Audio/video stream recording forums

Attention Visitor:
You may have to register or log in before you can post:
  • Click the register link to sign up.
  • Registered members please fill in the form below and click the "Log in" button.
To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Audio/video stream recording forums > Streaming media recording forum > rtmpdump
Register FAQ Members List Calendar Mark Forums Read

Reply Post New Thread
 
Thread Tools Display Modes
  #1  
Old 09-14-2016, 11:52 AM
xanathar xanathar is offline
Junior Member
 
Join Date: Aug 2016
Posts: 16
xanathar is on a distinguished road
Question

Recording reallifecam.com


Hello,

I would like to know if some people here are still able to record reallifecam streams using rtmpdump.

I used to to do it for years but I'm really struggling now with the latest version of flowplayer.

I can get the urls and parameters required, however I have some issues finding the secure token.

They used to have 2 different secure token (one for free cams and one for premiums). Both were easy to find when decompiling the old swf player.

Now things are getting more difficult. According to what I have found, I think they read an encrypted binary file. (The algorithm seem easy though)

The swf can be found here:
"http://reallifecam.com/static/flowplayer/flowplayer.swf-20160913"

It would be great if anyone interested in reversing this kind of stuff could have a look.

Are there any other options/tools to find the secure tokens ? I guess the token is somewhere in memory. Are there any tools for browsing/searching the browser/flash plugin memory ?

We can discuss in private if you want. Reversing is fun and I'm here to learn and share.

Thanks
Reply With Quote
  #2  
Old 09-14-2016, 04:37 PM
ihryjfbd ihryjfbd is offline
Senior Member
 
Join Date: Oct 2015
Posts: 212
ihryjfbd is on a distinguished road
Default

Re: Recording reallifecam.com


urlsnooper2

GET /static/flowplayer/flowplayer.swf-20160913 HTTP/1.1
Host: reallifecam.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://reallifecam.com/en/view/06_1
Cookie: guest_tkt="e9d8d961022a9570a3bde6ee5e45f9c41f1d93f 0c230805c225309b459f774b0401dbc4ab6401e794dde2bbc1 3fa94baf7d2678556dbf416f77fe4018d5535b757d9c2a6MTZ lOGJkYQ%3D%3D!guest\054issued-d5f9e293-1473888934!userid_type:b64str";
lang=en
Connection: keep-alive
Reply With Quote
  #3  
Old 09-15-2016, 07:13 AM
xanathar xanathar is offline
Junior Member
 
Join Date: Aug 2016
Posts: 16
xanathar is on a distinguished road
Default

Re: Recording reallifecam.com


Quote:
Originally Posted by ihryjfbd View Post
urlsnooper2

GET /static/flowplayer/flowplayer.swf-20160913 HTTP/1.1
Host: reallifecam.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://reallifecam.com/en/view/06_1
Cookie: guest_tkt="e9d8d961022a9570a3bde6ee5e45f9c41f1d93f 0c230805c225309b459f774b0401dbc4ab6401e794dde2bbc1 3fa94baf7d2678556dbf416f77fe4018d5535b757d9c2a6MTZ lOGJkYQ%3D%3D!guest\054issued-d5f9e293-1473888934!userid_type:b64str";
lang=en
Connection: keep-alive
Thanks, but I have all of this. (and even more). What I know is that the secure tokens (the -T parameter in rtmpdump) were:
#Loi8iJu for free cams
and
VTd3uh@SgFpf for premium.

I'm trying to find the new ones.
Reply With Quote
  #4  
Old 09-16-2016, 07:24 AM
xanathar xanathar is offline
Junior Member
 
Join Date: Aug 2016
Posts: 16
xanathar is on a distinguished road
Default

Re: Recording reallifecam.com


Here's a summary of my findings.

The swf is encrypted but all the parts can easily be dumped from memory using a tool like SWF Memory Dumper.

(The algorithm is simple. Before using a memory dumper, I managed to decrypt the swf using a simple python script). It's quicker with a tool though.

Using JPEXS flash decompiler we can find a few references to the 'secureToken' but nothing in clear text. Reversing the functions could take ages. Static analysis can be really difficult.

I looked at a different option. On windows 10, I dumped the chrome process (The one with flash running. You can find the process id with swf memory dumper for example) using the task manager option. (Right click on process -> Create Dump File).

With winhex I found in the dump a reference to the string 'securetoken' (ignore the case) and next to it a key that really look like what we need. Unfortunately it did not work with rtmpdump. Also it seems that the securetoken is dynamic and keep changing.



Any help/idea is welcome.

Tools:
http://www.forceprojectx.com/service.../memory_dumper
https://www.x-ways.net/winhex/
https://www.free-decompiler.com/flash/

Reference:
http://blog.codestage.ru/2012/03/07/packed/
Reply With Quote
  #5  
Old 09-17-2016, 06:32 AM
j_cool j_cool is offline
Senior Member
 
Join Date: Feb 2016
Posts: 515
j_cool is on a distinguished road
Default

Re: Recording reallifecam.com


I got this with urlsnooper:


rtmps://edge14.reallifecam.com/liveedge?uid=b5b4459&stamp=1474111782&token=eb65d6 7e240e947cc1c923610e205605

rtmps://edge27.reallifecam.com/liveedge?uid=afa61ea&stamp=1474111848&token=a01f6a 373539dfa9104be0a777db174b


any good ?


Cheers,

Johnny.
Reply With Quote
  #6  
Old 09-17-2016, 07:24 AM
xanathar xanathar is offline
Junior Member
 
Join Date: Aug 2016
Posts: 16
xanathar is on a distinguished road
Default

Re: Recording reallifecam.com


Thanks, but it's not what I am looking for. The secureToken is 'embedded' in the swf file. You can't get it with a 'sniffer' like this. AFAIK the only way is to either decompile the swf (which can be difficult when the code is encrypted/obfuscated/complex) or scan the memory (using an hex editor for example).

Anyway here's a little trick. You don't need urlsnooper to get those urls

Just try this:
http://reallifecam.com/resources/gue.../playlist/03_1

Simply replace 03_1 by the camera you want.

If you are a member and logged, replace 'guest' by 'member' in the url I gave you so you can get any camera stream.

Thanks for looking at it though.
Reply With Quote
  #7  
Old 10-30-2016, 07:01 AM
dandalaptop dandalaptop is offline
Junior Member
 
Join Date: Oct 2016
Posts: 5
dandalaptop is on a distinguished road
Default

Quote:
Originally Posted by xanathar View Post
Hello, I would like to know if some people here are still able to record reallifecam streams using rtmpdump. I used to to do it for years but I'm really struggling now with the latest version of flowplayer. I can get the urls and parameters required, however I have some issues finding the secure token. They used to have 2 different secure token (one for free cams and one for premiums). Both were easy to find when decompiling the old swf player. Now things are getting more difficult. According to what I have found, I think they read an encrypted binary file. (The algorithm seem easy though) The swf can be found here: "http://reallifecam.com/static/flowpl...20160913" It would be great if anyone interested in reversing this kind of stuff could have a look. Are there any other options/tools to find the secure tokens ? I guess the token is somewhere in memory. Are there any tools for browsing/searching the browser/flash plugin memory ? We can discuss in private if you want. Reversing is fun and I'm here to learn and share. Thanks


THIá??T Ká?? WEB Tá?*I THIETKEWEBCHUYEN .COM THEO Y?ŠU Cá?¦U TRá»?N G?“I CHá»? 1.990.000 VND -?€€0986.184.211 (VIBER-ZALO) (Mr. Ngá»?c)

Trang web sá?? thiá??t ká?? giao diện theo y??u cá?§u ri??ng, há»?p sá»? th?*ch, phong thủy, vá?*n mệnh… Ä‘á»? giá»›i thiệu sá??n phá?©m, dịch vá»?, c?´ng ty, cá»*a h?*ng … Ä‘á»? bá??n ph??t triá»?n kinh doanh kh?´ng ngừng.

TRANG WEB Sá?? Ä???á»?C Bá??O H?€NH VĨNH VIỄN


C??C DỊCH VỤ KH??C:

Quá??n l?? ná»™i dung Fanpage: 900,000 VNÄ?/ Th??ng
Quá??n l?? ná»™i dung Webstie: 700,000 VNÄ?/ Th??ng
Seo google adword
RAO Vá?¶T TRá»?N G?“I CHá»? VỚI 2,000,000 / TH??NG
Vá»›i 2,000,000 bá??n sá?? c??:

- Ä?Ä?ng 1000 nh??m facebook/th??ng (má»—i nh??m từ 5,000 -> 100,000 th?*nh vi??n).

- Ä?Ä?ng 1000 tin/th??ng web rao vá?·t v?* diá»…n Ä‘?*n lá»›n

- Ä?Ä?ng 1000nh??m/th??ng google plus (má»—i nh??m từ 1000 -> h??n 10,000 th?*nh vi??n)


H??y li??n hệ th?´ng tin b??n d?°á»›i ( kh?´ng b?¬nh luá?*n v?*o b?*i viá??t n?*y v?¬ m?¬nh kh?´ng xem lá??i tin nhá??n tá??i Ä‘??y)

+ 0986.184.211 (VIBER-ZALO) (Mr. Ngá»?c) ( bá??n c?? thá»? nhá??n tin Ä‘á»? y??u cá?§u gá»?i lá??i miá»…n ph?*) - 0902.836.561
+ Email: NgocTran@ThietKeWebChuyen.com - SKYPE: confirmdnt
+ Website: ThietKeWebChuyen. com
Reply With Quote
  #8  
Old 11-06-2016, 04:04 AM
j_cool j_cool is offline
Senior Member
 
Join Date: Feb 2016
Posts: 515
j_cool is on a distinguished road
Default

Re: Recording reallifecam.com


Danda doesn't like my post.

I went too far from cracking flowplayer.swf-20160913.

Can someone crack FilmonPlayer.swf, might be less than 100 tokens there ?
Reply With Quote
  #9  
Old 11-06-2016, 07:14 AM
phuongtrinhqn1102 phuongtrinhqn1102 is offline
Junior Member
 
Join Date: Jun 2016
Posts: 23
phuongtrinhqn1102 is on a distinguished road
Default

Re: Recording reallifecam.com


xin ch?*o c??c bá??n may xuc dat d?*nh cho trá?» con,video hay lÄ?ng x?? d?*nh cho b?© , can cau oto xuc dat cho be may xuc
Reply With Quote
  #10  
Old 11-06-2016, 10:17 AM
j_cool j_cool is offline
Senior Member
 
Join Date: Feb 2016
Posts: 515
j_cool is on a distinguished road
Default

Re: Recording reallifecam.com


phuong,

your youtube clip is very interesting, but how about getting secure token from FilmonPlayer.swf ?

You will be able to watch BBC high stream if I get the token.

Last edited by j_cool : 11-06-2016 at 03:45 PM.
Reply With Quote
Reply Post New Thread
Tags: , , , ,



Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 09:51 AM.


Powered by All-streaming-media.com; 2006-2011
vB forum hacked with Zoints add-ons