FYI... ----- Forwarded message from Howard Chu <h...@highlandsun.com> -----
Date: Tue, 12 Jan 2010 21:53:32 -0800 From: Howard Chu <h...@highlandsun.com> Subject: [osflash] FlashPlayer 10 RTMPE handshake Reply-To: Open Source Flash Mailing List <osfl...@osflash.org> To: osfl...@osflash.org X-BeenThere: osfl...@osflash.org Looks to me like you guys all have the FlashPlayer 9 handshake down, but as yet no one has deciphered the Type-8 RTMPE handshake response used in FlashPlayer 10. I've spent a little bit of time working on this in the spirit of http://osflash.org/red5/discovery?s=discovery+through+observation (fyi, I've been hacking on rtmpdump lately at http://rtmpdump.mplayerhq.hu and making decent progress on useful new stuff, but am hitting mud here. I won't quite call it a brick wall, it's just fairly opaque and slow to yield up its secrets...) Currently I'm able to use my rtmpsrv code to generate arbitrary response packets and see what the Flash client replies with. I have a few other tricks that work as well, but I'm reluctant to mention them in the open because it would be trivial for Adobe to patch a future release and prevent these tricks from working, and I haven't yet learned enough in the meantime. I'll note that if I reply with a handshake packet of type 8, data all 0xff's except for the signature and digest, the client works normally. It seems to me that the client must still be using the FlashPlayer 9 verifier as a fallback, because using the rtmpdump client code to verify a real Type 8 response, I get a signature mismatch. I.e., just setting the reply type to 8 is not sufficient in itself, something else must have changed in the reply packet. If worse comes to worse I will get my company involved in this and go whole hog, but thus far I've been working on it informally in my spare time. (Symas Corp. also develops and markets security software, and we could get a DMCA exemption to reverse engineer this all if no other approaches work.) -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ _______________________________________________ osflash mailing list osfl...@osflash.org http://osflash.org/mailman/listinfo/osflash_osflash.org ----- End forwarded message ----- _______________________________________________ Gnash-dev mailing list Gnash-dev@gnu.org http://lists.gnu.org/mailman/listinfo/gnash-dev
