Audio/video stream recording forums > Streaming media recording forum > rtmpdump > Secure token issue

Hello everyone!

I'm trying to catch rtmpe streams from the site mybeststream.xyz

So far, I haven't got problems to capture streams from this platform.

But since a few days, something has changed (I guess they must have added some token)

Here is an example:

rtmpdump -v -r "rtmpe://l.mybeststream.xyz/r/" -a "r/" -y "dolcehdw619" -W "http://mybeststream.xyz/MjJiYmQ3MjI0ZWVkZTYzZmNlYTkzM2M0OTcyZjVhMGZlMzAzN2/jwplayer.flash.swf" live=1 -p "http://mybeststream.xyz/gen_s.php?id=27281&width=710&height=440"

(stream source: http://www.tv-sport-hd.com/channel/dolce1.html)

Once this stream worked nicely. Now, instead, I systematically get the error message "RTMP_ReadPacket, failed to read RTMP packet header" (typical error due to secure tokens)

Likewise, all the other streams from this platform don't work anymore for the same issue.

Any help (you can send me a pm, if you like) would be appreciated.

Thanks in advance!

P.S: notice that the SWF path changes dynamically.

So if you need to analyze the swf file, I have uploaded it here:

http://speedy.sh/sw8RR/jwplayer.flash.swf

Hahah I like to see the people crying now trying to fuck my servers bandwidth for restream or KODI :cool:

Good luck trying to rip my streams now. ;)

Hahah I like to see the people crying now trying to fuck my servers bandwidth for restream or KODI :cool:

Good luck trying to rip my streams now. ;)
Are you stupid? i'm pretty sure if i can rip from Amazon i can rip your shitty SD Streams. :D

http://i.imgur.com/dGUSb9t.png

rtmpdump -r "rtmpe://l.mybeststream.xyz/r/" -a "r/" -f "WIN 18,0,0,232" -W "http://mybeststream.xyz/YjdlYTI1ZjM5ZGRiYThhNmQ1NzRkM2IzNDQxY2UxNDZlY2Q2NW/jwplayer.flash.swf" -p "http://mybeststream.xyz/gen_s.php?id=27281&width=710&height=440" -y "dolcehdw619" -T "ovcast_live_streaming" | "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" -

Good day, mybeststream :D

rtmpdump -r "rtmpe://l.mybeststream.xyz/r/" -a "r/" -f "WIN 18,0,0,232" -W "http://mybeststream.xyz/YjdlYTI1ZjM5ZGRiYThhNmQ1NzRkM2IzNDQxY2UxNDZlY2Q2NW/jwplayer.flash.swf" -p "http://mybeststream.xyz/gen_s.php?id=27281&width=710&height=440" -y "dolcehdw619" -T "ovcast_live_streaming" | "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" -

Good day, mybeststream :D

Good job! I had under my nose, but I could not find

http://i.imgur.com/trK7SHg.png

Good job! I had under my nose, but I could not find

http://i.imgur.com/trK7SHg.png
What are you using there to find it if you dont mind me asking? :)

What are you using there to find it if you dont mind me asking? :)

gdb on linux or winhex on windows
and again good job!

gdb on linux or winhex on windows
and again good job!
Must give credit to @denobis as one of his many tools helped me to find the token. :)

Must give credit to @denobis as one of his many tools helped me to find the token. :)
my turn
What are you using there to find it if you dont mind me asking?

my turn
What are you using there to find it if you dont mind me asking?

http://atresdownloader.com/teadecrypt.php

if you look the flash within you'll see that the token is computed so:

private var _typeOfServerAccepted:String = "937a417fd8b8aaa672743035cd18f1d9b31c82f628c1600f";

_typeOfServer = TEA.decrypt(_typeOfServerAccepted,"0x0000");

"937a417fd8b8aaa672743035cd18f1d9b31c82f628c1600f" as securetoken

"0x0000" as key.

not 100% sure how denobis found the 937a417xxx part.

http://atresdownloader.com/teadecrypt.php

if you look the flash within you'll see that the token is computed so:

private var _typeOfServerAccepted:String = "937a417fd8b8aaa672743035cd18f1d9b31c82f628c1600f";

_typeOfServer = TEA.decrypt(_typeOfServerAccepted,"0x0000");

"937a417fd8b8aaa672743035cd18f1d9b31c82f628c1600f" as securetoken

"0x0000" as key.

not 100% sure how denobis found the 937a417xxx part.
ok thanks

Ok time to fix this, and seal the player, wait there :) ah and remember, ovcast_live_streaming token was dumb for a reason! ;)

http://atresdownloader.com/teadecrypt.php

if you look the flash within you'll see that the token is computed so:

private var _typeOfServerAccepted:String = "937a417fd8b8aaa672743035cd18f1d9b31c82f628c1600f";

_typeOfServer = TEA.decrypt(_typeOfServerAccepted,"0x0000");

"937a417fd8b8aaa672743035cd18f1d9b31c82f628c1600f" as securetoken

"0x0000" as key.

not 100% sure how denobis found the 937a417xxx part.


Thanks for your help and suggestions!

Ok time to fix this, and seal the player, wait there :) ah and remember, ovcast_live_streaming token was dumb for a reason! ;)
You failed the first time, you will fail again. :D

Ok, since TEA encryption is a pretty old standard, and if i start using AES with a dynamic key based on UTC on server and on player, are you sure that you can find it?

Are you stupid? i'm pretty sure if i can rip from Amazon i can rip your shitty SD Streams. :D

No my friend, im not stupid, and believe im better than you. Wait for it.

Ok, since TEA encryption is a pretty old standard, and if i start using AES with a dynamic key based on UTC on server and on player, are you sure that you can find it?



No my friend, im not stupid, and believe im better than you. Wait for it.

Will give it my damn best to crack your crap! :D

Hi,

datas you can find in AS part of the file.
private var _typeOfServer:String;

private var _typeOfServerAccepted:String = "937a417fd8b8aaa672743035cd18f1d9b31c82f628c1600f";

private var _video:Video;

private var _loading:Boolean = false;

private var _afterLoading:Function = null;

private var _typeOfSmoothStream:String = "165269f7b36c725e8f4a34008a7d1ffd2cd01ba60fab039323 f3de76da42d305";

public function RTMPMediaProvider(param1:Boolean = true)

---------
trait Qname(PrivateNamespace("com.longtailvideo.jwplayer.media:RTMPMediaProvider"),"_typeOfServerAccepted") slot slotid 0 type Qname(PackageNamespace(""),"String") value Utf8("937a417fd8b8aaa672743035cd18f1d9b31c82f628c1600f")
---------

if(param1.info.secureToken != undefined)
{
_typeOfServer = TEA.decrypt(_typeOfServerAccepted,"0x0000");
_loc6_ = TEA.decrypt(param1.info.secureToken,_typeOfServer) ;
_connection.call("secureTokenResponse",null,_loc6_);
ExternalInterface.call("console.log","Anti-Theft Player v.1.1 (info@rte.pm)");
---------
937a417fd8b8aaa672743035cd18f1d9b31c82f628c1600f
0x0000
= ovcast_live_streaming
---------

_application = TEA.decrypt(_typeOfSmoothStream,"0x0020");
---------
165269f7b36c725e8f4a34008a7d1ffd2cd01ba60fab039323 f3de76da42d305
0x0020
= rtmpe://l.mybeststream.xyz/r/
---------
greetz

Hmm hmm, yeah yeah...

Try now. ;)

PS: Next time if someone crack it, the code will be obfuscated, and i'll put some entropy among the generation process.

Hi,

your streams are no more working now and player in browser loads endless. :) Other streams of deltatv are working.I get this... (can't post all values correctly and in one line in code tags below)
?‹e w?g3G“?§™s;
f
€™Ä?¨
Nice is also that...so I think you wanted to send drbmn a message with that or was it a invitation to drbmn to come in private now? ;) Just joking a little of course.
PLEASE, **** MY BIG HEAD ****, I TOLD YOU I'M BETTER THAN YOU!
Anyway so I can't test it if your streams are no more working.

greetz

Hi,

your streams are no more working now and player in browser loads endless. :) Other streams of deltatv are working.I get this... (can't post all values correctly and in one line in code tags below)
?‹e w?g3G“?§™s;
f
€™Ä?¨
Nice is also that...so I think you wanted to send drbmn a message with that or was it a invitation to drbmn to come in private now? ;) Just joking a little of course.
PLEASE, **** MY BIG HEAD ****, I TOLD YOU I'M BETTER THAN YOU!
Anyway so I can't test it if your streams are no more working.

greetz

Yes they are working 100% now, I was finishing something, and yes that's a message for all who try to steal whats on my servers.

LOL Nice message man, you really think you're clever, it will be cracked. just wait. :D

token=c.r.e.a.t.e.S.t.r.e.a.m

token=c.r.e.a.t.e.S.t.r.e.a.m

;) Well done, you beat me to it. working here too!

Only way is by memory searching, but well, this way i will need too fuscate all secureToken strings, realloc the position, and make my cronjob to 1 hour by hour generate a new token, i would like to see someone updating it every hour :cool:

Only way is by memory searching, but well, this way i will need too fuscate all secureToken strings, realloc the position, and make my cronjob to 1 hour by hour generate a new token, i would like to see someone updating it every hour :cool:

We can automate the process, good luck fully securing this. :D

No you will not, because i will code an HTTPProvider generating each second a new token and send it by HTTPS to the player, unless you will update it by hand you will do shit about it.

Hahah I like to see the people crying now trying to fuck my servers bandwidth for restream or KODI :cool:

Good luck trying to rip my streams now. ;)

Dear owner of mybeststream.xyz (or better, ovcast.com),

I think you completely misunderstood my real intentions, as I did not want to play a nasty trick nor I invited you to a war of mice and cats.

Who cares of f***ing your servers bandwidth, I just asked for help to play on VLC a rtmp stream freely found on the web. What's wrong with it?

Do you think that people watching your streams on your website, instead of using VLC, spare your servers bandwidth instead?

Besides, I feel really surprised and disappointed by your arrogance (also proven by the rude words you put in your swf code), which doesn't fit to the professional role of someone who provide an internet service.

Your obsession for obfuscating and re-directing all the time seems more like an escape, rather than as an attempt to protect the content of what you host.

If you really care about what your website hosts, you'd better simplify things instead of complicating them with pseudo-urls and pseudo-keys. Otherwise even legitimate copyrighters will find it extremely difficult to report possible violations because they won't be able to trace the real source of your hosted streams.

P.S.: being too arrogant and sadist with rtmp dumpers does not help, because the people who want to view a free stream on VLC can be your potential clients too.

I hope you'll be seriously thinking about that, because your way of behaving is the worst promotion you can offer for your service.

Dear owner of mybeststream.xyz (or better, ovcast.com),

I think you completely misunderstood my real intentions, as I did not want to play a nasty trick nor I invited you to a war of mice and cats.

Who cares of f***ing your servers bandwidth, I just asked for help to play on VLC a rtmp stream freely found on the web. What's wrong with it?

Do you think that people watching your streams on your website, instead of using VLC, spare your servers bandwidth instead?

Besides, I feel really surprised and disappointed by your arrogance (also proven by the rude words you put in your swf code), which doesn't fit to the professional role of someone who provide an internet service.

Your obsession for obfuscating and re-directing all the time seems more like an escape, rather than as an attempt to protect the content of what you host.

If you really care about what your website hosts, you'd better simplify things instead of complicating them with pseudo-urls and pseudo-keys. Otherwise even legitimate copyrighters will find it extremely difficult to report possible violations because they won't be able to trace the real source of your hosted streams.

P.S.: being too arrogant and sadist with rtmp dumpers does not help, because the people who want to view a free stream on VLC can be your potential clients too.

I hope you'll be seriously thinking about that, because your way of behaving is the worst promotion you can offer for your service.

First of all, you seem to be a good guy with good intentions, but as you know, most of the people just want to rip the streams off, and believe me when I say they suck all my bandwidth, first time i changed the token on first day i saw a decrease of 100 viewers per server, that means about 1200 viewers leeching the servers without any permission to do that and without generating any income of that traffic, if someone asked me directly by email or skype for access to the streams I would provide them access depending on the owner permission of the stream. Now they just want to steal them... I need to do something about that right?

Im not a bad person, trust me, and believe im very very professional in what I do, and those messages in the source code of the player, well, if they don't want to see them, just keep the eyes way of it.

First of all, you seem to be a good guy with good intentions, but as you know, most of the people just want to rip the streams off, and believe me when I say they suck all my bandwidth, first time i changed the token on first day i saw a decrease of 100 viewers per server, that means about 1200 viewers leeching the servers without any permission to do that and without generating any income of that traffic, if someone asked me directly by email or skype for access to the streams I would provide them access depending on the owner permission of the stream. Now they just want to steal them... I need to do something about that right?

Im not a bad person, trust me, and believe im very very professional in what I do, and those messages in the source code of the player, well, if they don't want to see them, just keep the eyes way of it.
I don't wanna steal your bandwidth or whatever but let me say this:

Your streams are a) freely available on the internet b) you CHOOSE to do so with servers you HAVE to pay for.

If people can play them in VLC, they will. i will help with that because that is what is asked of in this thread.

If you want real protection get AES-128 via m3u8. rtmp is not secure unless you are Hulu.

Hi,

Ok I see your channels are working if I disable ASD Blocker. :) One reason why people don't wanna watch your channels on your website is that you use a lot commercial stuff on the player screen itself and the user has to click them away which popups another sites so nobody want this but you do force people to do that if they wanna watch directly on your site.Maybe a little less of that ADS would be better for your site to get also a better reputation.At the end you shouldn't wonder if people don't wanna watch your channels on your site and try to pipe them on home PC player.I am just talking about normal channel watcher only not about any steal / re-streaming etc.

About token...
https://mybeststream.xyz/key.php?bandwidth=1.7976931348623157E308
s.t.a.r.t.S.t.r.e.a.m, c.r.e.a.t.e.S.t.r.e.a.m
greetz

this cunts server needs a ddos, then we shall see who makes money,

hwahwahwa

Can someone please help to decrypt this link? I think this is using AES on M3U8.
http://72.21.81.253/80112A1/50770rse/SkySports1/index.m3u8?56d2ae3db9bb95c6213f41271cca8ee856c0f1e 5e96db31359618c2cedd34a7c58fec

Thank you.

Can someone please help to decrypt this link? I think this is using AES on M3U8.
http://72.21.81.253/80112A1/50770rse/SkySports1/index.m3u8?56d2ae3db9bb95c6213f41271cca8ee856c0f1e 5e96db31359618c2cedd34a7c58fec

Thank you.

Try streamlink.

Maybe...