Here's a summary of my findings.
The swf is encrypted but all the parts can easily be dumped from memory using a tool like SWF Memory Dumper.
(The algorithm is simple. Before using a memory dumper, I managed to decrypt the swf using a simple python script). It's quicker with a tool though.
Using JPEXS flash decompiler we can find a few references to the 'secureToken' but nothing in clear text. Reversing the functions could take ages. Static analysis can be really difficult.
I looked at a different option. On windows 10, I dumped the chrome process (The one with flash running. You can find the process id with swf memory dumper for example) using the task manager option. (Right click on process -> Create Dump File).
With winhex I found in the dump a reference to the string 'securetoken' (ignore the case) and next to it a key that really look like what we need. Unfortunately it did not work with rtmpdump. Also it seems that the securetoken is dynamic and keep changing.
Any help/idea is welcome.
Tools:
http://www.forceprojectx.com/service.../memory_dumper
https://www.x-ways.net/winhex/
https://www.free-decompiler.com/flash/
Reference:
http://blog.codestage.ru/2012/03/07/packed/