A failed cracking experience

Entrusted by others , Want to go to a website “ get ” Live video stream on it , And make use of , Although it finally failed , But the cracking process is still worth sharing with you , Hope to inspire you .

Live video streaming is nothing more than RTMP Protocol encapsulated Flv perhaps mp4, perhaps HLS, Of course, there is my unique technology （websocket Transmit raw data , adopt js Decode and play ）. However, the technology encountered this time is very tricky , It ended in failure .

chrome Open the live screen of the website , Don't talk much ,F12 Call up the console , Locate the live screen Dom Elements , At first glance, it's a Flash Elements , Key parameters passed Flashvars Pass to flash, These parameters are passed in clear text , It's mainly userId,videoId. It seems to be going well .

If it is Flash player , Then the following way is to decompile . take out 10 The tools found in the hoard in have fallen behind , A lot of searches on the Internet , Found a free powerful tool , open swf file , There is no confusion , Code at a glance . It seems to be going well .

Not much code , After careful analysis , It was found that RTMPE Agreement to play . Although I have specialized in Flash And live video , But I really didn't study RTMPE agreement , This is a RTMP A variation of the agreement , stay RMTP The protocol is encrypted . This encryption doesn't matter , Another verification work was also done , It bothered me all day .

Before the video is played , The player also did one thing to guard against theft . Now let me explain in detail .

1. stay RTMPE After connecting to the server successfully ——NetConnection.Connect.Success

2. adopt RPC A method was called GetLive, This method returns a ByteArray object ———— It can be understood as binary stream

3. Put the binary object load To Loader And allow it to access the parent SWF Code permissions for

Here's a little explanation , This operation is Flash Load another Flash The process of ,Loader Object can be loaded directly swf Of URL, Or load a binary object directly from memory as described above , Such passage RTMPE Agreed RPC Mode to transmit a SWF The binary format of is quite hidden , And because of RTMPE Encryption of the Protocol , So you can't know this operation process by capturing packets .

I simulate this process , Before disconnecting , adopt fileReference Object will this ByteArray Objects are stored on the hard disk . Then open it through the decompile tool , See this SWF Source code of the document . In this source code, it does such an operation

4. This is loaded SWF It carries a string , And take this string as RPC The method name of initiates the request again , And get the actual name of the video stream from the server .

5. Lord SWF Play the video through the name of this video stream

The above process is fully understood , The following is the cracking process . First, decompile SWF Make local modifications , Intended to remove some of these visual elements （ through RPC Back to ByteArray Loaded onto the screen ）, As long as I modified SWF, The connection will be disconnected soon . So I just wrote a new one myself Flash player , But the same fate .

On baidu search RTMPE、bing search 、 Over the wall Google search , There is not much information .

the second day , Continue to study , As far as I can guess , The server must be right SWF The document itself is verified , If two files are different, even if one byte is different , So the file Hash It must be different . This is the principle of many download tools for verification . Then I opened it Adobe Check the official article RTMPE Description of the agreement , See light suddenly ：FMS You can use RTMPE Protocol pair swf Document validation , If not specified swf The client file will reject the connection .

So can you forge a client , Send verification information ？ In theory , But you need to understand FlashPlayer Encryption process and generation principle of verification information . even so , We also need to solve dynamic loading SWF The problem of , That needs to be realized FlashPlayer The main function of , Such a workload is almost unrealistic . So the website has effectively resisted people like me who want to crawl its resources through these methods . I am willing to bow to the disadvantage .