 So, oh, I just wanted to say real quick while I'm drinking this shot that I made this Gmail address just for this talk So, you know if you're gonna try and hack my Gmail There's nothing good in there except things that you guys email me and go ahead. You can contact me if you want drink Okay, so what's up the name of my talk is ripping media off the wire It's a step-by-step guide if you guys have all the tools and soul on your laptop You can actually just follow along and try and do this right now Otherwise, you know, if you miss something then my slides will be available online. You can follow along then if you like forget or something All right, so let's get started First of all, who the who the hell am I? I'm honey These are my like credentials here. I'm a network administrator I've been for four years and I'm also a professor at John Jay College an adjunct professor That's in New York City in case you didn't hear my accent already I'm also a research assistant for a ballistic research grant and I'm about to study forensic computing masses in the fall and Yeah, I got a CIS and electronic engineering computer networking. All right, I guess I got some skills. I got some I Guess some skills There you go. That's who I am What's the scope of this talk? This talk is gonna walk you through how to download MP3s from my space and from YouTube and we're also gonna talk about the lack of security and protected streaming All right, so the tools that I use for this the role GNU tools W get Firefox The add-on for Firefox called HTTP Fox, which is awesome RTMP dump and This converter that I've used there's other converters, but this one's called convert flu. I mean FLV to MP3s now There's DM there's DMC is right now on the RTMP dump and also when I originally wrote the white paper for this Like convert FLV to MP3. There was a website. You could download it. It's gone. The website is is gone So, you know, I just suspect that there's a DMC takedown on that as well, but you guys are hackers I'm sure you can find the tools so Just a disclosure about this talk Because this presentation describes methods to download protective materials and I'm doing this talk in an effort to raise You know the lack of security and protected streaming All the music that I'm using in my presentation. I actually got permission from the artists themselves so that was pretty cool and Any illegal use of the methods by you know any of you guys like I'm not responsible for that and a legal statement This presentation does break the terms of service for YouTube my space the digital millennium acts and But that's only if you If you download copyrighted materials, you know and not everything on YouTube is copyrighted if somebody has a video of their dog Rolling over and over, you know, that's not that's not protected So if you decide to download, you know, Jay Z's, you know, protected media, well, then you're breaking the law Okay Before we begin There's a couple of I don't know questions that I just want to like answer ahead of time Some people are like, what is the point of this? I use line where what is the point of this? I have a use net account or what is the point of this? I use, you know different Converters, but there's a couple good points about why this is interesting Like the third-party plugins, they're not always reliable or kept up to date on changes. Okay, so like grease monkey I think their last update was like in April. All right, so if my space or YouTube if they change their implementation, you know on On their servers then like, you know, you have to wait for that plugin to be updated in order to use You know use the plug-in. They're not always updated that fast For people who like use online websites in order to Convert stuff like how do you know that, you know, that third-party is not injecting stuff into your mp3s or media? you're trusting someone else and You know online wire like do you have an md5 some on like the mp3? No, you don't because you're obviously like pirating it so you don't have the mp3 are ready to check so and This presentation is not intended to encourage piracy even though I'm talking about it, but it's more about the Distimation of data that is supposed to be you know protected streaming and it's not really protected. So All right, so let's just get some Definitions out the way my space uses on the RTMP protocol So what is that actually using RTMP protocol? But what is that? It's the real-time messaging protocol. It's a proprietary protocol by Adobe There's three variations of RTMP RTMP itself, which runs over port 1935 RTMP T which is used to traverse firewalls and RTMP s which uses our SSL Now the protocol that we're interested in from my space RTMP which is the encrypted real-time messaging protocol and it's a proprietary protocol of Macromedia For streaming video in DRM. It supposedly allows secure transfer of data without SSL and The reason why they implemented this is you know SSL slow But RTMP is supposed to solve that problem. It's supposed to be more easy to implement okay, so I Went to Adobe's website and I just took a couple of clips that they they have available on their website Because basically Adobe is recommending everyone to use RTMP and they're saying you know that It's providing protection from stream ripping which my demonstration is going to show that it isn't So yeah, that's I'm embarrassed for them. This is also from Adobe's website Where they're talking about you know, they're the recommending RTMP more they're saying it's robust okay, and the client picture there, you know, we have the server and it's You know talking to the client and then you know, then it's like playing it in in the client's Player, but like the tool that we're going to use which is RTMP dump RTMP dump basically acts like a proxy. It sits in between, you know, it captures all these requests from You know the servers and it pet it like It's does with the handshaking between, you know The servers and the client and then it compiles the whole file and then it passes the file down to the client So that's what I'm talking about. Well, well, I'll talk about that in a second. Let's see what RTMP does RTMP dump does This is from the man of RTMP dump So this is an ACP server that accepts requests that consist of RTMP dump parameters it It then You know does the handshaking and then it passes the file down to the client and This is also just from Adobe's website. I'm talking about DRM So they're describing DRM there that it's two elements encryption and access control Okay Now that we've got like the definitions out the way. Let's just see how to do this okay, so First how to get mp3 files from my space the first step is you have to install ATP HTTP Fox the Firefox plug-in use Firefox and The next thing you're going to do is you're going to start HTTP Fox and then you're going to browse your MySpace page So for my example, you know this band that gave me like the consent to use their stuff It's a local Brooklyn band. They're like not that well known So they're more than happy to give me, you know consent to have more publicity for their music So you can see at the bottom HTTP you started it's capturing Traffic there at the bottom and you could see you know, I'm playing music there All right, the next step is you have to traverse all this captured traffic So I tried to find something unique about the the URL that I captured so that you can always find it So the unique thing a string that I found was just if you search for get song Then it'll just return one URL and the get song is case sensitive The next thing you have to do is in ATP Fox at the bottom. There's a couple different options So the one option is content and if you browse through the XML file, you'll see you know path for an mp3 so copy that mp3 path and Please notice that It's proceeding. It's RT mp and then the URL, you know dot mp3. Just notice that for a second Okay, so the next thing you have to do is download RT mp dump if you don't have it already and here is the fun part So they're they're kind of tricky. It looks like it's RT mp, but it's not really RT mp It's RT mpe. So if you just change the URL to RT mpe and then run that command and RT mp dump You're going to download the file. So that's the syntax down there for RT mpe dump. It's the executable minus R because you're downloading like an RT mpe stream the only other option I think for RT mpe dump is minus host Then the modified captured URL and then the output of you know your flu your flu name. I Mean your FLV name Okay, so Here's my modified URL you remember before I said notice in the URL that I copied it's an RT mp I changed it here to our tmpe. I don't know if you could see that well, but I had it highlighted in red So now when I execute this command It's going to download the file anyone notice anything weird right here Do you remember like the URL that we copied? Any any hackers notice anything? Weird, I'll let you think on that for a second All right, so I run the commands and it starts downloading. Yay, and then now my downloaded has completed Now okay, so this is what you could have noticed is that the URL that I copied from HTTP Fox the RT mpe URL was a dot mp3, right? So why is my output an FLV? Why am I doing that you hackers could have noticed that like why don't I just download it as an mp3? The reason why you don't download it as an mp3 is because when you do download it as an mp3 The sound quality is really bad So if you use this converter to convert if you download as a FLV and then convert it to this the sound quality is perfect So I use this converter convert it and Now I have my file So do you want to see that in a video? Yeah, let's go for it There's no porn. Sorry. All right So I'm just googling for their MySpace page started HTTP Fox Started HTTP Fox Now I'm going to browse to their MySpace page. You can see all the traffic's coming through It's a lot of traffic every single icon and thing that's on the page Now I'm going to start the song playing Find the URL and all of this traffic. I'm going to do a search for GetSong, but remember it's case sensitive But I'm copying the URL. All right, so someone asked me they're like, why can't you W get the file if you have the URL? So I just I do what you shouldn't do here. You can't W get RTMP streams so I'm gonna show you that You can see what I went through basically to try and figure this out. I Tried all many different options So I'm W getting it. I forgot to put the final name in. Hi folks, my name is Cal I'm one of the senior staff goons here perhaps earlier today You've heard an announcement from priest about humans that have been our conference attendees that have been going into Katie's and doing a Dine-in dash and I'm in one case some folks rang up a bill of over a hundred bucks and then took off with that pain and it's happened multiple times and and We like this hotel so far and and we want to keep coming back so what we'd like to do is Pass the hat if you got a buck or two We've got a couple other senior staff goons that are gonna help Collect a couple bucks and then whatever's left over it has it on the covers of damage it goes to the EFF Okay, I'm gonna start Sorry, we started so we're just gonna have to watch this again for a second. Oh, yeah So this been great tiger. They originally their music was only available on my space And you know I tried the easiest thing to get their music which is just like ask them for it And I tried actually my friend rodent tried to we tried to social them to give us all their music but They wouldn't give it to us. So we have to find alternative ways Actually, they actually gave me a CD after this one this works for this. I mean, yes, you can Maybe they'll fix it. All right. So this is pretty much where I left off before that guy talked So I'm just saying, you know, it's gonna fail because I mean I'm W getting RTMP stream that doesn't work So there's the failure right there. It's not a supported scheme So then the next thing that I'm gonna try and do is I'm gonna just try and use RTMP dump and just download the MP3 without modifying the URL What happens then? That's just a Me saying exactly what I just said actually. Oh, no, that's my test MP3 I'm actually gonna show you to I'm gonna download as an MP3 and play it and you hopefully you can hear that the quality is It's not very good. And that's why I use the converter so that it's it sounds good Okay, so we're gonna expect that this is gonna fail because I haven't modified the URL and it failed All right, so now I'm gonna modify it the URL to include RTMP And it's gonna work there we go. All right, so now you can see the files are there Downloaded successfully But it's an MP3 and like I said it doesn't sound very good Sounds choppy So now I'm gonna run the same command again except I'm gonna download this as an FLV Downloads successful. I looked the file size is exactly the same. You know, it's different format And I'm gonna use the converter To convert it from an FLV back to an MP3 Successful. All right, now, let's see if you can hear the difference on the sound quality. I'm not done. I'm not done Sorry, you gotta keep sitting here Also, so now I'm looking at the file sizes of the two different files And you can see that when it's converted with the convert FLV to MP3 It is the file size. It's getting like repairs it That was our video intermission. So now we'll continue with the next part, which is from YouTube Okay, so how to get MP3 files from YouTube This is just like URL manipulation So the first step you're gonna do is you're gonna install a Firefox if you don't already have it You're gonna install HTTP Fox if you don't already have it You're gonna start HTTP Fox and you're gonna browse to the YouTube page that you want to extract media from So for my example again, I'm using a great tiger the Brooklyn band I'm using one of their videos so This this shot you can see there's traffic already captured there at the bottom and instead of doing a Search for a get song you can just do a search for get In order to traverse all the amount of traffic that you are capturing Get only returns one URL unless like you browse multiple YouTube pages So you're just gonna copy that URL and the next step is download W get if you don't have W get for some reason And we're gonna modify the URL So there's there's parameters within the URL that are extra that you don't need in order to try and W get the file And actually if you don't modify the URL and remove some of the extra parameter Well, no, they're not extra but the parameters that you've captured when you try and convert it. It won't convert properly So there have those syntax of what you need to put into W get W get minus open You know your file name that FL V and then the captured URL So here's the unedited unedited version of the URL you the URL you can see there's a whole bunch of parameters there the web page and Bunch of different parameters There's the URL again. So I Broke down each of the different parameters. So you have to there's get video Then there's a detailed page. There's T and some string of characters. It's 43 characters actually And then there's the FMT that has to do with like a resolution and then there's the video ID, which is like the actual video ID Then there's no flu and SFV So and when you copy the URL all of these parameters come out of order a lot of times So you actually, you know, you have to be able to identify That there's different parameters there They don't always come in the order in the example URL. They come all out of order with the exception of the get video one So let me just talk for a second here. So Originally when I did this white paper like a month ago, you only needed three Parameters you only needed the get video which I was gonna need you needed the the T and the 43 characters And then the video ID you didn't need the SFV but you know, I keep I kept trying my own presentation and make sure it still worked and The guys at YouTube they changed it Tuesday. All right, so Tuesday. I was like, oh my god It doesn't work anymore So I had to re-hack it and I figured out that you just you just need this other parameter too And then you can download it. So that's what I was talking about before were like, you know Grease monkey or something like like that. They changed it So I don't know if you know the the other add-ons if they're still gonna work They're gonna have to go update it re you know, put out the add-on that's gonna Successfully work But if you break out and understand these parameters and they're just like including them or not including some of them You can just hack it all on your own Okay, so I have my example URL and now I have my modified URL at the bottom and I'm just W getting You know this modified URL So there I'm putting the commands into You know what W get With my modified URL Executing it and my downloads complete and now I'm gonna convert it to an mp3 if I want it to be an mp3 file and Let's see a video of all that and like some of the things that don't work in it in my other video Okay, so I'm just going to YouTube and I'm gonna search for Great tigers video because it's really short for this demonstration I'm gonna start ATP Fox and then I'm gonna go to The video page. All right, so that was interesting now we have to Traverse all the captured data to try and find our one URL because you know that video is priceless a Patchy so first I'm going to try the URL without editing and any of the parameters and you can see how it fails Saying this should fail because I'm not going to edit the URL. I'm just going to try and straight W get it from YouTube So, you know file size is zero that they don't work So now I'm going to remove some of the parameters. So I need t equals some string I need get video. I need the video ID and then now just recently I need that ASV No, it is not always ASV equals three. Sometimes it's ASV equals two. It doesn't it doesn't matter though I got you still have to include it Rebellious of the number Yay So now I'm going to convert it into an mp3 So I can listen to it on my portable media device Hey successful. All right, so if you if you don't convert it to an mp3 if you open the FLV file in Winamp and also like VLC Plays if you rename it to an ABI file it also plays Well, at least those two meter pairs That was our second intermission All right, so the the conclusion about this DRM implementations, they're almost always going to fail without some type of special hardware on the client computer You know Adobe they should fix their protocol instead of doing DMCA takedowns on tools You know that are capturing the streaming and stuff like that You know that and they're recommending the RTM PE protocol over the SSL and they're you know saying it's robust And everyone should be using that and you know, it doesn't it doesn't protect against streamer bring The RTM PE protocol well its implementation on my space totally security through obscurity All right, I added the e and I can download stuff. All right, that's not that's not real security and It's susceptible to man in the middle of tax There's references and downloads. All right, so that's so that's my talk Do you guys want to do like a Revisit on like a back-in-the-day hack. It's kind of random, but um I'm actually just curious if like anyone knows about this All right in a second show. I mean, it's really kind of like a story, but Sorry one second. I forgot I set up a proxy on my Firefox. I'm just disabling it Okay, so um, does anyone remember the original like Sega console Where's images? I can't really see is it here? Did I did I mis-type it? No, the original say let me see. Thank you. All right, so I'm talking about this one All right, then it didn't anyone else have this like when they were a kid Yeah, wait raise your hands for real like show me love Yes. Yes. All right. So when I was a kid Figured out that like if you didn't put a game in the console and like you hit a bunch of different buttons on the you know on the remote it would take you into a An Easter egg that was in the Sega console So I love this game. I was like obsessed with this game I played all the time and it has really stupid music in it I'm and I actually I Found the game Someone someone not put it, you know used an emulator and they put it online Which I was like ecstatic about because I don't still have this a good console and like I was very disappointed that you know I didn't keep you know get to play the game. So I found online and I actually ripped the mp3 file out of You know just that being online and I gave it mp3 to great tiger And I'm like trying to get them to sample the stupid music that's in you know This game and I tried to explain to them that like no you can use it It's from like an Easter egg, you know the music from like an Easter egg game in like their original Sega console from like the 80s Like no one's gonna know but they don't uh, they don't trust me about that. I'm still waiting for them to sample it but um Let me see if I could find the game real quick for you Funny all right. So look at this. It's it's awesome. Yes. I can't see to play But The music sounds just like their title right so there's a time and there's like 13 rounds Which I can't play because I can't say I'm actually really good at this game So when you finally beat the 13th level on the game you get the email address of the programmer So, you know, I emailed them like oh my god. Thank you. I love this game. I'm so happy that you have it online You replied to it was awesome, you know, it's like a complete story He's like oh, I'm very glad that you like the game not a lot of people have beat the game. So All right, so that's it. I'm done