Audio/video stream recording forums > Streaming media recording forum > rtmpdump > rtmp_readpacket (maybe token?)

Hello all,

I just started using rtmpdump and been using rtmpdumpHelper with good results. However, I can't seem to get streams from stream2watch.me and freetvall.com to work all.

Thank you in advance for all your help. I'm greatly appreciated.


From freetvall.com http://freetvall.com/video/3WUHOO41DKS2/Discovery-Channel
[CODE]tmpdump -r "rtmp://watch1.streamlive.to:1935/edge/_defi
nst_/" -a "edge/_definst_/?xs=_we_cm83YzllaGEwejk2aHBwfDE0MTYzODAwODh8NTAuOT cuOD
IuNDJ8NTQ2YzNkNTBiOTQ1NXwzMGUxMTE0ZTMwMzZmMzVjNDI2 N2JiNzE1ZmIzNGJjZWZiOWFlNzEy"
-f "WIN 15,0,0,223" -W "http://www.streamlive.to/player/player_ilive_embed.swf"
-p "http://www.streamlive.to/embedplayer.php?width=658&height=430&channel=69110&
autoplay=true" -y "ro7c9eha0z96hpp" -o "discovery.flv"
RTMPDump v2.4 GIT-2014-07-07 (Compiled by KSV)
(c) 2010 Andrej Stepanchuk, Howard Chu, The Flvstreamer Team; license: GPL
Connecting ...
INFO: Connected...
ERROR: RTMP_ReadPacket, failed to read RTMP packet header

From stream2watch.me http://www.stream2watch.me/live-tv/discovery-channel-live-stream
rtmpdump -r "rtmpe://46.246.29.160:1935/live/" -a "live/
" -f "WIN 15,0,0,223" -W "http://prvservers.com/j/jwplayer.flash.swf" -p "http:/
/prvservers.com/embed2.php?u=discoo&vw=620&vh=470&domain=usachannels.tv" --live
-y "discoo" -o "2014-11-19_03-55-55_discoo.flv"
RTMPDump v2.4 GIT-2014-07-07 (Compiled by KSV)
(c) 2010 Andrej Stepanchuk, Howard Chu, The Flvstreamer Team; license: GPL
Connecting ...
WARNING: Trying different position for server digest!
INFO: Connected...
ERROR: RTMP_ReadPacket, failed to read RTMP packet header

EDIT: I apologized for not realizing this sooner but I looked around and it seemed like this is a token problem. I'm looking for instructions to get token right now so if anybody know of a good method to decrypt/decompile swf, I would appreciate it if you could point me to the right direction. In the mean time, I will continue to look for instructions.

rtmpdump -r "rtmpe://46.246.124.31:1935/live/" -a "live/" -f "WIN 13,0,0,214" -W "http://prvservers.com/j/jwplayer.flash.swf" -p "http://prvservers.com/embed2.php?u=discoo&vw=620&vh=470&domain=usachannels.tv" --live -y "discoo" -o "2014-11-19_07-31-41_discoo.flv" -T "#yw%%tt#w@kku"

peterpan, thank you for your help. Could you point me to where I can learn how to do that?

Thanks, again!

If you can't decompile the swf (looks obfuscated or broken) then check the memory.....
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

060DCAC0 65 08 72 65 64 69 72 65 63 74 0B 73 65 63 75 72 e.redirect.secur
060DCAD0 65 54 6F 6B 65 6E 09 75 6E 64 65 66 69 6E 65 64 eToken.undefined
060DCAE0 10 72 6F 67 65 72 53 65 63 75 72 65 54 6F 6B 65 .rogerSecureToke
060DCAF0 6E 04 68 61 73 68 0C 23 79 77 25 74 74 23 77 40 n.hash.#yw%tt#w@
060DCB00 6B 6B 75 03 54 45 41 17 63 6F 6D 2E 77 6F 77 7A kku.TEA.com.wowz
060DCB10 61 2E 65 6E 63 72 79 70 74 69 6F 6E 41 53 33 07 a.encryptionAS3.
...in many cases you find the stored token right after securetoken ASCII string if memory was not overwritten.What you can do if you think token is used then...

- check memory first (quick check)
- or decompile swf file (search connection.call to find token string or string for -K parameter if used) in action script.
- or using any other advanced methods

If no token used then the problem could be that some parameters you got a dynamic (playpath for exsample) and working just per session (time-limit or per access etc) or rtmpdump dosen't work (because of any bugs or not supported features / streams).

greetz

Hello, troller12, do you mind point me to where I can learn how to check the memory for the token?

I tried following this http://forum.wiziwig.eu/threads/83849-Tutorial-Finding-a-SWF-Secure-Token

I extracted three files with .as extension but I cannot find anything in it.

I even tried to get the code from showmycode.com and can't find anything related to securetoken, shared secret, or connection.call on it.

I really appreciate it if you could help point me to the right direction.

Thanks.

troller12, I found your instruction on how to use WinHex to read the plugin.container. I'm having a hard time to find securetoken anywhere on the memory. I did open Ram > plugin-container > entire memory, and still can't find securetoken.

How long does the securetoken stay in memory? When should I open up the "open RAM?" it is as soon as the video start?

Thanks, again for your help!

troller12, I found your instruction on how to use WinHex to read the plugin.container. I'm having a hard time to find securetoken anywhere on the memory. I did open Ram > plugin-container > entire memory, and still can't find securetoken.

How long does the securetoken stay in memory? When should I open up the "open RAM?" it is as soon as the video start?

Thanks, again for your help!

hello
read this thread with more details how to use Winhex

http://stream-recorder.com/forum/cant-play-channel-because-token-t18788.html

Just load the site in browser till the stream has startet or press play button if needed and now load & check the memory.If you use XP then you see also just one plugin.container process you have to choose.If you use Win7 + etc then you see two processes of flash.player.plugin_xxxx and there choose the second one.

Info: streamlive.to used dynamic token which you need to update each time (not working very long) and on the other site you can choose different streams where one also used the static token which keeps same so its better to use this one. :) Below you see my exports of both sites (I did set it to 40 hex digits (64dec)) what get logged durring access the sites (only to catch rtmp link and token if used).
46.246.29.154
#yw%tt#w@kkuTEAcom.wowza.encryptionAS3decrypts ecureTokenResp
watch2.streamlive.to
Df1503fddc2b31616a31c44eac612548d e c o d e d F r a m e s
So this datas gets also written into memory (it keeps if the same memory store locations will not overwritten by new other datas what happens in some cases).Lets say you wanna find new token for streamlive then load memory and search for decodeFrames string in Unicode format and right above you see 2 lines where the token is stored.Just try this if you want.

greetz

hello
read this thread with more details how to use Winhex

http://stream-recorder.com/forum/cant-play-channel-because-token-t18788.html

Biezom, thanks, this was the post that I was following the instruction.

Stroller12, thanks, for clarifying the instruction. I tried your steps but I came up with this on this site http://freetvall.com/video/8U158YHD5667/The-History-Channel:

Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

065C5680 73 65 63 75 72 65 54 6F 6B 65 6E 52 65 73 70 6F secureTokenRespo
065C5690 6E 73 65 00 2E 00 00 00 E4 40 38 60 9C FB B4 0C nse . ä@8`??´
065C56A0 A0 FD 5A 06 00 00 00 00 00 00 00 00 00 00 00 00 *ýZ
065C56B0 4E 65 74 53 74 72 65 61 6D 2E 50 6C 61 79 2E 53 NetStream.Play.S
065C56C0 74 61 72 74 00 00 00 00 63 6F 6D 2E 6A 65 72 6F tart com.jero
065C56D0 65 6E 77 69 6A 65 72 69 6E 67 00 00 00 00 00 00 enwijering
065C56E0 63 6F 6D 2E 6A 65 72 6F 65 6E 77 69 6A 65 72 69 com.jeroenwijeri
065C56F0 6E 67 00 00 00 00 00 00 4E 65 74 53 74 72 65 61 ng NetStrea
065C5700 6D 2E 50 6C 61 79 2E 52 65 73 65 74 00 00 00 00 m.Play.Reset
065C5710 5F 72 6F 6F 74 2E 69 6E 73 74 61 6E 63 65 34 30 _root.instance40
065C5720 36 00 00 00 00 00 00 00 76 6F 78 2D 73 74 61 74 6 vox-stat
065C5730 69 63 2E 6C 69 76 65 72 61 69 6C 2E 63 6F 6D 00 ic.liverail.com


Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

603B0B50 43 61 6D 65 72 61 12 6D 61 78 50 61 75 73 65 42 Camera maxPauseB
603B0B60 75 66 66 65 72 54 69 6D 65 0C 69 6E 42 75 66 66 ufferTime inBuff
603B0B70 65 72 53 65 65 6B 0D 62 75 66 66 65 72 54 69 6D erSeek bufferTim
603B0B80 65 4D 61 78 0F 72 65 63 65 69 76 65 56 69 64 65 eMax receiveVide
603B0B90 6F 46 50 53 0B 74 6F 67 67 6C 65 50 61 75 73 65 oFPS togglePause
603B0BA0 05 70 6C 61 79 32 0D 6D 75 6C 74 69 63 61 73 74 play2 multicast
603B0BB0 49 6E 66 6F 09 6C 69 76 65 44 65 6C 61 79 0D 64 Info liveDelay d
603B0BC0 65 63 6F 64 65 64 46 72 61 6D 65 73 0A 76 69 64 ecodedFrames vid
603B0BD0 65 6F 43 6F 64 65 63 0A 61 75 64 69 6F 43 6F 64 eoCodec audioCod
603B0BE0 65 63 1A 6D 75 6C 74 69 63 61 73 74 50 75 73 68 ec multicastPush
603B0BF0 4E 65 69 67 68 62 6F 72 4C 69 6D 69 74 17 6D 75 NeighborLimit mu
603B0C00 6C 74 69 63 61 73 74 57 69 6E 64 6F 77 44 75 72 lticastWindowDur
603B0C10 61 74 69 6F 6E ation

Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

60384A60 62 79 74 65 43 6F 75 6E 74 00 00 00 63 75 72 72 byteCount curr
60384A70 65 6E 74 42 79 74 65 73 50 65 72 53 65 63 6F 6E entBytesPerSecon
60384A80 64 00 00 00 4E 65 74 53 74 72 65 61 6D 2E 43 6F d NetStream.Co
60384A90 6E 6E 65 63 74 2E 46 61 69 6C 65 64 00 00 00 00 nnect.Failed
60384AA0 61 75 64 69 6F 63 6F 64 65 63 00 00 76 69 64 65 audiocodec vide
60384AB0 6F 63 6F 64 65 63 00 00 64 65 63 6F 64 65 64 46 ocodec decodedF
60384AC0 72 61 6D 65 73 00 00 00 6C 69 76 65 44 65 6C 61 rames liveDela
60384AD0 79 00 00 00 62 75 66 66 65 72 4C 65 6E 67 74 68 y bufferLength
60384AE0 00 00 00 00 62 75 66 66 65 72 54 69 6D 65 00 00 bufferTime
60384AF0 4C 6F 63 61 6C 50 75 62 6C 69 73 68 65 72 00 00 LocalPublisher


The above was all the "securetoken" and "decodedframes" I could fine on the 2nd flashplayerplugins.x.x.x the first entry and the plugincontainer was not searchable because of "memory changed" problem.

Thanks, I hope you could help more.

Did you search in Unicode format?If the memory changed press OK then it will refreshed and you can search go on (F3).Also you can directly visit the streamlive.to site where the stream is comming from.

greetz

Did you search in Unicode format?If the memory changed press OK then it will refreshed and you can search go on (F3).Also you can directly visit the streamlive.to site where the stream is comming from.

greetz

Thank you so much for your help. Unicode did the trick.

Do you think it's possible to make this post or other post with "instruction" sticky?

So its not necessary to make this topic sticky because this way is very low level and also no real solution to find token datas generally you know.

greetz