Audio/video stream recording forums

Attention Visitor:
You may have to register or log in before you can post:
  • Click the register link to sign up.
  • Registered members please fill in the form below and click the "Log in" button.
To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Audio/video stream recording forums > Streaming media recording forum > rtmpdump
Register FAQ Members List Calendar Mark Forums Read

Reply Post New Thread
 
Thread Tools Display Modes
  #1  
Old 10-04-2013, 01:03 AM
gorilla.maguila gorilla.maguila is offline
Member
 
Join Date: Dec 2012
Posts: 62
gorilla.maguila is on a distinguished road
Default

dumping Ilive.to


Hey guys,

Do you know how to dump ilive.to streamings?

It used to be possible to dump the streams getting a token from http://www.ilive.to/server.php but not anymore. Although it's still possible to get a token the server closes the connection.

Code:
 rtmpdump -r rtmp://live.iguide.to/edge -y vsoui5hx1do3qon -W http://player.ilive.to/secure_player_ilive_z.swf --token "UYDk93k#09sdafjJDHJKAD873" --live --debug -p "http://www.ilive.to/view/49959/watch-live-SIC_Noticias-streaming-channel-for-free"
Reply With Quote
  #2  
Old 10-04-2013, 03:58 AM
KSV KSV is offline
Senior Member
 
Join Date: Apr 2011
Posts: 853
KSV is on a distinguished road
Cool

Re: dumping Ilive.to


try with
Code:
-T "I8772LDKksadhGHGagf#"
Reply With Quote
  #3  
Old 10-04-2013, 03:59 AM
hasomaso hasomaso is offline
Senior Member
 
Join Date: Apr 2011
Posts: 943
hasomaso is on a distinguished road
Default

Re: dumping Ilive.to


test that

Code:
--token "I8772LDKksadhGHGagf#"
Reply With Quote
  #4  
Old 10-04-2013, 04:03 AM
gorilla.maguila gorilla.maguila is offline
Member
 
Join Date: Dec 2012
Posts: 62
gorilla.maguila is on a distinguished road
Default

Re: dumping Ilive.to


Thanks @KSV

Is the token from the server.php response modified in the swf file?
Reply With Quote
  #5  
Old 10-04-2013, 07:18 AM
gorilla.maguila gorilla.maguila is offline
Member
 
Join Date: Dec 2012
Posts: 62
gorilla.maguila is on a distinguished road
Default

Re: dumping Ilive.to


I answer myself. The token is obfuscated inside the swf.

I take the opportunity to ask you guys, how did you find the token? deobfuscating the swf? Or somehow you've found a method to reverse the process:

Recieve SecureToken()--->DecodeTEA()--->SendSecureResponse()

Thanks
Reply With Quote
  #6  
Old 10-04-2013, 10:23 AM
Telofy Telofy is offline
Junior Member
 
Join Date: Oct 2013
Posts: 8
Telofy is on a distinguished road
Default

Re: dumping Ilive.to


I mostly just signed up to say thanks! The token from server.php still worked a few days ago; now it doesn’t seem to be as easy anymore.

In another thread, oelk said that you can find the token either by manipulating the code to output the calculated token, by using a debugger, or by using a “decryption” function in one’s own code.

Now I would like to be able to extract these tokens myself, but while I’m a software dev, I’m not versed in ActionScript/Flash programming. Are there any how-to guides, preferably for Linux, that describe the process? I’ve seen people in other threads ask the same question, but the search doesn’t seem to produce anything of the sort.
Reply With Quote
  #7  
Old 10-04-2013, 11:12 AM
gorilla.maguila gorilla.maguila is offline
Member
 
Join Date: Dec 2012
Posts: 62
gorilla.maguila is on a distinguished road
Default

Re: dumping Ilive.to


I've been thinking on it and I guess the most simple, feasible way would be to dissamble the swf put a "print" and assemble again.

For example in ilive.to's swf file we can see in assembly code:

Code:
 43   getproperty   	info //nameIndex = 249
 46   getproperty   	secureToken //nameIndex = 1823
 49   getlex        	undefined //nameIndex = 255
 52   ifeq          	L4

 56   getlocal0     	
 57   getproperty   	private::_connection //nameIndex = 239
 60   pushstring    	"secureTokenResponse"  //stringIndex = 2382
 63   pushnull      	
 64   getlex        	com.wowza.encryptionAS3::TEA //nameIndex = 1068
67   getscopeobject	1
69   getslot       	1
71   getproperty   	info //nameIndex = 249
74   getproperty   	secureToken //nameIndex = 1823
77   getlex        	_a_-_--- //nameIndex = 3047
80   pushint       	-1820302793	// 0x-6c7f9dc9
82   callproperty  	_a_--_-- (1) //nameIndex = 2444
86   coerce_s      	
87   callproperty  	decrypt (2) //nameIndex = 1782
91   callpropvoid  	call (3) //nameIndex = 195

Making a wild guess as I'm dont know match about actionscript translates to something like:

Code:
_connection.call("secureTokenResponse", null, TEA.decrypt(evt.info.secureToken, 	_a_-_---(-1820302793)));
Where _a_-_---() it's an obfuscated function. And maybe we can put something like trace(_a_-_---(-1820302793)) in assembly to show the computed token. (I think this method would also apply for coolsport)


@Telofy
I also work in linux and unfortunately there isn't much, you can try JPEXS Decompiler though. The best I've found it's Adobe swf investigator http://labs.adobe.com/technologies/swfinvestigator/

Last edited by gorilla.maguila : 10-04-2013 at 12:26 PM.
Reply With Quote
Reply Post New Thread
Tags: ,



Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 10:24 AM.


Powered by All-streaming-media.com; 2006-2011
vB forum hacked with Zoints add-ons