Analysis
--------
The creation of the ARC4 encryption keys are created ultimately from nothing more than a Diffie-Hellmann key exchange, excluding constants and publicly-transferred information that is passed through hashing algorithms. There is no input into the algorithm from a secret key, password or passphrase. The same effect as this algorithm could therefore be achieved with a well-known industry standard algorithm such as SSL.
The "verification" process involves nothing more than publicly-obtainable information (the 32-byte SWFHash and the SWF size) and publicly-exchanged data (the last 32 bytes of the first server response).
According to
readme_rtmpdump1.6.txt:
Download the swf player you want to use for SWFVerification, unzip it using
Code:
$ flasm -x file.swf
It will show the decompressed filesize, use it for --swfsize
Now generate the hash
Code:
$ openssl sha -sha256 -hmac "Genuine Adobe Flash Player001" file.swf
and use the --swfhash "01234..." option to pass it. e.g.
Code:
$ ./rtmpdump --swfhash "123456..." --swfsize 987...
In other words, the "verification" algorithm basically links the SWF file with the content that is being accessed through it. The SWF file unfortunately has to be made publicly available via web sites, and so
can be easily obtained.
Thus, the only "security" is given by linking the last 32 bytes of the first server response in to the "verification" algorithm. Unfortunately, this information was also generated with no passwords or secret keys, and is transmitted in-the-clear.
Overall, then, the Adobe RTMPE algorithm provides end-to-end secrecy in exactly the same way that SSL provides end-to-end secrecy, but provides no security and uses no authentication of any kind.