 Very nervous speaking in front of all of you because you probably saw me naked at the party last night And if you haven't been to my party, yeah, well, yeah, you missed the puking and stuff like that All right, this is the good and bad about stream media I'm gonna show you basically how we're gonna steal media and how we're gonna protect ourselves from being stolen from Who am I I'm Tommy Pickles. I'm originally from New York. I live in LA now I'm single so any girls out there who want to buy me a drink later Been arrested and jailed He's also a very tight guys. So any guys who want to date him? Definitely definitely a bonus I promise you spot the Fed. We're actually running behind. So we're gonna skip the spot the Fed We'll do it next I promise just and we'll take y'all over to the next tent where we're gonna do it once again, I'm doing the PSA which is to thank all of you for your patience and For being understanding for the problems that we're facing coordinating The convention with the new Not so much new but the the added restrictions that we weren't aware of in previous conventions Specifically with the fire department We lost about 200 seats because we lost the roof tent We thought we're gonna get those 200 seats back as it turns out. There was some miscommunications It's exactly how many people could be where? We didn't find that out actually until about Tuesday of this week So we'd already submitted our plans to the fire department everything had been approved so and so forth It was too late to change them Now we see this is a little bit different than what I was telling you before Reason being is I actually got a phone call from the chief fire marshal last night a Very very nice lady worth the with the county in with Clark County Who spent quite a bit of time with us working through the issues that we felt were unfair working through the issues that we felt were unappropriate and When we had a very good meeting of the minds we both sides apologize both sides realizes there were miscommunication issues the fire department Was not actually out to get us Which was one of the perceptions that we initially had and Once again, you know, it's for your safety We don't want to repeat of Chicago or Cincinnati where 200 people got trampled and about 60 people got burned to death So that's why we're doing it It sucks to be outside the lines are hot and long. We are trying desperately to get the water. What's over here? Moved out to a more strategic location where you can get to it We're also making sure the security in the water so you don't get something nasty that makes you think your testicles are speaking to you Or over ease if you're female or in some cases if you're female your testicles are speaking to you, that's fine And once again, we thank you you've made this a very good convention for us this year and You know, you've you've really helped us out and we really appreciate that and we hope that that you're having a good time and We hope that we can help you have the best time that you can and That we ask you can please bear with us and be understanding That you know, we're working within the streets that we have to for your safety But that ultimately you want you to have a good time here Please also understand this is a pretty much all volunteer organization No one here is is compensated thousands and thousands of dollars for doing what they're doing Everybody here volunteers. It's a labor of love from us for you guys for the community to to come out and Have a good time, you know If this was a sands convention or a or our safe convention where you're spending two grand three grand for a convention Obviously things would be a lot different You know, you're spending seventy five dollars. Is that expensive to some certainly? Is it cheap to others? Yes, it's all matter perspective But that's kind of the number we need going forward to be able to put this on without losing too much money Black hat is dead is definitely separate from Def Con Jeff puts on Def Con like I said for the community Jeff's full-time job is black hat This is the once a year kind of bash that he throws to thank everybody in the security community both the underground and professionally for for being who you are and Basically being good people and again, we want to thank you for that and we really appreciate that So again, please bear with us We're still trying to work out some of the problems. We had a double line forming today. I'm not sure why we're gonna get that corrected And some of the other little foibles there are re-broadcasts of yesterday's presentations They'll be going on in the Apollo chill-out room. There are 200 seats in there now Where you can go when there's a big screen monitor and catch some of the more popular presentations There will be repeats of the presentations throughout the convention as We get them online. There will be copies of all the presentations on the Def Con media server They're not high res but they are for free and they have been for free for every Def Con That that's going on. I think we have up until from four on up right now All the slides are there all the streaming videos so on and so forth If you want a very good high quality well done version of the speakers sound of knowledge She was handling the audio video for us right now Has a very reasonable Reasonable copy video tapes for you for that. So again, we thank you. I'm a turn back over to Tommy All right Thanks priest for the announcement Again, this is the good and bad stream media how we're gonna steal it and how we could protect it I'm gonna bank through a lot of these slides really fast because I got like 50 slides in it a lot of info here But who am I I'm Tommy Pickles. I'm originally from New York. I live in LA and singled I Was arrested and jailed if you want to hear the story about that To buy me a beer or something and I'm media whore. I love to be on TV So and I like to drink so if you buy me a beer, I'll explain that to Qualifications. Yeah, I've been in the business for about 12 years I've worked in the Coast Guard on computer radar systems and actually weapons systems. I developed Solutions for a digital club network. I run Molok dot org Molok TV and we have stream media there That is totally insecure. So you can go grab it, but it's all watermarked anyway. So I'll find you later and I always get hacked T those and stuff. Some of you might have seen me on my TV talks What the hell is streaming media? Okay streaming media is any multimedia basically sent through a protocol like HTTP or progressive networks Or RTSP or MMS MMS being Microsoft and RTSP is real-time streaming protocol Common types of streaming media, of course, are the real network shall cast ice ice cast Windows media There's a lot more out there And I'm only going to touch upon some of them because like I said, we're short on time. We only have 50 minutes here Media players the basic media players. We're going to talk about real player Windows player quick time and win amp Good things about real Lots of formats it'll play practically on anything and they developed this thing called sure stream technology Which is basically encapsulating multiple streams in one stream file. So if you drop down in speed, it'll actually Manage your bandwidth. It'll go down to another stream of that file. Therefore you don't buffer a lot and then You do have the full screen aspect Which is great when you're like watching porn or something like that You know like you can't really you know have fun with a postage stamp Mpeg for technology. That's the newest thing that they got in it But it's through the in vivo plug-in and I don't really understand why they're using a third-party plug-in for mpeg for content You know, there's a lot of development out there, but it seems like mpeg for cost the most of everything The real player plus version does cost money. It seems like they're just Real is just like a commerce engine with this real one and CNN comm I mean everyone deserves to get paid and I would like each one of you guys to give me a buck when you leave here, but um This whole purpose seems to be commerce It and the it hasn't played on Linux For like eight and nine, but they updated the codec. So it's still still the old player in Linux Windows Media Windows Media is pretty good. I do a lot of stuff in Windows Media It's included in Windows, which is the greatest part about it How are you going to monopolize if you don't include it with your operating system, right? so um, it's skinnable it you can do full screen in it and Basically the large demographic because they're dominating the industry with just including it with the operating system and an encoder with Windows 2000 pro and XP pro Wine will actually support it under Linux, but only version 6.4. I've tried to install it on Linux for like You know the newer players and it just doesn't work Windows Media does suck because of digital rights management This is a little watermark that we all put on our files so that if you take it I will find out you have it or it won't play on your computer unless you're authorized some versions of DRM are like Microsoft's library. I think it is on the the PDA's they actually watermark a lot of their stuff with DRM So you can't play it on a lot of players There's no consistency between players between real 6, 7, 8 and now 9 things have changed so much that you have to update Codecs every time you play a video so wrong of them and then one day I actually Put real on my system with like a lot of the video stuff I do and it corrupted my codecs because you use shared libraries and it screwed up my video my avid machine Quicktime player quicktime player supports mpeg4 and can edit files in its windows and Mac but It's not supporting on unix You can use wine, but it's kind of like resource-intensive Plugger works for the browser Full screens only in paid versions, which I don't know where they get off doing that And then editing is only in the paid version, which you know like hey if you want to edit movies You should actually pay for yourself, but you know why you even put the feature in there The servers servers real windows Darwin is the the quicktime server and shout cast an ice cast Those are basically the same thing, you know when you go online and go to mp3.com, etc Real server, it's free sort of You can get a license that's actually one year I think now for ten users at one megabit So if you're like playing on serving office stuff inside your office on a land That's probably not going to work out for you if you have more than ten people connecting to your server Especially if you're making 256k streams, I mean you're going to reach that mega in no time It's multi-platform it runs from a command line nothing's cooler than having a server They can actually start from a command line whoever thought of that, you know Year's development in unix and all sudden there, you know windows media thinks you have to run windows just to have like a Windows server You can run this from command line. It's really cool and gives you a lot of diagnostics and a lot of logging and it's widely used Yes, it has been exploited I'm sorry I'm losing my place here. Okay Quicktime server it's free server But it's not easy to serve stuff this like they made it really free and they said yeah You can serve anything through Darwin, but you had to get write these class files Which no one told you how to write them and he went up to these boards to figure out and everyone go well I figured out but I'm not telling you it's like Now I feel like I'm talking to myself So like and it hasn't been exploited anything that's on a Server system that you do nothing, but serve stuff off it's going to be exploited Microsoft media server. This is my favorite. It's free with Windows 2000 advanced server It's like how like that's domination, you know trying to give people a free media server like It has so many exploits to it and it doesn't log for crap and I'll show you it's like I was like hacking my own servers, which kind of seemed stupid, you know, like don't you have a job don't go to the beach But I hacked my own server Shoutcast and icecast these servers really cool They've done a lot of updating, but you can actually like stream your MP3s and act like you're an internet radio station That's really cool But that it's been exploited and again all these things have been exploited Okay, this is the simplest way we're going to steal media now One of the people one of the things people do is they want to put their movies on their website Be like this is Tommy pickles get naked in the party and I'm going to embarrass him on my website Defconn.org or something the people will just upload it to their website and hyperlink it well That's not secure at all because a it doesn't stream well B you could just right click on it and go save as and then you still in their media I mean if you if you wanted people to save your media, that's cool and everything like that But if you're looking for security, that's not the way to do it because I could actually go through the html The ways you can actually protect this because if this is the only way you can serve media is actually Use ht access files limit who sees your website or who can click on a link for your videos or use JavaScript Or like I have people using j2e and stuff like that to protect files It's really good JavaScript will actually hide all the links and not let you like do view source Of course, there's a lot of ways to get around that but I mean we're talking about limiting the demographic security through obscurity Okay, basically if you want to stream it cheap you can create these files like batch files again ASX file or you know m3u file stuff like that and put that on your website So if someone right clicks on it, they're just going to see You know like a little text file that they downloaded they're not going to actually have the file now They can open up that file and then see What the link actually is and post that into a browser, but this is one way you can actually stream files like actually make a little batch file That's a dot ASX and just references the The WMB file or ASF file Those are just brief examples Getting around the HTML now. This is What you get into when you start going after the media like I've stolen video from tech TV calm and CNET calm just to see how good they are and you know, like it was just stupid, you know, no one protects it All you have to do is siphon through HTML files and like look for anywhere. They have Basically dot MOV or dot ASF ASX or something like that and you're going to find like they usually put in bed tags and stuff like that And you basically you can use like W get and like or Linux dash dump They actually on the in the program CD or on the site There should be actually tools for Windows if you don't use Linux to I have like W get for Windows and a bunch of other files on there that I hope you do this, but Either way, you have to just download the local file look at the if it's dot RMM or dot ASX And then look inside the file and see what it is and then just make even an HTML file on your desktop that you can actually Right-click on your desktop and download the file Okay, siphoning HTML. This is that basically the way that If you go through the the web stuff, you'll actually see Different stuff in the page source such as mpeg and stuff like that If you can't right-click, this is the most useful thing if you can't right-click or view source on a page There's like that little Windows key on your keyboard You can actually push that and it overrides everything that the browser is telling you to do So it'll actually pop up that shortcut menu and then you just mouse and go view source and it'll pop up So Windows keys sometimes do serve a purpose You can find you could like find where you're getting the video from but just playing it and if you use a sniffer Like iris is pretty good You could actually see where the video is coming from and it's gonna give you the hyper like and then you could just plug That into your W get and steal the video Or you could do TCP dump. I would like to cover TCP dump But time is really short because there's a lot of things you could do with TCP dump and do like VVV and like basically look At hex codes, but if you want to talk about that at the bar after four drinks, it gets really hysterical Okay, media from media servers a lot of the big media servers like MTV they will use a big media server They'll try to protect themselves against this. There's ways to steal around these things Real media like first of all is probably the best Logging engine Just because they log everything they log how much you watch the thing how many times you've watched it different things like that So it's really cool. It's a TCP connection and then it'll stream UDP stuff But the TCP connection will not like close until you like log off basically or stop watching the video But we'll cover that how like how I'm stealing from real media to Stream box vcr this program I'm telling you is like the best program in the world that like they keep on developing it Basically it will grab any real media and they patch it so it could get like past real nine helix security And it basically fakes a real player And so like when it connects up to the server, it'll just report. Yeah, someone's just watching the file Meanwhile, I'm ripping it at like one meg speed and like it says it's reporting like 56k stream to them It's just really cool dynamic program and it keeps on getting better every day Unless those guys die, of course This is basically what stream box looks like and it it's really simple and you just like Go like go through and it'll show you when it's downloading the actual files and how fast it's downloading and stuff like that It's really easy to configure. You're like Here's the location I want to download from as you can tell it's a media file from like Or is it streaming media show? Where do you want to just put the destination? You can actually choose the speed that it's going to write to the real media logs So you can say I'm going at 56k. Meanwhile, you're ripping at like 200k And it will give you the best file You could queue files. That's the coolest thing because I actually was talking to somebody when I was stealing their media and They were going to look out for me. So I'm like, okay, go ahead and After like nine o'clock, I would start my queue. So by the time I woke up in the morning because I know he's probably sleeping too So like I just keep on downloading every night and I got like a whole archive How are you going to fight this? Okay There are some problems about this. It does take some thoughts. Um Real media log doesn't it real doesn't log until you disconnect from it. It sends like a tcp session Saying okay, this guy's done. This is how long he watched the video. So once um Once you watched it you're in their logs and then they can disconnect you and uh one of the ways to You can try this. I mean go up to deafcon.org to their media archives Try using stream ripper. You might get in there once and then you'll be banned because They're gonna look for all your info um Basically, there's ways to hide files from stream box and stuff like that a company that I work for a digital club network They actually started working with tomcat and doing stuff to sepul You it's really hard to work through that plus if you have add like me You'll probably be like i'm bored shiny blue thing, you know So like I i'm not into like the long haul with like streaming media um What's the signature of stream box? um Basically stream box writes its own real player version Um, I don't know if you can change this again. It's hex editing you have to get in like maybe change the signature But basically it's going to write that it's stream box. It's going to save real media But if you know stream box, you know, you know the version of real player. It's going to put there Windows media very first of all It connecting the internet with your desktop is probably the stupidest thing ever I don't care if you want to put active content in your desktop. That's just it seems retarded Because you can use mms slash slash and a lot of applications like video editing programs You could actually take a video like, you know streaming from an mms mms server Put it into like a video converter. Um, what I included with my talk is uh stoic and um You can like just convert it to an avi file on the fly from the media server It's so wrong. You like feel dirty when you're done. You go to the shower. You're like, oh, I gotta clean um So but it it comes with windows 2000 um Like when I installed it it doesn't require any configuration. So right there off the bat, you know, it's not secure I mean if you don't have to configure it that means everyone has the same um And it doesn't log like I I've seen like Old grandmothers go in the forest and log better than windows media Um, okay. This is stoic. All right. There's this screenshot from my desktop as you could see it's kind of like small but um, yeah, that's coming from stream tech tv com And uh, I saved it to like an avi file Um, basically I got this pop-up window right and like, oh, let's put pop-up windows for players So we can advertise all over it Um, but basically you just have to siphon this html look for like the embed tag And you're going to find the mms url playing it's right there It's not that hard. It's like, oh, uh, graphic graphic advertisement mms stream You know, so once you find that you plug that into stoic And then once it's in stoic you can actually choose What codec you want like so you could change it into windows media file or you could choose it like, you know Avi file you could do whatever you can like enhance colors Really cool. And it's a free program um asfr This is supposedly asfr recorder. I wanted to cover this because I thought it worked Um, it doesn't work very well What happens is um, it's basically a wget for Http and mms It supports chinese japanese and korean characters in it, which I thought was cool But I don't speak any of those languages either. So the fact that like you could put it in there. All right, right features um It'll fix all this stuff like it'll basically log a resume file So if you ever get disconnected it'll still resume really cool stuff in it But all my like data files like downloaded actually came like corrupted So i'm not sure if i'm doing something wrong. I mean like windows is really tricky. So I don't know Uh, but basically you could you bring up asfr in a file And just like this like like a wget stream blah blah blah blah and once you oops sorry oh man all right, basically um When you when you wget it it gives you an image like this like just like wget or uh links dump or something It tells you the percentage that's coming down Um, it doesn't work very well. You can try it at home Tell me what if you can get it to work then email me and go you're stupid Um, how do you protect this stuff from like being stolen from windows media? Maybe proxying it. Um, I talked about ideas about sequential files Because when I go through a site, I'm going to pretty do it like sequentially I'm going to go one file one file one file one file If I saw that on my windows media server, I think hey someone's stealing no one watches video video video video They're going to watch video Britney Spears, you know, whatever Um, three or i'm just add, you know, so like I won't be able to just video sequentially um Let's say oh basically this was me trying to grab from my home media server the upgrade video I was seeing if they actually played on the system then I went to go looking through my logs That's just the admin program Hmm. It must be in this log No How about this one? No You're good windows. All right Um When you go through the help file going hey, where's my logs? It has a help file like this and it tells you what it logs Nowhere on here says the player It just tells you when people are connected and what their ip is like big deal I could do that with a sniffer or I could do that with anything an id s but um Basically windows doesn't do crap um How to grab mp3's mp3 files are really cool and the fact that I just stumbled upon this I didn't even look for it. Um, you could basically steal mp3's from shoutcast Which really pisses off internet people? um Like you could do it with like inside winamp um You could only do in certain versions of winamp and um Winamp 3 it really isn't that great anyway That's winamp if you've never seen it before you Napster people There was this plug-in that was developed for uh For uh, uh winamp basically was disk writer and file writer Um, no one really used these that much and what you would do is actually Enable it and instead of having wave output. They would actually write to your disc So if you're connected to the you know the internet and listening to Like some great radio station you're going to actually write that to your drive and it's really cool Um, basically file writer has this kind of config Where you can actually choose what kind of file format you want to write in? Um, you could actually config it pretty well too um Basically, there's this other program stream saver. It was it was okay It was uh, I just tried it out just because I thought I needed another program to steal with Um, it's really simple. You know, you could try it out on the disc um Okay, this was the bad news. I was crying when I heard this They winamp corrected the disc writing thing They realized that people out like me were out on the internet Stealing from shellcast servers. So they said okay, we're going to write a little plug in there So it doesn't let people steal from shellcast. Good news stream ripper came out So basically you can this is a source forage project You could actually load this up next to your real or your winamp Play the song through wave and also write it to the disc at the same time and it's really good um It the only problem I found it's it really loads all the time when you load up winamp and you're like I don't want to steal I just want to listen to justin um So Basically, this is stream ripper. Like I said, it like has this little pop-up next year and it doesn't even go come on How unfashionable is that? um This is another program free amp. This is really good too. It's free and actually Um has config to write to the disc and then also has like hey save shoutcast streams locally Well, that's convenient I don't know how they get away with it, but you know Xms if you use linux this will work too as you can see I like to have the files down there like It has the Right there at the bottom output plugin and you basically write it to the disc The only problem I have experience with this is if your internet stream buffers Or if you're like you can't do this on modem. Basically, you have to have a high speed stream Uh, it will have some problems But programs like uh free amp will actually split when it hears silence. So it'll actually make tracks for you It's just so cool. Um, how do we protect mp3 streaming? Well If you put it on a page, you know, you gotta watch out because someone could site in your html and see like just links Or they could see the m3u files or something like that Again, you could use like ht access ht access is really cool because you you're like superior and you can think about your big Admin going I don't want you seeing my content. What are you going to give me? um disc writing a file plugins don't work so that like limits Some of the the hackers that are going to come hit your site But basically it's if you're going to run a streaming media server you you got to get into like It's a server you understand like servers need security and if you don't have security I'm going to be like ha ha. I got your baby pictures or and I like stupid stuff like that or like, you know getting video of You know you and your husband, you know, so you got to like protect the servers Watermarking is like really good. Um security through obscurity is sort of a solution um when you want to decide um On the security or basically decide on the streams you want to decide on what kind of security How much are you willing to invest in this? um By like just putting a streaming server up if you don't have to configure it. It's probably a really a bad idea um Basically, I think that's all I have I have like lots of links So like hopefully this goes out on the web and stuff But basically all the links that I kind of went through um And if anyone has questions because I bet there's a lot of them. Um, we can go through questions Okay Okay From rhapsody. Um, how are you playing it from rhapsody? I would use a sniffer on windows And basically follow the html stream sometimes they use cookies so you could fake the cookie by writing it into a file but uh Basically, uh, that's what I would do it I'd actually use like iris or something because iris will actually list the file name and you could probably click on that and download it Now they don't write it like in a format that it'll understand You're you have to edit that file like you have to snip it at the hex You got to like hex edit it basically It depends on the program that you actually encode it with there's different types of watermarking You could even impose a logo on it if you want You can you can do that through different programs like they're all cost a lot of money if you do that kind of stuff Like um, there's but there's four different, uh companies who actually invest in watermarking technologies Now most watermarking technologies often only Work on one platform. They like oh, we'll only work for windows or they'll only work for mac I haven't seen any watermarking technologies that go cross platforms I don't know them off the hand Go ahead No Well, I'm sure you could do that with stoic as well Because stoic does let you convert You know like convert the video and you could actually keep this windows media and strip out a lot of stuff also well, um Like I did for digital club network We actually did a like a sequel server to have all the media on and that fed the media through tomcat And basically you could not get to the back end. I still like to this day I try to get in and figure out where it's coming from But they're naming all their files like id numbers with hashes and stuff like that I think it's really boring when you have to write stuff down. So I don't do that stuff like, uh I that's the most secure way that kept me out. I would do something like that. It takes a lot of administration doing like, uh like Sequel admin, I hate sequel stuff. So but that's the easiest way to do it to hide videos um That's what I would do Oh, you can't you can do like certain programs like, um What have I been using? tpm g or nah Uh tsunami empag encoder um, that will actually uh strip down empags And you can move it to a like a Mpag one or an mpag two if you want or mpag four you could do anything you wanted I haven't seen it down to avi But um, I wouldn't want to put anything to avi unless I was going to convert it into something else Once it's mpag, it's pretty good um And if you want to encode in real, I'm sure their newest encoder will do mpag two so you can convert it into the real player the The the real player encoder is actually free for what uh streaming web format Um, they have little like uh purchase plans for like the other plugs You know like you can only do two speeds or something like that But if you're just going to run a website like 80k or something like that Um, I would just use real player because it's pretty light and a lot of platforms can use it There's a lot of info there um I I don't know which way you want me to approach this right now Oh, uh, how they're doing their digital rights management Um real networks What they were doing when I was trying to do digital rights management was they actually had a third party come in And do the digital rights management and it was token based But you know like I haven't seen anyone do that in a long time Doing digital rights management with real video I don't use real one. I've never used real one. Um, and that's not because like I I don't have the energy. It's I don't feel like paying 20 dollars just to even experience real one I think that's really wrong. Um, I don't understand where it's like it turned into adult check You know for news sites It's true and it's bloated and you can't really like it's weird interface. Um, it it doesn't work on linux but The I haven't seen any improvements in the real one player except for the n peg for stuff That was really cool. Like I could actually do that But I haven't been able to find that like auto size kind of feature that the other real players had where it was like borderless Um, that was really cool. And I can't do it in real that real player. So But uh More questions Yeah See, uh, we looked at that and you can do like I mean that's Going really low level like you can actually hook up the sound card and like plug into a dat tape and We looked at like actually on a linux box optics was really smart with this and he actually uh It's telling me that you can actually get it off the disc and stuff like that But hey, if it's right out there, you know with these tools, that's laziness, you know Like just go for the tools instead people worked hard creating those streaming, you know stealing tools for you Yeah, and it's actually included with my presentation and uh, there's actually examples and stuff like that also And any more questions? Okay, I think I'm going to get out of here If anyone wants to find me I don't look like Oh Basically, that's my email address. I also I'm molak.org molak.tv tommy.net And uh, you'll probably see me stumbling around later So thanks