Audio/video stream recording forums > Streaming media recording forum > rtmpdump > dumping Ilive.to

Hey guys,

Do you know how to dump ilive.to streamings?

It used to be possible to dump the streams getting a token from http://www.ilive.to/server.php but not anymore. Although it's still possible to get a token the server closes the connection.


rtmpdump -r rtmp://live.iguide.to/edge -y vsoui5hx1do3qon -W http://player.ilive.to/secure_player_ilive_z.swf --token "UYDk93k#09sdafjJDHJKAD873" --live --debug -p "http://www.ilive.to/view/49959/watch-live-SIC_Noticias-streaming-channel-for-free"

try with
-T "I8772LDKksadhGHGagf#"

test that

--token "I8772LDKksadhGHGagf#"

Thanks @KSV

Is the token from the server.php response modified in the swf file?

I answer myself. The token is obfuscated inside the swf.

I take the opportunity to ask you guys, how did you find the token? deobfuscating the swf? Or somehow you've found a method to reverse the process:

Recieve SecureToken()--->DecodeTEA()--->SendSecureResponse()

Thanks

I mostly just signed up to say thanks! The token from server.php still worked a few days ago; now it doesn’t seem to be as easy anymore.

In another thread (http://stream-recorder.com/forum/coolsport-tv-challenge-t16334p5.html#post62606), oelk said that you can find the token either by manipulating the code to output the calculated token, by using a debugger, or by using a “decryption” function in one’s own code.

Now I would like to be able to extract these tokens myself, but while I’m a software dev, I’m not versed in ActionScript/Flash programming. Are there any how-to guides, preferably for Linux, that describe the process? I’ve seen people in other threads ask the same question, but the search doesn’t seem to produce anything of the sort.

I've been thinking on it and I guess the most simple, feasible way would be to dissamble the swf put a "print" and assemble again.

For example in ilive.to's swf file we can see in assembly code:


43 getproperty info //nameIndex = 249
46 getproperty secureToken //nameIndex = 1823
49 getlex undefined //nameIndex = 255
52 ifeq L4

56 getlocal0
57 getproperty private::_connection //nameIndex = 239
60 pushstring "secureTokenResponse" //stringIndex = 2382
63 pushnull
64 getlex com.wowza.encryptionAS3::TEA //nameIndex = 1068
67 getscopeobject 1
69 getslot 1
71 getproperty info //nameIndex = 249
74 getproperty secureToken //nameIndex = 1823
77 getlex _a_-_--- //nameIndex = 3047
80 pushint -1820302793 // 0x-6c7f9dc9
82 callproperty _a_--_-- (1) //nameIndex = 2444
86 coerce_s
87 callproperty decrypt (2) //nameIndex = 1782
91 callpropvoid call (3) //nameIndex = 195



Making a wild guess as I'm dont know match about actionscript translates to something like:


_connection.call("secureTokenResponse", null, TEA.decrypt(evt.info.secureToken, _a_-_---(-1820302793)));


Where _a_-_---() it's an obfuscated function. And maybe we can put something like trace(_a_-_---(-1820302793)) in assembly to show the computed token. (I think this method would also apply for coolsport)


@Telofy
I also work in linux and unfortunately there isn't much, you can try JPEXS Decompiler though. The best I've found it's Adobe swf investigator http://labs.adobe.com/technologies/swfinvestigator/

Hmmhmm, JPEXS is what I used, and it gives me:

if(evt.info.secureToken != undefined)
{
this._connection.call("secureTokenResponse",null,TEA.decrypt(evt.info.secureToken,_a_-_---._a_--_--(-1820302793)));
}

The whole file “_a_-_---.as” looks like this:

package
{
import flash.display.Sprite;
import flash.utils.ByteArray;
import flash.utils.Endian;


public class _a_-_--- extends Sprite
{
{
var _loc1_:* = true;
var _loc2_:* = false;
}

public function _a_-_---() {
var _loc1_:* = false;
var _loc2_:* = true;
super();
}

private static var _a_--_-:Class = _a_-_-__;

private static var _a_--_:Class = _a_-_;

private static var _a_-__:Class = _a_---;

private static var _a_-____:Array = new Array();

private static var _a_----:Array = new Array();

private static var _a_-___-:Boolean = false;

private static var _a_--:int;

private static function _a_-_--() : void {
var _loc7_:* = false;
var _loc8_:* = true;
var _loc1_:ByteArray = new _a_--_-() as ByteArray;
var _loc2_:ByteArray = new _a_--_() as ByteArray;
var _loc3_:ByteArray = new _a_-__() as ByteArray;
_loc3_.endian = Endian.LITTLE_ENDIAN;
_a_-- = _loc3_.readInt();
var _loc4_:int = _loc2_.readByte();
var _loc5_:* = 0;
while(_loc5_ < _loc4_)
{
_a_-__-_(_loc2_);
_loc5_++;
}
_loc4_ = _loc1_.readInt();
var _loc6_:* = 0;
while(_loc6_ < _loc4_)
{
_a_--__(_loc1_,_a_----[_loc6_ % _a_----.length]);
_loc6_++;
}
_a_-___- = true;
}

private static function _a_--__(param1:ByteArray, param2:ByteArray) : void {
var _loc6_:* = false;
var _loc7_:* = true;
var _loc3_:int = param1.readInt();
var _loc4_:ByteArray = new ByteArray();
param1.readBytes(_loc4_,0,_loc3_);
var _loc5_:_a_-_-_ = new _a_-_-_(param2);
_loc5_._a_---_(_loc4_);
_loc4_.position = 0;
_a_-____.push(_loc4_.readUTFBytes(_loc4_.length));
}

private static function _a_-__-_(param1:ByteArray) : void {
var _loc3_:* = false;
var _loc4_:* = true;
var _loc2_:ByteArray = new ByteArray();
param1.readBytes(_loc2_,0,16);
_loc2_.position = 0;
_a_----.push(_loc2_);
}

public static function _a_--_--(param1:int) : String {
var _loc2_:* = false;
var _loc3_:* = true;
if(!_a_-___-)
{
_a_-_--();
}
return _a_-____[param1 ^ _a_--];
}
}

}

Welp. But if the OS is a problem, I can boot up a VM.

There were several “severe” errors during the decompilation, so I doubt the result plus print command could be recompiled again. Disassembling it seems like a good idea.

The decompiled “_a_-_---.as” from JPEXS doesn't make much sense at least for me. I've been playing with the deobfuscated functions/classes from JPEXS in a flex compiler and the result is that:

(Following the flow of)


if(evt.info.secureToken != undefined)
{
this._connection.call("secureTokenResponse",null,TEA.decrypt(evt.info.secureToken,_a_-_---._a_--_--(-1820302793)));
}


After function:


public static function _a_--_--(param1:int) : String {
var _loc2_:* = false;
var _loc3_:* = true;
if(!_a_-___-)
{
_a_-_--();
}
return _a_-____[param1 ^ _a_--];
}


receives the integer -1820302793 and then calls:


private static function _a_-_--() : void {
var _loc7_:* = false;
var _loc8_:* = true;
var _loc1_:ByteArray = new _a_--_-() as ByteArray;
var _loc2_:ByteArray = new _a_--_() as ByteArray;
var _loc3_:ByteArray = new _a_-__() as ByteArray;
_loc3_.endian = Endian.LITTLE_ENDIAN;
_a_-- = _loc3_.readInt();
var _loc4_:int = _loc2_.readByte();
var _loc5_:* = 0;
while(_loc5_ < _loc4_)
{
_a_-__-_(_loc2_);
_loc5_++;
}
_loc4_ = _loc1_.readInt();
var _loc6_:* = 0;
while(_loc6_ < _loc4_)
{
_a_--__(_loc1_,_a_----[_loc6_ % _a_----.length]);
_loc6_++;
}
_a_-___- = true;
}


the execution fails miserably at:


_a_-- = _loc3_.readInt();


As var _loc3_ is empty. Maybe JPEXS doesn't decompile the file in a proper way or maybe I'm missing something...

Next thing I'll try it's dissamble-->assemble with https://github.com/CyberShadow/RABCDAsm.

Ideas Welcome.

Well even though, my idea is going down a different path than you folks, I somewhat have found a way to get a fresh copy of the token on-the-fly.

I was looking at svnpenn's Hulu.sh script which takes a Hulu video url into Firefox, memory dumps it, then searches said dump for parameters.

I noticed you can do the exact same thing with ilive and the token is in the dump, but I currently am having issues with the regex to spit out the token to place in rtmpdump.

It appears the token is always before the words "Connection succeeded" so I should just need a regex that says "give me the alphanumeric with some symbols string right before Connecton succeeded".

I using gawk, sed, curl, wget, etc having my script already getting the tcURL, swfurl, & playpath.

I know this isn't the greatest in the world way of doing it, but I know it's possible at least.

That method seems very promising. The hulu.sh script (http://ffmpeg.zeranoe.com/forum/viewtopic.php?f=29&t=1003) is written for Cygwin, but I borrowed a little from it.


$ MOZ_DISABLE_OOP_PLUGINS=1 firefox -no-remote -profile . <URL>
[1] 30552
$ ./dump-pid.sh 30552
$ strings -10 *.dump | grep -B 1 "Connection succeeded\."
I8772LDKksadhGHGagf#
Connection succeeded.


The complicated Firefox invocation avoids interference with running Firefoxies, dump-pid.sh (http://serverfault.com/a/408929) comes from Server Fault, and the final grep is highly experimental, since I’ve only tested this once so far. Thanks!

Unfortunately it's not working for me.

Do you have any other conf in mms.cfg aside from:


ProtectedMode=0

Well I am having issues myself, but it's very bizarre.

I am using the following script:

http://goo.gl/XJv0UU

Winstrings is simply the strings.exe from SysInternals, a Win version of strings, as strings -10 from above was taking forever in Cygwin. Also I did two grep lines because for some reason in hex, sometimes the token is before "Connection succeeded" while other times it seems to be after, instead.

It works perfectly on my Win 7 64-bit desktop, tested at least 5 times.

Yet if I try it on my XP Pro 32-bit, Laptop Win 8 64-bit, or my Vista 64-bit, they all fail.

Something seems to be failing at the dump of Firefox because opening the said dumps in HxD definitely does not show the token.

I am just confused how the exact same script and even using the exact same baby-cygwin on each PC would cause such behavior.

EDIT: It appears that I simply wasn't providing enough sleep between dump and kill Firefox, which was causing it to sometimes get the token and sometimes not, but it still once in a while doesn't get the token. I hope to find a more consistent approach as this will cause serious issues with scheduled recordings.

DMW on another forum has just posted this http://ge.tt/7vL8zot/v/0?c

DMW on another forum has just posted this http://ge.tt/7vL8zot/v/0?c

Leave it to DMW to always create really cool things.

Thanks again for the link. I know I probably would have seen it anyway on the other forum, but my method was driving me insane, LoL.

So here goes another method:

Disassembly / Assembly Method:

First modify you mms.cfg like this as we want to see the output of the trace() method.


#Hardware video decoding
#EnableLinuxHWVideoDecode=1
ProtectedMode=0
ErrorReportingEnable=1
TraceOutputFileEnable=1
MaxWarnings=50
AS3Trace=1


Then grab a flash player with debug enabled. In my case Projector content debugger for linux from http://www.adobe.com/support/flashplayer/downloads.html. (The linux version it's only 32 bits so if you are running a 64 bit distro make sure you download the required lib32 libs, like lib32-alsa-plugins lib32-curl lib32-gtk2 lib32-libxt lib32-nss)


Now we are going to disassemble the swf file insert a print and assembly again. I'm going to use https://github.com/CyberShadow/RABCDAsm.

In this case we want to see the output of the function _a_-_---._a_--_--(-1820302793)

The trace it's going to be inserted in the PlayerSetup class so we only have to open the swf file to trigger our trace.

Now we disassemble:


$ abcexport secure_player_ilive_z.swf
$ rabcdasm secure_player_ilive_z-1.abc


Now we are going to modify the Player.class.asasm to insert our trace method in assembly code:



findpropstrict QName(PackageNamespace(""), "trace")
getlex QName(PackageNamespace("", "#0"), "_a_-_---")
pushint -1820302793
callproperty QName(PackageNamespace("", "#1"), "_a_--_--"), 1
coerce_s
callpropvoid QName(PackageNamespace(""), "trace"), 1


which equals trace(a_-_---._a_--_--(-1820302793));

We want to trigger this trace as soon as the swf it's opened so we insert it in Player.class.asasm like this:


class
refid "com.longtailvideo.jwplayer.player:Player"
instance QName(PackageNamespace("com.longtailvideo.jwplayer.player"), "Player")
extends QName(PackageNamespace("flash.display"), "Sprite")
implements Multiname("IPlayer", [PackageNamespace("com.longtailvideo.jwplayer.player")])
implements Multiname("IGlobalEventDispatcher", [PackageNamespace("com.longtailvideo.jwplayer.events")])
flag SEALED
flag PROTECTEDNS
protectedns ProtectedNamespace("com.longtailvideo.jwplayer.player:Player")
iinit
refid "com.longtailvideo.jwplayer.player:Player/instance/init"
flag NEED_ACTIVATION
body
maxstack 4
localcount 3
initscopedepth 10
maxscopedepth 15
code
getlocal0
pushscope

newactivation
newfunction "com.longtailvideo.jwplayer.player:Player/instance/init/inline_method"
pop
findpropstrict QName(PackageNamespace(""), "trace")
getlex QName(PackageNamespace("", "#0"), "_a_-_---")
pushint -1820302793
callproperty QName(PackageNamespace("", "#1"), "_a_--_--"), 1
coerce_s
callpropvoid QName(PackageNamespace(""), "trace"), 1

jump L9

......



Now we assemble again:


$ rabcasm secure_player_ilive_z-1/secure_player_ilive_z-1.main.asasm
$abcreplace secure_player_ilive_z.swf 1 secure_player_ilive_z-1/secure_player_ilive_z-1.main.abc


Now we launch our flash debugger and open our modified swf file and we see:



I8772LDKksadhGHGagf#
Error: Error #2067: The ExternalInterface is not available in this container. ExternalInterface requires Internet Explorer ActiveX, Firefox, Mozilla 1.7.5 and greater, or other browsers that support NPRuntime.
at Error$/throwError()
at flash.external::ExternalInterface$/addCallback()
at com.longtailvideo.jwplayer.controller::Controller/preRollAdLoad()
at com.longtailvideo.jwplayer.controller::Controller/setupPlayer()
at com.longtailvideo.jwplayer.player::Player/setupPlayer()


That's all folks

Wow, now we have three different methods! Awesome! (Yet the stream was down at the precise moment I needed it. :-P)

And to answer that question from much earlier, I didn’t touch any file “mms.cfg”; I don’t even seem to have one on my system.

Lol I'm a noob at coding/decoding this secure tokens. I'm willing to pay $5 to who ever can teach me personalty in teamviewer. PM ME.

Hi all,

I was trying to download iguide.to links. Unfortunately looks like they
Any one know how to get Iguide.to token?
Example link = http://www.iguide.to/view/3/

Thanks

@pwish

you need secureToken for that
PM me

Seems like they switched back to the AJAX solution. Kind thanks for that. The tcUrl is a bit unintuitive now, rtmp://50.7.69.186/edge, and the token is Uk78nino. They can probably change this easily.

Seems like they switched back to the AJAX solution. Kind thanks for that. The tcUrl is a bit unintuitive now, rtmp://50.7.69.186/edge, and the token is Uk78nino. They can probably change this easily.

Hi,
How I can find token , any software or guideline please?
Thanks.

Seems like they switched back to the AJAX solution. Kind thanks for that. The tcUrl is a bit unintuitive now, rtmp://50.7.69.186/edge, and the token is Uk78nino. They can probably change this easily.

how to find token ?
any software or guideline ?
Thanks.

They haven’t changed it since my last post here. It’s still an AJAX request. Just open the network tab of your browser’s inspection or developer tools and look for a promising-looking file name. It seems to be server.php at the moment with the token abc109h3.

Also, careful, you double-posted.

They haven’t changed it since my last post here. It’s still an AJAX request. Just open the network tab of your browser’s inspection or developer tools and look for a promising-looking file name. It seems to be server.php at the moment with the token abc109h3.

Also, careful, you double-posted.

thanks for guide but confused

network tab of your browser’s inspection or developer tools

is it inbuilt in firefox browser?(I am using it )
any application can read or find token directly?

Well, for now, you can just call up the the server.php (http://www.ilive.to/server.php?id=1391723868&_=1391723869257). But they can change that any time.

Shift+Ctrl+I opens the Firefox developer tools thingy for me.

http://i.imgur.com/dQnjbX6l.png (http://i.imgur.com/dQnjbX6.png)

Well, for now, you can just call up the the server.php (http://www.ilive.to/server.php?id=1391723868&_=1391723869257). But they can change that any time.

Shift+Ctrl+I opens the Firefox developer tools thingy for me.

http://i.imgur.com/dQnjbX6l.png (http://i.imgur.com/dQnjbX6.png)

Got it thanks

please if any one can help Ilive is using new hard nut security system wich is string -a " " that changes every time in addetion to the ibfuscated token , so now any way is available to stream iLive like before ??!!!!!!!!!!!!!!!!

Yep, fixed that this morning. It works again when you obtain a fresh value for the xs parameter before connecting. E.g., in Bash: xs=$(curl http://www.ilive.to/view/[Insert your channel] 2> /dev/null | grep -o '_we_[^"]*'). (It may be bound to the IP address, not sure.) Otherwise nothing seems to have changed.

Yep, fixed that this morning. It works again when you obtain a fresh value for the xs parameter before connecting. E.g., in Bash: xs=$(curl http://www.ilive.to/view/[Insert your channel] 2> /dev/null | grep -o '_we_[^"]*'). (It may be bound to the IP address, not sure.) Otherwise nothing seems to have changed.

where it has been fixed ? u mean ? is that a script u r using it to obtain a fresh app string (-a) , how i shall use it , also can u please write down parameters to watch on vlc ?

Well, for now, you can just call up the the server.php. But they can change that any time.


Well they have changed it to http://www.ilive.to/server2.php?id=1398465202&_=1398465212145
which displays the home page.
My former tools to access the token do not work.
Anyone know how to access the new token?

Well they have changed it to http://www.ilive.to/server2.php?id=1398465202&_=1398465212145
which displays the home page.
My former tools to access the token do not work.
Anyone know how to access the new token?

This is what I use: (N = "whatever stream page data/source code" as a string)Url = Regex.Match(N, "getJSON([A-Za-z0-9\/:.?=-_]+)").Groups(1).Value & "&_=" & (DateTime.UtcNow - New DateTime(1970, 1, 1, 0, 0, 0)).TotalSeconds

Token = Regex.Match(GETWInfo(U_:=Url), "token:([A-Za-z0-9\/:.?=-_]+)").Groups(1).ValueURL gets the server address and assigns the timecode.
Token gets the "token" of course.
GETWInfo is a webclient function. (I use vb12)

Can you post a working example. I don't understand what to use for N or how to execute your statements. Googleing vb12 and/or WGETInfo returns nothing.

Can you post a working example. I don't understand what to use for N or how to execute your statements. Googleing vb12 and/or WGETInfo returns nothing.

Since I work with visual basic 12, If i provide the full working code how do you plan to use ? with what application or script

to much work and that is iguide, the streams are a little different than ilive.

try this and see if it works (http://www.mediafire.com/download/txgc1m80d09dw0z/itoken.rar)
just paste a url to appropriate textbox and press the button.

streams are a little different than iliveDon't see much difference (I mean the token from the php file)

http://savepic.net/5355983m.png (http://savepic.net/5355983.htm)

Don't see much difference

http://savepic.net/5355983m.png (http://savepic.net/5355983.htm)
ilive stream example:
rtmp://watch2.ilive.to:1935/edge/_definst_/?xs=_we_aDVlb3ZhajFqZWVnbHVxfDEzOTg2ODA1NDN8MTkwLj IxMy4xNzYuMTIyfDUzNWUyYTc3ZDQ0MTB8NGMwNzZjN2U3YzRl ZTgzMTg2M2E0MWZiM2E4YWQyMzFhYWZhZjY2Yg../ -W http://cdn.ilive.to/player/player_ilive_2.swf -p http://www.ilive.to/view/38768/USA_Network-live-stream-channel -y h5eovaj1jeegluq -T i6e4e2dddd5fa3566e408cadb0da4aab
iguide stream example:rtmp://31.7.56.202:1935/iguide/ -W http://cdn.iguide.to/player/secure_player_iguide_token.swf -p http://www.iguide.to/view/15178/Eurosport -y wzrdy7ist914fes -T #ed%h0#w18623jsda6523lDGD

the token may change every couple of days/weeks but this key for ilive is always changing and makes it a little more challenging to use.
xs=_we_aDVlb3ZhajFqZWVnbHVxfDEzOTg2ODA1NDN8MTkwLj IxMy4xNzYuMTIyfDUzNWUyYTc3ZDQ0MTB8NGMwNzZjN2U3YzRl ZTgzMTg2M2E0MWZiM2E4YWQyMzFhYWZhZjY2Yg..

but i will admit that ilive is improving on protecting their streams.

Sandy, I'd like to keep this dialog via pm else they will keep changing their tokens, however you have blocked pms to you. Can you please unblock or pm me an email or your source code. Your program worked the first time but not since then.

Sandy, I'd like to keep this dialog via pm else they will keep changing their tokens, however you have blocked pms to you. Can you please unblock or pm me an email or your source code. Your program worked the first time but not since then.
No it looks as if their servers were either down or overloaded as it started working again a few minutes ago, but they have changed their token, again.

Sandy I really do not want to do this dialog publicly. If you add me to your buddy list and authorize PMs for buddys then we can go offline and I can explain more and you can deauthorize me if the result is not of value to you.

The servers are working fine because rtmpdump runs and vlc plays the stream but your program does not display the resulting url and token in the window so there is some other problem. They are in fact changing the token every 500 seconds so I need your source to both fix the problem and to create a command line version so I can run it dynamically and fetch the generated url so my program can fetch the stream and play it on my TV.

Sandy I really do not want to do this dialog publicly. If you add me to your buddy list and authorize PMs for buddys then we can go offline and I can explain more and you can deauthorize me if the result is not of value to you.

The servers are working fine because rtmpdump runs and vlc plays the stream but your program does not display the resulting url and token in the window so there is some other problem. They are in fact changing the token every 500 seconds so I need your source to both fix the problem and to create a command line version so I can run it dynamically and fetch the generated url so my program can fetch the stream and play it on my TV.Try PM Now.
if you put your mouse over the bottom border you can click and drag it open to see the info that it sends to rtmpdump.

I could add a command line feature for input and output, input will be something like --ilive stream link here --file whatever.txt or --iguide how does that sound ? If you don't mind I will discuss here so others may benefit, you can keep your code/script to yourself or share (your choice), I'm here to share what little I know with others.

Super..now I see the token.. Can you do a CLI that outputs the url to stdout? See my PM with more/

Better still I think I now understand how to do this myself using server as above,

I am trying to dump this stream, but not able to do it http://www.ilive.to/view/38768/USA_Network-live-stream-channel

Please help.

/usr/bin/rtmpdump -v -r "rtmp://watch2.ilive.to:1935/edge/_definst_/?xs=_we_aDVlb3ZhajFqZWVnbHVxfDE0MDAzMzkyOTF8MTE3Lj IwMC4xNTkuMTI1fDUzNzc3OWYzYjZiNWF8MzRiNzBmYTAxMGUz NDU5M2M1ODE1ZmMyMDAyYTVhZmZlZWFmZTEyNA../h5eovaj1jeegluq.flv" -f "WIN 11,5,502,149" -W "http://www.ilive.to/player/player_ilive_2.swf" -p "http://www.ilive.to/view/38768/USA_Network-live-stream-channel" -T "M051c0ecde8e1e609b531810fed27f6c" -C S:OK -q

@Sandy: Things seem to have changed again and the generated URLs no longer work. Can you help?
eg: rtmp://watch1.direct2watch.com:1935/edge/_definst_/?xs=_we_eXhrM2R2ZWY0cmJxYW54fDE0MDI2MTcyMzZ8MTczLj I0OC4yMTEuNDN8NTM5YTNjMmM1OThhZnw2MDRjZTY2NDM2ZWI4 ZGM0MDVjZGVhZTE5ODZmMmY1NmYwMTEzMTQ1/ -W http://www.ilive.to/player/player_ilive_2.swf -p http://www.ilive.to/view/65684/The_Documentary_Channel-live-stream-channel -y yxk3dvef4rbqanx -T ibd386634e63963737da865f65f8f226

@Sandy: Things seem to have changed again and the generated URLs no longer work. Can you help?
eg: rtmp://watch1.direct2watch.com:1935/edge/_definst_/?xs=_we_eXhrM2R2ZWY0cmJxYW54fDE0MDI2MTcyMzZ8MTczLj I0OC4yMTEuNDN8NTM5YTNjMmM1OThhZnw2MDRjZTY2NDM2ZWI4 ZGM0MDVjZGVhZTE5ODZmMmY1NmYwMTEzMTQ1/ -W http://www.ilive.to/player/player_ilive_2.swf -p http://www.ilive.to/view/65684/The_Documentary_Channel-live-stream-channel -y yxk3dvef4rbqanx -T ibd386634e63963737da865f65f8f226Well ilive and iguide works as normal for me, check over your code.

Example for A&E TVrtmp://watch2.ilive.to:1935/edge/_definst_/?xs=_we_azZpM3YybWxtemg0YmNkfDE0MDI3MTI1ODV8MTkwLj IxMy4xNzYuMTIyfDUzOWJiMGExNzc4NmN8ZWFlNWJmMWQ4YjMw YzcxNmJhNzQ2NjNmMmEyMjlkZTc4YjEyNGViNg../ -W http://www.ilive.to/player/player_ilive_2.swf -p http://www.ilive.to/ -y k6i3v2mlmzh4bcd --token T70ab0940280d6392f074c7b7f984376

@sandy187 Thanks. A / must be added to the end of rtmp term!
PS: Where are you getting the uri 142.4.216.60:1935 for the m3u8 urls in hive? http://www.ilive.to/m/channel.php?n=##### only gives http:\/\/111:1935. They work if I force the uri but I would like to be protected from changes.