8[^"\']*)["\']',
+                        ]:
+                            src_match = re.search(pattern, unpacked_code)
+                            if src_match:
+                                test_url = src_match.group(1)
+                                if '.m3u8' in test_url or 'http' in test_url:
+                                    m3u8_url = test_url
+                                    logger.info(f"Found m3u8 in block {i}")
+                                    break
+                        
+                        if m3u8_url:
+                            break
+                    except Exception as e:
+                        logger.debug(f"Failed to process block {i}: {e}")
+                        continue
+
+            if not m3u8_url:
+                raise ExtractorError("Could not extract m3u8 URL from packed code")
+
+            logger.info(f"Successfully extracted m3u8 URL: {m3u8_url}")
+
+            # Return stream configuration
+            return {
+                "destination_url": m3u8_url,
+                "request_headers": {
+                    'Referer': iframe_url,
+                    'User-Agent': iframe_headers['User-Agent']
+                },
+                "mediaflow_endpoint": self.mediaflow_endpoint,
+            }
+
+        except ExtractorError:
+            raise
+        except Exception as e:
+            logger.exception(f"Sportsonline extraction failed for {url}")
+            raise ExtractorError(f"Extraction failed: {str(e)}")
diff --git a/mediaflow_proxy/extractors/streamwish.py b/mediaflow_proxy/extractors/streamwish.py
new file mode 100644
index 0000000..51c665a
--- /dev/null
+++ b/mediaflow_proxy/extractors/streamwish.py
@@ -0,0 +1,81 @@
+import re
+from typing import Dict, Any
+from urllib.parse import urljoin, urlparse
+
+from mediaflow_proxy.extractors.base import BaseExtractor, ExtractorError
+from mediaflow_proxy.utils.packed import eval_solver
+
+
+class StreamWishExtractor(BaseExtractor):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.mediaflow_endpoint = "hls_manifest_proxy"
+
+    async def extract(self, url: str, **_kwargs: Any) -> Dict[str, Any]:
+        referer = self.base_headers.get("Referer")
+        if not referer:
+            parsed = urlparse(url)
+            referer = f"{parsed.scheme}://{parsed.netloc}/"
+
+        headers = {"Referer": referer}
+        response = await self._make_request(url, headers=headers)
+        
+        iframe_match = re.search(
+            r'<iframe[^>]+src=["\']([^"\']+)["\']',
+            response.text,
+            re.DOTALL
+        )
+        iframe_url = urljoin(url, iframe_match.group(1)) if iframe_match else url
+
+        iframe_response = await self._make_request(
+            iframe_url,
+            headers=headers
+        )
+        html = iframe_response.text
+
+        final_url = self._extract_m3u8(html)
+
+        if not final_url and "eval(function(p,a,c,k,e,d)" in html:
+            try:
+                final_url = await eval_solver(
+                    self,
+                    iframe_url,
+                    headers,
+                    [
+                        # absolute m3u8
+                        r'(https?://[^"\']+\.m3u8[^"\']*)',
+                        # relative stream paths
+                        r'(\/stream\/[^"\']+\.m3u8[^"\']*)',
+                    ],
+                )
+            except Exception:
+                final_url = None
+
+        if not final_url:
+            raise ExtractorError("StreamWish: Failed to extract m3u8")
+
+        if final_url.startswith("/"):
+            final_url = urljoin(iframe_url, final_url)
+
+        origin = f"{urlparse(referer).scheme}://{urlparse(referer).netloc}"
+        self.base_headers.update({
+            "Referer": referer,
+            "Origin": origin,
+        })
+
+        return {
+            "destination_url": final_url,
+            "request_headers": self.base_headers,
+            "mediaflow_endpoint": self.mediaflow_endpoint,
+        }
+
+    @staticmethod
+    def _extract_m3u8(text: str) -> str | None:
+        """
+        Extract first absolute m3u8 URL from text
+        """
+        match = re.search(
+            r'https?://[^"\']+\.m3u8[^"\']*',
+            text
+        )
+        return match.group(0) if match else None
diff --git a/mediaflow_proxy/extractors/turbovidplay.py b/mediaflow_proxy/extractors/turbovidplay.py
new file mode 100644
index 0000000..d0b7a47
--- /dev/null
+++ b/mediaflow_proxy/extractors/turbovidplay.py
@@ -0,0 +1,68 @@
+import re
+from typing import Dict, Any
+
+from mediaflow_proxy.extractors.base import BaseExtractor, ExtractorError
+
+
+class TurboVidPlayExtractor(BaseExtractor):
+    domains = [
+        "turboviplay.com",
+        "emturbovid.com",
+        "tuborstb.co",
+        "javggvideo.xyz",
+        "stbturbo.xyz",
+        "turbovidhls.com",
+    ]
+
+    mediaflow_endpoint = "hls_manifest_proxy"
+
+    async def extract(self, url: str, **kwargs):
+        #
+        # 1. Load embed
+        #
+        response = await self._make_request(url)
+        html = response.text
+
+        #
+        # 2. Extract urlPlay or data-hash
+        #
+        m = re.search(r'(?:urlPlay|data-hash)\s*=\s*[\'"]([^\'"]+)', html)
+        if not m:
+            raise ExtractorError("TurboViPlay: No media URL found")
+
+        media_url = m.group(1)
+
+        # Normalize protocol
+        if media_url.startswith("//"):
+            media_url = "https:" + media_url
+        elif media_url.startswith("/"):
+            media_url = response.url.origin + media_url
+
+        #
+        # 3. Fetch the intermediate playlist
+        #
+        data_resp = await self._make_request(media_url, headers={"Referer": url})
+        playlist = data_resp.text
+
+        #
+        # 4. Extract real m3u8 URL
+        #
+        m2 = re.search(r'https?://[^\'"\s]+\.m3u8', playlist)
+        if not m2:
+            raise ExtractorError("TurboViPlay: Unable to extract playlist URL")
+
+        real_m3u8 = m2.group(0)
+
+        #
+        # 5. Final headers
+        #
+        self.base_headers["referer"] = url
+
+        #
+        # 6. Always return master proxy (your MediaFlow only supports this)
+        #
+        return {
+            "destination_url": real_m3u8,
+            "request_headers": self.base_headers,
+            "mediaflow_endpoint": "hls_manifest_proxy",
+        }
diff --git a/mediaflow_proxy/extractors/vavoo.py b/mediaflow_proxy/extractors/vavoo.py
index 366c54a..34c31eb 100644
--- a/mediaflow_proxy/extractors/vavoo.py
+++ b/mediaflow_proxy/extractors/vavoo.py
@@ -4,24 +4,31 @@ from mediaflow_proxy.extractors.base import BaseExtractor, ExtractorError
 
 logger = logging.getLogger(__name__)
 
+
 class VavooExtractor(BaseExtractor):
-    """Vavoo URL extractor for resolving vavoo.to links (solo httpx, async)."""
+    """Vavoo URL extractor for resolving vavoo.to links.
+
+    Features:
+    - Uses BaseExtractor's retry/timeouts
+    - Improved headers to mimic Android okhttp client
+    - Robust JSON handling and logging
+    """
 
     def __init__(self, request_headers: dict):
         super().__init__(request_headers)
         self.mediaflow_endpoint = "proxy_stream_endpoint"
 
     async def get_auth_signature(self) -> Optional[str]:
-        """Get authentication signature for Vavoo API (async, httpx, pulito)."""
+        """Get authentication signature for Vavoo API (async)."""
         headers = {
             "user-agent": "okhttp/4.11.0",
-            "accept": "application/json", 
+            "accept": "application/json",
             "content-type": "application/json; charset=utf-8",
-            "accept-encoding": "gzip"
+            "accept-encoding": "gzip",
         }
         import time
         current_time = int(time.time() * 1000)
-        
+
         data = {
             "token": "tosFwQCJMS8qrW_AjLoHPQ41646J5dRNha6ZWHnijoYQQQoADQoXYSo7ki7O5-CsgN4CH0uRk6EEoJ0728ar9scCRQW3ZkbfrPfeCXW2VgopSW2FWDqPOoVYIuVPAOnXCZ5g",
             "reason": "app-blur",
@@ -37,23 +44,17 @@ class VavooExtractor(BaseExtractor):
                 },
                 "os": {
                     "name": "android",
-                    "version": "13",
-                    "abis": ["arm64-v8a", "armeabi-v7a", "armeabi"],
-                    "host": "android"
+                    "version": "13"
                 },
                 "app": {
                     "platform": "android",
-                    "version": "3.1.21",
-                    "buildId": "289515000",
-                    "engine": "hbc85",
-                    "signatures": ["6e8a975e3cbf07d5de823a760d4c2547f86c1403105020adee5de67ac510999e"],
-                    "installer": "app.revanced.manager.flutter"
+                    "version": "3.1.21"
                 },
                 "version": {
                     "package": "tv.vavoo.app",
                     "binary": "3.1.21",
                     "js": "3.1.21"
-                }
+                },
             },
             "appFocusTime": 0,
             "playerActive": False,
@@ -70,7 +71,7 @@ class VavooExtractor(BaseExtractor):
             "adblockEnabled": True,
             "proxy": {
                 "supported": ["ss", "openvpn"],
-                "engine": "ss", 
+                "engine": "ss",
                 "ssVersion": 1,
                 "enabled": True,
                 "autoServer": True,
@@ -80,44 +81,48 @@ class VavooExtractor(BaseExtractor):
                 "supported": False
             }
         }
-        
+
         try:
             resp = await self._make_request(
                 "https://www.vavoo.tv/api/app/ping",
                 method="POST",
                 json=data,
-                headers=headers
+                headers=headers,
+                timeout=10,
+                retries=2,
             )
-            result = resp.json()
-            addon_sig = result.get("addonSig")
+            try:
+                result = resp.json()
+            except Exception:
+                logger.warning("Vavoo ping returned non-json response (status=%s).", resp.status_code)
+                return None
+
+            addon_sig = result.get("addonSig") if isinstance(result, dict) else None
             if addon_sig:
                 logger.info("Successfully obtained Vavoo authentication signature")
                 return addon_sig
             else:
-                logger.warning("No addonSig in Vavoo API response")
+                logger.warning("No addonSig in Vavoo API response: %s", result)
                 return None
-        except Exception as e:
-            logger.exception(f"Failed to get Vavoo authentication signature: {str(e)}")
+        except ExtractorError as e:
+            logger.warning("Failed to get Vavoo auth signature: %s", e)
             return None
 
     async def extract(self, url: str, **kwargs) -> Dict[str, Any]:
-        """Extract Vavoo stream URL (async, httpx)."""
+        """Extract Vavoo stream URL (async)."""
         if "vavoo.to" not in url:
             raise ExtractorError("Not a valid Vavoo URL")
 
-        # Get authentication signature
         signature = await self.get_auth_signature()
         if not signature:
             raise ExtractorError("Failed to get Vavoo authentication signature")
 
-        # Resolve the URL
         resolved_url = await self._resolve_vavoo_link(url, signature)
         if not resolved_url:
             raise ExtractorError("Failed to resolve Vavoo URL")
 
-        # Set up headers for the resolved stream
         stream_headers = {
-            "user-agent": self.base_headers["user-agent"],
+            "user-agent": self.base_headers.get("user-agent", "okhttp/4.11.0"),
             "referer": "https://vavoo.to/",
         }
 
@@ -128,17 +133,17 @@ class VavooExtractor(BaseExtractor):
         }
 
     async def _resolve_vavoo_link(self, link: str, signature: str) -> Optional[str]:
-        """Resolve a Vavoo link using the MediaHubMX API (async, httpx)."""
+        """Resolve a Vavoo link using the MediaHubMX API (async)."""
         headers = {
-            "user-agent": "MediaHubMX/2",
+            "user-agent": "okhttp/4.11.0",
             "accept": "application/json",
-            "content-type": "application/json; charset=utf-8", 
+            "content-type": "application/json; charset=utf-8",
             "accept-encoding": "gzip",
             "mediahubmx-signature": signature
         }
         data = {
             "language": "de",
-            "region": "AT", 
+            "region": "AT",
             "url": link,
             "clientVersion": "3.1.21"
         }
@@ -148,22 +153,34 @@ class VavooExtractor(BaseExtractor):
                 "https://vavoo.to/mediahubmx-resolve.json",
                 method="POST",
                 json=data,
-                headers=headers
+                headers=headers,
+                timeout=12,
+                retries=3,
+                backoff_factor=0.6,
             )
-            result = resp.json()
-            logger.info(f"Vavoo API response: {result}")
-            
-            if isinstance(result, list) and result and result[0].get("url"):
+            try:
+                result = resp.json()
+            except Exception:
+                logger.warning("Vavoo resolve returned non-json response (status=%s). Body preview: %s", resp.status_code, getattr(resp, "text", "")[:500])
+                return None
+
+            logger.debug("Vavoo API response: %s", result)
+
+            # Accept either list or dict with 'url'
+            if isinstance(result, list) and result and isinstance(result[0], dict) and result[0].get("url"):
                 resolved_url = result[0]["url"]
-                logger.info(f"Successfully resolved Vavoo URL to: {resolved_url}")
+                logger.info("Successfully resolved Vavoo URL to: %s", resolved_url)
                 return resolved_url
             elif isinstance(result, dict) and result.get("url"):
                 resolved_url = result["url"]
-                logger.info(f"Successfully resolved Vavoo URL to: {resolved_url}")
+                logger.info("Successfully resolved Vavoo URL to: %s", resolved_url)
                 return resolved_url
             else:
-                logger.warning(f"No URL found in Vavoo API response: {result}")
+                logger.warning("No URL found in Vavoo API response: %s", result)
                 return None
-        except Exception as e:
-            logger.exception(f"Vavoo resolution failed for URL {link}: {str(e)}")
+        except ExtractorError as e:
+            logger.error(f"Vavoo resolution failed for URL {link}: {e}")
+            raise ExtractorError(f"Vavoo resolution failed: {str(e)}") from e
+        except Exception as e:
+            logger.error(f"Unexpected error while resolving Vavoo URL {link}: {e}")
             raise ExtractorError(f"Vavoo resolution failed: {str(e)}") from e
diff --git a/mediaflow_proxy/extractors/vidmoly.py b/mediaflow_proxy/extractors/vidmoly.py
new file mode 100644
index 0000000..c46d189
--- /dev/null
+++ b/mediaflow_proxy/extractors/vidmoly.py
@@ -0,0 +1,63 @@
+import re
+from typing import Dict, Any
+from urllib.parse import urljoin, urlparse
+
+from mediaflow_proxy.extractors.base import BaseExtractor, ExtractorError
+
+
+class VidmolyExtractor(BaseExtractor):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.mediaflow_endpoint = "hls_manifest_proxy"
+
+    async def extract(self, url: str) -> Dict[str, Any]:
+        parsed = urlparse(url)
+        if not parsed.hostname or "vidmoly" not in parsed.hostname:
+            raise ExtractorError("VIDMOLY: Invalid domain")
+
+        headers = {
+            "User-Agent":
+                "Mozilla/5.0 (Windows NT 10.0; Win64; x64) "
+                "AppleWebKit/537.36 (KHTML, like Gecko) "
+                "Chrome/120 Safari/537.36",
+            "Referer": url,
+            "Sec-Fetch-Dest": "iframe",
+        }
+
+        # --- Fetch embed page ---
+        response = await self._make_request(url, headers=headers)
+        html = response.text
+
+        # --- Extract master m3u8 ---
+        match = re.search(
+            r'sources:\s*\[\{file:"([^"]+)',
+            html
+        )
+        if not match:
+            raise ExtractorError("VIDMOLY: Stream URL not found")
+
+        master_url = match.group(1)
+
+        if not master_url.startswith("http"):
+            master_url = urljoin(url, master_url)
+
+        # --- Validate stream (prevents Stremio timeout) ---
+        try:
+            test = await self._make_request(master_url, headers=headers)
+        except Exception as e:
+            if "timeout" in str(e).lower():
+                raise ExtractorError("VIDMOLY: Request timed out")
+            raise
+
+        if test.status_code >= 400:
+            raise ExtractorError(
+                f"VIDMOLY: Stream unavailable ({test.status_code})"
+            )
+
+        # Return MASTER playlist, not variant
+        # Let MediaFlow Proxy handle variants
+        return {
+            "destination_url": master_url,
+            "request_headers": headers,
+            "mediaflow_endpoint": self.mediaflow_endpoint,
+        }
diff --git a/mediaflow_proxy/extractors/vidoza.py b/mediaflow_proxy/extractors/vidoza.py
new file mode 100644
index 0000000..ddfffa2
--- /dev/null
+++ b/mediaflow_proxy/extractors/vidoza.py
@@ -0,0 +1,73 @@
+import re
+from typing import Dict, Any
+from urllib.parse import urlparse
+
+from mediaflow_proxy.extractors.base import BaseExtractor, ExtractorError
+
+
+class VidozaExtractor(BaseExtractor):
+    def __init__(self, request_headers: dict):
+        super().__init__(request_headers)
+        # if your base doesn’t set this, keep it; otherwise you can remove:
+        self.mediaflow_endpoint = "proxy_stream_endpoint"
+
+    async def extract(self, url: str, **kwargs) -> Dict[str, Any]:
+        parsed = urlparse(url)
+
+        # Accept vidoza + videzz
+        if not parsed.hostname or not (
+            parsed.hostname.endswith("vidoza.net")
+            or parsed.hostname.endswith("videzz.net")
+        ):
+            raise ExtractorError("VIDOZA: Invalid domain")
+
+        headers = self.base_headers.copy()
+        headers.update(
+            {
+                "referer": "https://vidoza.net/",
+                "user-agent": (
+                    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) "
+                    "AppleWebKit/537.36 (KHTML, like Gecko) "
+                    "Chrome/120.0.0.0 Safari/537.36"
+                ),
+                "accept": "*/*",
+                "accept-language": "en-US,en;q=0.9",
+            }
+        )
+
+        # 1) Fetch the embed page (or whatever URL you pass in)
+        response = await self._make_request(url, headers=headers)
+        html = response.text or ""
+
+        if not html:
+            raise ExtractorError("VIDOZA: Empty HTML from Vidoza")
+
+        cookies = response.cookies or {}
+
+        # 2) Extract final link with REGEX
+        pattern = re.compile(
+            r"""["']?\s*(?:file|src)\s*["']?\s*[:=,]?\s*["'](?P<url>[^"']+)"""
+            r"""(?:[^}>\]]+)["']?\s*res\s*["']?\s*[:=]\s*["']?(?P<label>[^"',]+)""",
+            re.IGNORECASE,
+        )
+
+        match = pattern.search(html)
+        if not match:
+            raise ExtractorError("VIDOZA: Unable to extract video + label from JS")
+
+        mp4_url = match.group("url")
+        label = match.group("label").strip()
+
+        # Fix URLs like //str38.vidoza.net/...
+        if mp4_url.startswith("//"):
+            mp4_url = "https:" + mp4_url
+
+        # 3) Attach cookies (token may depend on these)
+        if cookies:
+            headers["cookie"] = "; ".join(f"{k}={v}" for k, v in cookies.items())
+
+        return {
+            "destination_url": mp4_url,
+            "request_headers": headers,
+            "mediaflow_endpoint": self.mediaflow_endpoint,
+        }
diff --git a/mediaflow_proxy/extractors/voe.py b/mediaflow_proxy/extractors/voe.py
new file mode 100644
index 0000000..f84c6c6
--- /dev/null
+++ b/mediaflow_proxy/extractors/voe.py
@@ -0,0 +1,68 @@
+import base64
+import re
+from typing import Dict, Any
+from urllib.parse import urljoin
+
+from mediaflow_proxy.extractors.base import BaseExtractor, ExtractorError
+
+
+class VoeExtractor(BaseExtractor):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.mediaflow_endpoint = "hls_manifest_proxy"
+
+    async def extract(self, url: str, redirected: bool = False, **kwargs) -> Dict[str, Any]:
+        response = await self._make_request(url)
+
+        # See https://github.com/Gujal00/ResolveURL/blob/master/script.module.resolveurl/lib/resolveurl/plugins/voesx.py
+        redirect_pattern = r'''window\.location\.href\s*=\s*'([^']+)'''
+        redirect_match = re.search(redirect_pattern, response.text, re.DOTALL)
+        if redirect_match:
+            if redirected:
+                raise ExtractorError("VOE: too many redirects")
+
+            return await self.extract(redirect_match.group(1))
+
+        code_and_script_pattern = r'json">\["([^"]+)"]</script>\s*<script\s*src="([^"]+)'
+        code_and_script_match = re.search(code_and_script_pattern, response.text, re.DOTALL)
+        if not code_and_script_match:
+            raise ExtractorError("VOE: unable to locate obfuscated payload or external script URL")
+
+        script_response = await self._make_request(urljoin(url, code_and_script_match.group(2)))
+
+        luts_pattern = r"(\[(?:'\W{2}'[,\]]){1,9})"
+        luts_match = re.search(luts_pattern, script_response.text, re.DOTALL)
+        if not luts_match:
+            raise ExtractorError("VOE: unable to locate LUTs in external script")
+
+        data = self.voe_decode(code_and_script_match.group(1), luts_match.group(1))
+
+        final_url = data.get('source')
+        if not final_url:
+            raise ExtractorError("VOE: failed to extract video URL")
+
+        self.base_headers["referer"] = url
+        return {
+            "destination_url": final_url,
+            "request_headers": self.base_headers,
+            "mediaflow_endpoint": self.mediaflow_endpoint,
+        }
+
+    @staticmethod
+    def voe_decode(ct: str, luts: str) -> Dict[str, Any]:
+        import json
+        lut = [''.join([('\\' + x) if x in '.*+?^${}()|[]\\' else x for x in i]) for i in luts[2:-2].split("','")]
+        txt = ''
+        for i in ct:
+            x = ord(i)
+            if 64 < x < 91:
+                x = (x - 52) % 26 + 65
+            elif 96 < x < 123:
+                x = (x - 84) % 26 + 97
+            txt += chr(x)
+        for i in lut:
+            txt = re.sub(i, '', txt)
+        ct = base64.b64decode(txt).decode('utf-8')
+        txt = ''.join([chr(ord(i) - 3) for i in ct])
+        txt = base64.b64decode(txt[::-1]).decode('utf-8')
+        return json.loads(txt)
diff --git a/mediaflow_proxy/handlers.py b/mediaflow_proxy/handlers.py
index 3afbd79..37ec10f 100644
--- a/mediaflow_proxy/handlers.py
+++ b/mediaflow_proxy/handlers.py
@@ -22,6 +22,7 @@ from .utils.http_utils import (
 )
 from .utils.m3u8_processor import M3U8Processor
 from .utils.mpd_utils import pad_base64
+from .configs import settings
 
 logger = logging.getLogger(__name__)
 
@@ -102,7 +103,8 @@ async def handle_hls_stream_proxy(
         # If force_playlist_proxy is enabled, skip detection and directly process as m3u8
         if hls_params.force_playlist_proxy:
             return await fetch_and_process_m3u8(
-                streamer, hls_params.destination, proxy_headers, request, hls_params.key_url, hls_params.force_playlist_proxy
+                streamer, hls_params.destination, proxy_headers, request, 
+                hls_params.key_url, hls_params.force_playlist_proxy, hls_params.key_only_proxy, hls_params.no_proxy
             )
 
         parsed_url = urlparse(hls_params.destination)
@@ -111,7 +113,8 @@ async def handle_hls_stream_proxy(
             0
         ] in ["m3u", "m3u8", "m3u_plus"]:
             return await fetch_and_process_m3u8(
-                streamer, hls_params.destination, proxy_headers, request, hls_params.key_url, hls_params.force_playlist_proxy
+                streamer, hls_params.destination, proxy_headers, request, 
+                hls_params.key_url, hls_params.force_playlist_proxy, hls_params.key_only_proxy, hls_params.no_proxy
             )
 
         # Create initial streaming response to check content type
@@ -120,7 +123,8 @@ async def handle_hls_stream_proxy(
 
         if "mpegurl" in response_headers.get("content-type", "").lower():
             return await fetch_and_process_m3u8(
-                streamer, hls_params.destination, proxy_headers, request, hls_params.key_url, hls_params.force_playlist_proxy
+                streamer, hls_params.destination, proxy_headers, request, 
+                hls_params.key_url, hls_params.force_playlist_proxy, hls_params.key_only_proxy, hls_params.no_proxy
             )
 
         return EnhancedStreamingResponse(
@@ -224,7 +228,14 @@ async def proxy_stream(method: str, destination: str, proxy_headers: ProxyReques
 
 
 async def fetch_and_process_m3u8(
-    streamer: Streamer, url: str, proxy_headers: ProxyRequestHeaders, request: Request, key_url: str = None, force_playlist_proxy: bool = None
+    streamer: Streamer, 
+    url: str, 
+    proxy_headers: ProxyRequestHeaders, 
+    request: Request, 
+    key_url: str = None, 
+    force_playlist_proxy: bool = None,
+    key_only_proxy: bool = False,
+    no_proxy: bool = False
 ):
     """
     Fetches and processes the m3u8 playlist on-the-fly, converting it to an HLS playlist.
@@ -236,6 +247,8 @@ async def fetch_and_process_m3u8(
         request (Request): The incoming HTTP request.
         key_url (str, optional): The HLS Key URL to replace the original key URL. Defaults to None.
         force_playlist_proxy (bool, optional): Force all playlist URLs to be proxied through MediaFlow. Defaults to None.
+        key_only_proxy (bool, optional): Only proxy the key URL, leaving segment URLs direct. Defaults to False.
+        no_proxy (bool, optional): If True, returns the manifest without proxying any URLs. Defaults to False.
 
     Returns:
         Response: The HTTP response with the processed m3u8 playlist.
@@ -246,7 +259,7 @@ async def fetch_and_process_m3u8(
             await streamer.create_streaming_response(url, proxy_headers.request)
 
         # Initialize processor and response headers
-        processor = M3U8Processor(request, key_url, force_playlist_proxy)
+        processor = M3U8Processor(request, key_url, force_playlist_proxy, key_only_proxy, no_proxy)
         response_headers = {
             "content-disposition": "inline",
             "accept-ranges": "none",
@@ -378,7 +391,13 @@ async def get_segment(
         Response: The HTTP response with the processed segment.
     """
     try:
-        init_content = await get_cached_init_segment(segment_params.init_url, proxy_headers.request)
+        live_cache_ttl = settings.mpd_live_init_cache_ttl if segment_params.is_live else None
+        init_content = await get_cached_init_segment(
+            segment_params.init_url,
+            proxy_headers.request,
+            cache_token=segment_params.key_id,
+            ttl=live_cache_ttl,
+        )
         segment_content = await download_file_with_retry(segment_params.segment_url, proxy_headers.request)
     except Exception as e:
         return handle_exceptions(e)
diff --git a/mediaflow_proxy/mpd_processor.py b/mediaflow_proxy/mpd_processor.py
index a6748dd..be19899 100644
--- a/mediaflow_proxy/mpd_processor.py
+++ b/mediaflow_proxy/mpd_processor.py
@@ -192,30 +192,34 @@ def build_hls_playlist(mpd_dict: dict, profiles: list[dict], request: Request) -
             logger.warning(f"No segments found for profile {profile['id']}")
             continue
 
+        if mpd_dict["isLive"]:
+            depth = max(settings.mpd_live_playlist_depth, 1)
+            trimmed_segments = segments[-depth:]
+        else:
+            trimmed_segments = segments
+
         # Add headers for only the first profile
         if index == 0:
-            first_segment = segments[0]
-            extinf_values = [f["extinf"] for f in segments if "extinf" in f]
+            first_segment = trimmed_segments[0]
+            extinf_values = [f["extinf"] for f in trimmed_segments if "extinf" in f]
             target_duration = math.ceil(max(extinf_values)) if extinf_values else 3
 
-            # Calculate media sequence using adaptive logic for different MPD types
+            # Align HLS media sequence with MPD-provided numbering when available
             mpd_start_number = profile.get("segment_template_start_number")
-            if mpd_start_number and mpd_start_number >= 1000:
-                # Amazon-style: Use absolute segment numbering
-                sequence = first_segment.get("number", mpd_start_number)
-            else:
-                # Sky-style: Use time-based calculation if available
-                time_val = first_segment.get("time")
-                duration_val = first_segment.get("duration_mpd_timescale")
-                if time_val is not None and duration_val and duration_val > 0:
-                    calculated_sequence = math.floor(time_val / duration_val)
-                    # For live streams with very large sequence numbers, use modulo to keep reasonable range
-                    if mpd_dict.get("isLive", False) and calculated_sequence > 100000:
-                        sequence = calculated_sequence % 100000
-                    else:
-                        sequence = calculated_sequence
+            sequence = first_segment.get("number")
+
+            if sequence is None:
+                # Fallback to MPD template start number
+                if mpd_start_number is not None:
+                    sequence = mpd_start_number
                 else:
-                    sequence = first_segment.get("number", 1)
+                    # As a last resort, derive from timeline information
+                    time_val = first_segment.get("time")
+                    duration_val = first_segment.get("duration_mpd_timescale")
+                    if time_val is not None and duration_val and duration_val > 0:
+                        sequence = math.floor(time_val / duration_val)
+                    else:
+                        sequence = 1
 
             hls.extend(
                 [
@@ -235,10 +239,18 @@ def build_hls_playlist(mpd_dict: dict, profiles: list[dict], request: Request) -
         query_params.pop("d", None)
         has_encrypted = query_params.pop("has_encrypted", False)
 
-        for segment in segments:
+        for segment in trimmed_segments:
+            program_date_time = segment.get("program_date_time")
+            if program_date_time:
+                hls.append(f"#EXT-X-PROGRAM-DATE-TIME:{program_date_time}")
             hls.append(f'#EXTINF:{segment["extinf"]:.3f},')
             query_params.update(
-                {"init_url": init_url, "segment_url": segment["media"], "mime_type": profile["mimeType"]}
+                {
+                    "init_url": init_url,
+                    "segment_url": segment["media"],
+                    "mime_type": profile["mimeType"],
+                    "is_live": "true" if mpd_dict.get("isLive") else "false",
+                }
             )
             hls.append(
                 encode_mediaflow_proxy_url(
diff --git a/mediaflow_proxy/routes/extractor.py b/mediaflow_proxy/routes/extractor.py
index 8de5c99..1aeab84 100644
--- a/mediaflow_proxy/routes/extractor.py
+++ b/mediaflow_proxy/routes/extractor.py
@@ -1,7 +1,7 @@
 import logging
 from typing import Annotated
 
-from fastapi import APIRouter, Query, HTTPException, Request, Depends
+from fastapi import APIRouter, Query, HTTPException, Request, Depends, BackgroundTasks
 from fastapi.responses import RedirectResponse
 
 from mediaflow_proxy.extractors.base import ExtractorError
@@ -9,6 +9,7 @@ from mediaflow_proxy.extractors.factory import ExtractorFactory
 from mediaflow_proxy.schemas import ExtractorURLParams
 from mediaflow_proxy.utils.cache_utils import get_cached_extractor_result, set_cache_extractor_result
 from mediaflow_proxy.utils.http_utils import (
+    DownloadError,
     encode_mediaflow_proxy_url,
     get_original_scheme,
     ProxyRequestHeaders,
@@ -19,12 +20,24 @@ from mediaflow_proxy.utils.base64_utils import process_potential_base64_url
 extractor_router = APIRouter()
 logger = logging.getLogger(__name__)
 
+async def refresh_extractor_cache(cache_key: str, extractor_params: ExtractorURLParams, proxy_headers: ProxyRequestHeaders):
+    """Asynchronously refreshes the extractor cache in the background."""
+    try:
+        logger.info(f"Background cache refresh started for key: {cache_key}")
+        extractor = ExtractorFactory.get_extractor(extractor_params.host, proxy_headers.request)
+        response = await extractor.extract(extractor_params.destination, **extractor_params.extra_params)
+        await set_cache_extractor_result(cache_key, response)
+        logger.info(f"Background cache refresh completed for key: {cache_key}")
+    except Exception as e:
+        logger.error(f"Background cache refresh failed for key {cache_key}: {e}")
+
 
 @extractor_router.head("/video")
 @extractor_router.get("/video")
 async def extract_url(
     extractor_params: Annotated[ExtractorURLParams, Query()],
     request: Request,
+    background_tasks: BackgroundTasks,
     proxy_headers: Annotated[ProxyRequestHeaders, Depends(get_proxy_headers)],
 ):
     """Extract clean links from various video hosting services."""
@@ -35,13 +48,21 @@ async def extract_url(
         
         cache_key = f"{extractor_params.host}_{extractor_params.model_dump_json()}"
         response = await get_cached_extractor_result(cache_key)
-        if not response:
+        
+        if response:
+            logger.info(f"Serving from cache for key: {cache_key}")
+            # Schedule a background task to refresh the cache without blocking the user
+            background_tasks.add_task(refresh_extractor_cache, cache_key, extractor_params, proxy_headers)
+        else:
+            logger.info(f"Cache miss for key: {cache_key}. Fetching fresh data.")
             extractor = ExtractorFactory.get_extractor(extractor_params.host, proxy_headers.request)
             response = await extractor.extract(extractor_params.destination, **extractor_params.extra_params)
             await set_cache_extractor_result(cache_key, response)
-        else:
-            response["request_headers"].update(proxy_headers.request)
 
+        # Ensure the latest request headers are used, even with cached data
+        if "request_headers" not in response:
+            response["request_headers"] = {}
+        response["request_headers"].update(proxy_headers.request)
         response["mediaflow_proxy_url"] = str(
             request.url_for(response.pop("mediaflow_endpoint")).replace(scheme=get_original_scheme(request))
         )
@@ -49,6 +70,12 @@ async def extract_url(
         # Add API password to query params
         response["query_params"]["api_password"] = request.query_params.get("api_password")
 
+        if "max_res" in request.query_params:
+            response["query_params"]["max_res"] = request.query_params.get("max_res")
+
+        if "no_proxy" in request.query_params:
+            response["query_params"]["no_proxy"] = request.query_params.get("no_proxy")
+
         if extractor_params.redirect_stream:
             stream_url = encode_mediaflow_proxy_url(
                 **response,
@@ -58,6 +85,9 @@ async def extract_url(
 
         return response
 
+    except DownloadError as e:
+        logger.error(f"Extraction failed: {str(e)}")
+        raise HTTPException(status_code=e.status_code, detail=str(e))
     except ExtractorError as e:
         logger.error(f"Extraction failed: {str(e)}")
         raise HTTPException(status_code=400, detail=str(e))
diff --git a/mediaflow_proxy/routes/playlist_builder.py b/mediaflow_proxy/routes/playlist_builder.py
index 22f1e01..88b47d2 100644
--- a/mediaflow_proxy/routes/playlist_builder.py
+++ b/mediaflow_proxy/routes/playlist_builder.py
@@ -20,6 +20,7 @@ def rewrite_m3u_links_streaming(m3u_lines_iterator: Iterator[str], base_url: str
     includendo gli headers da #EXTVLCOPT e #EXTHTTP. Yields rewritten lines.
     """
     current_ext_headers: Dict[str, str] = {}  # Dizionario per conservare gli headers dalle direttive
+    current_kodi_props: Dict[str, str] = {}  # Dizionario per conservare le proprietà KODI
     
     for line_with_newline in m3u_lines_iterator:
         line_content = line_with_newline.rstrip('\n')
@@ -27,6 +28,9 @@ def rewrite_m3u_links_streaming(m3u_lines_iterator: Iterator[str], base_url: str
         
         is_header_tag = False
         if logical_line.startswith('#EXTVLCOPT:'):
+            # Yield the original line to preserve it
+            yield line_with_newline
+            
             is_header_tag = True
             try:
                 option_str = logical_line.split(':', 1)[1]
@@ -43,12 +47,15 @@ def rewrite_m3u_links_streaming(m3u_lines_iterator: Iterator[str], base_url: str
                         current_ext_headers[header_key] = header_value
                     elif key_vlc.startswith('http-'):
                         # Gestisce http-user-agent, http-referer etc.
-                        header_key = '-'.join(word.capitalize() for word in key_vlc[len('http-'):].split('-'))
+                        header_key = key_vlc[len('http-'):]
                         current_ext_headers[header_key] = value_vlc
             except Exception as e:
                 logger.error(f"⚠️ Error parsing #EXTVLCOPT '{logical_line}': {e}")
         
         elif logical_line.startswith('#EXTHTTP:'):
+            # Yield the original line to preserve it
+            yield line_with_newline
+            
             is_header_tag = True
             try:
                 json_str = logical_line.split(':', 1)[1]
@@ -57,9 +64,22 @@ def rewrite_m3u_links_streaming(m3u_lines_iterator: Iterator[str], base_url: str
             except Exception as e:
                 logger.error(f"⚠️ Error parsing #EXTHTTP '{logical_line}': {e}")
                 current_ext_headers = {}  # Resetta in caso di errore
+        
+        elif logical_line.startswith('#KODIPROP:'):
+            # Yield the original line to preserve it
+            yield line_with_newline
+            
+            is_header_tag = True
+            try:
+                prop_str = logical_line.split(':', 1)[1]
+                if '=' in prop_str:
+                    key_kodi, value_kodi = prop_str.split('=', 1)
+                    current_kodi_props[key_kodi.strip()] = value_kodi.strip()
+            except Exception as e:
+                logger.error(f"⚠️ Error parsing #KODIPROP '{logical_line}': {e}")
+
 
         if is_header_tag:
-            yield line_with_newline
             continue
         
         if logical_line and not logical_line.startswith('#') and \
@@ -75,47 +95,55 @@ def rewrite_m3u_links_streaming(m3u_lines_iterator: Iterator[str], base_url: str
                 processed_url_content = f"{base_url}/proxy/hls/manifest.m3u8?d={encoded_url}"
             elif 'vixsrc.to' in logical_line:
                 encoded_url = urllib.parse.quote(logical_line, safe='')
-                processed_url_content = f"{base_url}/extractor/video?host=VixCloud&redirect_stream=true&d={encoded_url}"
+                processed_url_content = f"{base_url}/extractor/video?host=VixCloud&redirect_stream=true&d={encoded_url}&max_res=true&no_proxy=true"
             elif '.m3u8' in logical_line:
                 encoded_url = urllib.parse.quote(logical_line, safe='')
                 processed_url_content = f"{base_url}/proxy/hls/manifest.m3u8?d={encoded_url}"
             elif '.mpd' in logical_line:
-                # Estrai parametri DRM dall'URL MPD se presenti
+                # Estrai parametri DRM dall'URL MPD se presenti (es. &key_id=...&key=...)
                 from urllib.parse import urlparse, parse_qs, urlencode, urlunparse
                 
                 # Parse dell'URL per estrarre parametri
                 parsed_url = urlparse(logical_line)
                 query_params = parse_qs(parsed_url.query)
                 
-                # Estrai key_id e key se presenti
+                # Estrai key_id e key se presenti nei parametri della query
                 key_id = query_params.get('key_id', [None])[0]
                 key = query_params.get('key', [None])[0]
                 
                 # Rimuovi key_id e key dai parametri originali
-                clean_params = {k: v for k, v in query_params.items() if k not in ['key_id', 'key']}
+                clean_query_params = {k: v for k, v in query_params.items() if k not in ['key_id', 'key']}
                 
                 # Ricostruisci l'URL senza i parametri DRM
-                clean_query = urlencode(clean_params, doseq=True) if clean_params else ''
+                clean_query = urlencode(clean_query_params, doseq=True)
                 clean_url = urlunparse((
                     parsed_url.scheme,
                     parsed_url.netloc,
                     parsed_url.path,
                     parsed_url.params,
                     clean_query,
-                    parsed_url.fragment
+                    ''  # Rimuovi il frammento per evitare problemi
                 ))
                 
-                # Encode the MPD URL like other URL types
-                clean_url_for_param = urllib.parse.quote(clean_url, safe='')
-
-                # Costruisci l'URL MediaFlow con parametri DRM separati
-                processed_url_content = f"{base_url}/proxy/mpd/manifest.m3u8?d={clean_url_for_param}"
+                # Codifica l'URL pulito per il parametro 'd'
+                encoded_clean_url = urllib.parse.quote(clean_url, safe='')
                 
-                # Aggiungi parametri DRM se presenti
+                # Costruisci l'URL MediaFlow con parametri DRM separati
+                processed_url_content = f"{base_url}/proxy/mpd/manifest.m3u8?d={encoded_clean_url}"
+                
+                # Aggiungi i parametri DRM all'URL di MediaFlow se sono stati trovati
                 if key_id:
                     processed_url_content += f"&key_id={key_id}"
                 if key:
                     processed_url_content += f"&key={key}"
+            
+            # Aggiungi chiavi da #KODIPROP se presenti
+            license_key = current_kodi_props.get('inputstream.adaptive.license_key')
+            if license_key and ':' in license_key:
+                key_id_kodi, key_kodi = license_key.split(':', 1)
+                processed_url_content += f"&key_id={key_id_kodi}"
+                processed_url_content += f"&key={key_kodi}"
+
             elif '.php' in logical_line:
                 encoded_url = urllib.parse.quote(logical_line, safe='')
                 processed_url_content = f"{base_url}/proxy/hls/manifest.m3u8?d={encoded_url}"
@@ -130,6 +158,9 @@ def rewrite_m3u_links_streaming(m3u_lines_iterator: Iterator[str], base_url: str
                 processed_url_content += header_params_str
                 current_ext_headers = {}
             
+            # Resetta le proprietà KODI dopo averle usate
+            current_kodi_props = {}
+            
             # Aggiungi api_password sempre alla fine
             if api_password:
                 processed_url_content += f"&api_password={api_password}"
@@ -150,7 +181,7 @@ async def async_download_m3u_playlist(url: str) -> list[str]:
     }
     lines = []
     try:
-         async with httpx.AsyncClient(verify=True, timeout=30) as client:
+         async with httpx.AsyncClient(verify=True, timeout=30, follow_redirects=True) as client:
              async with client.stream('GET', url, headers=headers) as response:
                 response.raise_for_status()
                 async for line_bytes in response.aiter_lines():
@@ -164,47 +195,135 @@ async def async_download_m3u_playlist(url: str) -> list[str]:
         raise
     return lines
 
+def parse_channel_entries(lines: list[str]) -> list[list[str]]:
+    """
+    Analizza le linee di una playlist M3U e le raggruppa in entry di canali.
+    Ogni entry è una lista di linee che compongono un singolo canale
+    (da #EXTINF fino all'URL, incluse le righe intermedie).
+    """
+    entries = []
+    current_entry = []
+    for line in lines:
+        stripped_line = line.strip()
+        if stripped_line.startswith('#EXTINF:'):
+            if current_entry: # In caso di #EXTINF senza URL precedente
+                logger.warning(f"Found a new #EXTINF tag before a URL was found for the previous entry. Discarding: {current_entry}")
+            current_entry = [line]
+        elif current_entry:
+            current_entry.append(line)
+            if stripped_line and not stripped_line.startswith('#'):
+                entries.append(current_entry)
+                current_entry = []
+    return entries
+
+
 async def async_generate_combined_playlist(playlist_definitions: list[str], base_url: str, api_password: Optional[str]):
     """Genera una playlist combinata da multiple definizioni, scaricando in parallelo."""
-    # Prepara gli URL
-    playlist_urls = []
+    # Prepara i task di download
+    download_tasks = []
     for definition in playlist_definitions:
-        if '&' in definition:
-            parts = definition.split('&', 1)
-            playlist_url_str = parts[1] if len(parts) > 1 else parts[0]
+        should_proxy = True
+        playlist_url_str = definition
+        should_sort = False
+
+        if definition.startswith('sort:'):
+            should_sort = True
+            definition = definition[len('sort:'):]
+
+        if definition.startswith('no_proxy:'): # Può essere combinato con sort:
+            should_proxy = False
+            playlist_url_str = definition[len('no_proxy:'):]
         else:
             playlist_url_str = definition
-        playlist_urls.append(playlist_url_str)
+
+        download_tasks.append({
+            "url": playlist_url_str,
+            "proxy": should_proxy,
+            "sort": should_sort
+        })
 
     # Scarica tutte le playlist in parallelo
-    results = await asyncio.gather(*[async_download_m3u_playlist(url) for url in playlist_urls], return_exceptions=True)
-
-    first_playlist_header_handled = False
-    for idx, lines in enumerate(results):
-        if isinstance(lines, Exception):
-            yield f"# ERROR processing playlist {playlist_urls[idx]}: {str(lines)}\n"
+    results = await asyncio.gather(*[async_download_m3u_playlist(task["url"]) for task in download_tasks], return_exceptions=True)
+    
+    # Raggruppa le playlist da ordinare e quelle da non ordinare
+    sorted_playlist_lines = []
+    unsorted_playlists_data = []
+    
+    for idx, result in enumerate(results):
+        task_info = download_tasks[idx]
+        if isinstance(result, Exception):
+            # Aggiungi errore come playlist non ordinata
+            unsorted_playlists_data.append({'lines': [f"# ERROR processing playlist {task_info['url']}: {str(result)}\n"], 'proxy': False})
             continue
-        playlist_lines: list[str] = lines  # type: ignore
-        current_playlist_had_lines = False
-        first_line_of_this_segment = True
-        lines_processed_for_current_playlist = 0
-        rewritten_lines_iter = rewrite_m3u_links_streaming(iter(playlist_lines), base_url, api_password)
-        for line in rewritten_lines_iter:
-            current_playlist_had_lines = True
-            is_extm3u_line = line.strip().startswith('#EXTM3U')
-            lines_processed_for_current_playlist += 1
-            if not first_playlist_header_handled:
-                yield line
-                if is_extm3u_line:
+        
+        if task_info.get("sort", False):
+            sorted_playlist_lines.extend(result)
+        else:
+            unsorted_playlists_data.append({'lines': result, 'proxy': task_info['proxy']})
+
+    # Gestione dell'header #EXTM3U
+    first_playlist_header_handled = False
+    def yield_header_once(lines_iter):
+        nonlocal first_playlist_header_handled
+        has_header = False
+        for line in lines_iter:
+            is_extm3u = line.strip().startswith('#EXTM3U')
+            if is_extm3u:
+                has_header = True
+                if not first_playlist_header_handled:
                     first_playlist_header_handled = True
-            else:
-                if first_line_of_this_segment and is_extm3u_line:
-                    pass
-                else:
                     yield line
-            first_line_of_this_segment = False
-        if current_playlist_had_lines and not first_playlist_header_handled:
+            else:
+                yield line
+        if has_header and not first_playlist_header_handled:
+             first_playlist_header_handled = True
+
+    # 1. Processa e ordina le playlist marcate con 'sort'
+    if sorted_playlist_lines:
+        # Estrai le entry dei canali
+        # Modifica: Estrai le entry e mantieni l'informazione sul proxy
+        channel_entries_with_proxy_info = []
+        for idx, result in enumerate(results):
+            task_info = download_tasks[idx]
+            if task_info.get("sort") and isinstance(result, list):
+                entries = parse_channel_entries(result) # result è la lista di linee della playlist
+                for entry_lines in entries:
+                    # L'opzione proxy si applica a tutto il blocco del canale
+                    channel_entries_with_proxy_info.append((entry_lines, task_info["proxy"]))
+
+        # Ordina le entry in base al nome del canale (da #EXTINF)
+        # La prima riga di ogni entry è sempre #EXTINF
+        channel_entries_with_proxy_info.sort(key=lambda x: x[0][0].split(',')[-1].strip())
+        
+        # Gestisci l'header una sola volta per il blocco ordinato
+        if not first_playlist_header_handled:
+            yield "#EXTM3U\n"
             first_playlist_header_handled = True
+            
+        # Applica la riscrittura dei link in modo selettivo
+        for entry_lines, should_proxy in channel_entries_with_proxy_info:
+            # L'URL è l'ultima riga dell'entry
+            url = entry_lines[-1]
+            # Yield tutte le righe prima dell'URL
+            for line in entry_lines[:-1]:
+                yield line
+            
+            if should_proxy:
+                # Usa un iteratore fittizio per processare una sola linea
+                rewritten_url_iter = rewrite_m3u_links_streaming(iter([url]), base_url, api_password)
+                yield next(rewritten_url_iter, url) # Prende l'URL riscritto, con fallback all'originale
+            else:
+                yield url # Lascia l'URL invariato
+
+
+    # 2. Accoda le playlist non ordinate
+    for playlist_data in unsorted_playlists_data:
+        lines_iterator = iter(playlist_data['lines'])
+        if playlist_data['proxy']:
+            lines_iterator = rewrite_m3u_links_streaming(lines_iterator, base_url, api_password)
+        
+        for line in yield_header_once(lines_iterator):
+            yield line
 
 
 @playlist_builder_router.get("/playlist")
diff --git a/mediaflow_proxy/routes/proxy.py b/mediaflow_proxy/routes/proxy.py
index dd0164c..a80eafa 100644
--- a/mediaflow_proxy/routes/proxy.py
+++ b/mediaflow_proxy/routes/proxy.py
@@ -1,10 +1,13 @@
+import asyncio
 from typing import Annotated
 from urllib.parse import quote, unquote
 import re
 import logging
+import httpx
+import time
 
 from fastapi import Request, Depends, APIRouter, Query, HTTPException
-from fastapi.responses import Response, RedirectResponse
+from fastapi.responses import Response
 
 from mediaflow_proxy.handlers import (
     handle_hls_stream_proxy,
@@ -21,11 +24,22 @@ from mediaflow_proxy.schemas import (
     HLSManifestParams,
     MPDManifestParams,
 )
-from mediaflow_proxy.utils.http_utils import get_proxy_headers, ProxyRequestHeaders
+from mediaflow_proxy.utils.http_utils import (
+    get_proxy_headers,
+    ProxyRequestHeaders,
+    create_httpx_client,
+)
 from mediaflow_proxy.utils.base64_utils import process_potential_base64_url
 
 proxy_router = APIRouter()
 
+# DLHD extraction cache: {original_url: {"data": extraction_result, "timestamp": time.time()}}
+_dlhd_extraction_cache = {}
+_dlhd_cache_duration = 600  # 10 minutes in seconds
+
+_sportsonline_extraction_cache = {}
+_sportsonline_cache_duration = 600  # 10 minutes in seconds
+
 
 def sanitize_url(url: str) -> str:
     """
@@ -122,41 +136,146 @@ def extract_drm_params_from_url(url: str) -> tuple[str, str, str]:
     return clean_url, key_id, key
 
 
-def _check_and_redirect_dlhd_stream(request: Request, destination: str) -> RedirectResponse | None:
+def _invalidate_dlhd_cache(destination: str):
+    """Invalidate DLHD cache for a specific destination URL."""
+    if destination in _dlhd_extraction_cache:
+        del _dlhd_extraction_cache[destination]
+        logger = logging.getLogger(__name__)
+        logger.info(f"DLHD cache invalidated for: {destination}")
+
+
+async def _check_and_extract_dlhd_stream(
+    request: Request, 
+    destination: str, 
+    proxy_headers: ProxyRequestHeaders,
+    force_refresh: bool = False
+) -> dict | None:
     """
-    Check if destination contains stream-{numero} pattern and redirect to extractor if needed.
+    Check if destination contains DLHD/DaddyLive patterns and extract stream directly.
+    Uses caching to avoid repeated extractions (10 minute cache).
     
     Args:
         request (Request): The incoming HTTP request.
         destination (str): The destination URL to check.
+        proxy_headers (ProxyRequestHeaders): The headers to include in the request.
+        force_refresh (bool): Force re-extraction even if cached data exists.
         
     Returns:
-        RedirectResponse | None: RedirectResponse if redirect is needed, None otherwise.
+        dict | None: Extracted stream data if DLHD link detected, None otherwise.
     """
     import re
+    from urllib.parse import urlparse
+    from mediaflow_proxy.extractors.factory import ExtractorFactory
+    from mediaflow_proxy.extractors.base import ExtractorError
+    from mediaflow_proxy.utils.http_utils import DownloadError
     
-    # Check for stream-{numero} pattern (e.g., stream-1, stream-123, etc.)
-    if re.search(r'stream-\d+', destination):
-        from urllib.parse import urlencode
+    # Check for common DLHD/DaddyLive patterns in the URL
+    # This includes stream-XXX pattern and domain names like dlhd.dad or daddylive.sx
+    is_dlhd_link = (
+        re.search(r'stream-\d+', destination) or
+        "dlhd.dad" in urlparse(destination).netloc or
+        "daddylive.sx" in urlparse(destination).netloc
+    )
+    
+    if not is_dlhd_link:
+        return None
+    
+    logger = logging.getLogger(__name__)
+    logger.info(f"DLHD link detected: {destination}")
+    
+    # Check cache first (unless force_refresh is True)
+    current_time = time.time()
+    if not force_refresh and destination in _dlhd_extraction_cache:
+        cached_entry = _dlhd_extraction_cache[destination]
+        cache_age = current_time - cached_entry["timestamp"]
         
-        # Build redirect URL to extractor
-        redirect_params = {
-            "host": "DLHD",
-            "redirect_stream": "true",
-            "d": destination
+        if cache_age < _dlhd_cache_duration:
+            logger.info(f"Using cached DLHD data (age: {cache_age:.1f}s)")
+            return cached_entry["data"]
+        else:
+            logger.info(f"DLHD cache expired (age: {cache_age:.1f}s), re-extracting...")
+            del _dlhd_extraction_cache[destination]
+    
+    # Extract stream data
+    try:
+        logger.info(f"Extracting DLHD stream data from: {destination}")
+        extractor = ExtractorFactory.get_extractor("DLHD", proxy_headers.request)
+        result = await extractor.extract(destination)
+        
+        logger.info(f"DLHD extraction successful. Stream URL: {result.get('destination_url')}")
+        
+        # Cache the result
+        _dlhd_extraction_cache[destination] = {
+            "data": result,
+            "timestamp": current_time
         }
+        logger.info(f"DLHD data cached for {_dlhd_cache_duration}s")
         
-        # Preserve api_password if present
-        if "api_password" in request.query_params:
-            redirect_params["api_password"] = request.query_params["api_password"]
+        return result
         
-        # Build the redirect URL
-        base_url = str(request.url_for("extract_url"))
-        redirect_url = f"{base_url}?{urlencode(redirect_params)}"
-        
-        return RedirectResponse(url=redirect_url, status_code=302)
-    
-    return None
+    except (ExtractorError, DownloadError) as e:
+        logger.error(f"DLHD extraction failed: {str(e)}")
+        raise HTTPException(status_code=400, detail=f"DLHD extraction failed: {str(e)}")
+    except Exception as e:
+        logger.exception(f"Unexpected error during DLHD extraction: {str(e)}")
+        raise HTTPException(status_code=500, detail=f"DLHD extraction failed: {str(e)}")
+
+
+async def _check_and_extract_sportsonline_stream(
+    request: Request,
+    destination: str,
+    proxy_headers: ProxyRequestHeaders,
+    force_refresh: bool = False
+) -> dict | None:
+    """
+    Check if destination contains Sportsonline/Sportzonline patterns and extract stream directly.
+    Uses caching to avoid repeated extractions (10 minute cache).
+
+    Args:
+        request (Request): The incoming HTTP request.
+        destination (str): The destination URL to check.
+        proxy_headers (ProxyRequestHeaders): The headers to include in the request.
+        force_refresh (bool): Force re-extraction even if cached data exists.
+
+    Returns:
+        dict | None: Extracted stream data if Sportsonline link detected, None otherwise.
+    """
+    import re
+    from urllib.parse import urlparse
+    from mediaflow_proxy.extractors.factory import ExtractorFactory
+    from mediaflow_proxy.extractors.base import ExtractorError
+    from mediaflow_proxy.utils.http_utils import DownloadError
+
+    parsed_netloc = urlparse(destination).netloc
+    is_sportsonline_link = "sportzonline." in parsed_netloc or "sportsonline." in parsed_netloc
+
+    if not is_sportsonline_link:
+        return None
+
+    logger = logging.getLogger(__name__)
+    logger.info(f"Sportsonline link detected: {destination}")
+
+    current_time = time.time()
+    if not force_refresh and destination in _sportsonline_extraction_cache:
+        cached_entry = _sportsonline_extraction_cache[destination]
+        if current_time - cached_entry["timestamp"] < _sportsonline_cache_duration:
+            logger.info(f"Using cached Sportsonline data (age: {current_time - cached_entry['timestamp']:.1f}s)")
+            return cached_entry["data"]
+        else:
+            logger.info("Sportsonline cache expired, re-extracting...")
+            del _sportsonline_extraction_cache[destination]
+
+    try:
+        logger.info(f"Extracting Sportsonline stream data from: {destination}")
+        extractor = ExtractorFactory.get_extractor("Sportsonline", proxy_headers.request)
+        result = await extractor.extract(destination)
+        logger.info(f"Sportsonline extraction successful. Stream URL: {result.get('destination_url')}")
+        _sportsonline_extraction_cache[destination] = {"data": result, "timestamp": current_time}
+        logger.info(f"Sportsonline data cached for {_sportsonline_cache_duration}s")
+        return result
+    except (ExtractorError, DownloadError, Exception) as e:
+        logger.error(f"Sportsonline extraction failed: {str(e)}")
+        raise HTTPException(status_code=400, detail=f"Sportsonline extraction failed: {str(e)}")
 
 
 @proxy_router.head("/hls/manifest.m3u8")
@@ -179,12 +298,197 @@ async def hls_manifest_proxy(
         Response: The HTTP response with the processed m3u8 playlist or streamed content.
     """
     # Sanitize destination URL to fix common encoding issues
+    original_destination = hls_params.destination
     hls_params.destination = sanitize_url(hls_params.destination)
     
-    # Check if destination contains stream-{numero} pattern and redirect to extractor
-    redirect_response = _check_and_redirect_dlhd_stream(request, hls_params.destination)
-    if redirect_response:
-        return redirect_response
+    # Check if this is a retry after 403 error (dlhd_retry parameter)
+    force_refresh = request.query_params.get("dlhd_retry") == "1"
+    
+    # Check if destination contains DLHD pattern and extract stream directly
+    dlhd_result = await _check_and_extract_dlhd_stream(
+        request, hls_params.destination, proxy_headers, force_refresh=force_refresh
+    )
+    dlhd_original_url = None
+    if dlhd_result:
+        # Store original DLHD URL for cache invalidation on 403 errors
+        dlhd_original_url = hls_params.destination
+        
+        # Update destination and headers with extracted stream data
+        hls_params.destination = dlhd_result["destination_url"]
+        extracted_headers = dlhd_result.get("request_headers", {})
+        proxy_headers.request.update(extracted_headers)
+        
+        # Check if extractor wants key-only proxy (DLHD uses hls_key_proxy endpoint)
+        if dlhd_result.get("mediaflow_endpoint") == "hls_key_proxy":
+            hls_params.key_only_proxy = True
+        
+        # Also add headers to query params so they propagate to key/segment requests
+        # This is necessary because M3U8Processor encodes headers as h_* query params
+        from fastapi.datastructures import QueryParams
+        query_dict = dict(request.query_params)
+        for header_name, header_value in extracted_headers.items():
+            # Add header with h_ prefix to query params
+            query_dict[f"h_{header_name}"] = header_value
+        # Add DLHD original URL to track for cache invalidation
+        if dlhd_original_url:
+            query_dict["dlhd_original"] = dlhd_original_url
+        # Remove retry flag from subsequent requests
+        query_dict.pop("dlhd_retry", None)
+        # Update request query params
+        request._query_params = QueryParams(query_dict)
+
+    # Check if destination contains Sportsonline pattern and extract stream directly
+    sportsonline_result = await _check_and_extract_sportsonline_stream(
+        request, hls_params.destination, proxy_headers
+    )
+    if sportsonline_result:
+        # Update destination and headers with extracted stream data
+        hls_params.destination = sportsonline_result["destination_url"]
+        extracted_headers = sportsonline_result.get("request_headers", {})
+        proxy_headers.request.update(extracted_headers)
+
+        # Check if extractor wants key-only proxy
+        if sportsonline_result.get("mediaflow_endpoint") == "hls_key_proxy":
+            hls_params.key_only_proxy = True
+
+        # Also add headers to query params so they propagate to key/segment requests
+        from fastapi.datastructures import QueryParams
+        query_dict = dict(request.query_params)
+        for header_name, header_value in extracted_headers.items():
+            # Add header with h_ prefix to query params
+            query_dict[f"h_{header_name}"] = header_value
+        # Remove retry flag from subsequent requests
+        query_dict.pop("dlhd_retry", None)
+        # Update request query params
+        request._query_params = QueryParams(query_dict)
+
+    # Wrap the handler to catch 403 errors and retry with cache invalidation
+    try:
+        result = await _handle_hls_with_dlhd_retry(request, hls_params, proxy_headers, dlhd_original_url)
+        return result
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger = logging.getLogger(__name__)
+        logger.exception(f"Unexpected error in hls_manifest_proxy: {e}")
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+async def _handle_hls_with_dlhd_retry(
+    request: Request,
+    hls_params: HLSManifestParams,
+    proxy_headers: ProxyRequestHeaders,
+    dlhd_original_url: str | None
+):
+    """
+    Handle HLS request with automatic retry on 403 errors for DLHD streams.
+    """
+    logger = logging.getLogger(__name__)
+    
+    if hls_params.max_res:
+        from mediaflow_proxy.utils.hls_utils import parse_hls_playlist
+        from mediaflow_proxy.utils.m3u8_processor import M3U8Processor
+
+        async with create_httpx_client(
+            headers=proxy_headers.request,
+            follow_redirects=True,
+        ) as client:
+            try:
+                response = await client.get(hls_params.destination)
+                response.raise_for_status()
+                playlist_content = response.text
+            except httpx.HTTPStatusError as e:
+                raise HTTPException(
+                    status_code=502,
+                    detail=f"Failed to fetch HLS manifest from origin: {e.response.status_code} {e.response.reason_phrase}",
+                ) from e
+            except httpx.TimeoutException as e:
+                raise HTTPException(
+                    status_code=504,
+                    detail=f"Timeout while fetching HLS manifest: {e}",
+                ) from e
+            except httpx.RequestError as e:
+                raise HTTPException(status_code=502, detail=f"Network error fetching HLS manifest: {e}") from e
+        
+        streams = parse_hls_playlist(playlist_content, base_url=hls_params.destination)
+        if not streams:
+            raise HTTPException(
+                status_code=404, detail="No streams found in the manifest."
+            )
+
+        highest_res_stream = max(
+            streams,
+            key=lambda s: s.get("resolution", (0, 0))[0]
+            * s.get("resolution", (0, 0))[1],
+        )
+
+        if highest_res_stream.get("resolution", (0, 0)) == (0, 0):
+            logging.warning("Selected stream has resolution (0, 0); resolution parsing may have failed or not be available in the manifest.")
+
+        # Rebuild the manifest preserving master-level directives
+        # but removing non-selected variant blocks
+        lines = playlist_content.splitlines()
+        highest_variant_index = streams.index(highest_res_stream)
+        
+        variant_index = -1
+        new_manifest_lines = []
+        i = 0
+        while i < len(lines):
+            line = lines[i]
+            if line.startswith("#EXT-X-STREAM-INF"):
+                variant_index += 1
+                next_line = ""
+                if i + 1 < len(lines) and not lines[i + 1].startswith("#"):
+                    next_line = lines[i + 1]
+                
+                # Only keep the selected variant
+                if variant_index == highest_variant_index:
+                    new_manifest_lines.append(line)
+                    if next_line:
+                        new_manifest_lines.append(next_line)
+                
+                # Skip variant block (stream-inf + optional url)
+                i += 2 if next_line else 1
+                continue
+            
+            # Preserve all other lines (master directives, media tags, etc.)
+            new_manifest_lines.append(line)
+            i += 1
+        
+        new_manifest = "\n".join(new_manifest_lines)
+
+        # Process the new manifest to proxy all URLs within it
+        processor = M3U8Processor(request, hls_params.key_url, hls_params.force_playlist_proxy, hls_params.key_only_proxy, hls_params.no_proxy)
+        processed_manifest = await processor.process_m3u8(new_manifest, base_url=hls_params.destination)
+        
+        return Response(content=processed_manifest, media_type="application/vnd.apple.mpegurl")
+    
+    return await handle_hls_stream_proxy(request, hls_params, proxy_headers)
+
+
+@proxy_router.head("/hls/key_proxy/manifest.m3u8", name="hls_key_proxy")
+@proxy_router.get("/hls/key_proxy/manifest.m3u8", name="hls_key_proxy")
+async def hls_key_proxy(
+    request: Request,
+    hls_params: Annotated[HLSManifestParams, Query()],
+    proxy_headers: Annotated[ProxyRequestHeaders, Depends(get_proxy_headers)],
+):
+    """
+    Proxify HLS stream requests, but only proxy the key URL, leaving segment URLs direct.
+
+    Args:
+        request (Request): The incoming HTTP request.
+        hls_params (HLSManifestParams): The parameters for the HLS stream request.
+        proxy_headers (ProxyRequestHeaders): The headers to include in the request.
+
+    Returns:
+        Response: The HTTP response with the processed m3u8 playlist.
+    """
+    # Sanitize destination URL to fix common encoding issues
+    hls_params.destination = sanitize_url(hls_params.destination)
+    
+    # Set the key_only_proxy flag to True
+    hls_params.key_only_proxy = True
     
     return await handle_hls_stream_proxy(request, hls_params, proxy_headers)
 
@@ -208,7 +512,7 @@ async def hls_segment_proxy(
     """
     from mediaflow_proxy.utils.hls_prebuffer import hls_prebuffer
     from mediaflow_proxy.configs import settings
-    
+
     # Sanitize segment URL to fix common encoding issues
     segment_url = sanitize_url(segment_url)
     
@@ -217,11 +521,13 @@ async def hls_segment_proxy(
     for key, value in request.query_params.items():
         if key.startswith("h_"):
             headers[key[2:]] = value
-    
+
     # Try to get segment from pre-buffer cache first
     if settings.enable_hls_prebuffer:
         cached_segment = await hls_prebuffer.get_segment(segment_url, headers)
         if cached_segment:
+            # Avvia prebuffer dei successivi in background
+            asyncio.create_task(hls_prebuffer.prebuffer_from_segment(segment_url, headers))
             return Response(
                 content=cached_segment,
                 media_type="video/mp2t",
@@ -231,8 +537,11 @@ async def hls_segment_proxy(
                     "Access-Control-Allow-Origin": "*"
                 }
             )
-    
-    # Fallback to direct streaming if not in cache
+
+    # Fallback to direct streaming se non in cache:
+    # prima di restituire, prova comunque a far partire il prebuffer dei successivi
+    if settings.enable_hls_prebuffer:
+        asyncio.create_task(hls_prebuffer.prebuffer_from_segment(segment_url, headers))
     return await handle_stream_request("GET", segment_url, proxy_headers)
 
 
@@ -308,16 +617,21 @@ async def proxy_stream_endpoint(
     # Sanitize destination URL to fix common encoding issues
     destination = sanitize_url(destination)
     
-    # Check if destination contains stream-{numero} pattern and redirect to extractor
-    redirect_response = _check_and_redirect_dlhd_stream(request, destination)
-    if redirect_response:
-        return redirect_response
+    # Check if destination contains DLHD pattern and extract stream directly
+    dlhd_result = await _check_and_extract_dlhd_stream(request, destination, proxy_headers)
+    if dlhd_result:
+        # Update destination and headers with extracted stream data
+        destination = dlhd_result["destination_url"]
+        proxy_headers.request.update(dlhd_result.get("request_headers", {}))
+    if proxy_headers.request.get("range", "").strip() == "":
+        proxy_headers.request.pop("range", None)
+
+    if proxy_headers.request.get("if-range", "").strip() == "":
+        proxy_headers.request.pop("if-range", None)
+    
+    if "range" not in proxy_headers.request:
+        proxy_headers.request["range"] = "bytes=0-"
     
-    content_range = proxy_headers.request.get("range", "bytes=0-")
-    if "nan" in content_range.casefold():
-        # Handle invalid range requests "bytes=NaN-NaN"
-        raise HTTPException(status_code=416, detail="Invalid Range Header")
-    proxy_headers.request.update({"range": content_range})
     if filename:
         # If a filename is provided, set it in the headers using RFC 6266 format
         try:
@@ -430,4 +744,4 @@ async def get_mediaflow_proxy_public_ip():
     Returns:
         Response: The HTTP response with the public IP address in the form of a JSON object. {"ip": "xxx.xxx.xxx.xxx"}
     """
-    return await get_public_ip()
\ No newline at end of file
+    return await get_public_ip()
diff --git a/mediaflow_proxy/schemas.py b/mediaflow_proxy/schemas.py
index 94e0439..6e763d8 100644
--- a/mediaflow_proxy/schemas.py
+++ b/mediaflow_proxy/schemas.py
@@ -71,6 +71,18 @@ class HLSManifestParams(GenericParams):
         None,
         description="Force all playlist URLs to be proxied through MediaFlow regardless of m3u8_content_routing setting. Useful for IPTV m3u/m3u_plus formats that don't have clear URL indicators.",
     )
+    key_only_proxy: Optional[bool] = Field(
+        False,
+        description="Only proxy the key URL, leaving segment URLs direct.",
+    )
+    no_proxy: bool = Field(
+        False,
+        description="If true, returns the manifest content without proxying any internal URLs (segments, keys, playlists).",
+    )
+    max_res: bool = Field(
+        False,
+        description="If true, redirects to the highest resolution stream in the manifest.",
+    )
 
 
 class MPDManifestParams(GenericParams):
@@ -92,11 +104,12 @@ class MPDSegmentParams(GenericParams):
     mime_type: str = Field(..., description="The MIME type of the segment.")
     key_id: Optional[str] = Field(None, description="The DRM key ID (optional).")
     key: Optional[str] = Field(None, description="The DRM key (optional).")
+    is_live: Optional[bool] = Field(None, alias="is_live", description="Whether the parent MPD is live.")
 
 
 class ExtractorURLParams(GenericParams):
     host: Literal[
-        "Doodstream", "FileLions", "Mixdrop", "Uqload", "Streamtape", "Supervideo", "VixCloud", "Okru", "Maxstream", "LiveTV", "DLHD", "Fastream"
+        "Doodstream", "FileLions", "FileMoon", "F16Px", "Mixdrop", "Uqload", "Streamtape", "StreamWish", "Supervideo", "VixCloud", "Okru", "Maxstream", "LiveTV", "LuluStream", "DLHD", "Fastream", "TurboVidPlay", "Vidmoly", "Vidoza", "Voe", "Sportsonline"
     ] = Field(..., description="The host to extract the URL from.")
     destination: str = Field(..., description="The URL of the stream.", alias="d")
     redirect_stream: bool = Field(False, description="Whether to redirect to the stream endpoint automatically.")
diff --git a/mediaflow_proxy/speedtest/providers/__pycache__/all_debrid.cpython-313.pyc b/mediaflow_proxy/speedtest/providers/__pycache__/all_debrid.cpython-313.pyc
deleted file mode 100644
index 9d473666fcb623dd0937b7524b4169a46784d2a3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3375
zcmZ`*U2Gf25#IYDdHfS){aCd8NB`6{{X@#JEL*7|M-J6kQmnc<Qne!j=M#C9&LQuZ
z-J=}|2wbE^AR{U27q?Ddq5^%efj+2j?o-tuK$EAERsgA27Y<PLK@SDwN=4we&fJj{
zETs$F-tO$|?9A-UH@guI2MDyk{QFNcvpz!piIYb2)CU_shrt6P6PX(&6#x7vH^NhX
zM4-ZmNW~b^gi+6kmwKJCIO-dbs5IiIerN6(4U7b7a3n-S&fGg19%-R1F%l(*iR|kp
zvXqUS6WsG?t3&kzHINN9sk^4RcyJ9_#^Qo4ru3X;d(xG1QM08Vl`Y*g)MA{oC8k-H
zZcMW{ZwF+J-qz@_Q7~;O!`u<jJ1?tDlgpZxPixG&M$OxLUZZx`4$_;ZQP8JBY8%zw
zs{pTZN4I7as#$b4=W6TrTz#_90fPr5ODHE3%F7%TWS)xCLR_?4n&O8jHR&2U{xKNi
zu_Z+@)RLwsc0f@|X1-FyaY#|#tEk2LN<>i#I%QT-H#Eb9<xWLmmTKuaMYSxdPgN|9
zDGH5%)D6_e{z-DiENRIKEt<)cnX8mE!(vG}N7XX;Cz&y>fYteANz3bMp=jPw%G7*+
zHp$R0Aj?X^+;I#`s>Py`*QThRPn2hA7^FKLTEH+$J|ea#(ar|_71uPQC=1IwT_X!w
zPcJWv-Q<=?y|O3k%Su@f(r{zepAF#OodKWM;R^y^2xbsDuq!M}v}M{K57=#k#bV0Q
zv+3)#7T7*_y15W@?2Dm+v4(*$y#!%|{sDiQM#A=ii<Eb@*&Gj>8x6-8q8kUGdqA$Y
z78@(1hh#{x5d&nJ#JRD@Jne>c+XrC>F^J(PGObu}s0?MrVstlh!0qdXZo!rAZED$6
zKhap+1*{Bh`6*fLI`BzoHPJIK{vzZ!-S$F6R;ZC{ssMa`_<jc8Mga~xLSmruWOH5S
zWL_2~o92y+z`3pUaIz?SGGyGlZ2_jTHzCNresLHwe+Ha#n|mOPc|yeCGTgZI9sJVk
zcL-5~giONcHrao!u8)ShFsin-bM?8wXL#9(13CB|aza~jCNcb-20OwSIdTj3%~|A?
zS*ydbt6wmLCPy36+R22-_#VRec5($=Z>HpSq)*~CI8E+`OBYjIAE)qF+X)GRhZ%2(
z5D4gbr%fUnIBgtndRqhJ>ySIo)$c&w9U<d;wz0re?vkSo9s_TqZ70w8-kr3D@4yl-
z*do+z0X-^kVmW_3KfZ70t`;Ki$#`1GSplqyx>gxJ!)u7wSucN-NMvk-@vfx>uop&x
zAsXHSIWH8r_}(#Fcxxy<mzc4vGJ8FVz){DIoLNfhhNV$}X~?eR?cOb<nF}B|pB|is
z40IDl&uMd^Gl`zlXZy}x=<8R{1LS*DcOA0{vefp17|2mbEZ>Z#0)R8yTUM!BVryT5
zWpjsqsOm*6AG6F@L9=o*v1WF~>N#n95kV^q&aC8e8e?<&ws;1w4aeNH0vQ@2wk_sW
zOSO5uYzsOo+rFGxF`yE}1)6{ZX%f30?Dj)vi-_E77~*Sq$8%!hwcdiwC2TSm+_F9C
zAa*=LF)t{lnjNTseu`tQiy=W*O(kc7m6#{Cc#D|^#YCe}wd)6ZscPiSlI^P)dcmYH
zpjx@8<}}-*TUv?P0@Q-IL=nGiiE6BD8t8YN`kga%tdw5YJ9gL=rx=ye6xe?T*+h`Q
z7@ixeHy6Xg)0(9qrYgu_Z@GF4$X?;VQo*i)Z`J_Mp6xlg8rroQy13eT=yw-Zj`Y=z
z^i?~~ukJs#IPhiqui3A%wf1*j_&wc$Z;7WPFfXmQkWj};@L(-?aN+E7@Yu7qSoKh9
zxoxN#8u}*E^~(?Leem(!d2uxuxi8%tczC11a%s8kjcVwPO)u%(zaTD5{5JF`U5mZ;
zM0_&w$Iw!yc44%dxlw)RW-X&ur{1k)inWf?yno$G-sY}x)oT-9U94VLpN>u~cjcg8
z+WqkMr!Bt^)Q(?VoPh3W^kQvvs@9d87e5KX8T$@@Ht?H)M~5E$czJJfQLJ{KTZs<T
zq61IZ(&gpoTl3-7^!1hW&06~AO1e->7rsu<d>zrBrf2^A_EPG;_*wU--48<xql@83
zcdNTEJ#D>IOV7-UwTS*rq<#KwRXXtE40z+^e~yx9o_o0=k=9$>ONK%CVIp;gTjWwl
z#Xk(5fZ^wRqp4%!=Vu37VDbgGKXuak#Q`6Vj|HKBrEDO|Ib~x425#8^(5VA8keaOl
zFxyLj121ipP!!xI1Gvk4zY89%4onDR6e}5IZrF*Le1$rN*Y-C<D9+P2fra7|1M&+)
zmR^R=<`jmaA^P0N3t(L3oOhbNznQ(ShMl{NnaNH-hcUMr-M11wQH!2fj-Fa+J9W=D
zFFuPLTO42NtwpX>r7JH4(ti3S3jzCw9dYhg-1o&_?}~F2F>?&EwH5vpivdMErceN&
z)GJEf%t0L&m__M9q+?m7s4qpox(VB~iw+|VYlMRV?)wP~1qI}FJ9HDn4Ih!eiRafv
z-g9O_*d*{<m-cuLE@U3{E((kCqV#y+$%UmWwI5uqp1fN7-q<FA)%8B!Gt5;F_kRl;
zhB;S0ijKF@e)!p5YZjk^u7ZxLsHNSt?Maw${l{E%ifvzY9#nX733$3{Mdl(BVuXGC
z|MNE9UMw*Mk8z4M)46PWhy04A7nxI06ldrlrR^VjKc_j*e)m1<xD2cRmK$y9qWhR0
zpfW6A3^R<{b%Eo!zmxEDa=b>4|BIY@P6nTo+&{>rO)tm!@88%Y@Y|G*a^Sr^iT@HD
HIAZ??;g&);

diff --git a/mediaflow_proxy/speedtest/providers/__pycache__/base.cpython-313.pyc b/mediaflow_proxy/speedtest/providers/__pycache__/base.cpython-313.pyc
deleted file mode 100644
index 2d2a5e9c7ff2a4d47e5976099188a971d28ba06f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1615
zcma)6O>Ep$5Ptq$?<P)wG-{hdW#vcI0(K81q6id;rV?R87K)pjCCh7jH%4B28GC{B
zfGUtc+;XXuBS&(}32}oP*G5RFJP8%4;;;v#NDc>Xow0Y9E<X}a^5-`{o|*5x8RxoQ
zW4M0!{k#2dM8+PGFkZ@NlSjC@$1G+EJFF>y&=f&5NEUabrVMgZ0i~&eTIi&mN>c-^
z*vmWBW({fvyTq26r7ST^wY3eYj0-b`wt`yC7AD%+Zq=*}$;A}8^u~=XKIgX63|uek
z1=)V$n-Z6AhF->%+k<`-aP6Ib7ACP9nF6ogaMNHn@dFaHy)=Ng;!fg~2}>MhXZdxM
z?=hQ!U@;Ia0i-o#1hTEzswF*-R=Z+rwze+PL7+}1ouxpvtC|&l(dq|*e>+ICcOm&O
z^aI#R;!fBdYUnkjQ{{SwR>vQJO9k?3Ar2r)k6FvCam{gJw--1LuQ^UH@dpv@XC3E*
zfg6o1^N!OAA<d#N4&uadV2%PyVVrR^xpACiMer0&R3?}3sQ9Aeq@?#8H_ISw4=^)2
zJcSN9K8)XL>?ggTfwd%!n~68*1#y-(EDzj%7<U_c@ir3j8@<2}-A<Hz<n$r=_@I#z
zWn$4lx!{~O+IZsi{sGKj+yaPyx`glrdvN*6-QB~Nf0VC0m|r;DI$Ai~{_>Nb<mce>
z*m>$|RMgVS+X&NFQ(lZE+3M7#RP7qEF0W`^wB#lBzPv#(aKVhN;1{!~$JTp7uUjh2
zbt|UE7pY(VagjqEzrM3dHp7eDG&MR27zKHQ*c%h}b*@5?4IuV}B4r6UNbECw@>zrx
zW+0cY@QTzCO!3a<n?YtoAqGi0Ww5>X-Yyel`@tl#;l{p^j2hb*U?UqLc5=N{T;j37
z<ur&oDP=W)4x8)UAaf=i##jE8S$)c>=m+Z5A-l`YR94mh%w-fm6=mUn6Ivxg;{$mK
z56KHVp=Wr-FpOG%R5lnG{K=YYR8Hy1jsGsV^jO4?VU=KwfQoOK^YAnY&k!sSTtMIz
z$MF*nJD%78wN)`3aFKQuf-1o>LD9D~*>H(~!j|nxrwY%Gfm$NHh44B1S+4)8ES!m=
zqJOpb_4<i)Vx4Hmo8Mmle*5&b-TN=>p02fWhSpqS>V?AZOdId+FTeViEvFb|HcHeo
zbuPJW59l9N)XvrHfF`mmzaT>8bFF{iyD<(p(6n*mZ-ZK&3~C+!D?yZ&d<&`tqiL30
zd%gVqY(gEwQB$QaBAiKrAUtF%581U-cI_8-^*6S0u8P9dqwt*J>%2B2=to<BFnkp(
F9s~9|mOB6d

diff --git a/mediaflow_proxy/speedtest/providers/__pycache__/real_debrid.cpython-313.pyc b/mediaflow_proxy/speedtest/providers/__pycache__/real_debrid.cpython-313.pyc
deleted file mode 100644
index 7b29313c0345638d3cca9773d5eea26432595b5a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2539
zcmbVOO>7fK6rTODy>V=uU{HgFs39$6DR>*zDFG^^gh&JjJ2VqVK{#D)?6tFDz3a}d
zLy`kRRI1V&7up`Hs#VJ^$J|O!y~cn<I;}*ds)rmZ1%;~O);GJh15{KcBk!9xZ|1#u
z@6Eh#yd8~(5wxHF{9*1%5TW1Mpw$9RW_tpdI|w7pjiC%jxC~GDj6j4WlksCB5uq2x
z0+}EQdNOe=l#z&(=^!0R)Ps&797rG>EJy=_Z<B;8yd2tO16iQrh*5NDV6t8_bt;Y5
zT*J0BGbeLY$~!u_Xq9c5r~8LBN5?f?FHP!>dzsh^MoB01jem*G+g91A6#boi+72ZL
z<2$H;2!|2jF-HW<gZn}uPzV-6g;1JjOAAt=gZ2I>&0{fv=0y^Qb)7JRU|<x%K@zQm
zWQoQnbj=*mXNgg2JF_W){&H$(Ch0KOlP>t4tTmla8dV6ns#~tcVouQ@(cL<+iX14n
zS`?U1;M-mU(u<PpC^*bx0gE_*gE)jG+=0Wm6Gw0~6|uNHH}SlF)6PJ%kE1DmN^pdC
zk;BK)=wXEFJVLeJ>E1o)DsX<A5L?_%568F%#|D~fa90ey$E$p{7okq@%Hk~E67rDO
zH2)UZP9jIJ1dA`DQ$m@OyK~Fu=3KYtoKckYK&oV4w@h0rr3j?%WXa22s%TdgFH0;*
z3L_(WS*x3FifBYx9&G88*~R~Bz}Gz8(ll+Wf0wFr*DAYJbt<*jR6Wyj7*y@o)NKdr
zF6~;?)E0NWtGTdS)oQ)ETh;k%?rW-^Z>9K^x6!ogrI+sGc_u5H8qvLrB}b?*l*Lq-
z7@nr$rSV)p6-UP|0L2$B_tOB-aTrWqVf50_G~+K#0nO&KKr>^L{WQE|ld#g-WVO32
zruyG612hH<SFbvN3z}83t29)%jIvFtvPeZoH_KG46VsuRX%{^Nq0%gXq{@V>fRoVZ
zv@&N`bp>R$GGZ6&3~n3+7l~FgtcsGiMgd1lN>wizTG_O(tAI|6OV0(~LMumM#i}-o
zwYEf~72Q=?nR*-2!#iNthQZVeOFF?P=O&O%bQAp+#~bnN#=i09Z~uooye~|sPYy)8
z!Yks|A@mV9%RQQ@G-fIfXN-rj`TH|Q<HD7Di?^jOGv6$HcjN0DtJ+%kgJWmcM%IrG
zttW=>cMUgYj1{pFo8O4VZ%?i)uS*A>Z40RD8u!fU0w-?u4kfs6`-b)fe~d<feF1eD
z{ClW71&oindGuendJ!JOIRT*s?v9WPM0`};dle*p!+^_}KMmL@p<I`Ti9&9Zy}t0a
zMZGMR>cl_Aj&@RIp7g>J!d??uAcq+LCJ@T04l@l0OpdT|m?gUCy?pf0s}91SXGWak
zK-ej4^c;NDbG*@W{6Wu&M|)3v7FrR1jU8Q`xR-9kM%Sg$CjyF}eC9-8`K^62_c?b=
z{Gwat?xLK$hf1nyX;ocSX;@XOcByVMKBB50*EO>_6I0c)K^)gKEZwqUI;5&4yQr#!
z-B7}Upn~HP!ZJ?aKM2~1m@qHtepPkY16fox*Cobm9kK)JCtz+HKIA2UuuOV{rOG)4
z<WuysIJhNt2NGZ9zfZ3Ut9Vtqdv0y;-e}`&cKw}f<L%s21hZR5`M^bP{mALR5o1WY
zWl8R&L3fE&iRY&8u;=DMSVEI8l}xJrcBLQ}y6Je)(7snMYgbl^l`RRejhXv?Ff2gd
z8SjLp5Bv<DBZDx(P{LtXV@u#T?lJ0XpuS&F^ba)f7!{uedpL+Fq5Opy;~Dt}IW6hd

diff --git a/mediaflow_proxy/static/index.html b/mediaflow_proxy/static/index.html
index 71bca2c..26c3edf 100644
--- a/mediaflow_proxy/static/index.html
+++ b/mediaflow_proxy/static/index.html
@@ -1,11 +1,8 @@
-<!DOCTYPE html>
-<html lang="en">
 <head>
+
     <meta charset="UTF-8">
+
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+
     <title>App Status</title>
-</head>
-<body>
-    <h1>Your App is running</h1>
-</body>
-</html>
diff --git a/mediaflow_proxy/static/playlist_builder.html b/mediaflow_proxy/static/playlist_builder.html
index 75b6f3c..d3fa919 100644
--- a/mediaflow_proxy/static/playlist_builder.html
+++ b/mediaflow_proxy/static/playlist_builder.html
@@ -11,6 +11,7 @@
         h2 { color: #2c5aa0; border-bottom: 2px solid #2c5aa0; padding-bottom: 5px; text-align: left; margin-top: 30px; }
         .form-group { margin-bottom: 15px; }
         label { display: block; margin-bottom: 5px; font-weight: bold; color: #555; }
+        .proxy-label { display: inline-block; margin-left: 5px; font-weight: normal; }
         input[type="text"], input[type="url"] { width: 100%; padding: 10px; border: 1px solid #ccc; border-radius: 4px; box-sizing: border-box; }
         .btn { display: inline-block; padding: 10px 20px; background: #2c5aa0; color: white; text-decoration: none; border-radius: 5px; margin: 5px; cursor: pointer; border: none; font-size: 16px; }
         .btn:hover { background: #1e3d6f; }
@@ -60,6 +61,14 @@
                 <label>M3U Playlist URL</label>
                 <input type="url" class="playlist-url" placeholder="Ex: http://provider.com/playlist.m3u">
             </div>
+            <div class="form-group">
+                <input type="checkbox" class="proxy-playlist" checked>
+                <label class="proxy-label">Proxy this playlist</label>
+            </div>
+            <div class="form-group">
+                <input type="checkbox" class="sort-playlist">
+                <label class="proxy-label">Sort this playlist</label>
+            </div>
         </div>
     </template>
 
@@ -94,8 +103,14 @@
             for (const entry of entries) {
                 const playlistUrl = entry.querySelector('.playlist-url').value.trim();
                 if (playlistUrl) {
+                    const shouldProxy = entry.querySelector('.proxy-playlist').checked;
+                    const shouldSort = entry.querySelector('.sort-playlist').checked;
+                    
+                    let definition = (shouldSort ? 'sort:' : '') + (shouldProxy ? '' : 'no_proxy:') + playlistUrl;
+
                     if (playlistUrl.startsWith('http://') || playlistUrl.startsWith('https://')) {
-                        definitions.push(playlistUrl);
+                        // Se l'URL non ha proxy, ma ha sort, il prefisso sarà 'sort:no_proxy:'
+                        definitions.push(definition);
                     } else {
                         alert('Invalid URL: ' + playlistUrl + '. URLs must start with http:// or https://');
                         return;
diff --git a/mediaflow_proxy/static/speedtest.js b/mediaflow_proxy/static/speedtest.js
index 8973b1d..d259d5d 100644
--- a/mediaflow_proxy/static/speedtest.js
+++ b/mediaflow_proxy/static/speedtest.js
@@ -425,12 +425,14 @@ class MediaFlowSpeedTest {
             'Content-Type': 'application/json',
         };
 
-        // Add current API password to headers if provided
+        // Build URL with api_password as query parameter if provided
+        // This is more reliable than headers when behind reverse proxies
+        let configUrl = '/speedtest/config';
         if (currentApiPassword) {
-            headers['api_password'] = currentApiPassword;
+            configUrl += `?api_password=${encodeURIComponent(currentApiPassword)}`;
         }
 
-        const response = await fetch('/speedtest/config', {
+        const response = await fetch(configUrl, {
             method: 'POST',
             headers: headers,
             body: JSON.stringify(requestBody)
diff --git a/mediaflow_proxy/utils/aes.py b/mediaflow_proxy/utils/aes.py
new file mode 100644
index 0000000..830ff37
--- /dev/null
+++ b/mediaflow_proxy/utils/aes.py
@@ -0,0 +1,39 @@
+# Author: Trevor Perrin
+# See the LICENSE file for legal information regarding use of this file.
+
+"""Abstract class for AES."""
+
+class AES(object):
+    def __init__(self, key, mode, IV, implementation):
+        if len(key) not in (16, 24, 32):
+            raise AssertionError()
+        if mode not in [2, 6]:
+            raise AssertionError()
+        if mode == 2:
+            if len(IV) != 16:
+                raise AssertionError()
+        if mode == 6:
+            if len(IV) > 16:
+                raise AssertionError()
+        self.isBlockCipher = True
+        self.isAEAD = False
+        self.block_size = 16
+        self.implementation = implementation
+        if len(key)==16:
+            self.name = "aes128"
+        elif len(key)==24:
+            self.name = "aes192"
+        elif len(key)==32:
+            self.name = "aes256"
+        else:
+            raise AssertionError()
+
+    #CBC-Mode encryption, returns ciphertext
+    #WARNING: *MAY* modify the input as well
+    def encrypt(self, plaintext):
+        assert(len(plaintext) % 16 == 0)
+
+    #CBC-Mode decryption, returns plaintext
+    #WARNING: *MAY* modify the input as well
+    def decrypt(self, ciphertext):
+        assert(len(ciphertext) % 16 == 0)
diff --git a/mediaflow_proxy/utils/aesgcm.py b/mediaflow_proxy/utils/aesgcm.py
new file mode 100644
index 0000000..cf19e54
--- /dev/null
+++ b/mediaflow_proxy/utils/aesgcm.py
@@ -0,0 +1,193 @@
+# Author: Google
+# See the LICENSE file for legal information regarding use of this file.
+
+# GCM derived from Go's implementation in crypto/cipher.
+#
+# https://golang.org/src/crypto/cipher/gcm.go
+
+# GCM works over elements of the field GF(2^128), each of which is a 128-bit
+# polynomial. Throughout this implementation, polynomials are represented as
+# Python integers with the low-order terms at the most significant bits. So a
+# 128-bit polynomial is an integer from 0 to 2^128-1 with the most significant
+# bit representing the x^0 term and the least significant bit representing the
+# x^127 term. This bit reversal also applies to polynomials used as indices in a
+# look-up table.
+
+from __future__ import division
+from . import python_aes
+from .constanttime import ct_compare_digest
+from .cryptomath import bytesToNumber, numberToByteArray
+
+class AESGCM(object):
+    """
+    AES-GCM implementation. Note: this implementation does not attempt
+    to be side-channel resistant. It's also rather slow.
+    """
+
+    def __init__(self, key, implementation, rawAesEncrypt):
+        self.isBlockCipher = False
+        self.isAEAD = True
+        self.nonceLength = 12
+        self.tagLength = 16
+        self.implementation = implementation
+        if len(key) == 16:
+            self.name = "aes128gcm"
+        elif len(key) == 32:
+            self.name = "aes256gcm"
+        else:
+            raise AssertionError()
+        self.key = key
+
+        self._rawAesEncrypt = rawAesEncrypt
+        self._ctr = python_aes.new(self.key, 6, bytearray(b'\x00' * 16))
+
+        # The GCM key is AES(0).
+        h = bytesToNumber(self._rawAesEncrypt(bytearray(16)))
+
+        # Pre-compute all 4-bit multiples of h. Note that bits are reversed
+        # because our polynomial representation places low-order terms at the
+        # most significant bit. Thus x^0 * h = h is at index 0b1000 = 8 and
+        # x^1 * h is at index 0b0100 = 4.
+        self._productTable = [0] * 16
+        self._productTable[self._reverseBits(1)] = h
+        for i in range(2, 16, 2):
+            self._productTable[self._reverseBits(i)] = \
+                self._gcmShift(self._productTable[self._reverseBits(i//2)])
+            self._productTable[self._reverseBits(i+1)] = \
+                self._gcmAdd(self._productTable[self._reverseBits(i)], h)
+
+
+    def _auth(self, ciphertext, ad, tagMask):
+        y = 0
+        y = self._update(y, ad)
+        y = self._update(y, ciphertext)
+        y ^= (len(ad) << (3 + 64)) | (len(ciphertext) << 3)
+        y = self._mul(y)
+        y ^= bytesToNumber(tagMask)
+        return numberToByteArray(y, 16)
+
+    def _update(self, y, data):
+        for i in range(0, len(data) // 16):
+            y ^= bytesToNumber(data[16*i:16*i+16])
+            y = self._mul(y)
+        extra = len(data) % 16
+        if extra != 0:
+            block = bytearray(16)
+            block[:extra] = data[-extra:]
+            y ^= bytesToNumber(block)
+            y = self._mul(y)
+        return y
+
+    def _mul(self, y):
+        """ Returns y*H, where H is the GCM key. """
+        ret = 0
+        # Multiply H by y 4 bits at a time, starting with the highest power
+        # terms.
+        for i in range(0, 128, 4):
+            # Multiply by x^4. The reduction for the top four terms is
+            # precomputed.
+            retHigh = ret & 0xf
+            ret >>= 4
+            ret ^= (AESGCM._gcmReductionTable[retHigh] << (128-16))
+
+            # Add in y' * H where y' are the next four terms of y, shifted down
+            # to the x^0..x^4. This is one of the pre-computed multiples of
+            # H. The multiplication by x^4 shifts them back into place.
+            ret ^= self._productTable[y & 0xf]
+            y >>= 4
+        assert y == 0
+        return ret
+
+    def seal(self, nonce, plaintext, data=''):
+        """
+        Encrypts and authenticates plaintext using nonce and data. Returns the
+        ciphertext, consisting of the encrypted plaintext and tag concatenated.
+        """
+
+        if len(nonce) != 12:
+            raise ValueError("Bad nonce length")
+
+        # The initial counter value is the nonce, followed by a 32-bit counter
+        # that starts at 1. It's used to compute the tag mask.
+        counter = bytearray(16)
+        counter[:12] = nonce
+        counter[-1] = 1
+        tagMask = self._rawAesEncrypt(counter)
+
+        # The counter starts at 2 for the actual encryption.
+        counter[-1] = 2
+        self._ctr.counter = counter
+        ciphertext = self._ctr.encrypt(plaintext)
+
+        tag = self._auth(ciphertext, data, tagMask)
+
+        return ciphertext + tag
+
+    def open(self, nonce, ciphertext, data=''):
+        """
+        Decrypts and authenticates ciphertext using nonce and data. If the
+        tag is valid, the plaintext is returned. If the tag is invalid,
+        returns None.
+        """
+
+        if len(nonce) != 12:
+            raise ValueError("Bad nonce length")
+        if len(ciphertext) < 16:
+            return None
+
+        tag = ciphertext[-16:]
+        ciphertext = ciphertext[:-16]
+
+        # The initial counter value is the nonce, followed by a 32-bit counter
+        # that starts at 1. It's used to compute the tag mask.
+        counter = bytearray(16)
+        counter[:12] = nonce
+        counter[-1] = 1
+        tagMask = self._rawAesEncrypt(counter)
+
+        if data and not ct_compare_digest(tag, self._auth(ciphertext, data, tagMask)):
+            return None
+
+        # The counter starts at 2 for the actual decryption.
+        counter[-1] = 2
+        self._ctr.counter = counter
+        return self._ctr.decrypt(ciphertext)
+
+    @staticmethod
+    def _reverseBits(i):
+        assert i < 16
+        i = ((i << 2) & 0xc) | ((i >> 2) & 0x3)
+        i = ((i << 1) & 0xa) | ((i >> 1) & 0x5)
+        return i
+
+    @staticmethod
+    def _gcmAdd(x, y):
+        return x ^ y
+
+    @staticmethod
+    def _gcmShift(x):
+        # Multiplying by x is a right shift, due to bit order.
+        highTermSet = x & 1
+        x >>= 1
+        if highTermSet:
+            # The x^127 term was shifted up to x^128, so subtract a 1+x+x^2+x^7
+            # term. This is 0b11100001 or 0xe1 when represented as an 8-bit
+            # polynomial.
+            x ^= 0xe1 << (128-8)
+        return x
+
+    @staticmethod
+    def _inc32(counter):
+        for i in range(len(counter)-1, len(counter)-5, -1):
+            counter[i] = (counter[i] + 1) % 256
+            if counter[i] != 0:
+                break
+        return counter
+
+    # _gcmReductionTable[i] is i * (1+x+x^2+x^7) for all 4-bit polynomials i. The
+    # result is stored as a 16-bit polynomial. This is used in the reduction step to
+    # multiply elements of GF(2^128) by x^4.
+    _gcmReductionTable = [
+        0x0000, 0x1c20, 0x3840, 0x2460, 0x7080, 0x6ca0, 0x48c0, 0x54e0,
+        0xe100, 0xfd20, 0xd940, 0xc560, 0x9180, 0x8da0, 0xa9c0, 0xb5e0,
+    ]
diff --git a/mediaflow_proxy/utils/cache_utils.py b/mediaflow_proxy/utils/cache_utils.py
index f445e4a..5c04312 100644
--- a/mediaflow_proxy/utils/cache_utils.py
+++ b/mediaflow_proxy/utils/cache_utils.py
@@ -175,12 +175,27 @@ class HybridCache:
         if not isinstance(data, (bytes, bytearray, memoryview)):
             raise ValueError("Data must be bytes, bytearray, or memoryview")
 
-        expires_at = time.time() + (ttl or self.ttl)
+        ttl_seconds = self.ttl if ttl is None else ttl
+
+        key = self._get_md5_hash(key)
+
+        if ttl_seconds <= 0:
+            # Explicit request to avoid caching - remove any previous entry and return success
+            self.memory_cache.remove(key)
+            try:
+                file_path = self._get_file_path(key)
+                await aiofiles.os.remove(file_path)
+            except FileNotFoundError:
+                pass
+            except Exception as e:
+                logger.error(f"Error removing cache file: {e}")
+            return True
+
+        expires_at = time.time() + ttl_seconds
 
         # Create cache entry
         entry = CacheEntry(data=data, expires_at=expires_at, access_count=0, last_access=time.time(), size=len(data))
 
-        key = self._get_md5_hash(key)
         # Update memory cache
         self.memory_cache.set(key, entry)
         file_path = self._get_file_path(key)
@@ -210,10 +225,11 @@ class HybridCache:
 
     async def delete(self, key: str) -> bool:
         """Delete item from both caches."""
-        self.memory_cache.remove(key)
+        hashed_key = self._get_md5_hash(key)
+        self.memory_cache.remove(hashed_key)
 
         try:
-            file_path = self._get_file_path(key)
+            file_path = self._get_file_path(hashed_key)
             await aiofiles.os.remove(file_path)
             return True
         except FileNotFoundError:
@@ -237,7 +253,13 @@ class AsyncMemoryCache:
     async def set(self, key: str, data: Union[bytes, bytearray, memoryview], ttl: Optional[int] = None) -> bool:
         """Set value in cache."""
         try:
-            expires_at = time.time() + (ttl or 3600)  # Default 1 hour TTL if not specified
+            ttl_seconds = 3600 if ttl is None else ttl
+
+            if ttl_seconds <= 0:
+                self.memory_cache.remove(key)
+                return True
+
+            expires_at = time.time() + ttl_seconds
             entry = CacheEntry(
                 data=data, expires_at=expires_at, access_count=0, last_access=time.time(), size=len(data)
             )
@@ -276,18 +298,35 @@ EXTRACTOR_CACHE = HybridCache(
 
 
 # Specific cache implementations
-async def get_cached_init_segment(init_url: str, headers: dict) -> Optional[bytes]:
-    """Get initialization segment from cache or download it."""
-    # Try cache first
-    cached_data = await INIT_SEGMENT_CACHE.get(init_url)
-    if cached_data is not None:
-        return cached_data
+async def get_cached_init_segment(
+    init_url: str,
+    headers: dict,
+    cache_token: str | None = None,
+    ttl: Optional[int] = None,
+) -> Optional[bytes]:
+    """Get initialization segment from cache or download it.
+
+    cache_token allows differentiating entries that share the same init_url but
+    rely on different DRM keys or initialization payloads (e.g. key rotation).
+
+    ttl overrides the default cache TTL; pass a value <= 0 to skip caching entirely.
+    """
+
+    use_cache = ttl is None or ttl > 0
+    cache_key = f"{init_url}|{cache_token}" if cache_token else init_url
+
+    if use_cache:
+        cached_data = await INIT_SEGMENT_CACHE.get(cache_key)
+        if cached_data is not None:
+            return cached_data
+    else:
+        # Remove any previously cached entry when caching is disabled
+        await INIT_SEGMENT_CACHE.delete(cache_key)
 
-    # Download if not cached
     try:
         init_content = await download_file_with_retry(init_url, headers)
-        if init_content:
-            await INIT_SEGMENT_CACHE.set(init_url, init_content)
+        if init_content and use_cache:
+            await INIT_SEGMENT_CACHE.set(cache_key, init_content, ttl=ttl)
         return init_content
     except Exception as e:
         logger.error(f"Error downloading init segment: {e}")
diff --git a/mediaflow_proxy/utils/codec.py b/mediaflow_proxy/utils/codec.py
new file mode 100644
index 0000000..71fb306
--- /dev/null
+++ b/mediaflow_proxy/utils/codec.py
@@ -0,0 +1,465 @@
+# Author: Trevor Perrin
+# See the LICENSE file for legal information regarding use of this file.
+
+"""Classes for reading/writing binary data (such as TLS records)."""
+
+from __future__ import division
+
+import sys
+import struct
+from struct import pack
+from .compat import bytes_to_int
+
+
+class DecodeError(SyntaxError):
+    """Exception raised in case of decoding errors."""
+    pass
+
+
+class BadCertificateError(SyntaxError):
+    """Exception raised in case of bad certificate."""
+    pass
+
+
+class Writer(object):
+    """Serialisation helper for complex byte-based structures."""
+
+    def __init__(self):
+        """Initialise the serializer with no data."""
+        self.bytes = bytearray(0)
+
+    def addOne(self, val):
+        """Add a single-byte wide element to buffer, see add()."""
+        self.bytes.append(val)
+
+    if sys.version_info < (2, 7):
+        # struct.pack on Python2.6 does not raise exception if the value
+        # is larger than can fit inside the specified size
+        def addTwo(self, val):
+            """Add a double-byte wide element to buffer, see add()."""
+            if not 0 <= val <= 0xffff:
+                raise ValueError("Can't represent value in specified length")
+            self.bytes += pack('>H', val)
+
+        def addThree(self, val):
+            """Add a three-byte wide element to buffer, see add()."""
+            if not 0 <= val <= 0xffffff:
+                raise ValueError("Can't represent value in specified length")
+            self.bytes += pack('>BH', val >> 16, val & 0xffff)
+
+        def addFour(self, val):
+            """Add a four-byte wide element to buffer, see add()."""
+            if not 0 <= val <= 0xffffffff:
+                raise ValueError("Can't represent value in specified length")
+            self.bytes += pack('>I', val)
+    else:
+        def addTwo(self, val):
+            """Add a double-byte wide element to buffer, see add()."""
+            try:
+                self.bytes += pack('>H', val)
+            except struct.error:
+                raise ValueError("Can't represent value in specified length")
+
+        def addThree(self, val):
+            """Add a three-byte wide element to buffer, see add()."""
+            try:
+                self.bytes += pack('>BH', val >> 16, val & 0xffff)
+            except struct.error:
+                raise ValueError("Can't represent value in specified length")
+
+        def addFour(self, val):
+            """Add a four-byte wide element to buffer, see add()."""
+            try:
+                self.bytes += pack('>I', val)
+            except struct.error:
+                raise ValueError("Can't represent value in specified length")
+
+    if sys.version_info >= (3, 0):
+        # the method is called thousands of times, so it's better to extern
+        # the version info check
+        def add(self, x, length):
+            """
+            Add a single positive integer value x, encode it in length bytes
+
+            Encode positive integer x in big-endian format using length bytes,
+            add to the internal buffer.
+
+            :type x: int
+            :param x: value to encode
+
+            :type length: int
+            :param length: number of bytes to use for encoding the value
+            """
+            try:
+                self.bytes += x.to_bytes(length, 'big')
+            except OverflowError:
+                raise ValueError("Can't represent value in specified length")
+    else:
+        _addMethods = {1: addOne, 2: addTwo, 3: addThree, 4: addFour}
+
+        def add(self, x, length):
+            """
+            Add a single positive integer value x, encode it in length bytes
+
+            Encode positive iteger x in big-endian format using length bytes,
+            add to the internal buffer.
+
+            :type x: int
+            :param x: value to encode
+
+            :type length: int
+            :param length: number of bytes to use for encoding the value
+            """
+            try:
+                self._addMethods[length](self, x)
+            except KeyError:
+                self.bytes += bytearray(length)
+                newIndex = len(self.bytes) - 1
+                for i in range(newIndex, newIndex - length, -1):
+                    self.bytes[i] = x & 0xFF
+                    x >>= 8
+                if x != 0:
+                    raise ValueError("Can't represent value in specified "
+                                     "length")
+
+    def addFixSeq(self, seq, length):
+        """
+        Add a list of items, encode every item in length bytes
+
+        Uses the unbounded iterable seq to produce items, each of
+        which is then encoded to length bytes
+
+        :type seq: iterable of int
+        :param seq: list of positive integers to encode
+
+        :type length: int
+        :param length: number of bytes to which encode every element
+        """
+        for e in seq:
+            self.add(e, length)
+
+    if sys.version_info < (2, 7):
+        # struct.pack on Python2.6 does not raise exception if the value
+        # is larger than can fit inside the specified size
+        def _addVarSeqTwo(self, seq):
+            """Helper method for addVarSeq"""
+            if not all(0 <= i <= 0xffff for i in seq):
+                raise ValueError("Can't represent value in specified "
+                                 "length")
+            self.bytes += pack('>' + 'H' * len(seq), *seq)
+
+        def addVarSeq(self, seq, length, lengthLength):
+            """
+            Add a bounded list of same-sized values
+
+            Create a list of specific length with all items being of the same
+            size
+
+            :type seq: list of int
+            :param seq: list of positive integers to encode
+
+            :type length: int
+            :param length: amount of bytes in which to encode every item
+
+            :type lengthLength: int
+            :param lengthLength: amount of bytes in which to encode the overall
+                length of the array
+            """
+            self.add(len(seq)*length, lengthLength)
+            if length == 1:
+                self.bytes.extend(seq)
+            elif length == 2:
+                self._addVarSeqTwo(seq)
+            else:
+                for i in seq:
+                    self.add(i, length)
+    else:
+        def addVarSeq(self, seq, length, lengthLength):
+            """
+            Add a bounded list of same-sized values
+
+            Create a list of specific length with all items being of the same
+            size
+
+            :type seq: list of int
+            :param seq: list of positive integers to encode
+
+            :type length: int
+            :param length: amount of bytes in which to encode every item
+
+            :type lengthLength: int
+            :param lengthLength: amount of bytes in which to encode the overall
+                length of the array
+            """
+            seqLen = len(seq)
+            self.add(seqLen*length, lengthLength)
+            if length == 1:
+                self.bytes.extend(seq)
+            elif length == 2:
+                try:
+                    self.bytes += pack('>' + 'H' * seqLen, *seq)
+                except struct.error:
+                    raise ValueError("Can't represent value in specified "
+                                     "length")
+            else:
+                for i in seq:
+                    self.add(i, length)
+
+    def addVarTupleSeq(self, seq, length, lengthLength):
+        """
+        Add a variable length list of same-sized element tuples.
+
+        Note that all tuples must have the same size.
+
+        Inverse of Parser.getVarTupleList()
+
+        :type seq: enumerable
+        :param seq: list of tuples
+
+        :type length: int
+        :param length: length of single element in tuple
+
+        :type lengthLength: int
+        :param lengthLength: length in bytes of overall length field
+        """
+        if not seq:
+            self.add(0, lengthLength)
+        else:
+            startPos = len(self.bytes)
+            dataLength = len(seq) * len(seq[0]) * length
+            self.add(dataLength, lengthLength)
+            # since at the time of writing, all the calls encode single byte
+            # elements, and it's very easy to speed up that case, give it
+            # special case
+            if length == 1:
+                for elemTuple in seq:
+                    self.bytes.extend(elemTuple)
+            else:
+                for elemTuple in seq:
+                    self.addFixSeq(elemTuple, length)
+            if startPos + dataLength + lengthLength != len(self.bytes):
+                raise ValueError("Tuples of different lengths")
+
+    def add_var_bytes(self, data, length_length):
+        """
+        Add a variable length array of bytes.
+
+        Inverse of Parser.getVarBytes()
+
+        :type data: bytes
+        :param data: bytes to add to the buffer
+
+        :param int length_length: size of the field to represent the length
+            of the data string
+        """
+        length = len(data)
+        self.add(length, length_length)
+        self.bytes += data
+
+
+class Parser(object):
+    """
+    Parser for TLV and LV byte-based encodings.
+
+    Parser that can handle arbitrary byte-based encodings usually employed in
+    Type-Length-Value or Length-Value binary encoding protocols like ASN.1
+    or TLS
+
+    Note: if the raw bytes don't match expected values (like trying to
+    read a 4-byte integer from a 2-byte buffer), most methods will raise a
+    DecodeError exception.
+
+    TODO: don't use an exception used by language parser to indicate errors
+    in application code.
+
+    :vartype bytes: bytearray
+    :ivar bytes: data to be interpreted (buffer)
+
+    :vartype index: int
+    :ivar index: current position in the buffer
+
+    :vartype lengthCheck: int
+    :ivar lengthCheck: size of struct being parsed
+
+    :vartype indexCheck: int
+    :ivar indexCheck: position at which the structure begins in buffer
+    """
+
+    def __init__(self, bytes):
+        """
+        Bind raw bytes with parser.
+
+        :type bytes: bytearray
+        :param bytes: bytes to be parsed/interpreted
+        """
+        self.bytes = bytes
+        self.index = 0
+        self.indexCheck = 0
+        self.lengthCheck = 0
+
+    def get(self, length):
+        """
+        Read a single big-endian integer value encoded in 'length' bytes.
+
+        :type length: int
+        :param length: number of bytes in which the value is encoded in
+
+        :rtype: int
+        """
+        ret = self.getFixBytes(length)
+        return bytes_to_int(ret, 'big')
+
+    def getFixBytes(self, lengthBytes):
+        """
+        Read a string of bytes encoded in 'lengthBytes' bytes.
+
+        :type lengthBytes: int
+        :param lengthBytes: number of bytes to return
+
+        :rtype: bytearray
+        """
+        end = self.index + lengthBytes
+        if end > len(self.bytes):
+            raise DecodeError("Read past end of buffer")
+        ret = self.bytes[self.index : end]
+        self.index += lengthBytes
+        return ret
+
+    def skip_bytes(self, length):
+        """Move the internal pointer ahead length bytes."""
+        if self.index + length > len(self.bytes):
+            raise DecodeError("Read past end of buffer")
+        self.index += length
+
+    def getVarBytes(self, lengthLength):
+        """
+        Read a variable length string with a fixed length.
+
+        see Writer.add_var_bytes() for an inverse of this method
+
+        :type lengthLength: int
+        :param lengthLength: number of bytes in which the length of the string
+            is encoded in
+
+        :rtype: bytearray
+        """
+        lengthBytes = self.get(lengthLength)
+        return self.getFixBytes(lengthBytes)
+
+    def getFixList(self, length, lengthList):
+        """
+        Read a list of static length with same-sized ints.
+
+        :type length: int
+        :param length: size in bytes of a single element in list
+
+        :type lengthList: int
+        :param lengthList: number of elements in list
+
+        :rtype: list of int
+        """
+        l = [0] * lengthList
+        for x in range(lengthList):
+            l[x] = self.get(length)
+        return l
+
+    def getVarList(self, length, lengthLength):
+        """
+        Read a variable length list of same-sized integers.
+
+        :type length: int
+        :param length: size in bytes of a single element
+
+        :type lengthLength: int
+        :param lengthLength: size of the encoded length of the list
+
+        :rtype: list of int
+        """
+        lengthList = self.get(lengthLength)
+        if lengthList % length != 0:
+            raise DecodeError("Encoded length not a multiple of element "
+                              "length")
+        lengthList = lengthList // length
+        l = [0] * lengthList
+        for x in range(lengthList):
+            l[x] = self.get(length)
+        return l
+
+    def getVarTupleList(self, elemLength, elemNum, lengthLength):
+        """
+        Read a variable length list of same sized tuples.
+
+        :type elemLength: int
+        :param elemLength: length in bytes of single tuple element
+
+        :type elemNum: int
+        :param elemNum: number of elements in tuple
+
+        :type lengthLength: int
+        :param lengthLength: length in bytes of the list length variable
+
+        :rtype: list of tuple of int
+        """
+        lengthList = self.get(lengthLength)
+        if lengthList % (elemLength * elemNum) != 0:
+            raise DecodeError("Encoded length not a multiple of element "
+                              "length")
+        tupleCount = lengthList // (elemLength * elemNum)
+        tupleList = []
+        for _ in range(tupleCount):
+            currentTuple = []
+            for _ in range(elemNum):
+                currentTuple.append(self.get(elemLength))
+            tupleList.append(tuple(currentTuple))
+        return tupleList
+
+    def startLengthCheck(self, lengthLength):
+        """
+        Read length of struct and start a length check for parsing.
+
+        :type lengthLength: int
+        :param lengthLength: number of bytes in which the length is encoded
+        """
+        self.lengthCheck = self.get(lengthLength)
+        self.indexCheck = self.index
+
+    def setLengthCheck(self, length):
+        """
+        Set length of struct and start a length check for parsing.
+
+        :type length: int
+        :param length: expected size of parsed struct in bytes
+        """
+        self.lengthCheck = length
+        self.indexCheck = self.index
+
+    def stopLengthCheck(self):
+        """
+        Stop struct parsing, verify that no under- or overflow occurred.
+
+        In case the expected length was mismatched with actual length of
+        processed data, raises an exception.
+        """
+        if (self.index - self.indexCheck) != self.lengthCheck:
+            raise DecodeError("Under- or over-flow while reading buffer")
+
+    def atLengthCheck(self):
+        """
+        Check if there is data in structure left for parsing.
+
+        Returns True if the whole structure was parsed, False if there is
+        some data left.
+
+        Will raise an exception if overflow occured (amount of data read was
+        greater than expected size)
+        """
+        if (self.index - self.indexCheck) < self.lengthCheck:
+            return False
+        elif (self.index - self.indexCheck) == self.lengthCheck:
+            return True
+        else:
+            raise DecodeError("Read past end of buffer")
+
+    def getRemainingLength(self):
+        """Return amount of data remaining in struct being parsed."""
+        return len(self.bytes) - self.index
diff --git a/mediaflow_proxy/utils/compat.py b/mediaflow_proxy/utils/compat.py
new file mode 100644
index 0000000..e6131f9
--- /dev/null
+++ b/mediaflow_proxy/utils/compat.py
@@ -0,0 +1,231 @@
+# Author: Trevor Perrin
+# See the LICENSE file for legal information regarding use of this file.
+
+"""Miscellaneous functions to mask Python version differences."""
+
+import sys
+import re
+import platform
+import binascii
+import traceback
+import time
+
+
+if sys.version_info >= (3,0):
+
+    def compat26Str(x): return x
+
+    # Python 3.3 requires bytes instead of bytearrays for HMAC
+    # So, python 2.6 requires strings, python 3 requires 'bytes',
+    # and python 2.7 and 3.5 can handle bytearrays...
+    # pylint: disable=invalid-name
+    # we need to keep compatHMAC and `x` for API compatibility
+    if sys.version_info < (3, 4):
+        def compatHMAC(x):
+            """Convert bytes-like input to format acceptable for HMAC."""
+            return bytes(x)
+    else:
+        def compatHMAC(x):
+            """Convert bytes-like input to format acceptable for HMAC."""
+            return x
+    # pylint: enable=invalid-name
+
+    def compatAscii2Bytes(val):
+        """Convert ASCII string to bytes."""
+        if isinstance(val, str):
+            return bytes(val, 'ascii')
+        return val
+
+    def compat_b2a(val):
+        """Convert an ASCII bytes string to string."""
+        return str(val, 'ascii')
+
+    def raw_input(s):
+        return input(s)
+    
+    # So, the python3 binascii module deals with bytearrays, and python2
+    # deals with strings...  I would rather deal with the "a" part as
+    # strings, and the "b" part as bytearrays, regardless of python version,
+    # so...
+    def a2b_hex(s):
+        try:
+            b = bytearray(binascii.a2b_hex(bytearray(s, "ascii")))
+        except Exception as e:
+            raise SyntaxError("base16 error: %s" % e) 
+        return b  
+
+    def a2b_base64(s):
+        try:
+            if isinstance(s, str):
+                s = bytearray(s, "ascii")
+            b = bytearray(binascii.a2b_base64(s))
+        except Exception as e:
+            raise SyntaxError("base64 error: %s" % e)
+        return b
+
+    def b2a_hex(b):
+        return binascii.b2a_hex(b).decode("ascii")    
+            
+    def b2a_base64(b):
+        return binascii.b2a_base64(b).decode("ascii") 
+
+    def readStdinBinary():
+        return sys.stdin.buffer.read()        
+
+    def compatLong(num):
+        return int(num)
+
+    int_types = tuple([int])
+
+    def formatExceptionTrace(e):
+        """Return exception information formatted as string"""
+        return str(e)
+
+    def time_stamp():
+        """Returns system time as a float"""
+        if sys.version_info >= (3, 3):
+            return time.perf_counter()
+        return time.clock()
+
+    def remove_whitespace(text):
+        """Removes all whitespace from passed in string"""
+        return re.sub(r"\s+", "", text, flags=re.UNICODE)
+
+    # pylint: disable=invalid-name
+    # pylint is stupid here and deson't notice it's a function, not
+    # constant
+    bytes_to_int = int.from_bytes
+    # pylint: enable=invalid-name
+
+    def bit_length(val):
+        """Return number of bits necessary to represent an integer."""
+        return val.bit_length()
+
+    def int_to_bytes(val, length=None, byteorder="big"):
+        """Return number converted to bytes"""
+        if length is None:
+            if val:
+                length = byte_length(val)
+            else:
+                length = 1
+        # for gmpy we need to convert back to native int
+        if type(val) != int:
+            val = int(val)
+        return bytearray(val.to_bytes(length=length, byteorder=byteorder))
+
+else:
+    # Python 2.6 requires strings instead of bytearrays in a couple places,
+    # so we define this function so it does the conversion if needed.
+    # same thing with very old 2.7 versions
+    # or on Jython
+    if sys.version_info < (2, 7) or sys.version_info < (2, 7, 4) \
+            or platform.system() == 'Java':
+        def compat26Str(x): return str(x)
+
+        def remove_whitespace(text):
+            """Removes all whitespace from passed in string"""
+            return re.sub(r"\s+", "", text)
+
+        def bit_length(val):
+            """Return number of bits necessary to represent an integer."""
+            if val == 0:
+                return 0
+            return len(bin(val))-2
+    else:
+        def compat26Str(x): return x
+
+        def remove_whitespace(text):
+            """Removes all whitespace from passed in string"""
+            return re.sub(r"\s+", "", text, flags=re.UNICODE)
+
+        def bit_length(val):
+            """Return number of bits necessary to represent an integer."""
+            return val.bit_length()
+
+    def compatAscii2Bytes(val):
+        """Convert ASCII string to bytes."""
+        return val
+
+    def compat_b2a(val):
+        """Convert an ASCII bytes string to string."""
+        return str(val)
+
+    # So, python 2.6 requires strings, python 3 requires 'bytes',
+    # and python 2.7 can handle bytearrays...     
+    def compatHMAC(x): return compat26Str(x)
+
+    def a2b_hex(s):
+        try:
+            b = bytearray(binascii.a2b_hex(s))
+        except Exception as e:
+            raise SyntaxError("base16 error: %s" % e)
+        return b
+
+    def a2b_base64(s):
+        try:
+            b = bytearray(binascii.a2b_base64(s))
+        except Exception as e:
+            raise SyntaxError("base64 error: %s" % e)
+        return b
+        
+    def b2a_hex(b):
+        return binascii.b2a_hex(compat26Str(b))
+        
+    def b2a_base64(b):
+        return binascii.b2a_base64(compat26Str(b))
+
+    def compatLong(num):
+        return long(num)
+
+    int_types = (int, long)
+
+    # pylint on Python3 goes nuts for the sys dereferences...
+
+    #pylint: disable=no-member
+    def formatExceptionTrace(e):
+        """Return exception information formatted as string"""
+        newStr = "".join(traceback.format_exception(sys.exc_type,
+                                                    sys.exc_value,
+                                                    sys.exc_traceback))
+        return newStr
+    #pylint: enable=no-member
+
+    def time_stamp():
+        """Returns system time as a float"""
+        return time.clock()
+
+    def bytes_to_int(val, byteorder):
+        """Convert bytes to an int."""
+        if not val:
+            return 0
+        if byteorder == "big":
+            return int(b2a_hex(val), 16)
+        if byteorder == "little":
+            return int(b2a_hex(val[::-1]), 16)
+        raise ValueError("Only 'big' and 'little' endian supported")
+
+    def int_to_bytes(val, length=None, byteorder="big"):
+        """Return number converted to bytes"""
+        if length is None:
+            if val:
+                length = byte_length(val)
+            else:
+                length = 1
+        if byteorder == "big":
+            return bytearray((val >> i) & 0xff
+                             for i in reversed(range(0, length*8, 8)))
+        if byteorder == "little":
+            return bytearray((val >> i) & 0xff
+                             for i in range(0, length*8, 8))
+        raise ValueError("Only 'big' or 'little' endian supported")
+
+
+def byte_length(val):
+    """Return number of bytes necessary to represent an integer."""
+    length = bit_length(val)
+    return (length + 7) // 8
+
+
+ecdsaAllCurves = False
+ML_KEM_AVAILABLE = False
+ML_DSA_AVAILABLE = False
diff --git a/mediaflow_proxy/utils/constanttime.py b/mediaflow_proxy/utils/constanttime.py
new file mode 100644
index 0000000..8d4541e
--- /dev/null
+++ b/mediaflow_proxy/utils/constanttime.py
@@ -0,0 +1,218 @@
+# Copyright (c) 2015, Hubert Kario
+#
+# See the LICENSE file for legal information regarding use of this file.
+"""Various constant time functions for processing sensitive data"""
+
+from __future__ import division
+
+from .compat import compatHMAC
+import hmac
+
+def ct_lt_u32(val_a, val_b):
+    """
+    Returns 1 if val_a < val_b, 0 otherwise. Constant time.
+
+    :type val_a: int
+    :type val_b: int
+    :param val_a: an unsigned integer representable as a 32 bit value
+    :param val_b: an unsigned integer representable as a 32 bit value
+    :rtype: int
+    """
+    val_a &= 0xffffffff
+    val_b &= 0xffffffff
+
+    return (val_a^((val_a^val_b)|(((val_a-val_b)&0xffffffff)^val_b)))>>31
+
+
+def ct_gt_u32(val_a, val_b):
+    """
+    Return 1 if val_a > val_b, 0 otherwise. Constant time.
+
+    :type val_a: int
+    :type val_b: int
+    :param val_a: an unsigned integer representable as a 32 bit value
+    :param val_b: an unsigned integer representable as a 32 bit value
+    :rtype: int
+    """
+    return ct_lt_u32(val_b, val_a)
+
+
+def ct_le_u32(val_a, val_b):
+    """
+    Return 1 if val_a <= val_b, 0 otherwise. Constant time.
+
+    :type val_a: int
+    :type val_b: int
+    :param val_a: an unsigned integer representable as a 32 bit value
+    :param val_b: an unsigned integer representable as a 32 bit value
+    :rtype: int
+    """
+    return 1 ^ ct_gt_u32(val_a, val_b)
+
+
+def ct_lsb_prop_u8(val):
+    """Propagate LSB to all 8 bits of the returned int. Constant time."""
+    val &= 0x01
+    val |= val << 1
+    val |= val << 2
+    val |= val << 4
+    return val
+
+
+def ct_lsb_prop_u16(val):
+    """Propagate LSB to all 16 bits of the returned int. Constant time."""
+    val &= 0x01
+    val |= val << 1
+    val |= val << 2
+    val |= val << 4
+    val |= val << 8
+    return val
+
+
+def ct_isnonzero_u32(val):
+    """
+    Returns 1 if val is != 0, 0 otherwise. Constant time.
+
+    :type val: int
+    :param val: an unsigned integer representable as a 32 bit value
+    :rtype: int
+    """
+    val &= 0xffffffff
+    return (val|(-val&0xffffffff)) >> 31
+
+
+def ct_neq_u32(val_a, val_b):
+    """
+    Return 1 if val_a != val_b, 0 otherwise. Constant time.
+
+    :type val_a: int
+    :type val_b: int
+    :param val_a: an unsigned integer representable as a 32 bit value
+    :param val_b: an unsigned integer representable as a 32 bit value
+    :rtype: int
+    """
+    val_a &= 0xffffffff
+    val_b &= 0xffffffff
+
+    return (((val_a-val_b)&0xffffffff) | ((val_b-val_a)&0xffffffff)) >> 31
+
+def ct_eq_u32(val_a, val_b):
+    """
+    Return 1 if val_a == val_b, 0 otherwise. Constant time.
+
+    :type val_a: int
+    :type val_b: int
+    :param val_a: an unsigned integer representable as a 32 bit value
+    :param val_b: an unsigned integer representable as a 32 bit value
+    :rtype: int
+    """
+    return 1 ^ ct_neq_u32(val_a, val_b)
+
+def ct_check_cbc_mac_and_pad(data, mac, seqnumBytes, contentType, version,
+                             block_size=16):
+    """
+    Check CBC cipher HMAC and padding. Close to constant time.
+
+    :type data: bytearray
+    :param data: data with HMAC value to test and padding
+
+    :type mac: hashlib mac
+    :param mac: empty HMAC, initialised with a key
+
+    :type seqnumBytes: bytearray
+    :param seqnumBytes: TLS sequence number, used as input to HMAC
+
+    :type contentType: int
+    :param contentType: a single byte, used as input to HMAC
+
+    :type version: tuple of int
+    :param version: a tuple of two ints, used as input to HMAC and to guide
+        checking of padding
+
+    :rtype: boolean
+    :returns: True if MAC and pad is ok, False otherwise
+    """
+    assert version in ((3, 0), (3, 1), (3, 2), (3, 3))
+
+    data_len = len(data)
+    if mac.digest_size + 1 > data_len: # data_len is public
+        return False
+
+    # 0 - OK
+    result = 0x00
+
+    #
+    # check padding
+    #
+    pad_length = data[data_len-1]
+    pad_start = data_len - pad_length - 1
+    pad_start = max(0, pad_start)
+
+    if version == (3, 0): # version is public
+        # in SSLv3 we can only check if pad is not longer than the cipher
+        # block size
+
+        # subtract 1 for the pad length byte
+        mask = ct_lsb_prop_u8(ct_lt_u32(block_size, pad_length))
+        result |= mask
+    else:
+        start_pos = max(0, data_len - 256)
+        for i in range(start_pos, data_len):
+            # if pad_start < i: mask = 0xff; else: mask = 0x00
+            mask = ct_lsb_prop_u8(ct_le_u32(pad_start, i))
+            # if data[i] != pad_length and "inside_pad": result = False
+            result |= (data[i] ^ pad_length) & mask
+
+    #
+    # check MAC
+    #
+
+    # real place where mac starts and data ends
+    mac_start = pad_start - mac.digest_size
+    mac_start = max(0, mac_start)
+
+    # place to start processing
+    start_pos = max(0, data_len - (256 + mac.digest_size)) // mac.block_size
+    start_pos *= mac.block_size
+
+    # add start data
+    data_mac = mac.copy()
+    data_mac.update(compatHMAC(seqnumBytes))
+    data_mac.update(compatHMAC(bytearray([contentType])))
+    if version != (3, 0): # version is public
+        data_mac.update(compatHMAC(bytearray([version[0]])))
+        data_mac.update(compatHMAC(bytearray([version[1]])))
+    data_mac.update(compatHMAC(bytearray([mac_start >> 8])))
+    data_mac.update(compatHMAC(bytearray([mac_start & 0xff])))
+    data_mac.update(compatHMAC(data[:start_pos]))
+
+    # don't check past the array end (already checked to be >= zero)
+    end_pos = data_len - mac.digest_size
+
+    # calculate all possible
+    for i in range(start_pos, end_pos): # constant for given overall length
+        cur_mac = data_mac.copy()
+        cur_mac.update(compatHMAC(data[start_pos:i]))
+        mac_compare = bytearray(cur_mac.digest())
+        # compare the hash for real only if it's the place where mac is
+        # supposed to be
+        mask = ct_lsb_prop_u8(ct_eq_u32(i, mac_start))
+        for j in range(0, mac.digest_size): # digest_size is public
+            result |= (data[i+j] ^ mac_compare[j]) & mask
+
+    # return python boolean
+    return result == 0
+
+if hasattr(hmac, 'compare_digest'):
+    ct_compare_digest = hmac.compare_digest
+else:
+    def ct_compare_digest(val_a, val_b):
+        """Compares if string like objects are equal. Constant time."""
+        if len(val_a) != len(val_b):
+            return False
+
+        result = 0
+        for x, y in zip(val_a, val_b):
+            result |= x ^ y
+
+        return result == 0
diff --git a/mediaflow_proxy/utils/cryptomath.py b/mediaflow_proxy/utils/cryptomath.py
new file mode 100644
index 0000000..b75d51c
--- /dev/null
+++ b/mediaflow_proxy/utils/cryptomath.py
@@ -0,0 +1,366 @@
+# Authors: 
+#   Trevor Perrin
+#   Martin von Loewis - python 3 port
+#   Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2
+#
+# See the LICENSE file for legal information regarding use of this file.
+
+"""cryptomath module
+
+This module has basic math/crypto code."""
+from __future__ import print_function
+import os
+import math
+import base64
+import binascii
+
+from .compat import compat26Str, compatHMAC, compatLong, \
+        bytes_to_int, int_to_bytes, bit_length, byte_length
+from .codec import Writer
+
+from . import tlshashlib as hashlib
+from . import tlshmac as hmac
+
+
+m2cryptoLoaded = False
+gmpyLoaded = False
+GMPY2_LOADED = False
+pycryptoLoaded = False
+
+
+# **************************************************************************
+# PRNG Functions
+# **************************************************************************
+
+# Check that os.urandom works
+import zlib
+assert len(zlib.compress(os.urandom(1000))) > 900
+
+def getRandomBytes(howMany):
+    b = bytearray(os.urandom(howMany))
+    assert(len(b) == howMany)
+    return b
+
+prngName = "os.urandom"
+
+# **************************************************************************
+# Simple hash functions
+# **************************************************************************
+
+def MD5(b):
+    """Return a MD5 digest of data"""
+    return secureHash(b, 'md5')
+
+def SHA1(b):
+    """Return a SHA1 digest of data"""
+    return secureHash(b, 'sha1')
+
+def secureHash(data, algorithm):
+    """Return a digest of `data` using `algorithm`"""
+    hashInstance = hashlib.new(algorithm)
+    hashInstance.update(compat26Str(data))
+    return bytearray(hashInstance.digest())
+
+def secureHMAC(k, b, algorithm):
+    """Return a HMAC using `b` and `k` using `algorithm`"""
+    k = compatHMAC(k)
+    b = compatHMAC(b)
+    return bytearray(hmac.new(k, b, getattr(hashlib, algorithm)).digest())
+
+def HMAC_MD5(k, b):
+    return secureHMAC(k, b, 'md5')
+
+def HMAC_SHA1(k, b):
+    return secureHMAC(k, b, 'sha1')
+
+def HMAC_SHA256(k, b):
+    return secureHMAC(k, b, 'sha256')
+
+def HMAC_SHA384(k, b):
+    return secureHMAC(k, b, 'sha384')
+
+def HKDF_expand(PRK, info, L, algorithm):
+    N = divceil(L, getattr(hashlib, algorithm)().digest_size)
+    T = bytearray()
+    Titer = bytearray()
+    for x in range(1, N+2):
+        T += Titer
+        Titer = secureHMAC(PRK, Titer + info + bytearray([x]), algorithm)
+    return T[:L]
+
+def HKDF_expand_label(secret, label, hashValue, length, algorithm):
+    """
+    TLS1.3 key derivation function (HKDF-Expand-Label).
+
+    :param bytearray secret: the key from which to derive the keying material
+    :param bytearray label: label used to differentiate the keying materials
+    :param bytearray hashValue: bytes used to "salt" the produced keying
+        material
+    :param int length: number of bytes to produce
+    :param str algorithm: name of the secure hash algorithm used as the
+        basis of the HKDF
+    :rtype: bytearray
+    """
+    hkdfLabel = Writer()
+    hkdfLabel.addTwo(length)
+    hkdfLabel.addVarSeq(bytearray(b"tls13 ") + label, 1, 1)
+    hkdfLabel.addVarSeq(hashValue, 1, 1)
+
+    return HKDF_expand(secret, hkdfLabel.bytes, length, algorithm)
+
+def derive_secret(secret, label, handshake_hashes, algorithm):
+    """
+    TLS1.3 key derivation function (Derive-Secret).
+
+    :param bytearray secret: secret key used to derive the keying material
+    :param bytearray label: label used to differentiate they keying materials
+    :param HandshakeHashes handshake_hashes: hashes of the handshake messages
+        or `None` if no handshake transcript is to be used for derivation of
+        keying material
+    :param str algorithm: name of the secure hash algorithm used as the
+        basis of the HKDF algorithm - governs how much keying material will
+        be generated
+    :rtype: bytearray
+    """
+    if handshake_hashes is None:
+        hs_hash = secureHash(bytearray(b''), algorithm)
+    else:
+        hs_hash = handshake_hashes.digest(algorithm)
+    return HKDF_expand_label(secret, label, hs_hash,
+                             getattr(hashlib, algorithm)().digest_size,
+                             algorithm)
+
+# **************************************************************************
+# Converter Functions
+# **************************************************************************
+
+def bytesToNumber(b, endian="big"):
+    """
+    Convert a number stored in bytearray to an integer.
+
+    By default assumes big-endian encoding of the number.
+    """
+    return bytes_to_int(b, endian)
+
+
+def numberToByteArray(n, howManyBytes=None, endian="big"):
+    """
+    Convert an integer into a bytearray, zero-pad to howManyBytes.
+
+    The returned bytearray may be smaller than howManyBytes, but will
+    not be larger.  The returned bytearray will contain a big- or little-endian
+    encoding of the input integer (n). Big endian encoding is used by default.
+    """
+    if howManyBytes is not None:
+        length = byte_length(n)
+        if howManyBytes < length:
+            ret = int_to_bytes(n, length, endian)
+            if endian == "big":
+                return ret[length-howManyBytes:length]
+            return ret[:howManyBytes]
+    return int_to_bytes(n, howManyBytes, endian)
+
+
+def mpiToNumber(mpi):
+    """Convert a MPI (OpenSSL bignum string) to an integer."""
+    byte = bytearray(mpi)
+    if byte[4] & 0x80:
+        raise ValueError("Input must be a positive integer")
+    return bytesToNumber(byte[4:])
+
+
+def numberToMPI(n):
+    b = numberToByteArray(n)
+    ext = 0
+    #If the high-order bit is going to be set,
+    #add an extra byte of zeros
+    if (numBits(n) & 0x7)==0:
+        ext = 1
+    length = numBytes(n) + ext
+    b = bytearray(4+ext) + b
+    b[0] = (length >> 24) & 0xFF
+    b[1] = (length >> 16) & 0xFF
+    b[2] = (length >> 8) & 0xFF
+    b[3] = length & 0xFF
+    return bytes(b)
+
+
+# **************************************************************************
+# Misc. Utility Functions
+# **************************************************************************
+
+
+# pylint: disable=invalid-name
+# pylint recognises them as constants, not function names, also
+# we can't change their names without API change
+numBits = bit_length
+
+
+numBytes = byte_length
+# pylint: enable=invalid-name
+
+
+# **************************************************************************
+# Big Number Math
+# **************************************************************************
+
+def getRandomNumber(low, high):
+    assert low < high
+    howManyBits = numBits(high)
+    howManyBytes = numBytes(high)
+    lastBits = howManyBits % 8
+    while 1:
+        bytes = getRandomBytes(howManyBytes)
+        if lastBits:
+            bytes[0] = bytes[0] % (1 << lastBits)
+        n = bytesToNumber(bytes)
+        if n >= low and n < high:
+            return n
+
+def gcd(a,b):
+    a, b = max(a,b), min(a,b)
+    while b:
+        a, b = b, a % b
+    return a
+
+def lcm(a, b):
+    return (a * b) // gcd(a, b)
+
+# pylint: disable=invalid-name
+# disable pylint check as the (a, b) are part of the API
+if GMPY2_LOADED:
+    def invMod(a, b):
+        """Return inverse of a mod b, zero if none."""
+        if a == 0:
+            return 0
+        return powmod(a, -1, b)
+else:
+    # Use Extended Euclidean Algorithm
+    def invMod(a, b):
+        """Return inverse of a mod b, zero if none."""
+        c, d = a, b
+        uc, ud = 1, 0
+        while c != 0:
+            q = d // c
+            c, d = d-(q*c), c
+            uc, ud = ud - (q * uc), uc
+        if d == 1:
+            return ud % b
+        return 0
+# pylint: enable=invalid-name
+
+
+if gmpyLoaded or GMPY2_LOADED:
+    def powMod(base, power, modulus):
+        base = mpz(base)
+        power = mpz(power)
+        modulus = mpz(modulus)
+        result = pow(base, power, modulus)
+        return compatLong(result)
+else:
+    powMod = pow
+
+
+def divceil(divident, divisor):
+    """Integer division with rounding up"""
+    quot, r = divmod(divident, divisor)
+    return quot + int(bool(r))
+
+
+#Pre-calculate a sieve of the ~100 primes < 1000:
+def makeSieve(n):
+    sieve = list(range(n))
+    for count in range(2, int(math.sqrt(n))+1):
+        if sieve[count] == 0:
+            continue
+        x = sieve[count] * 2
+        while x < len(sieve):
+            sieve[x] = 0
+            x += sieve[count]
+    sieve = [x for x in sieve[2:] if x]
+    return sieve
+
+def isPrime(n, iterations=5, display=False, sieve=makeSieve(1000)):
+    #Trial division with sieve
+    for x in sieve:
+        if x >= n: return True
+        if n % x == 0: return False
+    #Passed trial division, proceed to Rabin-Miller
+    #Rabin-Miller implemented per Ferguson & Schneier
+    #Compute s, t for Rabin-Miller
+    if display: print("*", end=' ')
+    s, t = n-1, 0
+    while s % 2 == 0:
+        s, t = s//2, t+1
+    #Repeat Rabin-Miller x times
+    a = 2 #Use 2 as a base for first iteration speedup, per HAC
+    for count in range(iterations):
+        v = powMod(a, s, n)
+        if v==1:
+            continue
+        i = 0
+        while v != n-1:
+            if i == t-1:
+                return False
+            else:
+                v, i = powMod(v, 2, n), i+1
+        a = getRandomNumber(2, n)
+    return True
+
+
+def getRandomPrime(bits, display=False):
+    """
+    Generate a random prime number of a given size.
+
+    the number will be 'bits' bits long (i.e. generated number will be
+    larger than `(2^(bits-1) * 3 ) / 2` but smaller than 2^bits.
+    """
+    assert bits >= 10
+    #The 1.5 ensures the 2 MSBs are set
+    #Thus, when used for p,q in RSA, n will have its MSB set
+    #
+    #Since 30 is lcm(2,3,5), we'll set our test numbers to
+    #29 % 30 and keep them there
+    low = ((2 ** (bits-1)) * 3) // 2
+    high = 2 ** bits - 30
+    while True:
+        if display:
+            print(".", end=' ')
+        cand_p = getRandomNumber(low, high)
+        # make odd
+        if cand_p % 2 == 0:
+            cand_p += 1
+        if isPrime(cand_p, display=display):
+            return cand_p
+
+
+#Unused at the moment...
+def getRandomSafePrime(bits, display=False):
+    """Generate a random safe prime.
+
+    Will generate a prime `bits` bits long (see getRandomPrime) such that
+    the (p-1)/2 will also be prime.
+    """
+    assert bits >= 10
+    #The 1.5 ensures the 2 MSBs are set
+    #Thus, when used for p,q in RSA, n will have its MSB set
+    #
+    #Since 30 is lcm(2,3,5), we'll set our test numbers to
+    #29 % 30 and keep them there
+    low = (2 ** (bits-2)) * 3//2
+    high = (2 ** (bits-1)) - 30
+    q = getRandomNumber(low, high)
+    q += 29 - (q % 30)
+    while 1:
+        if display: print(".", end=' ')
+        q += 30
+        if (q >= high):
+            q = getRandomNumber(low, high)
+            q += 29 - (q % 30)
+        #Ideas from Tom Wu's SRP code
+        #Do trial division on p and q before Rabin-Miller
+        if isPrime(q, 0, display=display):
+            p = (2 * q) + 1
+            if isPrime(p, display=display):
+                if isPrime(q, display=display):
+                    return p
diff --git a/mediaflow_proxy/utils/deprecations.py b/mediaflow_proxy/utils/deprecations.py
new file mode 100644
index 0000000..b5a9175
--- /dev/null
+++ b/mediaflow_proxy/utils/deprecations.py
@@ -0,0 +1,218 @@
+# Copyright (c) 2018 Hubert Kario
+#
+# See the LICENSE file for legal information regarding use of this file.
+"""Methods for deprecating old names for arguments or attributes."""
+import warnings
+import inspect
+from functools import wraps
+
+
+def deprecated_class_name(old_name,
+                          warn="Class name '{old_name}' is deprecated, "
+                          "please use '{new_name}'"):
+    """
+    Class decorator to deprecate a use of class.
+
+    :param str old_name: the deprecated name that will be registered, but
+       will raise warnings if used.
+
+    :param str warn: DeprecationWarning format string for informing the
+       user what is the current class name, uses 'old_name' for the deprecated
+       keyword name and the 'new_name' for the current one.
+       Example: "Old name: {old_nam}, use '{new_name}' instead".
+    """
+    def _wrap(obj):
+        assert callable(obj)
+
+        def _warn():
+            warnings.warn(warn.format(old_name=old_name,
+                                      new_name=obj.__name__),
+                          DeprecationWarning,
+                          stacklevel=3)
+
+        def _wrap_with_warn(func, is_inspect):
+            @wraps(func)
+            def _func(*args, **kwargs):
+                if is_inspect:
+                    # XXX: If use another name to call,
+                    # you will not get the warning.
+                    # we do this instead of subclassing or metaclass as
+                    # we want to isinstance(new_name(), old_name) and
+                    # isinstance(old_name(), new_name) to work
+                    frame = inspect.currentframe().f_back
+                    code = inspect.getframeinfo(frame).code_context
+                    if [line for line in code
+                            if '{0}('.format(old_name) in line]:
+                        _warn()
+                else:
+                    _warn()
+                return func(*args, **kwargs)
+            return _func
+
+        # Make old name available.
+        frame = inspect.currentframe().f_back
+        if old_name in frame.f_globals:
+            raise NameError("Name '{0}' already in use.".format(old_name))
+
+        if inspect.isclass(obj):
+            obj.__init__ = _wrap_with_warn(obj.__init__, True)
+            placeholder = obj
+        else:
+            placeholder = _wrap_with_warn(obj, False)
+
+        frame.f_globals[old_name] = placeholder
+
+        return obj
+    return _wrap
+
+
+def deprecated_params(names, warn="Param name '{old_name}' is deprecated, "
+                                  "please use '{new_name}'"):
+    """Decorator to translate obsolete names and warn about their use.
+
+    :param dict names: dictionary with pairs of new_name: old_name
+        that will be used for translating obsolete param names to new names
+
+    :param str warn: DeprecationWarning format string for informing the user
+        what is the current parameter name, uses 'old_name' for the
+        deprecated keyword name and 'new_name' for the current one.
+        Example: "Old name: {old_name}, use {new_name} instead".
+    """
+    def decorator(func):
+        @wraps(func)
+        def wrapper(*args, **kwargs):
+            for new_name, old_name in names.items():
+                if old_name in kwargs:
+                    if new_name in kwargs:
+                        raise TypeError("got multiple values for keyword "
+                                        "argument '{0}'".format(new_name))
+                    warnings.warn(warn.format(old_name=old_name,
+                                              new_name=new_name),
+                                  DeprecationWarning,
+                                  stacklevel=2)
+                    kwargs[new_name] = kwargs.pop(old_name)
+            return func(*args, **kwargs)
+        return wrapper
+    return decorator
+
+
+def deprecated_instance_attrs(names,
+                              warn="Attribute '{old_name}' is deprecated, "
+                                   "please use '{new_name}'"):
+    """Decorator to deprecate class instance attributes.
+
+    Translates all names in `names` to use new names and emits warnings
+    if the translation was necessary. Does apply only to instance variables
+    and attributes (won't modify behaviour of class variables, static methods,
+    etc.
+
+    :param dict names: dictionary with paris of new_name: old_name that will
+        be used to translate the calls
+    :param str warn: DeprecationWarning format string for informing the user
+        what is the current parameter name, uses 'old_name' for the
+        deprecated keyword name and 'new_name' for the current one.
+        Example: "Old name: {old_name}, use {new_name} instead".
+    """
+    # reverse the dict as we're looking for old attributes, not new ones
+    names = dict((j, i) for i, j in names.items())
+
+    def decorator(clazz):
+        def getx(self, name, __old_getx=getattr(clazz, "__getattr__", None)):
+            if name in names:
+                warnings.warn(warn.format(old_name=name,
+                                          new_name=names[name]),
+                              DeprecationWarning,
+                              stacklevel=2)
+                return getattr(self, names[name])
+            if __old_getx:
+                if hasattr(__old_getx, "__func__"):
+                    return __old_getx.__func__(self, name)
+                return __old_getx(self, name)
+            raise AttributeError("'{0}' object has no attribute '{1}'"
+                                 .format(clazz.__name__, name))
+
+        getx.__name__ = "__getattr__"
+        clazz.__getattr__ = getx
+
+        def setx(self, name, value, __old_setx=getattr(clazz, "__setattr__")):
+            if name in names:
+                warnings.warn(warn.format(old_name=name,
+                                          new_name=names[name]),
+                              DeprecationWarning,
+                              stacklevel=2)
+                setattr(self, names[name], value)
+            else:
+                __old_setx(self, name, value)
+
+        setx.__name__ = "__setattr__"
+        clazz.__setattr__ = setx
+
+        def delx(self, name, __old_delx=getattr(clazz, "__delattr__")):
+            if name in names:
+                warnings.warn(warn.format(old_name=name,
+                                          new_name=names[name]),
+                              DeprecationWarning,
+                              stacklevel=2)
+                delattr(self, names[name])
+            else:
+                __old_delx(self, name)
+
+        delx.__name__ = "__delattr__"
+        clazz.__delattr__ = delx
+
+        return clazz
+    return decorator
+
+
+def deprecated_attrs(names, warn="Attribute '{old_name}' is deprecated, "
+                                 "please use '{new_name}'"):
+    """Decorator to deprecate all specified attributes in class.
+
+    Translates all names in `names` to use new names and emits warnings
+    if the translation was necessary.
+
+    Note: uses metaclass magic so is incompatible with other metaclass uses
+
+    :param dict names: dictionary with paris of new_name: old_name that will
+        be used to translate the calls
+    :param str warn: DeprecationWarning format string for informing the user
+        what is the current parameter name, uses 'old_name' for the
+        deprecated keyword name and 'new_name' for the current one.
+        Example: "Old name: {old_name}, use {new_name} instead".
+    """
+    # prepare metaclass for handling all the class methods, class variables
+    # and static methods (as they don't go through instance's __getattr__)
+    class DeprecatedProps(type):
+        pass
+
+    metaclass = deprecated_instance_attrs(names, warn)(DeprecatedProps)
+
+    def wrapper(cls):
+        cls = deprecated_instance_attrs(names, warn)(cls)
+
+        # apply metaclass
+        orig_vars = cls.__dict__.copy()
+        slots = orig_vars.get('__slots__')
+        if slots is not None:
+            if isinstance(slots, str):
+                slots = [slots]
+            for slots_var in slots:
+                orig_vars.pop(slots_var)
+        orig_vars.pop('__dict__', None)
+        orig_vars.pop('__weakref__', None)
+        return metaclass(cls.__name__, cls.__bases__, orig_vars)
+    return wrapper
+
+def deprecated_method(message):
+    """Decorator for deprecating methods.
+
+    :param ste message: The message you want to display.
+    """
+    def decorator(func):
+        @wraps(func)
+        def wrapper(*args, **kwargs):
+            warnings.warn("{0} is a deprecated method. {1}".format(func.__name__, message),
+                          DeprecationWarning, stacklevel=2)
+            return func(*args, **kwargs)
+        return wrapper
+    return decorator
diff --git a/mediaflow_proxy/utils/hls_prebuffer.py b/mediaflow_proxy/utils/hls_prebuffer.py
index 9748406..3141189 100644
--- a/mediaflow_proxy/utils/hls_prebuffer.py
+++ b/mediaflow_proxy/utils/hls_prebuffer.py
@@ -6,6 +6,9 @@ from urllib.parse import urlparse
 import httpx
 from mediaflow_proxy.utils.http_utils import create_httpx_client
 from mediaflow_proxy.configs import settings
+from collections import OrderedDict
+import time
+from urllib.parse import urljoin
 
 logger = logging.getLogger(__name__)
 
@@ -23,12 +26,21 @@ class HLSPreBuffer:
             max_cache_size (int): Maximum number of segments to cache (uses config if None)
             prebuffer_segments (int): Number of segments to pre-buffer ahead (uses config if None)
         """
+        from collections import OrderedDict
+        import time
+        from urllib.parse import urljoin
         self.max_cache_size = max_cache_size or settings.hls_prebuffer_cache_size
         self.prebuffer_segments = prebuffer_segments or settings.hls_prebuffer_segments
         self.max_memory_percent = settings.hls_prebuffer_max_memory_percent
         self.emergency_threshold = settings.hls_prebuffer_emergency_threshold
-        self.segment_cache: Dict[str, bytes] = {}
+        # Cache LRU
+        self.segment_cache: "OrderedDict[str, bytes]" = OrderedDict()
+        # Mappa playlist -> lista segmenti
         self.segment_urls: Dict[str, List[str]] = {}
+        # Mappa inversa segmento -> (playlist_url, index)
+        self.segment_to_playlist: Dict[str, tuple[str, int]] = {}
+        # Stato per playlist: {headers, last_access, refresh_task, target_duration}
+        self.playlist_state: Dict[str, dict] = {}
         self.client = create_httpx_client()
         
     async def prebuffer_playlist(self, playlist_url: str, headers: Dict[str, str]) -> None:
@@ -41,37 +53,44 @@ class HLSPreBuffer:
         """
         try:
             logger.debug(f"Starting pre-buffer for playlist: {playlist_url}")
-            
-            # Download and parse playlist
             response = await self.client.get(playlist_url, headers=headers)
             response.raise_for_status()
             playlist_content = response.text
-            
-            # Check if this is a master playlist (contains variants)
+
+            # Se master playlist: prendi la prima variante (fix relativo)
             if "#EXT-X-STREAM-INF" in playlist_content:
                 logger.debug(f"Master playlist detected, finding first variant")
-                # Extract variant URLs
                 variant_urls = self._extract_variant_urls(playlist_content, playlist_url)
                 if variant_urls:
-                    # Pre-buffer the first variant
                     first_variant_url = variant_urls[0]
                     logger.debug(f"Pre-buffering first variant: {first_variant_url}")
                     await self.prebuffer_playlist(first_variant_url, headers)
                 else:
                     logger.warning("No variants found in master playlist")
                 return
-            
-            # Extract segment URLs
+
+            # Media playlist: estrai segmenti, salva stato e lancia refresh loop
             segment_urls = self._extract_segment_urls(playlist_content, playlist_url)
-            
-            # Store segment URLs for this playlist
             self.segment_urls[playlist_url] = segment_urls
-            
-            # Pre-buffer first few segments
+            # aggiorna mappa inversa
+            for idx, u in enumerate(segment_urls):
+                self.segment_to_playlist[u] = (playlist_url, idx)
+
+            # prebuffer iniziale
             await self._prebuffer_segments(segment_urls[:self.prebuffer_segments], headers)
-            
             logger.info(f"Pre-buffered {min(self.prebuffer_segments, len(segment_urls))} segments for {playlist_url}")
-            
+
+            # setup refresh loop se non già attivo
+            target_duration = self._parse_target_duration(playlist_content) or 6
+            st = self.playlist_state.get(playlist_url, {})
+            if not st.get("refresh_task") or st["refresh_task"].done():
+                task = asyncio.create_task(self._refresh_playlist_loop(playlist_url, headers, target_duration))
+                self.playlist_state[playlist_url] = {
+                    "headers": headers,
+                    "last_access": asyncio.get_event_loop().time(),
+                    "refresh_task": task,
+                    "target_duration": target_duration,
+                }
         except Exception as e:
             logger.warning(f"Failed to pre-buffer playlist {playlist_url}: {e}")
     
@@ -124,34 +143,24 @@ class HLSPreBuffer:
     
     def _extract_variant_urls(self, playlist_content: str, base_url: str) -> List[str]:
         """
-        Extract variant URLs from master playlist content.
-        
-        Args:
-            playlist_content (str): Content of the master playlist
-            base_url (str): Base URL for resolving relative URLs
-            
-        Returns:
-            List[str]: List of variant URLs
+        Estrae le varianti dal master playlist. Corretto per gestire URI relativi:
+        prende la riga non-commento successiva a #EXT-X-STREAM-INF e la risolve rispetto a base_url.
         """
+        from urllib.parse import urljoin
         variant_urls = []
-        lines = playlist_content.split('\n')
-        
+        lines = [l.strip() for l in playlist_content.split('\n')]
+        take_next_uri = False
         for line in lines:
-            line = line.strip()
-            if line and not line.startswith('#') and ('http://' in line or 'https://' in line):
-                # Resolve relative URLs
-                if line.startswith('http'):
-                    variant_urls.append(line)
-                else:
-                    # Join with base URL for relative paths
-                    parsed_base = urlparse(base_url)
-                    variant_url = f"{parsed_base.scheme}://{parsed_base.netloc}{line}"
-                    variant_urls.append(variant_url)
-        
+            if line.startswith("#EXT-X-STREAM-INF"):
+                take_next_uri = True
+                continue
+            if take_next_uri:
+                take_next_uri = False
+                if line and not line.startswith('#'):
+                    variant_urls.append(urljoin(base_url, line))
         logger.debug(f"Extracted {len(variant_urls)} variant URLs from master playlist")
         if variant_urls:
             logger.debug(f"First variant URL: {variant_urls[0]}")
-        
         return variant_urls
     
     async def _prebuffer_segments(self, segment_urls: List[str], headers: Dict[str, str]) -> None:
@@ -166,7 +175,6 @@ class HLSPreBuffer:
         for url in segment_urls:
             if url not in self.segment_cache:
                 tasks.append(self._download_segment(url, headers))
-        
         if tasks:
             await asyncio.gather(*tasks, return_exceptions=True)
     
@@ -196,16 +204,16 @@ class HLSPreBuffer:
     
     def _emergency_cache_cleanup(self) -> None:
         """
-        Perform emergency cache cleanup when memory usage is high.
+        Esegue cleanup LRU rimuovendo il 50% più vecchio.
         """
         if self._check_memory_threshold():
             logger.warning("Emergency cache cleanup triggered due to high memory usage")
-            # Clear 50% of cache
-            cache_size = len(self.segment_cache)
-            keys_to_remove = list(self.segment_cache.keys())[:cache_size // 2]
-            for key in keys_to_remove:
-                del self.segment_cache[key]
-            logger.info(f"Emergency cleanup removed {len(keys_to_remove)} segments from cache")
+            to_remove = max(1, len(self.segment_cache) // 2)
+            removed = 0
+            while removed < to_remove and self.segment_cache:
+                self.segment_cache.popitem(last=False)  # rimuovi LRU
+                removed += 1
+            logger.info(f"Emergency cleanup removed {removed} segments from cache")
     
     async def _download_segment(self, segment_url: str, headers: Dict[str, str]) -> None:
         """
@@ -216,29 +224,26 @@ class HLSPreBuffer:
             headers (Dict[str, str]): Headers to use for request
         """
         try:
-            # Check memory usage before downloading
             memory_percent = self._get_memory_usage_percent()
             if memory_percent > self.max_memory_percent:
                 logger.warning(f"Memory usage {memory_percent}% exceeds limit {self.max_memory_percent}%, skipping download")
                 return
-            
+
             response = await self.client.get(segment_url, headers=headers)
             response.raise_for_status()
-            
-            # Cache the segment
+
+            # Cache LRU
             self.segment_cache[segment_url] = response.content
-            
-            # Check for emergency cleanup
+            self.segment_cache.move_to_end(segment_url, last=True)
+
             if self._check_memory_threshold():
                 self._emergency_cache_cleanup()
-            # Maintain cache size
             elif len(self.segment_cache) > self.max_cache_size:
-                # Remove oldest entries (simple FIFO)
-                oldest_key = next(iter(self.segment_cache))
-                del self.segment_cache[oldest_key]
-                
+                # Evict LRU finché non rientra
+                while len(self.segment_cache) > self.max_cache_size:
+                    self.segment_cache.popitem(last=False)
+
             logger.debug(f"Cached segment: {segment_url}")
-            
         except Exception as e:
             logger.warning(f"Failed to download segment {segment_url}: {e}")
     
@@ -256,38 +261,64 @@ class HLSPreBuffer:
         # Check cache first
         if segment_url in self.segment_cache:
             logger.debug(f"Cache hit for segment: {segment_url}")
-            return self.segment_cache[segment_url]
-        
-        # Check memory usage before downloading
+            # LRU touch
+            data = self.segment_cache[segment_url]
+            self.segment_cache.move_to_end(segment_url, last=True)
+            # aggiorna last_access per la playlist se mappata
+            pl = self.segment_to_playlist.get(segment_url)
+            if pl:
+                st = self.playlist_state.get(pl[0])
+                if st:
+                    st["last_access"] = asyncio.get_event_loop().time()
+            return data
+
         memory_percent = self._get_memory_usage_percent()
         if memory_percent > self.max_memory_percent:
             logger.warning(f"Memory usage {memory_percent}% exceeds limit {self.max_memory_percent}%, skipping download")
             return None
-        
-        # Download if not in cache
+
         try:
             response = await self.client.get(segment_url, headers=headers)
             response.raise_for_status()
             segment_data = response.content
-            
-            # Cache the segment
+
+            # Cache LRU
             self.segment_cache[segment_url] = segment_data
-            
-            # Check for emergency cleanup
+            self.segment_cache.move_to_end(segment_url, last=True)
+
             if self._check_memory_threshold():
                 self._emergency_cache_cleanup()
-            # Maintain cache size
             elif len(self.segment_cache) > self.max_cache_size:
-                oldest_key = next(iter(self.segment_cache))
-                del self.segment_cache[oldest_key]
-            
+                while len(self.segment_cache) > self.max_cache_size:
+                    self.segment_cache.popitem(last=False)
+
+            # aggiorna last_access per playlist
+            pl = self.segment_to_playlist.get(segment_url)
+            if pl:
+                st = self.playlist_state.get(pl[0])
+                if st:
+                    st["last_access"] = asyncio.get_event_loop().time()
+
             logger.debug(f"Downloaded and cached segment: {segment_url}")
             return segment_data
-            
         except Exception as e:
             logger.warning(f"Failed to get segment {segment_url}: {e}")
             return None
     
+    async def prebuffer_from_segment(self, segment_url: str, headers: Dict[str, str]) -> None:
+        """
+        Dato un URL di segmento, prebuffer i successivi in base alla playlist e all'indice mappato.
+        """
+        mapped = self.segment_to_playlist.get(segment_url)
+        if not mapped:
+            return
+        playlist_url, idx = mapped
+        # aggiorna access time
+        st = self.playlist_state.get(playlist_url)
+        if st:
+            st["last_access"] = asyncio.get_event_loop().time()
+        await self.prebuffer_next_segments(playlist_url, idx, headers)
+    
     async def prebuffer_next_segments(self, playlist_url: str, current_segment_index: int, headers: Dict[str, str]) -> None:
         """
         Pre-buffer next segments based on current playback position.
@@ -299,10 +330,8 @@ class HLSPreBuffer:
         """
         if playlist_url not in self.segment_urls:
             return
-        
         segment_urls = self.segment_urls[playlist_url]
         next_segments = segment_urls[current_segment_index + 1:current_segment_index + 1 + self.prebuffer_segments]
-        
         if next_segments:
             await self._prebuffer_segments(next_segments, headers)
     
@@ -310,6 +339,8 @@ class HLSPreBuffer:
         """Clear the segment cache."""
         self.segment_cache.clear()
         self.segment_urls.clear()
+        self.segment_to_playlist.clear()
+        self.playlist_state.clear()
         logger.info("HLS pre-buffer cache cleared")
     
     async def close(self) -> None:
@@ -318,4 +349,142 @@ class HLSPreBuffer:
 
 
 # Global pre-buffer instance
-hls_prebuffer = HLSPreBuffer() 
\ No newline at end of file
+hls_prebuffer = HLSPreBuffer()
+
+
+class HLSPreBuffer:
+    def _parse_target_duration(self, playlist_content: str) -> Optional[int]:
+        """
+        Parse EXT-X-TARGETDURATION from a media playlist and return duration in seconds.
+        Returns None if not present or unparsable.
+        """
+        for line in playlist_content.splitlines():
+            line = line.strip()
+            if line.startswith("#EXT-X-TARGETDURATION:"):
+                try:
+                    value = line.split(":", 1)[1].strip()
+                    return int(float(value))
+                except Exception:
+                    return None
+        return None
+    
+    async def _refresh_playlist_loop(self, playlist_url: str, headers: Dict[str, str], target_duration: int) -> None:
+        """
+        Aggiorna periodicamente la playlist per seguire la sliding window e mantenere la cache coerente.
+        Interrompe e pulisce dopo inattività prolungata.
+        """
+        sleep_s = max(2, min(15, int(target_duration)))
+        inactivity_timeout = 600  # 10 minuti
+        while True:
+            try:
+                st = self.playlist_state.get(playlist_url)
+                now = asyncio.get_event_loop().time()
+                if not st:
+                    return
+                if now - st.get("last_access", now) > inactivity_timeout:
+                    # cleanup specifico della playlist
+                    urls = set(self.segment_urls.get(playlist_url, []))
+                    if urls:
+                        # rimuovi dalla cache solo i segmenti di questa playlist
+                        for u in list(self.segment_cache.keys()):
+                            if u in urls:
+                                self.segment_cache.pop(u, None)
+                        # rimuovi mapping
+                        for u in urls:
+                            self.segment_to_playlist.pop(u, None)
+                    self.segment_urls.pop(playlist_url, None)
+                    self.playlist_state.pop(playlist_url, None)
+                    logger.info(f"Stopped HLS prebuffer for inactive playlist: {playlist_url}")
+                    return
+
+                # refresh manifest
+                resp = await self.client.get(playlist_url, headers=headers)
+                resp.raise_for_status()
+                content = resp.text
+                new_target = self._parse_target_duration(content)
+                if new_target:
+                    sleep_s = max(2, min(15, int(new_target)))
+
+                new_urls = self._extract_segment_urls(content, playlist_url)
+                if new_urls:
+                    self.segment_urls[playlist_url] = new_urls
+                    # rebuild reverse map per gli ultimi N (limita la memoria)
+                    for idx, u in enumerate(new_urls[-(self.max_cache_size * 2):]):
+                        # rimappiando sovrascrivi eventuali entry
+                        real_idx = len(new_urls) - (self.max_cache_size * 2) + idx if len(new_urls) > (self.max_cache_size * 2) else idx
+                        self.segment_to_playlist[u] = (playlist_url, real_idx)
+
+                # tenta un prebuffer proattivo: se conosciamo l'ultimo segmento accessibile, anticipa i successivi
+                # Non conosciamo l'indice di riproduzione corrente qui, quindi non facciamo nulla di aggressivo.
+
+            except Exception as e:
+                logger.debug(f"Playlist refresh error for {playlist_url}: {e}")
+            await asyncio.sleep(sleep_s)
+    def _extract_segment_urls(self, playlist_content: str, base_url: str) -> List[str]:
+        """
+        Extract segment URLs from HLS playlist content.
+        
+        Args:
+            playlist_content (str): Content of the HLS playlist
+            base_url (str): Base URL for resolving relative URLs
+            
+        Returns:
+            List[str]: List of segment URLs
+        """
+        segment_urls = []
+        lines = playlist_content.split('\n')
+        
+        logger.debug(f"Analyzing playlist with {len(lines)} lines")
+        
+        for line in lines:
+            line = line.strip()
+            if line and not line.startswith('#'):
+                # Check if line contains a URL (http/https) or is a relative path
+                if 'http://' in line or 'https://' in line:
+                    segment_urls.append(line)
+                    logger.debug(f"Found absolute URL: {line}")
+                elif line and not line.startswith('#'):
+                    # This might be a relative path to a segment
+                    parsed_base = urlparse(base_url)
+                    # Ensure proper path joining
+                    if line.startswith('/'):
+                        segment_url = f"{parsed_base.scheme}://{parsed_base.netloc}{line}"
+                    else:
+                        # Get the directory path from base_url
+                        base_path = parsed_base.path.rsplit('/', 1)[0] if '/' in parsed_base.path else ''
+                        segment_url = f"{parsed_base.scheme}://{parsed_base.netloc}{base_path}/{line}"
+                    segment_urls.append(segment_url)
+                    logger.debug(f"Found relative path: {line} -> {segment_url}")
+        
+        logger.debug(f"Extracted {len(segment_urls)} segment URLs from playlist")
+        if segment_urls:
+            logger.debug(f"First segment URL: {segment_urls[0]}")
+        else:
+            logger.debug("No segment URLs found in playlist")
+            # Log first few lines for debugging
+            for i, line in enumerate(lines[:10]):
+                logger.debug(f"Line {i}: {line}")
+        
+        return segment_urls
+    
+    def _extract_variant_urls(self, playlist_content: str, base_url: str) -> List[str]:
+        """
+        Estrae le varianti dal master playlist. Corretto per gestire URI relativi:
+        prende la riga non-commento successiva a #EXT-X-STREAM-INF e la risolve rispetto a base_url.
+        """
+        from urllib.parse import urljoin
+        variant_urls = []
+        lines = [l.strip() for l in playlist_content.split('\n')]
+        take_next_uri = False
+        for line in lines:
+            if line.startswith("#EXT-X-STREAM-INF"):
+                take_next_uri = True
+                continue
+            if take_next_uri:
+                take_next_uri = False
+                if line and not line.startswith('#'):
+                    variant_urls.append(urljoin(base_url, line))
+        logger.debug(f"Extracted {len(variant_urls)} variant URLs from master playlist")
+        if variant_urls:
+            logger.debug(f"First variant URL: {variant_urls[0]}")
+        return variant_urls
\ No newline at end of file
diff --git a/mediaflow_proxy/utils/hls_utils.py b/mediaflow_proxy/utils/hls_utils.py
new file mode 100644
index 0000000..2591595
--- /dev/null
+++ b/mediaflow_proxy/utils/hls_utils.py
@@ -0,0 +1,54 @@
+import logging
+import re
+from typing import List, Dict, Any, Optional, Tuple
+from urllib.parse import urljoin
+
+logger = logging.getLogger(__name__)
+
+
+def parse_hls_playlist(playlist_content: str, base_url: Optional[str] = None) -> List[Dict[str, Any]]:
+    """
+    Parses an HLS master playlist to extract stream information.
+
+    Args:
+        playlist_content (str): The content of the M3U8 master playlist.
+        base_url (str, optional): The base URL of the playlist for resolving relative stream URLs. Defaults to None.
+
+    Returns:
+        List[Dict[str, Any]]: A list of dictionaries, each representing a stream variant.
+    """
+    streams = []
+    lines = playlist_content.strip().split('\n')
+    
+    # Regex to capture attributes from #EXT-X-STREAM-INF
+    stream_inf_pattern = re.compile(r'#EXT-X-STREAM-INF:(.*)')
+    
+    for i, line in enumerate(lines):
+        if line.startswith('#EXT-X-STREAM-INF'):
+            stream_info = {'raw_stream_inf': line}
+            match = stream_inf_pattern.match(line)
+            if not match:
+                logger.warning(f"Could not parse #EXT-X-STREAM-INF line: {line}")
+                continue
+            attributes_str = match.group(1)
+            
+            # Parse attributes like BANDWIDTH, RESOLUTION, etc.
+            attributes = re.findall(r'([A-Z-]+)=("([^"]+)"|([^,]+))', attributes_str)
+            for key, _, quoted_val, unquoted_val in attributes:
+                value = quoted_val if quoted_val else unquoted_val
+                if key == 'RESOLUTION':
+                    try:
+                        width, height = map(int, value.split('x'))
+                        stream_info['resolution'] = (width, height)
+                    except ValueError:
+                        stream_info['resolution'] = (0, 0)
+                else:
+                    stream_info[key.lower().replace('-', '_')] = value
+            
+            # The next line should be the stream URL
+            if i + 1 < len(lines) and not lines[i + 1].startswith('#'):
+                stream_url = lines[i + 1].strip()
+                stream_info['url'] = urljoin(base_url, stream_url) if base_url else stream_url
+                streams.append(stream_info)
+                
+    return streams
\ No newline at end of file
diff --git a/mediaflow_proxy/utils/http_utils.py b/mediaflow_proxy/utils/http_utils.py
index cb23d21..1278ccd 100644
--- a/mediaflow_proxy/utils/http_utils.py
+++ b/mediaflow_proxy/utils/http_utils.py
@@ -3,7 +3,7 @@ import typing
 from dataclasses import dataclass
 from functools import partial
 from urllib import parse
-from urllib.parse import urlencode
+from urllib.parse import urlencode, urlparse
 
 import anyio
 import h11
@@ -81,6 +81,10 @@ async def fetch_with_retry(client, method, url, headers, follow_redirects=True,
 
 
 class Streamer:
+    # PNG signature and IEND marker for fake PNG header detection (StreamWish/FileMoon)
+    _PNG_SIGNATURE = b"\x89PNG\r\n\x1a\n"
+    _PNG_IEND_MARKER = b"\x49\x45\x4E\x44\xAE\x42\x60\x82"
+
     def __init__(self, client):
         """
         Initializes the Streamer with an HTTP client.
@@ -132,13 +136,48 @@ class Streamer:
             logger.error(f"Error creating streaming response: {e}")
             raise RuntimeError(f"Error creating streaming response: {e}")
 
+    @staticmethod
+    def _strip_fake_png_wrapper(chunk: bytes) -> bytes:
+        """
+        Strip fake PNG wrapper from chunk data.
+
+        Some streaming services (StreamWish, FileMoon) prepend a fake PNG image
+        to video data to evade detection. This method detects and removes it.
+
+        Args:
+            chunk: The raw chunk data that may contain a fake PNG header.
+
+        Returns:
+            The chunk with fake PNG wrapper removed, or original chunk if not present.
+        """
+        if not chunk.startswith(Streamer._PNG_SIGNATURE):
+            return chunk
+
+        # Find the IEND marker that signals end of PNG data
+        iend_pos = chunk.find(Streamer._PNG_IEND_MARKER)
+        if iend_pos == -1:
+            # IEND not found in this chunk - return as-is to avoid data corruption
+            logger.debug("PNG signature detected but IEND marker not found in chunk")
+            return chunk
+
+        # Calculate position after IEND marker
+        content_start = iend_pos + len(Streamer._PNG_IEND_MARKER)
+
+        # Skip any padding bytes (null or 0xFF) between PNG and actual content
+        while content_start < len(chunk) and chunk[content_start] in (0x00, 0xFF):
+            content_start += 1
+
+        stripped_bytes = content_start
+        logger.debug(f"Stripped {stripped_bytes} bytes of fake PNG wrapper from stream")
+
+        return chunk[content_start:]
+
     async def stream_content(self) -> typing.AsyncGenerator[bytes, None]:
-        """
-        Streams the content from the response.
-        """
         if not self.response:
             raise RuntimeError("No response available for streaming")
 
+        is_first_chunk = True
+
         try:
             self.parse_content_range()
 
@@ -154,15 +193,19 @@ class Streamer:
                     mininterval=1,
                 ) as self.progress_bar:
                     async for chunk in self.response.aiter_bytes():
+                        if is_first_chunk:
+                            is_first_chunk = False
+                            chunk = self._strip_fake_png_wrapper(chunk)
+
                         yield chunk
-                        chunk_size = len(chunk)
-                        self.bytes_transferred += chunk_size
-                        self.progress_bar.set_postfix_str(
-                            f"📥 : {self.format_bytes(self.bytes_transferred)}", refresh=False
-                        )
-                        self.progress_bar.update(chunk_size)
+                        self.bytes_transferred += len(chunk)
+                        self.progress_bar.update(len(chunk))
             else:
                 async for chunk in self.response.aiter_bytes():
+                    if is_first_chunk:
+                        is_first_chunk = False
+                        chunk = self._strip_fake_png_wrapper(chunk)
+
                     yield chunk
                     self.bytes_transferred += len(chunk)
 
@@ -187,10 +230,19 @@ class Streamer:
                 raise DownloadError(502, f"Protocol error while streaming: {e}")
         except GeneratorExit:
             logger.info("Streaming session stopped by the user")
+        except httpx.ReadError as e:
+            # Handle network read errors gracefully - these occur when upstream connection drops
+            logger.warning(f"ReadError while streaming: {e}")
+            if self.bytes_transferred > 0:
+                logger.info(f"Partial content received ({self.bytes_transferred} bytes) before ReadError. Graceful termination.")
+                return
+            else:
+                raise DownloadError(502, f"ReadError while streaming: {e}")
         except Exception as e:
             logger.error(f"Error streaming content: {e}")
             raise
 
+            
     @staticmethod
     def format_bytes(size) -> str:
         power = 2**10
@@ -490,6 +542,23 @@ def get_proxy_headers(request: Request) -> ProxyRequestHeaders:
     """
     request_headers = {k: v for k, v in request.headers.items() if k in SUPPORTED_REQUEST_HEADERS}
     request_headers.update({k[2:].lower(): v for k, v in request.query_params.items() if k.startswith("h_")})
+    request_headers.setdefault("user-agent", settings.user_agent)
+
+    # Handle common misspelling of referer
+    if "referrer" in request_headers:
+        if "referer" not in request_headers:
+            request_headers["referer"] = request_headers.pop("referrer")
+            
+    dest = request.query_params.get("d", "")
+    host = urlparse(dest).netloc.lower()
+            
+    if "vidoza" in host or "videzz" in host:
+        # Remove ALL empty headers
+        for h in list(request_headers.keys()):
+            v = request_headers[h]
+            if v is None or v.strip() == "":
+                request_headers.pop(h, None)
+
     response_headers = {k[2:].lower(): v for k, v in request.query_params.items() if k.startswith("r_")}
     return ProxyRequestHeaders(request_headers, response_headers)
 
@@ -527,21 +596,14 @@ class EnhancedStreamingResponse(Response):
             logger.error(f"Error in listen_for_disconnect: {str(e)}")
 
     async def stream_response(self, send: Send) -> None:
+        # Track if response headers have been sent to prevent duplicate headers
+        response_started = False
+        # Track if response finalization (more_body: False) has been sent to prevent ASGI protocol violation
+        finalization_sent = False
         try:
             # Initialize headers
             headers = list(self.raw_headers)
 
-            # Set the transfer-encoding to chunked for streamed responses with content-length
-            # when content-length is present. This ensures we don't hit protocol errors
-            # if the upstream connection is closed prematurely.
-            for i, (name, _) in enumerate(headers):
-                if name.lower() == b"content-length":
-                    # Replace content-length with transfer-encoding: chunked for streaming
-                    headers[i] = (b"transfer-encoding", b"chunked")
-                    headers = [h for h in headers if h[0].lower() != b"content-length"]
-                    logger.debug("Switched from content-length to chunked transfer-encoding for streaming")
-                    break
-
             # Start the response
             await send(
                 {
@@ -550,6 +612,7 @@ class EnhancedStreamingResponse(Response):
                     "headers": headers,
                 }
             )
+            response_started = True
 
             # Track if we've sent any data
             data_sent = False
@@ -568,27 +631,29 @@ class EnhancedStreamingResponse(Response):
 
                 # Successfully streamed all content
                 await send({"type": "http.response.body", "body": b"", "more_body": False})
-            except (httpx.RemoteProtocolError, h11._util.LocalProtocolError) as e:
-                # Handle connection closed errors
+                finalization_sent = True
+            except (httpx.RemoteProtocolError, httpx.ReadError, h11._util.LocalProtocolError) as e:
+                # Handle connection closed / read errors gracefully
                 if data_sent:
                     # We've sent some data to the client, so try to complete the response
-                    logger.warning(f"Remote protocol error after partial streaming: {e}")
+                    logger.warning(f"Upstream connection error after partial streaming: {e}")
                     try:
                         await send({"type": "http.response.body", "body": b"", "more_body": False})
+                        finalization_sent = True
                         logger.info(
                             f"Response finalized after partial content ({self.actual_content_length} bytes transferred)"
                         )
                     except Exception as close_err:
-                        logger.warning(f"Could not finalize response after remote error: {close_err}")
+                        logger.warning(f"Could not finalize response after upstream error: {close_err}")
                 else:
                     # No data was sent, re-raise the error
-                    logger.error(f"Protocol error before any data was streamed: {e}")
+                    logger.error(f"Upstream error before any data was streamed: {e}")
                     raise
         except Exception as e:
             logger.exception(f"Error in stream_response: {str(e)}")
-            if not isinstance(e, (ConnectionResetError, anyio.BrokenResourceError)):
+            if not isinstance(e, (ConnectionResetError, anyio.BrokenResourceError)) and not response_started:
+                # Only attempt to send error response if headers haven't been sent yet
                 try:
-                    # Try to send an error response if client is still connected
                     await send(
                         {
                             "type": "http.response.start",
@@ -598,36 +663,39 @@ class EnhancedStreamingResponse(Response):
                     )
                     error_message = f"Streaming error: {str(e)}".encode("utf-8")
                     await send({"type": "http.response.body", "body": error_message, "more_body": False})
+                    finalization_sent = True
                 except Exception:
                     # If we can't send an error response, just log it
                     pass
+            elif response_started and not finalization_sent:
+                # Response already started but not finalized - gracefully close the stream
+                try:
+                    await send({"type": "http.response.body", "body": b"", "more_body": False})
+                    finalization_sent = True
+                except Exception:
+                    pass
 
     async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
         async with anyio.create_task_group() as task_group:
-            streaming_completed = False
             stream_func = partial(self.stream_response, send)
             listen_func = partial(self.listen_for_disconnect, receive)
 
             async def wrap(func: typing.Callable[[], typing.Awaitable[None]]) -> None:
                 try:
                     await func()
-                    # If this is the stream_response function and it completes successfully, mark as done
-                    if func == stream_func:
-                        nonlocal streaming_completed
-                        streaming_completed = True
                 except Exception as e:
-                    if isinstance(e, (httpx.RemoteProtocolError, h11._util.LocalProtocolError)):
-                        # Handle protocol errors more gracefully
-                        logger.warning(f"Protocol error during streaming: {e}")
-                    elif not isinstance(e, anyio.get_cancelled_exc_class()):
-                        logger.exception("Error in streaming task")
-                        # Only re-raise if it's not a protocol error or cancellation
+                    # Note: stream_response and listen_for_disconnect handle their own exceptions
+                    # internally. This is a safety net for any unexpected exceptions that might
+                    # escape due to future code changes.
+                    if not isinstance(e, anyio.get_cancelled_exc_class()):
+                        logger.exception(f"Unexpected error in streaming task: {type(e).__name__}: {e}")
+                        # Re-raise unexpected errors to surface bugs rather than silently swallowing them
                         raise
                 finally:
-                    # Only cancel the task group if we're in disconnect listener or
-                    # if streaming_completed is True (meaning we finished normally)
-                    if func == listen_func or streaming_completed:
-                        task_group.cancel_scope.cancel()
+                    # Cancel task group when either task completes or fails:
+                    # - stream_func finished (success or failure) -> stop listening for disconnect
+                    # - listen_func finished (client disconnected) -> stop streaming
+                    task_group.cancel_scope.cancel()
 
             # Start the streaming response in a separate task
             task_group.start_soon(wrap, stream_func)
diff --git a/mediaflow_proxy/utils/m3u8_processor.py b/mediaflow_proxy/utils/m3u8_processor.py
index 08f8151..eb65c95 100644
--- a/mediaflow_proxy/utils/m3u8_processor.py
+++ b/mediaflow_proxy/utils/m3u8_processor.py
@@ -11,7 +11,7 @@ from mediaflow_proxy.utils.hls_prebuffer import hls_prebuffer
 
 
 class M3U8Processor:
-    def __init__(self, request, key_url: str = None, force_playlist_proxy: bool = None):
+    def __init__(self, request, key_url: str = None, force_playlist_proxy: bool = None, key_only_proxy: bool = False, no_proxy: bool = False):
         """
         Initializes the M3U8Processor with the request and URL prefix.
 
@@ -19,9 +19,13 @@ class M3U8Processor:
             request (Request): The incoming HTTP request.
             key_url (HttpUrl, optional): The URL of the key server. Defaults to None.
             force_playlist_proxy (bool, optional): Force all playlist URLs to be proxied through MediaFlow. Defaults to None.
+            key_only_proxy (bool, optional): Only proxy the key URL, leaving segment URLs direct. Defaults to False.
+            no_proxy (bool, optional): If True, returns the manifest without proxying any URLs. Defaults to False.
         """
         self.request = request
         self.key_url = parse.urlparse(key_url) if key_url else None
+        self.key_only_proxy = key_only_proxy
+        self.no_proxy = no_proxy
         self.force_playlist_proxy = force_playlist_proxy
         self.mediaflow_proxy_url = str(
             request.url_for("hls_manifest_proxy").replace(scheme=get_original_scheme(request))
@@ -174,6 +178,15 @@ class M3U8Processor:
         Returns:
             str: The processed key line.
         """
+        # If no_proxy is enabled, just resolve relative URLs without proxying
+        if self.no_proxy:
+            uri_match = re.search(r'URI="([^"]+)"', line)
+            if uri_match:
+                original_uri = uri_match.group(1)
+                full_url = parse.urljoin(base_url, original_uri)
+                line = line.replace(f'URI="{original_uri}"', f'URI="{full_url}"')
+            return line
+        
         uri_match = re.search(r'URI="([^"]+)"', line)
         if uri_match:
             original_uri = uri_match.group(1)
@@ -197,6 +210,14 @@ class M3U8Processor:
         """
         full_url = parse.urljoin(base_url, url)
 
+        # If no_proxy is enabled, return the direct URL without any proxying
+        if self.no_proxy:
+            return full_url
+
+        # If key_only_proxy is enabled, return the direct URL for segments
+        if self.key_only_proxy and not url.endswith((".m3u", ".m3u8")):
+            return full_url
+
         # Determine routing strategy based on configuration
         routing_strategy = settings.m3u8_content_routing
 
diff --git a/mediaflow_proxy/utils/mpd_utils.py b/mediaflow_proxy/utils/mpd_utils.py
index 28cb3c3..719f7dc 100644
--- a/mediaflow_proxy/utils/mpd_utils.py
+++ b/mediaflow_proxy/utils/mpd_utils.py
@@ -270,7 +270,7 @@ def parse_representation(
     if item:
         profile["segments"] = parse_segment_template(parsed_dict, item, profile, source)
     else:
-        profile["segments"] = parse_segment_base(representation, source)
+        profile["segments"] = parse_segment_base(representation, profile, source)
 
     return profile
 
@@ -547,7 +547,7 @@ def create_segment_data(segment: Dict, item: dict, profile: dict, source: str, t
     return segment_data
 
 
-def parse_segment_base(representation: dict, source: str) -> List[Dict]:
+def parse_segment_base(representation: dict, profile: dict, source: str) -> List[Dict]:
     """
     Parses segment base information and extracts segment data. This is used for single-segment representations.
 
@@ -562,6 +562,12 @@ def parse_segment_base(representation: dict, source: str) -> List[Dict]:
     start, end = map(int, segment["@indexRange"].split("-"))
     if "Initialization" in segment:
         start, _ = map(int, segment["Initialization"]["@range"].split("-"))
+    
+    # Set initUrl for SegmentBase
+    if not representation['BaseURL'].startswith("http"):
+        profile["initUrl"] = f"{source}/{representation['BaseURL']}"
+    else:
+        profile["initUrl"] = representation['BaseURL']
 
     return [
         {
diff --git a/mediaflow_proxy/utils/python_aes.py b/mediaflow_proxy/utils/python_aes.py
new file mode 100644
index 0000000..4fc20b7
--- /dev/null
+++ b/mediaflow_proxy/utils/python_aes.py
@@ -0,0 +1,122 @@
+# Author: Trevor Perrin
+# See the LICENSE file for legal information regarding use of this file.
+
+"""Pure-Python AES implementation."""
+
+import sys
+from .aes import AES
+from .rijndael import Rijndael
+from .cryptomath import bytesToNumber, numberToByteArray
+
+__all__ = ['new', 'Python_AES']
+
+
+def new(key, mode, IV):
+    # IV argument name is a part of the interface
+    # pylint: disable=invalid-name
+    if mode == 2:
+        return Python_AES(key, mode, IV)
+    elif mode == 6:
+        return Python_AES_CTR(key, mode, IV)
+    else:
+        raise NotImplementedError()
+
+
+class Python_AES(AES):
+    def __init__(self, key, mode, IV):
+        # IV argument/field names are a part of the interface
+        # pylint: disable=invalid-name
+        key, IV = bytearray(key), bytearray(IV)
+        super(Python_AES, self).__init__(key, mode, IV, "python")
+        self.rijndael = Rijndael(key, 16)
+        self.IV = IV
+
+    def encrypt(self, plaintext):
+        super(Python_AES, self).encrypt(plaintext)
+
+        plaintextBytes = bytearray(plaintext)
+        chainBytes = self.IV[:]
+
+        #CBC Mode: For each block...
+        for x in range(len(plaintextBytes)//16):
+
+            #XOR with the chaining block
+            blockBytes = plaintextBytes[x*16 : (x*16)+16]
+            for y in range(16):
+                blockBytes[y] ^= chainBytes[y]
+
+            #Encrypt it
+            encryptedBytes = self.rijndael.encrypt(blockBytes)
+
+            #Overwrite the input with the output
+            for y in range(16):
+                plaintextBytes[(x*16)+y] = encryptedBytes[y]
+
+            #Set the next chaining block
+            chainBytes = encryptedBytes
+
+        self.IV = chainBytes[:]
+        return plaintextBytes
+
+    def decrypt(self, ciphertext):
+        super(Python_AES, self).decrypt(ciphertext)
+
+        ciphertextBytes = ciphertext[:]
+        chainBytes = self.IV[:]
+
+        #CBC Mode: For each block...
+        for x in range(len(ciphertextBytes)//16):
+
+            #Decrypt it
+            blockBytes = ciphertextBytes[x*16 : (x*16)+16]
+            decryptedBytes = self.rijndael.decrypt(blockBytes)
+
+            #XOR with the chaining block and overwrite the input with output
+            for y in range(16):
+                decryptedBytes[y] ^= chainBytes[y]
+                ciphertextBytes[(x*16)+y] = decryptedBytes[y]
+
+            #Set the next chaining block
+            chainBytes = blockBytes
+
+        self.IV = chainBytes[:]
+        return ciphertextBytes
+
+
+class Python_AES_CTR(AES):
+    def __init__(self, key, mode, IV):
+        super(Python_AES_CTR, self).__init__(key, mode, IV, "python")
+        self.rijndael = Rijndael(key, 16)
+        self.IV = IV
+        self._counter_bytes = 16 - len(self.IV)
+        self._counter = self.IV + bytearray(b'\x00' * self._counter_bytes)
+
+    @property
+    def counter(self):
+        return self._counter
+
+    @counter.setter
+    def counter(self, ctr):
+        self._counter = ctr
+
+    def _counter_update(self):
+        counter_int = bytesToNumber(self._counter) + 1
+        self._counter = numberToByteArray(counter_int, 16)
+        if self._counter_bytes > 0 and \
+                self._counter[-self._counter_bytes:] == \
+                bytearray(b'\xff' * self._counter_bytes):
+            raise OverflowError("CTR counter overflowed")
+
+    def encrypt(self, plaintext):
+        mask = bytearray()
+        while len(mask) < len(plaintext):
+            mask += self.rijndael.encrypt(self._counter)
+            self._counter_update()
+        if sys.version_info < (3, 0):
+            inp_bytes = bytearray(ord(i) ^ j for i, j in zip(plaintext, mask))
+        else:
+            inp_bytes = bytearray(i ^ j for i, j in zip(plaintext, mask))
+        return inp_bytes
+
+    def decrypt(self, ciphertext):
+        return self.encrypt(ciphertext)
diff --git a/mediaflow_proxy/utils/python_aesgcm.py b/mediaflow_proxy/utils/python_aesgcm.py
new file mode 100644
index 0000000..89bff4b
--- /dev/null
+++ b/mediaflow_proxy/utils/python_aesgcm.py
@@ -0,0 +1,12 @@
+# mediaflow_proxy/utils/python_aesgcm.py
+
+from .aesgcm import AESGCM
+from .rijndael import Rijndael
+
+
+def new(key: bytes) -> AESGCM:
+    """
+    Mirror ResolveURL's python_aesgcm.new(key) API:
+    returns an AESGCM instance with pure-Python Rijndael backend.
+    """
+    return AESGCM(key, "python", Rijndael(key, 16).encrypt)
diff --git a/mediaflow_proxy/utils/rijndael.py b/mediaflow_proxy/utils/rijndael.py
new file mode 100644
index 0000000..000eba6
--- /dev/null
+++ b/mediaflow_proxy/utils/rijndael.py
@@ -0,0 +1,1118 @@
+# Authors:
+#   Bram Cohen
+#   Trevor Perrin - various changes
+#
+# See the LICENSE file for legal information regarding use of this file.
+# Also see Bram Cohen's statement below
+
+"""
+A pure python (slow) implementation of rijndael with a decent interface
+
+To include -
+
+from rijndael import Rijndael
+
+To do a key setup -
+
+r = Rijndael(key, block_size = 16)
+
+key must be a string of length 16, 24, or 32
+blocksize must be 16, 24, or 32. Default is 16
+
+To use -
+
+ciphertext = r.encrypt(plaintext)
+plaintext = r.decrypt(ciphertext)
+
+If any strings are of the wrong length a ValueError is thrown
+"""
+
+from .deprecations import deprecated_class_name
+import sys
+
+# ported from the Java reference code by Bram Cohen, bram@gawth.com, April 2001
+# this code is public domain, unless someone makes
+# an intellectual property claim against the reference
+# code, in which case it can be made public domain by
+# deleting all the comments and renaming all the variables
+
+shifts = [[[0, 0], [1, 3], [2, 2], [3, 1]],
+          [[0, 0], [1, 5], [2, 4], [3, 3]],
+          [[0, 0], [1, 7], [3, 5], [4, 4]]]
+
+# [keysize][block_size]
+num_rounds = {16: {16: 10, 24: 12, 32: 14},
+              24: {16: 12, 24: 12, 32: 14},
+              32: {16: 14, 24: 14, 32: 14}}
+
+# see unit_tests/test_tlslite_utils_rijndael.py for algorithm used to
+# calculate S, Si, T, U and rcon arrays
+
+# S box
+S = (99, 124, 119, 123, 242, 107, 111, 197,
+     48, 1, 103, 43, 254, 215, 171, 118,
+     202, 130, 201, 125, 250, 89, 71, 240,
+     173, 212, 162, 175, 156, 164, 114, 192,
+     183, 253, 147, 38, 54, 63, 247, 204,
+     52, 165, 229, 241, 113, 216, 49, 21,
+     4, 199, 35, 195, 24, 150, 5, 154,
+     7, 18, 128, 226, 235, 39, 178, 117,
+     9, 131, 44, 26, 27, 110, 90, 160,
+     82, 59, 214, 179, 41, 227, 47, 132,
+     83, 209, 0, 237, 32, 252, 177, 91,
+     106, 203, 190, 57, 74, 76, 88, 207,
+     208, 239, 170, 251, 67, 77, 51, 133,
+     69, 249, 2, 127, 80, 60, 159, 168,
+     81, 163, 64, 143, 146, 157, 56, 245,
+     188, 182, 218, 33, 16, 255, 243, 210,
+     205, 12, 19, 236, 95, 151, 68, 23,
+     196, 167, 126, 61, 100, 93, 25, 115,
+     96, 129, 79, 220, 34, 42, 144, 136,
+     70, 238, 184, 20, 222, 94, 11, 219,
+     224, 50, 58, 10, 73, 6, 36, 92,
+     194, 211, 172, 98, 145, 149, 228, 121,
+     231, 200, 55, 109, 141, 213, 78, 169,
+     108, 86, 244, 234, 101, 122, 174, 8,
+     186, 120, 37, 46, 28, 166, 180, 198,
+     232, 221, 116, 31, 75, 189, 139, 138,
+     112, 62, 181, 102, 72, 3, 246, 14,
+     97, 53, 87, 185, 134, 193, 29, 158,
+     225, 248, 152, 17, 105, 217, 142, 148,
+     155, 30, 135, 233, 206, 85, 40, 223,
+     140, 161, 137, 13, 191, 230, 66, 104,
+     65, 153, 45, 15, 176, 84, 187, 22)
+
+# inverse of S box
+Si = (82, 9, 106, 213, 48, 54, 165, 56,
+      191, 64, 163, 158, 129, 243, 215, 251,
+      124, 227, 57, 130, 155, 47, 255, 135,
+      52, 142, 67, 68, 196, 222, 233, 203,
+      84, 123, 148, 50, 166, 194, 35, 61,
+      238, 76, 149, 11, 66, 250, 195, 78,
+      8, 46, 161, 102, 40, 217, 36, 178,
+      118, 91, 162, 73, 109, 139, 209, 37,
+      114, 248, 246, 100, 134, 104, 152, 22,
+      212, 164, 92, 204, 93, 101, 182, 146,
+      108, 112, 72, 80, 253, 237, 185, 218,
+      94, 21, 70, 87, 167, 141, 157, 132,
+      144, 216, 171, 0, 140, 188, 211, 10,
+      247, 228, 88, 5, 184, 179, 69, 6,
+      208, 44, 30, 143, 202, 63, 15, 2,
+      193, 175, 189, 3, 1, 19, 138, 107,
+      58, 145, 17, 65, 79, 103, 220, 234,
+      151, 242, 207, 206, 240, 180, 230, 115,
+      150, 172, 116, 34, 231, 173, 53, 133,
+      226, 249, 55, 232, 28, 117, 223, 110,
+      71, 241, 26, 113, 29, 41, 197, 137,
+      111, 183, 98, 14, 170, 24, 190, 27,
+      252, 86, 62, 75, 198, 210, 121, 32,
+      154, 219, 192, 254, 120, 205, 90, 244,
+      31, 221, 168, 51, 136, 7, 199, 49,
+      177, 18, 16, 89, 39, 128, 236, 95,
+      96, 81, 127, 169, 25, 181, 74, 13,
+      45, 229, 122, 159, 147, 201, 156, 239,
+      160, 224, 59, 77, 174, 42, 245, 176,
+      200, 235, 187, 60, 131, 83, 153, 97,
+      23, 43, 4, 126, 186, 119, 214, 38,
+      225, 105, 20, 99, 85, 33, 12, 125)
+
+T1 = (0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
+      0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
+      0x60303050, 0x2010103, 0xce6767a9, 0x562b2b7d,
+      0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
+      0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
+      0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+      0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
+      0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
+      0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+      0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
+      0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
+      0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+      0x804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
+      0x30181828, 0x379696a1, 0xa05050f, 0x2f9a9ab5,
+      0xe070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+      0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
+      0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
+      0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+      0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
+      0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
+      0xa65353f5, 0xb9d1d168, 0x0, 0xc1eded2c,
+      0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
+      0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
+      0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+      0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
+      0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
+      0x8a4545cf, 0xe9f9f910, 0x4020206, 0xfe7f7f81,
+      0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
+      0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x58f8f8a,
+      0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+      0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
+      0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
+      0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+      0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
+      0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
+      0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+      0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
+      0x44222266, 0x542a2a7e, 0x3b9090ab, 0xb888883,
+      0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+      0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
+      0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
+      0x924949db, 0xc06060a, 0x4824246c, 0xb85c5ce4,
+      0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
+      0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
+      0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+      0x18d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
+      0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
+      0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+      0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
+      0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
+      0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+      0x964b4bdd, 0x61bdbddc, 0xd8b8b86, 0xf8a8a85,
+      0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
+      0x904848d8, 0x6030305, 0xf7f6f601, 0x1c0e0e12,
+      0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
+      0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
+      0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+      0xd26969bb, 0xa9d9d970, 0x78e8e89, 0x339494a7,
+      0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
+      0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+      0x38c8c8f, 0x59a1a1f8, 0x9898980, 0x1a0d0d17,
+      0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
+      0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+      0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a)
+
+T2 = (0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
+      0xdfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
+      0x50603030, 0x3020101, 0xa9ce6767, 0x7d562b2b,
+      0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676,
+      0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d,
+      0x15effafa, 0xebb25959, 0xc98e4747, 0xbfbf0f0,
+      0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf,
+      0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0,
+      0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626,
+      0x5a6c3636, 0x417e3f3f, 0x2f5f7f7, 0x4f83cccc,
+      0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x8f9f1f1,
+      0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515,
+      0xc080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3,
+      0x28301818, 0xa1379696, 0xf0a0505, 0xb52f9a9a,
+      0x90e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2,
+      0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575,
+      0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a,
+      0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0,
+      0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3,
+      0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484,
+      0xf5a65353, 0x68b9d1d1, 0x0, 0x2cc1eded,
+      0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b,
+      0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939,
+      0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf,
+      0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb,
+      0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585,
+      0xcf8a4545, 0x10e9f9f9, 0x6040202, 0x81fe7f7f,
+      0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8,
+      0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f,
+      0xad3f9292, 0xbc219d9d, 0x48703838, 0x4f1f5f5,
+      0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121,
+      0x30201010, 0x1ae5ffff, 0xefdf3f3, 0x6dbfd2d2,
+      0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec,
+      0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717,
+      0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d,
+      0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373,
+      0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc,
+      0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888,
+      0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414,
+      0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb,
+      0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a,
+      0xdb924949, 0xa0c0606, 0x6c482424, 0xe4b85c5c,
+      0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262,
+      0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979,
+      0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d,
+      0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9,
+      0xb4d86c6c, 0xfaac5656, 0x7f3f4f4, 0x25cfeaea,
+      0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808,
+      0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e,
+      0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6,
+      0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f,
+      0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a,
+      0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666,
+      0xd8904848, 0x5060303, 0x1f7f6f6, 0x121c0e0e,
+      0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9,
+      0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e,
+      0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111,
+      0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494,
+      0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9,
+      0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf,
+      0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d,
+      0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868,
+      0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f,
+      0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616)
+
+T3 = (0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b,
+      0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5,
+      0x30506030, 0x1030201, 0x67a9ce67, 0x2b7d562b,
+      0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76,
+      0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d,
+      0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0,
+      0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af,
+      0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0,
+      0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26,
+      0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc,
+      0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1,
+      0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15,
+      0x40c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3,
+      0x18283018, 0x96a13796, 0x50f0a05, 0x9ab52f9a,
+      0x7090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2,
+      0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75,
+      0x91b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a,
+      0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0,
+      0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3,
+      0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384,
+      0x53f5a653, 0xd168b9d1, 0x0, 0xed2cc1ed,
+      0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b,
+      0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239,
+      0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf,
+      0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb,
+      0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185,
+      0x45cf8a45, 0xf910e9f9, 0x2060402, 0x7f81fe7f,
+      0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8,
+      0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f,
+      0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5,
+      0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221,
+      0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2,
+      0xcd4c81cd, 0xc14180c, 0x13352613, 0xec2fc3ec,
+      0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17,
+      0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d,
+      0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673,
+      0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc,
+      0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88,
+      0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814,
+      0xde79a7de, 0x5ee2bc5e, 0xb1d160b, 0xdb76addb,
+      0xe03bdbe0, 0x32566432, 0x3a4e743a, 0xa1e140a,
+      0x49db9249, 0x60a0c06, 0x246c4824, 0x5ce4b85c,
+      0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462,
+      0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279,
+      0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d,
+      0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9,
+      0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea,
+      0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x8181008,
+      0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e,
+      0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6,
+      0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f,
+      0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a,
+      0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66,
+      0x48d89048, 0x3050603, 0xf601f7f6, 0xe121c0e,
+      0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9,
+      0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e,
+      0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211,
+      0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394,
+      0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9,
+      0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df,
+      0x8c8f038c, 0xa1f859a1, 0x89800989, 0xd171a0d,
+      0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068,
+      0x41c38241, 0x99b02999, 0x2d775a2d, 0xf111e0f,
+      0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16)
+
+T4 = (0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6,
+      0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491,
+      0x30305060, 0x1010302, 0x6767a9ce, 0x2b2b7d56,
+      0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec,
+      0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa,
+      0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb,
+      0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45,
+      0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b,
+      0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c,
+      0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83,
+      0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9,
+      0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a,
+      0x4040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d,
+      0x18182830, 0x9696a137, 0x5050f0a, 0x9a9ab52f,
+      0x707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf,
+      0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea,
+      0x9091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34,
+      0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b,
+      0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d,
+      0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713,
+      0x5353f5a6, 0xd1d168b9, 0x0, 0xeded2cc1,
+      0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6,
+      0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72,
+      0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85,
+      0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed,
+      0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411,
+      0x4545cf8a, 0xf9f910e9, 0x2020604, 0x7f7f81fe,
+      0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b,
+      0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05,
+      0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1,
+      0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342,
+      0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf,
+      0xcdcd4c81, 0xc0c1418, 0x13133526, 0xecec2fc3,
+      0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e,
+      0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a,
+      0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6,
+      0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3,
+      0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b,
+      0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28,
+      0xdede79a7, 0x5e5ee2bc, 0xb0b1d16, 0xdbdb76ad,
+      0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0xa0a1e14,
+      0x4949db92, 0x6060a0c, 0x24246c48, 0x5c5ce4b8,
+      0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4,
+      0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2,
+      0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da,
+      0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049,
+      0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf,
+      0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x8081810,
+      0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c,
+      0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197,
+      0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e,
+      0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f,
+      0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc,
+      0x4848d890, 0x3030506, 0xf6f601f7, 0xe0e121c,
+      0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069,
+      0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927,
+      0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322,
+      0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733,
+      0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9,
+      0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5,
+      0x8c8c8f03, 0xa1a1f859, 0x89898009, 0xd0d171a,
+      0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0,
+      0x4141c382, 0x9999b029, 0x2d2d775a, 0xf0f111e,
+      0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c)
+
+T5 = (0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
+      0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
+      0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+      0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
+      0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
+      0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+      0x38f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
+      0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
+      0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+      0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
+      0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
+      0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+      0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
+      0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
+      0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+      0x302887f2, 0x23bfa5b2, 0x2036aba, 0xed16825c,
+      0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
+      0x65daf4cd, 0x605bed5, 0xd134621f, 0xc4a6fe8a,
+      0x342e539d, 0xa2f355a0, 0x58ae132, 0xa4f6eb75,
+      0xb83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
+      0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+      0x91548db5, 0x71c45d05, 0x406d46f, 0x605015ff,
+      0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
+      0xb0e842bd, 0x7898b88, 0xe7195b38, 0x79c8eedb,
+      0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x0,
+      0x9808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
+      0xfd0efffb, 0xf853856, 0x3daed51e, 0x362d3927,
+      0xa0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
+      0xc0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
+      0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+      0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
+      0xe090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
+      0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+      0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
+      0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
+      0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+      0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
+      0x1d9e2f4b, 0xdcb230f3, 0xd8652ec, 0x77c1e3d0,
+      0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+      0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
+      0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
+      0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+      0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
+      0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
+      0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+      0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
+      0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
+      0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+      0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
+      0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
+      0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+      0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
+      0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
+      0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+      0x9d5eea04, 0x18c355d, 0xfa877473, 0xfb0b412e,
+      0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
+      0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+      0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
+      0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
+      0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+      0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
+      0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
+      0x39a80171, 0x80cb3de, 0xd8b4e49c, 0x6456c190,
+      0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742)
+
+T6 = (0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
+      0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
+      0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
+      0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3,
+      0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0,
+      0x2c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9,
+      0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259,
+      0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8,
+      0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971,
+      0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a,
+      0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f,
+      0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b,
+      0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8,
+      0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab,
+      0x7b2eb28, 0x32fb5c2, 0x9a86c57b, 0xa5d33708,
+      0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682,
+      0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2,
+      0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe,
+      0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb,
+      0x390b83ec, 0xaa4060ef, 0x65e719f, 0x51bd6e10,
+      0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd,
+      0xb591548d, 0x571c45d, 0x6f0406d4, 0xff605015,
+      0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e,
+      0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee,
+      0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x0,
+      0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72,
+      0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39,
+      0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e,
+      0xb10c0a67, 0xf9357e7, 0xd2b4ee96, 0x9e1b9b91,
+      0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a,
+      0xae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17,
+      0xb0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9,
+      0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60,
+      0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e,
+      0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1,
+      0xcad731dc, 0x10426385, 0x40139722, 0x2084c611,
+      0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1,
+      0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3,
+      0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964,
+      0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390,
+      0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b,
+      0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf,
+      0xe42c3a9d, 0xd507892, 0x9b6a5fcc, 0x62547e46,
+      0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af,
+      0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512,
+      0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb,
+      0x9cd2678, 0xf46e5918, 0x1ec9ab7, 0xa8834f9a,
+      0x65e6956e, 0x7eaaffe6, 0x821bccf, 0xe6ef15e8,
+      0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c,
+      0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266,
+      0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8,
+      0x4af10498, 0xf741ecda, 0xe7fcd50, 0x2f1791f6,
+      0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604,
+      0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551,
+      0x49d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41,
+      0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647,
+      0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c,
+      0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1,
+      0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737,
+      0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db,
+      0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340,
+      0x72161dc3, 0xcbce225, 0x8b283c49, 0x41ff0d95,
+      0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1,
+      0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857)
+
+T7 = (0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27,
+      0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x3934be3,
+      0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502,
+      0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562,
+      0x5a49deb1, 0x1b6725ba, 0xe9845ea, 0xc0e15dfe,
+      0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3,
+      0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552,
+      0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9,
+      0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9,
+      0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce,
+      0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253,
+      0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908,
+      0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b,
+      0xd323ab73, 0x2e2724b, 0x8f57e31f, 0xab2a6655,
+      0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x8a5d337,
+      0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16,
+      0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69,
+      0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6,
+      0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6,
+      0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e,
+      0x8af93e21, 0x63d96dd, 0x5aedd3e, 0xbd464de6,
+      0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050,
+      0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9,
+      0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8,
+      0xa47a17c, 0xfe97c42, 0x1ec9f884, 0x0,
+      0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a,
+      0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d,
+      0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436,
+      0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b,
+      0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12,
+      0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b,
+      0xd0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e,
+      0x198557f1, 0x74caf75, 0xddbbee99, 0x60fda37f,
+      0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb,
+      0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4,
+      0xdccad731, 0x85104263, 0x22401397, 0x112084c6,
+      0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729,
+      0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1,
+      0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9,
+      0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233,
+      0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0xb3698d4,
+      0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad,
+      0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e,
+      0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3,
+      0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25,
+      0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b,
+      0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f,
+      0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15,
+      0x9bd9bae7, 0x36ce4a6f, 0x9d4ea9f, 0x7cd629b0,
+      0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2,
+      0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7,
+      0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791,
+      0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x4dfe496,
+      0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665,
+      0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b,
+      0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6,
+      0x618c9ad7, 0xc7a37a1, 0x148e59f8, 0x3c89eb13,
+      0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47,
+      0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7,
+      0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844,
+      0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3,
+      0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d,
+      0x17139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456,
+      0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8)
+
+T8 = (0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a,
+      0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b,
+      0x30fa5520, 0x766df6ad, 0xcc769188, 0x24c25f5,
+      0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5,
+      0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d,
+      0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b,
+      0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95,
+      0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e,
+      0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27,
+      0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d,
+      0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562,
+      0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x82b94f9,
+      0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752,
+      0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66,
+      0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3,
+      0x2887f230, 0xbfa5b223, 0x36aba02, 0x16825ced,
+      0xcf1c2b8a, 0x79b492a7, 0x7f2f0f3, 0x69e2a14e,
+      0xdaf4cd65, 0x5bed506, 0x34621fd1, 0xa6fe8ac4,
+      0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4,
+      0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd,
+      0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d,
+      0x548db591, 0xc45d0571, 0x6d46f04, 0x5015ff60,
+      0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767,
+      0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79,
+      0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x0,
+      0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c,
+      0xefffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736,
+      0xfd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24,
+      0xa67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b,
+      0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c,
+      0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12,
+      0x90d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814,
+      0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3,
+      0x1269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b,
+      0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8,
+      0x31dccad7, 0x63851042, 0x97224013, 0xc6112084,
+      0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7,
+      0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077,
+      0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247,
+      0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22,
+      0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698,
+      0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f,
+      0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254,
+      0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582,
+      0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf,
+      0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb,
+      0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883,
+      0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef,
+      0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629,
+      0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035,
+      0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533,
+      0x4984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17,
+      0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4,
+      0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46,
+      0x5eea049d, 0x8c355d01, 0x877473fa, 0xb412efb,
+      0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d,
+      0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb,
+      0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a,
+      0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73,
+      0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678,
+      0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2,
+      0x1dc37216, 0xe2250cbc, 0x3c498b28, 0xd9541ff,
+      0xa8017139, 0xcb3de08, 0xb4e49cd8, 0x56c19064,
+      0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0)
+
+U1 = (0x0, 0xe090d0b, 0x1c121a16, 0x121b171d,
+      0x3824342c, 0x362d3927, 0x24362e3a, 0x2a3f2331,
+      0x70486858, 0x7e416553, 0x6c5a724e, 0x62537f45,
+      0x486c5c74, 0x4665517f, 0x547e4662, 0x5a774b69,
+      0xe090d0b0, 0xee99ddbb, 0xfc82caa6, 0xf28bc7ad,
+      0xd8b4e49c, 0xd6bde997, 0xc4a6fe8a, 0xcaaff381,
+      0x90d8b8e8, 0x9ed1b5e3, 0x8ccaa2fe, 0x82c3aff5,
+      0xa8fc8cc4, 0xa6f581cf, 0xb4ee96d2, 0xbae79bd9,
+      0xdb3bbb7b, 0xd532b670, 0xc729a16d, 0xc920ac66,
+      0xe31f8f57, 0xed16825c, 0xff0d9541, 0xf104984a,
+      0xab73d323, 0xa57ade28, 0xb761c935, 0xb968c43e,
+      0x9357e70f, 0x9d5eea04, 0x8f45fd19, 0x814cf012,
+      0x3bab6bcb, 0x35a266c0, 0x27b971dd, 0x29b07cd6,
+      0x38f5fe7, 0xd8652ec, 0x1f9d45f1, 0x119448fa,
+      0x4be30393, 0x45ea0e98, 0x57f11985, 0x59f8148e,
+      0x73c737bf, 0x7dce3ab4, 0x6fd52da9, 0x61dc20a2,
+      0xad766df6, 0xa37f60fd, 0xb16477e0, 0xbf6d7aeb,
+      0x955259da, 0x9b5b54d1, 0x894043cc, 0x87494ec7,
+      0xdd3e05ae, 0xd33708a5, 0xc12c1fb8, 0xcf2512b3,
+      0xe51a3182, 0xeb133c89, 0xf9082b94, 0xf701269f,
+      0x4de6bd46, 0x43efb04d, 0x51f4a750, 0x5ffdaa5b,
+      0x75c2896a, 0x7bcb8461, 0x69d0937c, 0x67d99e77,
+      0x3daed51e, 0x33a7d815, 0x21bccf08, 0x2fb5c203,
+      0x58ae132, 0xb83ec39, 0x1998fb24, 0x1791f62f,
+      0x764dd68d, 0x7844db86, 0x6a5fcc9b, 0x6456c190,
+      0x4e69e2a1, 0x4060efaa, 0x527bf8b7, 0x5c72f5bc,
+      0x605bed5, 0x80cb3de, 0x1a17a4c3, 0x141ea9c8,
+      0x3e218af9, 0x302887f2, 0x223390ef, 0x2c3a9de4,
+      0x96dd063d, 0x98d40b36, 0x8acf1c2b, 0x84c61120,
+      0xaef93211, 0xa0f03f1a, 0xb2eb2807, 0xbce2250c,
+      0xe6956e65, 0xe89c636e, 0xfa877473, 0xf48e7978,
+      0xdeb15a49, 0xd0b85742, 0xc2a3405f, 0xccaa4d54,
+      0x41ecdaf7, 0x4fe5d7fc, 0x5dfec0e1, 0x53f7cdea,
+      0x79c8eedb, 0x77c1e3d0, 0x65daf4cd, 0x6bd3f9c6,
+      0x31a4b2af, 0x3fadbfa4, 0x2db6a8b9, 0x23bfa5b2,
+      0x9808683, 0x7898b88, 0x15929c95, 0x1b9b919e,
+      0xa17c0a47, 0xaf75074c, 0xbd6e1051, 0xb3671d5a,
+      0x99583e6b, 0x97513360, 0x854a247d, 0x8b432976,
+      0xd134621f, 0xdf3d6f14, 0xcd267809, 0xc32f7502,
+      0xe9105633, 0xe7195b38, 0xf5024c25, 0xfb0b412e,
+      0x9ad7618c, 0x94de6c87, 0x86c57b9a, 0x88cc7691,
+      0xa2f355a0, 0xacfa58ab, 0xbee14fb6, 0xb0e842bd,
+      0xea9f09d4, 0xe49604df, 0xf68d13c2, 0xf8841ec9,
+      0xd2bb3df8, 0xdcb230f3, 0xcea927ee, 0xc0a02ae5,
+      0x7a47b13c, 0x744ebc37, 0x6655ab2a, 0x685ca621,
+      0x42638510, 0x4c6a881b, 0x5e719f06, 0x5078920d,
+      0xa0fd964, 0x406d46f, 0x161dc372, 0x1814ce79,
+      0x322bed48, 0x3c22e043, 0x2e39f75e, 0x2030fa55,
+      0xec9ab701, 0xe293ba0a, 0xf088ad17, 0xfe81a01c,
+      0xd4be832d, 0xdab78e26, 0xc8ac993b, 0xc6a59430,
+      0x9cd2df59, 0x92dbd252, 0x80c0c54f, 0x8ec9c844,
+      0xa4f6eb75, 0xaaffe67e, 0xb8e4f163, 0xb6edfc68,
+      0xc0a67b1, 0x2036aba, 0x10187da7, 0x1e1170ac,
+      0x342e539d, 0x3a275e96, 0x283c498b, 0x26354480,
+      0x7c420fe9, 0x724b02e2, 0x605015ff, 0x6e5918f4,
+      0x44663bc5, 0x4a6f36ce, 0x587421d3, 0x567d2cd8,
+      0x37a10c7a, 0x39a80171, 0x2bb3166c, 0x25ba1b67,
+      0xf853856, 0x18c355d, 0x13972240, 0x1d9e2f4b,
+      0x47e96422, 0x49e06929, 0x5bfb7e34, 0x55f2733f,
+      0x7fcd500e, 0x71c45d05, 0x63df4a18, 0x6dd64713,
+      0xd731dcca, 0xd938d1c1, 0xcb23c6dc, 0xc52acbd7,
+      0xef15e8e6, 0xe11ce5ed, 0xf307f2f0, 0xfd0efffb,
+      0xa779b492, 0xa970b999, 0xbb6bae84, 0xb562a38f,
+      0x9f5d80be, 0x91548db5, 0x834f9aa8, 0x8d4697a3)
+
+U2 = (0x0, 0xb0e090d, 0x161c121a, 0x1d121b17,
+      0x2c382434, 0x27362d39, 0x3a24362e, 0x312a3f23,
+      0x58704868, 0x537e4165, 0x4e6c5a72, 0x4562537f,
+      0x74486c5c, 0x7f466551, 0x62547e46, 0x695a774b,
+      0xb0e090d0, 0xbbee99dd, 0xa6fc82ca, 0xadf28bc7,
+      0x9cd8b4e4, 0x97d6bde9, 0x8ac4a6fe, 0x81caaff3,
+      0xe890d8b8, 0xe39ed1b5, 0xfe8ccaa2, 0xf582c3af,
+      0xc4a8fc8c, 0xcfa6f581, 0xd2b4ee96, 0xd9bae79b,
+      0x7bdb3bbb, 0x70d532b6, 0x6dc729a1, 0x66c920ac,
+      0x57e31f8f, 0x5ced1682, 0x41ff0d95, 0x4af10498,
+      0x23ab73d3, 0x28a57ade, 0x35b761c9, 0x3eb968c4,
+      0xf9357e7, 0x49d5eea, 0x198f45fd, 0x12814cf0,
+      0xcb3bab6b, 0xc035a266, 0xdd27b971, 0xd629b07c,
+      0xe7038f5f, 0xec0d8652, 0xf11f9d45, 0xfa119448,
+      0x934be303, 0x9845ea0e, 0x8557f119, 0x8e59f814,
+      0xbf73c737, 0xb47dce3a, 0xa96fd52d, 0xa261dc20,
+      0xf6ad766d, 0xfda37f60, 0xe0b16477, 0xebbf6d7a,
+      0xda955259, 0xd19b5b54, 0xcc894043, 0xc787494e,
+      0xaedd3e05, 0xa5d33708, 0xb8c12c1f, 0xb3cf2512,
+      0x82e51a31, 0x89eb133c, 0x94f9082b, 0x9ff70126,
+      0x464de6bd, 0x4d43efb0, 0x5051f4a7, 0x5b5ffdaa,
+      0x6a75c289, 0x617bcb84, 0x7c69d093, 0x7767d99e,
+      0x1e3daed5, 0x1533a7d8, 0x821bccf, 0x32fb5c2,
+      0x32058ae1, 0x390b83ec, 0x241998fb, 0x2f1791f6,
+      0x8d764dd6, 0x867844db, 0x9b6a5fcc, 0x906456c1,
+      0xa14e69e2, 0xaa4060ef, 0xb7527bf8, 0xbc5c72f5,
+      0xd50605be, 0xde080cb3, 0xc31a17a4, 0xc8141ea9,
+      0xf93e218a, 0xf2302887, 0xef223390, 0xe42c3a9d,
+      0x3d96dd06, 0x3698d40b, 0x2b8acf1c, 0x2084c611,
+      0x11aef932, 0x1aa0f03f, 0x7b2eb28, 0xcbce225,
+      0x65e6956e, 0x6ee89c63, 0x73fa8774, 0x78f48e79,
+      0x49deb15a, 0x42d0b857, 0x5fc2a340, 0x54ccaa4d,
+      0xf741ecda, 0xfc4fe5d7, 0xe15dfec0, 0xea53f7cd,
+      0xdb79c8ee, 0xd077c1e3, 0xcd65daf4, 0xc66bd3f9,
+      0xaf31a4b2, 0xa43fadbf, 0xb92db6a8, 0xb223bfa5,
+      0x83098086, 0x8807898b, 0x9515929c, 0x9e1b9b91,
+      0x47a17c0a, 0x4caf7507, 0x51bd6e10, 0x5ab3671d,
+      0x6b99583e, 0x60975133, 0x7d854a24, 0x768b4329,
+      0x1fd13462, 0x14df3d6f, 0x9cd2678, 0x2c32f75,
+      0x33e91056, 0x38e7195b, 0x25f5024c, 0x2efb0b41,
+      0x8c9ad761, 0x8794de6c, 0x9a86c57b, 0x9188cc76,
+      0xa0a2f355, 0xabacfa58, 0xb6bee14f, 0xbdb0e842,
+      0xd4ea9f09, 0xdfe49604, 0xc2f68d13, 0xc9f8841e,
+      0xf8d2bb3d, 0xf3dcb230, 0xeecea927, 0xe5c0a02a,
+      0x3c7a47b1, 0x37744ebc, 0x2a6655ab, 0x21685ca6,
+      0x10426385, 0x1b4c6a88, 0x65e719f, 0xd507892,
+      0x640a0fd9, 0x6f0406d4, 0x72161dc3, 0x791814ce,
+      0x48322bed, 0x433c22e0, 0x5e2e39f7, 0x552030fa,
+      0x1ec9ab7, 0xae293ba, 0x17f088ad, 0x1cfe81a0,
+      0x2dd4be83, 0x26dab78e, 0x3bc8ac99, 0x30c6a594,
+      0x599cd2df, 0x5292dbd2, 0x4f80c0c5, 0x448ec9c8,
+      0x75a4f6eb, 0x7eaaffe6, 0x63b8e4f1, 0x68b6edfc,
+      0xb10c0a67, 0xba02036a, 0xa710187d, 0xac1e1170,
+      0x9d342e53, 0x963a275e, 0x8b283c49, 0x80263544,
+      0xe97c420f, 0xe2724b02, 0xff605015, 0xf46e5918,
+      0xc544663b, 0xce4a6f36, 0xd3587421, 0xd8567d2c,
+      0x7a37a10c, 0x7139a801, 0x6c2bb316, 0x6725ba1b,
+      0x560f8538, 0x5d018c35, 0x40139722, 0x4b1d9e2f,
+      0x2247e964, 0x2949e069, 0x345bfb7e, 0x3f55f273,
+      0xe7fcd50, 0x571c45d, 0x1863df4a, 0x136dd647,
+      0xcad731dc, 0xc1d938d1, 0xdccb23c6, 0xd7c52acb,
+      0xe6ef15e8, 0xede11ce5, 0xf0f307f2, 0xfbfd0eff,
+      0x92a779b4, 0x99a970b9, 0x84bb6bae, 0x8fb562a3,
+      0xbe9f5d80, 0xb591548d, 0xa8834f9a, 0xa38d4697)
+
+U3 = (0x0, 0xd0b0e09, 0x1a161c12, 0x171d121b,
+      0x342c3824, 0x3927362d, 0x2e3a2436, 0x23312a3f,
+      0x68587048, 0x65537e41, 0x724e6c5a, 0x7f456253,
+      0x5c74486c, 0x517f4665, 0x4662547e, 0x4b695a77,
+      0xd0b0e090, 0xddbbee99, 0xcaa6fc82, 0xc7adf28b,
+      0xe49cd8b4, 0xe997d6bd, 0xfe8ac4a6, 0xf381caaf,
+      0xb8e890d8, 0xb5e39ed1, 0xa2fe8cca, 0xaff582c3,
+      0x8cc4a8fc, 0x81cfa6f5, 0x96d2b4ee, 0x9bd9bae7,
+      0xbb7bdb3b, 0xb670d532, 0xa16dc729, 0xac66c920,
+      0x8f57e31f, 0x825ced16, 0x9541ff0d, 0x984af104,
+      0xd323ab73, 0xde28a57a, 0xc935b761, 0xc43eb968,
+      0xe70f9357, 0xea049d5e, 0xfd198f45, 0xf012814c,
+      0x6bcb3bab, 0x66c035a2, 0x71dd27b9, 0x7cd629b0,
+      0x5fe7038f, 0x52ec0d86, 0x45f11f9d, 0x48fa1194,
+      0x3934be3, 0xe9845ea, 0x198557f1, 0x148e59f8,
+      0x37bf73c7, 0x3ab47dce, 0x2da96fd5, 0x20a261dc,
+      0x6df6ad76, 0x60fda37f, 0x77e0b164, 0x7aebbf6d,
+      0x59da9552, 0x54d19b5b, 0x43cc8940, 0x4ec78749,
+      0x5aedd3e, 0x8a5d337, 0x1fb8c12c, 0x12b3cf25,
+      0x3182e51a, 0x3c89eb13, 0x2b94f908, 0x269ff701,
+      0xbd464de6, 0xb04d43ef, 0xa75051f4, 0xaa5b5ffd,
+      0x896a75c2, 0x84617bcb, 0x937c69d0, 0x9e7767d9,
+      0xd51e3dae, 0xd81533a7, 0xcf0821bc, 0xc2032fb5,
+      0xe132058a, 0xec390b83, 0xfb241998, 0xf62f1791,
+      0xd68d764d, 0xdb867844, 0xcc9b6a5f, 0xc1906456,
+      0xe2a14e69, 0xefaa4060, 0xf8b7527b, 0xf5bc5c72,
+      0xbed50605, 0xb3de080c, 0xa4c31a17, 0xa9c8141e,
+      0x8af93e21, 0x87f23028, 0x90ef2233, 0x9de42c3a,
+      0x63d96dd, 0xb3698d4, 0x1c2b8acf, 0x112084c6,
+      0x3211aef9, 0x3f1aa0f0, 0x2807b2eb, 0x250cbce2,
+      0x6e65e695, 0x636ee89c, 0x7473fa87, 0x7978f48e,
+      0x5a49deb1, 0x5742d0b8, 0x405fc2a3, 0x4d54ccaa,
+      0xdaf741ec, 0xd7fc4fe5, 0xc0e15dfe, 0xcdea53f7,
+      0xeedb79c8, 0xe3d077c1, 0xf4cd65da, 0xf9c66bd3,
+      0xb2af31a4, 0xbfa43fad, 0xa8b92db6, 0xa5b223bf,
+      0x86830980, 0x8b880789, 0x9c951592, 0x919e1b9b,
+      0xa47a17c, 0x74caf75, 0x1051bd6e, 0x1d5ab367,
+      0x3e6b9958, 0x33609751, 0x247d854a, 0x29768b43,
+      0x621fd134, 0x6f14df3d, 0x7809cd26, 0x7502c32f,
+      0x5633e910, 0x5b38e719, 0x4c25f502, 0x412efb0b,
+      0x618c9ad7, 0x6c8794de, 0x7b9a86c5, 0x769188cc,
+      0x55a0a2f3, 0x58abacfa, 0x4fb6bee1, 0x42bdb0e8,
+      0x9d4ea9f, 0x4dfe496, 0x13c2f68d, 0x1ec9f884,
+      0x3df8d2bb, 0x30f3dcb2, 0x27eecea9, 0x2ae5c0a0,
+      0xb13c7a47, 0xbc37744e, 0xab2a6655, 0xa621685c,
+      0x85104263, 0x881b4c6a, 0x9f065e71, 0x920d5078,
+      0xd9640a0f, 0xd46f0406, 0xc372161d, 0xce791814,
+      0xed48322b, 0xe0433c22, 0xf75e2e39, 0xfa552030,
+      0xb701ec9a, 0xba0ae293, 0xad17f088, 0xa01cfe81,
+      0x832dd4be, 0x8e26dab7, 0x993bc8ac, 0x9430c6a5,
+      0xdf599cd2, 0xd25292db, 0xc54f80c0, 0xc8448ec9,
+      0xeb75a4f6, 0xe67eaaff, 0xf163b8e4, 0xfc68b6ed,
+      0x67b10c0a, 0x6aba0203, 0x7da71018, 0x70ac1e11,
+      0x539d342e, 0x5e963a27, 0x498b283c, 0x44802635,
+      0xfe97c42, 0x2e2724b, 0x15ff6050, 0x18f46e59,
+      0x3bc54466, 0x36ce4a6f, 0x21d35874, 0x2cd8567d,
+      0xc7a37a1, 0x17139a8, 0x166c2bb3, 0x1b6725ba,
+      0x38560f85, 0x355d018c, 0x22401397, 0x2f4b1d9e,
+      0x642247e9, 0x692949e0, 0x7e345bfb, 0x733f55f2,
+      0x500e7fcd, 0x5d0571c4, 0x4a1863df, 0x47136dd6,
+      0xdccad731, 0xd1c1d938, 0xc6dccb23, 0xcbd7c52a,
+      0xe8e6ef15, 0xe5ede11c, 0xf2f0f307, 0xfffbfd0e,
+      0xb492a779, 0xb999a970, 0xae84bb6b, 0xa38fb562,
+      0x80be9f5d, 0x8db59154, 0x9aa8834f, 0x97a38d46)
+
+U4 = (0x0, 0x90d0b0e, 0x121a161c, 0x1b171d12,
+      0x24342c38, 0x2d392736, 0x362e3a24, 0x3f23312a,
+      0x48685870, 0x4165537e, 0x5a724e6c, 0x537f4562,
+      0x6c5c7448, 0x65517f46, 0x7e466254, 0x774b695a,
+      0x90d0b0e0, 0x99ddbbee, 0x82caa6fc, 0x8bc7adf2,
+      0xb4e49cd8, 0xbde997d6, 0xa6fe8ac4, 0xaff381ca,
+      0xd8b8e890, 0xd1b5e39e, 0xcaa2fe8c, 0xc3aff582,
+      0xfc8cc4a8, 0xf581cfa6, 0xee96d2b4, 0xe79bd9ba,
+      0x3bbb7bdb, 0x32b670d5, 0x29a16dc7, 0x20ac66c9,
+      0x1f8f57e3, 0x16825ced, 0xd9541ff, 0x4984af1,
+      0x73d323ab, 0x7ade28a5, 0x61c935b7, 0x68c43eb9,
+      0x57e70f93, 0x5eea049d, 0x45fd198f, 0x4cf01281,
+      0xab6bcb3b, 0xa266c035, 0xb971dd27, 0xb07cd629,
+      0x8f5fe703, 0x8652ec0d, 0x9d45f11f, 0x9448fa11,
+      0xe303934b, 0xea0e9845, 0xf1198557, 0xf8148e59,
+      0xc737bf73, 0xce3ab47d, 0xd52da96f, 0xdc20a261,
+      0x766df6ad, 0x7f60fda3, 0x6477e0b1, 0x6d7aebbf,
+      0x5259da95, 0x5b54d19b, 0x4043cc89, 0x494ec787,
+      0x3e05aedd, 0x3708a5d3, 0x2c1fb8c1, 0x2512b3cf,
+      0x1a3182e5, 0x133c89eb, 0x82b94f9, 0x1269ff7,
+      0xe6bd464d, 0xefb04d43, 0xf4a75051, 0xfdaa5b5f,
+      0xc2896a75, 0xcb84617b, 0xd0937c69, 0xd99e7767,
+      0xaed51e3d, 0xa7d81533, 0xbccf0821, 0xb5c2032f,
+      0x8ae13205, 0x83ec390b, 0x98fb2419, 0x91f62f17,
+      0x4dd68d76, 0x44db8678, 0x5fcc9b6a, 0x56c19064,
+      0x69e2a14e, 0x60efaa40, 0x7bf8b752, 0x72f5bc5c,
+      0x5bed506, 0xcb3de08, 0x17a4c31a, 0x1ea9c814,
+      0x218af93e, 0x2887f230, 0x3390ef22, 0x3a9de42c,
+      0xdd063d96, 0xd40b3698, 0xcf1c2b8a, 0xc6112084,
+      0xf93211ae, 0xf03f1aa0, 0xeb2807b2, 0xe2250cbc,
+      0x956e65e6, 0x9c636ee8, 0x877473fa, 0x8e7978f4,
+      0xb15a49de, 0xb85742d0, 0xa3405fc2, 0xaa4d54cc,
+      0xecdaf741, 0xe5d7fc4f, 0xfec0e15d, 0xf7cdea53,
+      0xc8eedb79, 0xc1e3d077, 0xdaf4cd65, 0xd3f9c66b,
+      0xa4b2af31, 0xadbfa43f, 0xb6a8b92d, 0xbfa5b223,
+      0x80868309, 0x898b8807, 0x929c9515, 0x9b919e1b,
+      0x7c0a47a1, 0x75074caf, 0x6e1051bd, 0x671d5ab3,
+      0x583e6b99, 0x51336097, 0x4a247d85, 0x4329768b,
+      0x34621fd1, 0x3d6f14df, 0x267809cd, 0x2f7502c3,
+      0x105633e9, 0x195b38e7, 0x24c25f5, 0xb412efb,
+      0xd7618c9a, 0xde6c8794, 0xc57b9a86, 0xcc769188,
+      0xf355a0a2, 0xfa58abac, 0xe14fb6be, 0xe842bdb0,
+      0x9f09d4ea, 0x9604dfe4, 0x8d13c2f6, 0x841ec9f8,
+      0xbb3df8d2, 0xb230f3dc, 0xa927eece, 0xa02ae5c0,
+      0x47b13c7a, 0x4ebc3774, 0x55ab2a66, 0x5ca62168,
+      0x63851042, 0x6a881b4c, 0x719f065e, 0x78920d50,
+      0xfd9640a, 0x6d46f04, 0x1dc37216, 0x14ce7918,
+      0x2bed4832, 0x22e0433c, 0x39f75e2e, 0x30fa5520,
+      0x9ab701ec, 0x93ba0ae2, 0x88ad17f0, 0x81a01cfe,
+      0xbe832dd4, 0xb78e26da, 0xac993bc8, 0xa59430c6,
+      0xd2df599c, 0xdbd25292, 0xc0c54f80, 0xc9c8448e,
+      0xf6eb75a4, 0xffe67eaa, 0xe4f163b8, 0xedfc68b6,
+      0xa67b10c, 0x36aba02, 0x187da710, 0x1170ac1e,
+      0x2e539d34, 0x275e963a, 0x3c498b28, 0x35448026,
+      0x420fe97c, 0x4b02e272, 0x5015ff60, 0x5918f46e,
+      0x663bc544, 0x6f36ce4a, 0x7421d358, 0x7d2cd856,
+      0xa10c7a37, 0xa8017139, 0xb3166c2b, 0xba1b6725,
+      0x8538560f, 0x8c355d01, 0x97224013, 0x9e2f4b1d,
+      0xe9642247, 0xe0692949, 0xfb7e345b, 0xf2733f55,
+      0xcd500e7f, 0xc45d0571, 0xdf4a1863, 0xd647136d,
+      0x31dccad7, 0x38d1c1d9, 0x23c6dccb, 0x2acbd7c5,
+      0x15e8e6ef, 0x1ce5ede1, 0x7f2f0f3, 0xefffbfd,
+      0x79b492a7, 0x70b999a9, 0x6bae84bb, 0x62a38fb5,
+      0x5d80be9f, 0x548db591, 0x4f9aa883, 0x4697a38d)
+
+rcon = (0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x80,
+        0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f,
+        0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4,
+        0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91)
+
+
+@deprecated_class_name('rijndael')
+class Rijndael(object):
+    """
+    Implementation of the AES (formely known as Rijndael) block cipher.
+
+    Supports key sizes of 128, 192 and 256 bits as well as the non
+    standard block sizes of 192 and 256 bits (the standard 128 bit block
+    size is the default).
+
+    Note: this is a pure python stright-forward implementation thus it is
+    vulnerable against majority, if not all possible side channel attacks.
+
+    Can process data just one block at a time, does not perform block
+    cipher chaining or plaintext padding.
+
+    :ival int block_size: the size of the encrypted blocks, in bytes
+    :ival list Ke: key schedule for encryption
+    :ival list Kd: key schedule for decryption
+    """
+    def __init__(self, key, block_size=16):
+        """Initialise the object, derive keys for encryption and decryption."""
+        if block_size != 16 and block_size != 24 and block_size != 32:
+            raise ValueError('Invalid block size: ' + str(block_size))
+        if len(key) != 16 and len(key) != 24 and len(key) != 32:
+            raise ValueError('Invalid key size: ' + str(len(key)))
+        self.block_size = block_size
+
+        ROUNDS = num_rounds[len(key)][block_size]
+        BC = block_size // 4
+        # encryption round keys
+        Ke = [[0] * BC for i in range(ROUNDS + 1)]
+        # decryption round keys
+        Kd = [[0] * BC for i in range(ROUNDS + 1)]
+        ROUND_KEY_COUNT = (ROUNDS + 1) * BC
+        KC = len(key) // 4
+
+        # copy user material bytes into temporary ints
+        tk = []
+        if sys.version_info < (3, 0):
+            for i in range(0, KC):
+                tk.append(
+                    (ord(key[i * 4]) << 24) | (ord(key[i * 4 + 1]) << 16)
+                    | (ord(key[i * 4 + 2]) << 8) | ord(key[i * 4 + 3])
+                )
+        else:
+            for i in range(0, KC):
+                tk.append(
+                    (key[i * 4] << 24) | (key[i * 4 + 1] << 16)
+                    | (key[i * 4 + 2] << 8) | key[i * 4 + 3]
+                )
+
+        # copy values into round key arrays
+        t = 0
+        j = 0
+        while j < KC and t < ROUND_KEY_COUNT:
+            Ke[t // BC][t % BC] = tk[j]
+            Kd[ROUNDS - (t // BC)][t % BC] = tk[j]
+            j += 1
+            t += 1
+        tt = 0
+        rconpointer = 0
+        while t < ROUND_KEY_COUNT:
+            # extrapolate using phi (the round key evolution function)
+            tt = tk[KC - 1]
+            tk[0] ^= (S[(tt >> 16) & 0xFF] & 0xFF) << 24 ^  \
+                     (S[(tt >>  8) & 0xFF] & 0xFF) << 16 ^  \
+                     (S[ tt        & 0xFF] & 0xFF) <<  8 ^  \
+                     (S[(tt >> 24) & 0xFF] & 0xFF)       ^  \
+                     (rcon[rconpointer]    & 0xFF) << 24
+            rconpointer += 1
+            if KC != 8:
+                for i in range(1, KC):
+                    tk[i] ^= tk[i-1]
+            else:
+                for i in range(1, KC // 2):
+                    tk[i] ^= tk[i-1]
+                tt = tk[KC // 2 - 1]
+                tk[KC // 2] ^= (S[ tt        & 0xFF] & 0xFF)       ^ \
+                              (S[(tt >>  8) & 0xFF] & 0xFF) <<  8 ^ \
+                              (S[(tt >> 16) & 0xFF] & 0xFF) << 16 ^ \
+                              (S[(tt >> 24) & 0xFF] & 0xFF) << 24
+                for i in range(KC // 2 + 1, KC):
+                    tk[i] ^= tk[i-1]
+            # copy values into round key arrays
+            j = 0
+            while j < KC and t < ROUND_KEY_COUNT:
+                Ke[t // BC][t % BC] = tk[j]
+                Kd[ROUNDS - (t // BC)][t % BC] = tk[j]
+                j += 1
+                t += 1
+        # inverse MixColumn where needed
+        for r in range(1, ROUNDS):
+            for j in range(BC):
+                tt = Kd[r][j]
+                Kd[r][j] = U1[(tt >> 24) & 0xFF] ^ \
+                           U2[(tt >> 16) & 0xFF] ^ \
+                           U3[(tt >>  8) & 0xFF] ^ \
+                           U4[ tt        & 0xFF]
+        self.Ke = Ke
+        self.Kd = Kd
+
+    def encrypt(self, plaintext):
+        """Encrypt a single block of plaintext."""
+        if len(plaintext) != self.block_size:
+            raise ValueError('wrong block length, expected {0} got {1}'
+                             .format(self.block_size, len(plaintext)))
+        Ke = self.Ke
+
+        BC = self.block_size // 4
+        ROUNDS = len(Ke) - 1
+        if BC == 4:
+            SC = 0
+        elif BC == 6:
+            SC = 1
+        else:
+            SC = 2
+        s1 = shifts[SC][1][0]
+        s2 = shifts[SC][2][0]
+        s3 = shifts[SC][3][0]
+        a = [0] * BC
+        # temporary work array
+        t = []
+        # plaintext to ints + key
+        for i in range(BC):
+            t.append((plaintext[i * 4    ] << 24 |
+                      plaintext[i * 4 + 1] << 16 |
+                      plaintext[i * 4 + 2] <<  8 |
+                      plaintext[i * 4 + 3]        ) ^ Ke[0][i])
+        # apply round transforms
+        for r in range(1, ROUNDS):
+            for i in range(BC):
+                a[i] = (T1[(t[ i           ] >> 24) & 0xFF] ^
+                        T2[(t[(i + s1) % BC] >> 16) & 0xFF] ^
+                        T3[(t[(i + s2) % BC] >>  8) & 0xFF] ^
+                        T4[ t[(i + s3) % BC]        & 0xFF]  ) ^ Ke[r][i]
+            t = a[:]
+        # last round is special
+        result = []
+        for i in range(BC):
+            tt = Ke[ROUNDS][i]
+            result.append((S[(t[ i         ] >> 24) & 0xFF] ^ (tt>>24)) & 0xFF)
+            result.append((S[(t[(i+s1) % BC] >> 16) & 0xFF] ^ (tt>>16)) & 0xFF)
+            result.append((S[(t[(i+s2) % BC] >>  8) & 0xFF] ^ (tt>> 8)) & 0xFF)
+            result.append((S[ t[(i+s3) % BC]        & 0xFF] ^  tt     ) & 0xFF)
+        return bytearray(result)
+
+    def decrypt(self, ciphertext):
+        """Decrypt a block of ciphertext."""
+        if len(ciphertext) != self.block_size:
+            raise ValueError('wrong block length, expected {0} got {1}'
+                             .format(self.block_size, len(ciphertext)))
+        Kd = self.Kd
+
+        BC = self.block_size // 4
+        ROUNDS = len(Kd) - 1
+        if BC == 4:
+            SC = 0
+        elif BC == 6:
+            SC = 1
+        else:
+            SC = 2
+        s1 = shifts[SC][1][1]
+        s2 = shifts[SC][2][1]
+        s3 = shifts[SC][3][1]
+        a = [0] * BC
+        # temporary work array
+        t = [0] * BC
+        # ciphertext to ints + key
+        for i in range(BC):
+            t[i] = (ciphertext[i * 4    ] << 24 |
+                    ciphertext[i * 4 + 1] << 16 |
+                    ciphertext[i * 4 + 2] <<  8 |
+                    ciphertext[i * 4 + 3]        ) ^ Kd[0][i]
+        # apply round transforms
+        for r in range(1, ROUNDS):
+            for i in range(BC):
+                a[i] = (T5[(t[ i           ] >> 24) & 0xFF] ^
+                        T6[(t[(i + s1) % BC] >> 16) & 0xFF] ^
+                        T7[(t[(i + s2) % BC] >>  8) & 0xFF] ^
+                        T8[ t[(i + s3) % BC]        & 0xFF]  ) ^ Kd[r][i]
+            t = a[:]
+        # last round is special
+        result = []
+        for i in range(BC):
+            tt = Kd[ROUNDS][i]
+            result.append((Si[(t[ i         ] >> 24) & 0xFF] ^ (tt>>24)) &0xFF)
+            result.append((Si[(t[(i+s1) % BC] >> 16) & 0xFF] ^ (tt>>16)) &0xFF)
+            result.append((Si[(t[(i+s2) % BC] >>  8) & 0xFF] ^ (tt>> 8)) &0xFF)
+            result.append((Si[ t[(i+s3) % BC]        & 0xFF] ^  tt     ) &0xFF)
+        return bytearray(result)
+
+
+def encrypt(key, block):
+    return Rijndael(key, len(block)).encrypt(block)
+
+
+def decrypt(key, block):
+    return Rijndael(key, len(block)).decrypt(block)
+
+
+def test():
+    def t(kl, bl):
+        b = 'b' * bl
+        r = Rijndael('a' * kl, bl)
+        assert r.decrypt(r.encrypt(b)) == b
+    t(16, 16)
+    t(16, 24)
+    t(16, 32)
+    t(24, 16)
+    t(24, 24)
+    t(24, 32)
+    t(32, 16)
+    t(32, 24)
+    t(32, 32)
diff --git a/mediaflow_proxy/utils/tlshashlib.py b/mediaflow_proxy/utils/tlshashlib.py
new file mode 100644
index 0000000..346f545
--- /dev/null
+++ b/mediaflow_proxy/utils/tlshashlib.py
@@ -0,0 +1,32 @@
+# Author: Hubert Kario (c) 2015
+# see LICENCE file for legal information regarding use of this file
+
+"""hashlib that handles FIPS mode."""
+
+# Because we are extending the hashlib module, we need to import all its
+# fields to suppport the same uses
+# pylint: disable=unused-wildcard-import, wildcard-import
+from hashlib import *
+# pylint: enable=unused-wildcard-import, wildcard-import
+import hashlib
+
+
+def _fipsFunction(func, *args, **kwargs):
+    """Make hash function support FIPS mode."""
+    try:
+        return func(*args, **kwargs)
+    except ValueError:
+        return func(*args, usedforsecurity=False, **kwargs)
+
+
+# redefining the function is exactly what we intend to do
+# pylint: disable=function-redefined
+def md5(*args, **kwargs):
+    """MD5 constructor that works in FIPS mode."""
+    return _fipsFunction(hashlib.md5, *args, **kwargs)
+
+
+def new(*args, **kwargs):
+    """General constructor that works in FIPS mode."""
+    return _fipsFunction(hashlib.new, *args, **kwargs)
+# pylint: enable=function-redefined
diff --git a/mediaflow_proxy/utils/tlshmac.py b/mediaflow_proxy/utils/tlshmac.py
new file mode 100644
index 0000000..789df72
--- /dev/null
+++ b/mediaflow_proxy/utils/tlshmac.py
@@ -0,0 +1,88 @@
+# Author: Hubert Kario (c) 2019
+# see LICENCE file for legal information regarding use of this file
+
+"""
+HMAC module that works in FIPS mode.
+
+Note that this makes this code FIPS non-compliant!
+"""
+
+# Because we are extending the hashlib module, we need to import all its
+# fields to suppport the same uses
+from . import tlshashlib
+from .compat import compatHMAC
+try:
+    from hmac import compare_digest
+    __all__ = ["new", "compare_digest", "HMAC"]
+except ImportError:
+    __all__ = ["new", "HMAC"]
+
+try:
+    from hmac import HMAC, new
+    # if we can calculate HMAC on MD5, then use the built-in HMAC
+    # implementation
+    _val = HMAC(b'some key', b'msg', 'md5')
+    _val.digest()
+    del _val
+except Exception:
+    # fallback only when MD5 doesn't work
+    class HMAC(object):
+        """Hacked version of HMAC that works in FIPS mode even with MD5."""
+
+        def __init__(self, key, msg=None, digestmod=None):
+            """
+            Initialise the HMAC and hash first portion of data.
+
+            msg: data to hash
+            digestmod: name of hash or object that be used as a hash and be cloned
+            """
+            self.key = key
+            if digestmod is None:
+                digestmod = 'md5'
+            if callable(digestmod):
+                digestmod = digestmod()
+            if not hasattr(digestmod, 'digest_size'):
+                digestmod = tlshashlib.new(digestmod)
+            self.block_size = digestmod.block_size
+            self.digest_size = digestmod.digest_size
+            self.digestmod = digestmod
+            if len(key) > self.block_size:
+                k_hash = digestmod.copy()
+                k_hash.update(compatHMAC(key))
+                key = k_hash.digest()
+            if len(key) < self.block_size:
+                key = key + b'\x00' * (self.block_size - len(key))
+            key = bytearray(key)
+            ipad = bytearray(b'\x36' * self.block_size)
+            opad = bytearray(b'\x5c' * self.block_size)
+            i_key = bytearray(i ^ j for i, j in zip(key, ipad))
+            self._o_key = bytearray(i ^ j for i, j in zip(key, opad))
+            self._context = digestmod.copy()
+            self._context.update(compatHMAC(i_key))
+            if msg:
+                self._context.update(compatHMAC(msg))
+
+        def update(self, msg):
+            self._context.update(compatHMAC(msg))
+
+        def digest(self):
+            i_digest = self._context.digest()
+            o_hash = self.digestmod.copy()
+            o_hash.update(compatHMAC(self._o_key))
+            o_hash.update(compatHMAC(i_digest))
+            return o_hash.digest()
+
+        def copy(self):
+            new = HMAC.__new__(HMAC)
+            new.key = self.key
+            new.digestmod = self.digestmod
+            new.block_size = self.block_size
+            new.digest_size = self.digest_size
+            new._o_key = self._o_key
+            new._context = self._context.copy()
+            return new
+
+
+    def new(*args, **kwargs):
+        """General constructor that works in FIPS mode."""
+        return HMAC(*args, **kwargs)