1RTMP Dump v2.4 2(C) 2009 Andrej Stepanchuk 3(C) 2009-2011 Howard Chu 4(C) 2010 2a665470ced7adb7156fcef47f8199a6371c117b8a79e399a2771e0b36384090 5(C) 2011 33ae1ce77301f4b4494faaa5f609f3c48b9dcf82 6License: GPLv2 7librtmp license: LGPLv2.1 8http://rtmpdump.mplayerhq.hu/ 9 10To compile type "make" with SYS=<platform name>, e.g. 11 12 $ make SYS=posix 13 14for Linux, Unix, etc. or 15 16 $ make SYS=darwin 17 18for MacOSX or 19 20 $ make SYS=mingw 21 22for Windows. 23 24You can cross-compile for other platforms using the CROSS_COMPILE variable: 25 26 $ make CROSS_COMPILE=arm-none-linux- INC=-I/my/cross/includes 27 28Please read the Makefile to see what other make variables are used. 29 30This code also requires you to have OpenSSL and zlib installed. You may 31optionally use GnuTLS or polarssl instead of OpenSSL if desired. You may 32also build with just rtmpe support, and no rtmps/https support, by 33specifying -DNO_SSL in the XDEF macro, e.g. 34 35 $ make XDEF=-DNO_SSL 36 37or 38 39 $ make CRYPTO=POLARSSL XDEF=-DNO_SSL 40 41You may also turn off all crypto support if desired 42 43 $ make CRYPTO= 44 45A shared library is now built by default, in addition to the static 46library. You can also turn it off if desired 47 48 $ make SHARED= 49 50The rtmpdump programs still link to the static library, regardless. 51 52Note that if using OpenSSL, you must have version 0.9.8 or newer. 53For Polar SSL you must have version 1.0.0 or newer. 54 55Credit goes to team boxee for the XBMC RTMP code originally used in RTMPDumper. 56The current code is based on the XBMC code but rewritten in C by Howard Chu. 57 58 59SWF Verification 60---------------- 61 62Note: these instructions for manually generating the SWFVerification 63info are provided only for historical documentation. The software can now 64generate this info automatically, so it is no longer necessary to 65run the commands described here. Just use the -W (--swfVfy) option 66to perform automatic SWFVerification. 67 68Download the swf player you want to use for SWFVerification, unzip it using 69 70 $ flasm -x file.swf 71 72It will show the decompressed filesize, use it for --swfsize 73 74Now generate the hash 75 76 $ openssl sha -sha256 -hmac "Genuine Adobe Flash Player 001" file.swf 77 78and use the --swfhash "01234..." option to pass it. 79 80e.g. $ ./rtmpdump --swfhash "123456..." --swfsize 987... 81 82 83Connect Parameters 84------------------ 85 86Some servers expect additional custom parameters to be attached to the 87RTMP connect request. The "--auth" option handles a specific case, where 88a boolean TRUE followed by the given string are added to the request. 89Other servers may require completely different parameters, so the new 90"--conn" option has been added. This option can be set multiple times 91on the command line, adding one parameter each time. 92 93The argument to the option must take the form <type> : <value> where 94type can be B for boolean, S for string, N for number, and O for object. 95For booleans the value must be 0 or 1. Also, for objects the value must 96be 1 to start a new object, or 0 to end the current object. 97 98Examples: 99 --conn B:0 --conn S:hello --conn N:3.14159 100 101Named parameters can be specified by prefixing 'N' to the type. Then the 102name should come next, and finally the value: 103 --conn NB:myflag:1 --conn NS:category:something --conn NN:pi:3.14159 104 105Objects may be added sequentially: 106 -C O:1 -C NB:flag:1 -C NS:status:success -C O:0 -C O:1 -C NN:time:12.30 -C O:0 107or nested: 108 -C O:1 -C NS:code:hello -C NO:extra:1 -C NS:data:stuff -C O:0 -C O:0 109 110 111Building OpenSSL 0.9.8k 112----------------------- 113arm: 114./Configure -DL_ENDIAN --prefix=`pwd`/armlibs linux-generic32 115 116Then replace gcc, cc, ar, ranlib in Makefile and crypto/Makefile by arm-linux-* variants and use make && make install_sw 117 118win32: 119Try ./Configure mingw --prefix=`pwd`/win32libs -DL_ENDIAN -DOPENSSL_NO_HW 120Replace gcc, cc, ... by mingw32-* variants in Makefile and crypto/Makefile 121make && make install_sw 122 123OpenSSL cross-compiling can be a difficult beast. 124 125Precompiled OpenSSL binaries for Windows are available on 126http://www.slproweb.com/products/Win32OpenSSL.html 127 128If you're just running a pre-built Windows rtmpdump binary, then all you 129need is the "Light" installer. If you want to compile rtmpdump yourself, 130you'll need the full installer. 131 132 133Example Servers 134--------------- 135Three different types of servers are also present in this distribution: 136 rtmpsrv - a stub server 137 rtmpsuck - a transparent proxy 138 rtmpgw - an RTMP to HTTP gateway 139 140rtmpsrv - Note that this is very incomplete code, and I haven't yet decided 141whether or not to finish it. It is useful for obtaining all the parameters 142that a real Flash client would send to an RTMP server, so that they can be 143used with rtmpdump. The current version now invokes rtmpdump automatically 144after parsing a client request. 145 146rtmpsuck - proxy server. See below... 147 148All you need to do is redirect your Flash clients to the machine running this 149server and it will dump out all the connect / play parameters that the Flash 150client sent. The simplest way to cause the redirect is by editing /etc/hosts 151when you know the hostname of the RTMP server, and point it to localhost while 152running rtmpsrv on your machine. (This approach should work on any OS; on 153Windows you would edit %SystemRoot%\system32\drivers\etc\hosts.) 154 155On Linux you can also use iptables to redirect all outbound RTMP traffic. You 156need to be running as root in order to use the iptables command. 157 158In my original plan I would have the transparent proxy running as a special 159user (e.g. user "proxy"), and regular Flash clients running as any other user. 160In that case the proxy would make the connection to the real RTMP server. The 161iptables rule would look like this: 162 163iptables -t nat -A OUTPUT -p tcp --dport 1935 -m owner \! --uid-owner proxy \ 164 -j REDIRECT 165 166A rule like the above will be needed to use rtmpsuck. Note that you should 167replace "proxy" in the above command with an account that actually exists 168on your machine. 169 170Using it in this mode takes advantage of the Linux support for IP redirects; 171in particular it uses a special getsockopt() call to retrieve the original 172destination address of the connection. That way the proxy can create the 173real outbound connection without any other help from the user. The equivalent 174functionality may exist on other OSs but needs more investigation. 175 176(Based on reading the BSD ipfw manpage, this rule ought to work on BSD: 177 178ipfw add 40 fwd 127.0.0.1,1935 tcp from any to any 1935 not uid proxy 179 180Some confirmation from any BSD users would be nice.) 181 182(We have a solution for Windows based on a TDI driver; this is known to 183work on Win2K and WinXP but is assumed to not work on Vista or Win7 as the 184TDI is no longer used on those OS versions. Also, none of the known 185solutions are available as freeware.) 186 187The rtmpsuck command has only one option: "-z" to turn on debug logging. 188It listens on port 1935 for RTMP sessions, but you can also redirect other 189ports to it as needed (read the iptables docs). It first performs an RTMP 190handshake with the client, then waits for the client to send a connect 191request. It parses and prints the connect parameters, then makes an 192outbound connection to the real RTMP server. It performs an RTMP handshake 193with that server, forwards the connect request, and from that point on it 194just relays packets back and forth between the two endpoints. 195 196It also checks for a few packets that it treats specially: a play packet 197from the client will get parsed so that the playpath can be displayed. It 198also handles SWF Verification requests from the server, without forwarding 199them to the client. (There would be no point, since the response is tied to 200each session's handshake.) 201 202Once the play command is processed, all subsequent audio/video data received 203from the server will be written to a file, as well as being delivered back 204to the client. 205 206The point of all this, instead of just using a sniffer, is that since rtmpsuck 207has performed real handshakes with both the client and the server, it can 208negotiate whatever encryption keys are needed and so record the unencrypted 209data. 210 211rtmpgw - HTTP gateway: this is an HTTP server that accepts requests that 212consist of rtmpdump parameters. It then connects to the specified RTMP 213server and returns the retrieved data in the HTTP response. The only valid 214HTTP request is "GET /" but additional options can be provided in normal 215URL-encoded fashion. E.g. 216 GET /?r=rtmp:%2f%2fserver%2fmyapp&y=somefile HTTP/1.0 217 218is equivalent the rtmpdump parameters "-r rtmp://server/myapp -y somefile". 219 220Note that only the shortform (single letter) rtmpdump options are supported. 221