How to prevent RTMPE ripping/recording/capturing/downloading

[any ANONYMOUS forum user]

I use Adobe Flash Media Server (FMS) and I would like to know how I can prevent RTMPE ripping/recording/capturing/downloading.

Thank you for your help!

[Stream Ripper]

Keep in mind, you're posting on a forum where quite a few people ENJOY recording videos - escpecially those of the rtmpe nature. Having said that, adobe is cracking down on software that can record rtmpe videos. Your best bet is to KEEP your videos encoded with RTMPE, then the only way people are REALLY going to be able to record your stuff is with Screen Capture software.

Any video can be recorded using screen video capture software, but such programs allow you to record one video at a time only, plus they recompress the video making quality worse.


Flash Media Server supports methods to encrypt all communication between player and server, restrict delivery of streams to video players created by content owners, enforce access controls like domain, geo filtering, secure tokens, etc. Content delivered from Flash Media Server (encrypted or unencrypted) will also leave no artifact on the disk that malicious software can capture.

Flash developers, content owners and IT managers have the control to enable RTMPe and SWF Verification on video players running on Flash player or AIR. Content Delivery Networks (CDNs) offer support for RTMPe and SWF Verification at their discretion. Content can also be delivered to Flash player, AIR or Flash Lite from a web server (HTTP) or through RTMP without swf verification or session authorization, this could expose the media to malicious capture

Secure RTMPE protocol prevents packets from being intercepted in the middle (for example, with a network packet sniffer). This is the encryption. To prevent someone from connecting to your stream, you need some form of access control. With flash media server, the access control can be provided by SWF verification. By using SWF verification, you can prevent third-party clients from connecting to your stream and ripping your content.

Adobe is encouraging all content owners to:

• Use Adobe Flash Media Server 3 and RTMPe to stream content to Flash player or AIR
• Use SWF Verification
• Disable the RTMP protocol in Flash Media Server 3 when RTMPe/RTMPs is used

RTMPe and SWF verification require Flash player 9.0.0.115 or higher and Flash Media Server 3. The following list of clients and servers provides a matrix of what you need

Clients:
Adobe Flash player 9,0,115 or higher (released December 2007)
Adobe AIR 1.0 or higher
Adobe Media Player

Server:
Adobe Flash Media Streaming Server 3 (released January 2008)
Adobe Flash Media Interactive Server 3 (released January 2008)
Content Delivery Network supporting FMS




Links:

Adobe Developer Connection

Code:

http://www.adobe.com/devnet/flashmediaserver/security.html

Content Protection Whitepaper

Code:

http://www.adobe.com/devnet/flashmediaserver/articles/protecting_video_fms.pdf

Adobe Security Advisory website.

Code:

http://www.adobe.com/support/security/

Adobe Media Rights Flash Management Server

Code:

http://www.adobe.com/products/flashmediaserver/pdfs/FMRMS_whitepaper.pdf

[any ANONYMOUS forum user]

rtmpdump 1.6 supports RTMPE recording and SWF verification. The source code of the program is publicly available. It is Adobe who called RTMPE a secure protocol. Although Adobe has taken down the rtmpdump, the code of the program is widely available, so the only way for Adobe to make content secure is to introduce new security measures.

Quote:

Originally Posted by any ANONYMOUS forum user

rtmpdump 1.6 supports RTMPE recording and SWF verification. The source code of the program is publicly available. It is Adobe who called RTMPE a secure protocol. Although Adobe has taken down the rtmpdump, the code of the program is widely available, so the only way for Adobe to make content secure is to introduce new security measures.

It happens with every popular technology. RTMPE is not an exception. Although it might be pretty difficult for a regular user to download content through the RTMPE protocol, the content protected by RTMPE can't be considered secure anymore.

Considering exorbitant prices on FMS I would recommend all FMS customers to initiate legal actions against Adobe, seeking compensation and damages for deceiving them about the level of "protection" of their copyright material.


Related thread:
RTMPE stream recording/downloading/capturing/ripping/saving

[any ANONYMOUS forum user]

The strongest method of protection is not RTMPE and SWF Verification. You can use action script to write your own connection authentication method in SSAS methods and RMI client.onConnect() and client.call. This will make make sure any client like Replay Media Catcher will just not able to comply with your custom authentication routine as it would be unique.

Quote:

Originally Posted by Stream Recorder

Considering exorbitant prices on FMS I would recommend all FMS customers to initiate legal actions against Adobe, seeking compensation and damages for deceiving them about the level of "protection" of their copyright material.

I would have to disagree here. Can you imagine if HDCP devices everywhere start getting their keys revoked due to 'compromise' how the equipment purchasers are going to feel when their new $2000 HDTV is rendered useless due to DRM? Or when the ultimate crash occurs and HDCP is completely compromised and nobody's works protected with it are 'secure.'

I don't use HDMI because I don't agree with HDCP being imposed upon me. That means I do without the content. I'm not their slave, I don't have to consume their products. I don't want them in control of my TV set all the way to the pixel! No thanks!

I think they need a new model for capitalizing from their creations, instead of creating an electronic police state. It's absurd!

[placebo]

Implementing hardcore protected type of streaming.

For example, streams of the type Apple QuickTime video:
rtsp://***.mov incl. security key/token
or
rtsp://***.mp4 inc. security key/token
are virtually impossible to pirate (incl. VLC media player chap ).

Segmented streaming (see NBA, National Basketball Assoc.) is an alternative to Quicktime but more complicated/expensive.