[Gnash-dev] address@hidden: [osflash] FlashPlayer 10 RTMPE handshake]

gnash-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-dev] address@hidden: [osflash] FlashPlayer 10 RTMPE handshake]

From:	strk
Subject:	[Gnash-dev] address@hidden: [osflash] FlashPlayer 10 RTMPE handshake]
Date:	Wed, 13 Jan 2010 12:13:36 +0100

FYI...

----- Forwarded message from Howard Chu <address@hidden> -----

Date: Tue, 12 Jan 2010 21:53:32 -0800
From: Howard Chu <address@hidden>
Subject: [osflash] FlashPlayer 10 RTMPE handshake
Reply-To: Open Source Flash Mailing List <address@hidden>
To: address@hidden
X-BeenThere: address@hidden

Looks to me like you guys all have the FlashPlayer 9 handshake down, but as
yet no one has deciphered the Type-8 RTMPE handshake response used in
FlashPlayer 10. I've spent a little bit of time working on this in the spirit
of http://osflash.org/red5/discovery?s=discovery+through+observation

(fyi, I've been hacking on rtmpdump lately at http://rtmpdump.mplayerhq.hu and
making decent progress on useful new stuff, but am hitting mud here. I won't
quite call it a brick wall, it's just fairly opaque and slow to yield up its
secrets...)

Currently I'm able to use my rtmpsrv code to generate arbitrary response
packets and see what the Flash client replies with. I have a few other tricks
that work as well, but I'm reluctant to mention them in the open because it
would be trivial for Adobe to patch a future release and prevent these tricks
from working, and I haven't yet learned enough in the meantime.

I'll note that if I reply with a handshake packet of type 8, data all 0xff's
except for the signature and digest, the client works normally. It seems to me
that the client must still be using the FlashPlayer 9 verifier as a fallback,
because using the rtmpdump client code to verify a real Type 8 response, I get
a signature mismatch. I.e., just setting the reply type to 8 is not sufficient
in itself, something else must have changed in the reply packet.

If worse comes to worse I will get my company involved in this and go whole
hog, but thus far I've been working on it informally in my spare time. (Symas
Corp. also develops and markets security software, and we could get a DMCA
exemption to reverse engineer this all if no other approaches work.)

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

_______________________________________________
osflash mailing list
address@hidden
http://osflash.org/mailman/listinfo/osflash_osflash.org

----- End forwarded message -----

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnash-dev] address@hidden: [osflash] FlashPlayer 10 RTMPE handshake], strk <=

Prev by Date: Re: [Gnash-dev] [PATCH] Fix build with libtool2
Next by Date: [Gnash-dev] Translations
Previous by thread: [Gnash-dev] Dear Gnash-Dev, If you can't find in google, try JUSTDIAL.COM
Next by thread: [Gnash-dev] Translations
Index(es):
- Date
- Thread