Quote:
Originally Posted by borked
there are many levels of security added at each stage, from browser page load to end-video play.
That is why I have asked for attempts at cracking the stream into a un-encrypted video on a computer, or any device.
I know it seems like it wouldn't be too hard, and that's why I put a *lot* of time and effort into it ;) And no - there is no encryption key sent. Only an encrypted stream name.
The private secure key is server-side only. Known only to apache and the streaming server.
The beauty is in how iOS handles live http streaming... which is actually a plus for Apple
|
there definitely is a key sent, otherwise the client would not be able to decrypt the file. in the m3u8 file there's the following field for example:
Quote:
|
#EXT-X-KEY:METHOD=AES-128,URI="http://stream.borkedcoder.com:1935/nuqem/_definst_/e2WTzuhKTdRyW/Fjuy1WbYlrwauk8XJncmbvulIwHuMdQl6QW6MpOlInNUZ%2B5k kO/DJBOo/AA8QaIcpghYeuksCZHSBOtDhJu8K/H2UBoR%2Bi%2BhDZYnl2GXY6%2Bi/uKWQV4RoXSRe%2Bj0gRXrTzorXatzvo9uOuryqtLzfJ83mtkHc y5hcTFPUHOYdkggXDQnQKjQniDKgJj2pIaRVMjjlGl2IBZh4Bm zg9KhCCtySWQIk%3D/key.m3u8key?wowzasessionid=247768873"
|
at best this is perhaps good for preventing people from ripping streams using browser plugins.