Hdcast.org token challenge

Hdcast.org token challenge

 

Here goes another token challenge.

The swf:

http://77231864591d8245d027-dbd663cdd4719bbeb13e13f9ee6e6f1f.r39.cf5.rackcdn.c om/bba.swf

Testing site:

http://cricfree.tv/update/skys1.php

It can be done with RABCDASM like in http://stream-recorder.com/forum/sho...8&postcount=16 but they have added another obfuscation layer, obfuscating a binary inside the swf.

Feel free to add suggestions or any helpful info.

Re: Hdcast.org token challenge

 

Just for fun they have included nice messages inside the swf :D :

Re: Hdcast.org token challenge

 

They can run, but they cannot hide ;) Check your inbox...

Re: Hdcast.org token challenge

 

That's great. What method did you use? Dumping memory, dissasembling..etc?

Re: Hdcast.org token challenge

 

:rolleyes:

Re: Hdcast.org token challenge

 

Can you please give me some info as I cant dump my sky films streams now, any pointer or directions would be good,
Thanks in advance for any help :)

UPDATE: got a dump but still not running in rtmpdump, output bellow!

RTMPDump 2.4 git-6230845 2011-9-25
(c) 2010 Andrej Stepanchuk, Howard Chu, The Flvstreamer Team; license: GPL
DEBUG: Protocol : RTMP
DEBUG: Hostname : rtmp.hdcast.org
DEBUG: Port : 1935
DEBUG: Playpath : action
DEBUG: tcUrl : rtmp://rtmp.hdcast.org:1935/redirect/
DEBUG: swfUrl : http://77231864591d8245d027-dbd663cd...13f9ee6e6f1f.r
39.cf5.rackcdn.com/bba.swf
DEBUG: pageUrl : http://www.hdcast.org/embedlive2.php...=620&vh=490&do
main=cricfree.tv
DEBUG: app : redirect/
DEBUG: flashVer : WIN 12,0,0,77
DEBUG: live : no
DEBUG: timeout : 30 sec
DEBUG: SWFSHA256:
DEBUG: ac 11 26 f9 48 52 bb 20 b9 ce 0f 27 15 80 e3 ba
DEBUG: 71 b6 6a 89 f7 1a 80 ed ca cd 21 d1 1d 55 36 d5
DEBUG: SWFSize : 231564
DEBUG: Setting buffer time to: 36000000ms
Connecting ...
DEBUG: RTMP_Connect1, ... connected, handshaking
DEBUG: HandShake: Client type: 03
DEBUG: HandShake: Client digest offset: 53
DEBUG: HandShake: Initial client digest:
DEBUG: 1a 4d 84 b8 f2 37 69 f1 2c a6 34 51 7c d6 df 4b
DEBUG: 69 f8 c9 b8 48 05 8b 66 c3 92 be e8 29 bf 5a 67
DEBUG: HandShake: Type Answer : 03
DEBUG: HandShake: Server Uptime : 96850052
DEBUG: HandShake: FMS Version : 3.0.1.1
DEBUG: HandShake: Calculated digest key from secure key and server digest:
DEBUG: 9e ed a0 e9 fc b3 3f d8 7e 08 1f 41 80 75 a1 bb
DEBUG: a5 5c ec c1 5f 4c 3d f0 27 7f 69 ae b0 f9 45 47
DEBUG: HandShake: Client signature calculated:
DEBUG: fd 79 74 36 2a 2c e3 8e 47 6b 78 79 fd 17 fe ce
DEBUG: 3b d6 19 d8 30 cf ce a5 ab 80 01 61 a7 15 e8 28
DEBUG: HandShake: Server sent signature:
DEBUG: 1c dd 10 37 1b d4 58 44 47 f5 b3 6a 44 c8 9f 75
DEBUG: 97 bf 59 01 ec f5 f4 95 c7 84 4f df 93 81 8c 0a
DEBUG: HandShake: Digest key:
DEBUG: 44 aa 38 01 c1 5a 33 83 dc 8d 0a 98 8d 03 39 12
DEBUG: 5e 99 2f a3 23 67 b6 a8 81 5a 6b e0 14 43 12 a8
DEBUG: HandShake: Signature calculated:
DEBUG: 1c dd 10 37 1b d4 58 44 47 f5 b3 6a 44 c8 9f 75
DEBUG: 97 bf 59 01 ec f5 f4 95 c7 84 4f df 93 81 8c 0a
DEBUG: HandShake: Genuine Adobe Flash Media Server
DEBUG: HandShake: Handshaking finished....
DEBUG: RTMP_Connect1, handshaked
DEBUG: Invoking connect
INFO: Connected...
DEBUG: HandleServerBW: server BW = 2500000
DEBUG: HandleClientBW: client BW = 2500000 2
DEBUG: HandleCtrl, received ctrl. type: 0, len: 6
DEBUG: HandleCtrl, Stream Begin 0
DEBUG: HandleChangeChunkSize, received: chunk size change to 4096
DEBUG: RTMP_ClientPacket, received: invoke 234 bytes
DEBUG: (object begin)
DEBUG: Property: NULL
DEBUG: (object begin)
DEBUG: Property: <Name: level, STRING: error>
DEBUG: Property: <Name: code, STRING: NetConnection.Connect.Re
jected>
DEBUG: Property: <Name: description, STRING: Connection failed: Appli
cation rejected connection.>
DEBUG: Property: <Name: ex, OBJECT>
DEBUG: (object begin)
DEBUG: Property: <Name: redirect, STRING: rtmpe://46.246.124.11:19
35/redirect>
DEBUG: Property: <Name: code, NUMBER: 302.00>
DEBUG: (object end)
DEBUG: Property: <Name: clientid, NUMBER: 1591378394.00>
DEBUG: (object end)
DEBUG: (object end)
DEBUG: HandleInvoke, server invoking <_error>
ERROR: rtmp server sent error
DEBUG: RTMP_ClientPacket, received: invoke 18 bytes
DEBUG: (object begin)
DEBUG: Property: NULL
DEBUG: (object end)
DEBUG: HandleInvoke, server invoking <close>
ERROR: rtmp server requested close
DEBUG: Closing connection.

Re: Hdcast.org token challenge

 

Any one help me with getting the last challenge please? I am a bit new at dumping I dont ask to be spoon feed, just a hand would be good :D

Re: Hdcast.org token challenge

 

I'd be very interested in it as well, because I notice that some public streaming services are adopting this "obfuscation" technique, in order to hide their token (which is a nonsense, as they are free public services and should freely allow the streaming capture).
And I tried to identify the string "secureTokenResponse" in the decompiled swf, obviously without success...
I will send a pm with the hope to find out the right strategy to solve this new issue...
Thanks in advance for the help

Re: Hdcast.org token challenge

 

it is not really rocket science just dump and grep

Re: Hdcast.org token challenge

 

Thanks anyway for the answer, Mckv, but the original post was about the swf player of hdcast, not eucast.
I know that the eucast token is not hard to find.

Here is an example of a channel that is still hosted on Hdcast.org:

I don't know what really happened, but fortunately now hdcast streams can be dumped again without the need of any "mysterious tokens".

So for the moment the hdcast issue seems solved