Audio/video stream recording forums

Attention Visitor:
You may have to register or log in before you can post:
  • Click the register link to sign up.
  • Registered members please fill in the form below and click the "Log in" button.
To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Audio/video stream recording forums > Streaming media recording forum > Video stream recording
Register FAQ Members List Calendar Mark Forums Read

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 05-30-2012, 04:14 PM
avirex avirex is offline
Junior Member
 
Join Date: Mar 2012
Posts: 24
avirex is on a distinguished road
Default

Advanced stream recording using Wireshark


Hello.

I have an IPTV device hooked up to my television and I'm curious to know where the streams are coming from.

I was able to capture the raw packets from the IPTV device wirelessly using Pirni (for iPhone) and I have a lot of RTMPT traffic in the capture.

Problem is I am not seeing enough information to be able to play the streams on my computer.

I can see the "Connect" to their server. But the "Playpath" parameter seems to be encrypted.

For example:

I see a Connect to 'rtmp://91.232.136.6:1935/sedge'



Then I see a Create Stream.



Then a FCSubscribe with "String 'AKuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUl BNw5tfQE6QBWNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5Cl afSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMojqhb7T4V 4b1mMq3FU8OJPEGhIKjbKI='



and finally the Play with String 'AKuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUl BNw5tfQE6QBWNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5Cl afSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMojqhb7T4V 4b1mMq3FU8OJPEGhIKjbKI='



The "Play" string looks like the Playpath but it seems to be encrypted.

When I drop this in rtmpdump I get the following:

Code:
C:\rtmpdump>rtmpdump -r "rtmp://91.232.136.6:1935/sedge" -y "AKuOuDtzNHyvwotDemO
EietAmj4OjchYtD1qxn1E4DOKf4JUlBNw5tfQE6QBWNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5Cl
afSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMojqhb7T4V4b1mMq3FU8OJPEGhIKjbKI=" -d "A
KuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUlBNw5tfQE6QBWNoVxUyuWmW_vaM7VoP2S
UK55CI7w7Pz6JOz5ClafSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMojqhb7T4V4b1mMq3FU8OJ
PEGhIKjbKI=" -v -V | vlc -
RTMPDump 2.4 git-6230845 2011-9-25
(c) 2010 Andrej Stepanchuk, Howard Chu, The Flvstreamer Team; license: GPL
WARNING: You haven't specified an output file (-o filename), using stdout
DEBUG: Protocol : RTMP
DEBUG: Hostname : 91.232.136.6
DEBUG: Port     : 1935
DEBUG: Playpath : AKuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUlBNw5tfQE6QBWN
oVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5ClafSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMoj
qhb7T4V4b1mMq3FU8OJPEGhIKjbKI=
DEBUG: tcUrl    : rtmp://91.232.136.6:1935/sedge
DEBUG: app      : sedge
DEBUG: subscribepath : AKuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUlBNw5tfQE
6QBWNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5ClafSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N37
1WMojqhb7T4V4b1mMq3FU8OJPEGhIKjbKI=
DEBUG: live     : yes
DEBUG: timeout  : 30 sec
DEBUG: Setting buffer time to: 36000000ms
Connecting ...
DEBUG: RTMP_Connect1, ... connected, handshaking
DEBUG: HandShake: Type Answer   : 03
DEBUG: HandShake: Server Uptime : 96850052
DEBUG: HandShake: FMS Version   : 3.0.1.1
DEBUG: HandShake: Handshaking finished....
DEBUG: RTMP_Connect1, handshaked
DEBUG: Invoking connect
INFO: Connected...
DEBUG: HandleServerBW: server BW = 2500000
DEBUG: HandleClientBW: client BW = 2500000 2
DEBUG: HandleCtrl, received ctrl. type: 0, len: 6
DEBUG: HandleCtrl, Stream Begin 0
DEBUG: HandleChangeChunkSize, received: chunk size change to 4096
DEBUG: RTMP_ClientPacket, received: invoke 259 bytes
DEBUG: (object begin)
DEBUG: (object begin)
DEBUG: Property: <Name:             fmsVer, STRING:     FMS/3,5,4,210>
DEBUG: Property: <Name:       capabilities, NUMBER:     31.00>
DEBUG: Property: <Name:               mode, NUMBER:     1.00>
DEBUG: (object end)
DEBUG: (object begin)
DEBUG: Property: <Name:              level, STRING:     status>
DEBUG: Property: <Name:               code, STRING:     NetConnection.Connect.Su
ccess>
DEBUG: Property: <Name:        description, STRING:     Connection succeeded.>
DEBUG: Property: <Name:               data, OBJECT>
DEBUG: (object begin)
DEBUG: Property: <Name:            version, STRING:     3,5,4,210>
DEBUG: (object end)
DEBUG: Property: <Name:           clientid, NUMBER:     499847536.00>
DEBUG: Property: <Name:     objectEncoding, NUMBER:     0.00>
DEBUG: (object end)
DEBUG: (object end)
DEBUG: HandleInvoke, server invoking <_result>
DEBUG: HandleInvoke, received result for method call <connect>
DEBUG: sending ctrl. type: 0x0003
DEBUG: Invoking createStream
DEBUG: FCSubscribe: AKuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUlBNw5tfQE6QB
WNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5ClafSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WM
ojqhb7T4V4b1mMq3FU8OJPEGhIKjbKI=
DEBUG: Invoking FCSubscribe
DEBUG: RTMP_ClientPacket, received: invoke 29 bytes
DEBUG: (object begin)
DEBUG: Property: NULL
DEBUG: (object end)
DEBUG: HandleInvoke, server invoking <_result>
DEBUG: HandleInvoke, received result for method call <createStream>
DEBUG: SendPlay, seekTime=0, stopTime=0, sending play: AKuOuDtzNHyvwotDemOEietAm
j4OjchYtD1qxn1E4DOKf4JUlBNw5tfQE6QBWNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5ClafSjEK
4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMojqhb7T4V4b1mMq3FU8OJPEGhIKjbKI=
DEBUG: Invoking play
DEBUG: sending ctrl. type: 0x0003
DEBUG: RTMP_ClientPacket, received: invoke 142 bytes
DEBUG: (object begin)
DEBUG: Property: NULL
DEBUG: (object begin)
DEBUG: Property: <Name:              level, STRING:     status>
DEBUG: Property: <Name:               code, STRING:     NetStream.Play.Start>
DEBUG: Property: <Name:        description, STRING:     FCSubscribe to stream no
t-found.>
DEBUG: Property: <Name:           clientid, NUMBER:     499847536.00>
DEBUG: (object end)
DEBUG: (object end)
DEBUG: HandleInvoke, server invoking <onFCSubscribe>
DEBUG: RTMP_ClientPacket, received: invoke 194 bytes
DEBUG: (object begin)
DEBUG: Property: NULL
DEBUG: (object begin)
DEBUG: Property: <Name:              level, STRING:     status>
DEBUG: Property: <Name:               code, STRING:     NetStream.Play.Unpublish
Notify>
DEBUG: Property: <Name:        description, STRING:     rtmp://eu-origin.zaaptv.
com:1935/origin/_definst_/not-found is now unpublished.>
DEBUG: Property: <Name:           clientid, NUMBER:     499847536.00>
DEBUG: (object end)
DEBUG: (object end)
DEBUG: HandleInvoke, server invoking <onStatus>
DEBUG: HandleInvoke, onStatus: NetStream.Play.UnpublishNotify
DEBUG: Invoking deleteStream
DEBUG: Closing connection.

What's interesting is the RTMPDUMP output is exposing the following (highlighted in blue above):

rtmp://eu-origin.zaaptv.com:1935/origin/_definst_/not-found


Any idea how I can get this FCSubscribe and the actual Playpath?

I feel like I'm almost there, just need some help to finish the last mile. Thanks in advance.

Last edited by avirex : 05-30-2012 at 04:16 PM. Reason: pictures
Reply With Quote
 
Tags:



Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 12:21 PM.


Powered by All-streaming-media.com; 2006-2011
vB forum hacked with Zoints add-ons