Posted by: Doug | September 27, 2008

I Can Rip Any BBC IPlayer, Amazon, YouTube etc Streaming FLV!

So this was the article

It shouts about Adobe not doing enough to help protect streaming content. So i read it and laughed while making notes about what Amazon could do to prevent this:

  • They could use an encrypted stream via rtmpe or rtmpte (or ssl) instead of the ‘sniffable’ default rtmp and rtmpt protocols which it sounds like what they’re doing…
  • They could verify their movie player swf’s…
  • They could use a server invoked challenge and response system running on a timer…
  • They could check the referrer making the request to the server…
  • They could check and validate and restrict ip addresses or domain uri’s…
  • They could authorize users from a database and check the validity of each request pre connection…

Confusingly i can’t quite understand why according to the article Amazon continue to stream content even though the user is unable to do anything with it (but only they know why). That to me seems to be talking about progressive FLV’s

Anyway the article mentions Replay Media Catcher

So i downloaded installed and started recording. Then i visited the BBC IPlayer where I started to watch the live BBC News 24 stream.

As expected because it’s an unencrypted rtmp stream Replay Media Catcher (RMC) started to record it. After a few minutes I pressed the stop recording button (In RMC) and noticed that my file kept downloading… Ok so I thought maybe I am making an assumption and stopping the recording doesn’t work as I expected. So I stopped the IPlayer News 24 stream by pressing the stop button in the Flash Player (which I know stops the NetStream and may or may not close the NetConnection to FMS). I look at RMC and see the filesize is still growing and think first up maybe it’s draining the buffer… So I close the IPlayer page and then my browser which is FireFox 3 but it doesn’t stop recording the stream!!! I’ve written this post and it’s still going… oh dear I feel an upgrade coming soon.

[Updated] Ok so RMC has stopped recording all by itself now but it recorded 75Mb.

It’s hard to know if i did anything to stop it or whether it experienced an error. It certainly tells me something occured:

Sorry, could only download a partial RTMP stream
Media was saved anyway:
C:\Documents and Settings\User\My Documents\My Recordings\news_channel_1@s2677_F46D3481.flv
Exception:
m_nErrType = 6
m_strDesc = “recv() failed on timeout – Saved media to file anyway”
m_strFile = F:\proj32\TestRTMPClient\RTMPStreamRip.cpp
m_nLineNumber = 699

…So this leaves at least one question; does it actually use my browser once the recording starts???

Possibly related posts: (automatically generated)

Posted in Flash, Flash Hacks, Flash Media Server, Flash Platform, Flash Video | Tags: , , , ,

«
»

Responses

  1. Thanks for taking an interest in this and doing some testing, Doug. I’m on vacation now, on a teeny computer and without face-to-face access with the FMS team, and so don’t have solid info. But when this story emerged a few weeks ago it did seem like it was the basic “authenticate your client!” type of issue, and the Adobe Security team did issue an advisory to use the docs:
    http://blogs.adobe.com/psirt/2008/09/security_advisory_flash_media.html

    With the latest journalism, though, I’m not sure whether something has changed to render the previous info irrelevant, or whether it’s just the usual journalistic needs for fresh clicks. The quote from Bruce Schneir a few days ago particularly made me wonder, ’cause he’s usually technically correct.

    Sorry I don’t have solid info to add myself, but I do appreciate that this caught your eye and that you invested time investigating, thanks.

    jd/adobe

    By: John Dowdell on September 28, 2008
    at 6:28 am

    Reply

  2. RMC trial allows only 75% download. Its a trial limit.

    None of your suggestions will work, as the actual video content is not streamed encrypted by FMS.

    By: roosterDummy on September 28, 2008
    at 6:58 am

    Reply

  3. Hi Rooster,

    The first suggestion using rtmpe or ssl will work.

    Verifying a swf in FMS will also prevent RMC connections and a challenge and response system will stop RMC from being able to continously hold on to a NetConnection.

    If you know otherwise please do tell all.

    regards
    Doug

    By: Doug on September 28, 2008
    at 8:07 am

    Reply

  4. Kevin Towes Blog Post:

    http://blogs.adobe.com/ktowes/2008/09/encryption_and_streaming_media.html

    By: Doug on September 29, 2008
    at 7:07 am

    Reply

  5. @John

    Thanks for the follow up and sorry for the delay showing your comments (for some reason it ended up as spam).

    The RTMPE answer is valid but this http://bugs.adobe.com/jira/browse/FP-284 defo needs addressing otherwise the solution is broken in certain fms configurations.

    By: Doug on October 4, 2008
    at 12:49 pm

    Reply


Leave a response






Your response:

Categories

Dev Friends

Expanded Horizons

My Sites

Useful Shizzam

Web Blogs

Web Groups

Web Innovate

Top Posts

 

September 2008
M T W T F S S
    Oct »
1234567
891011121314
15161718192021
22232425262728
2930