C program for decoding headers and stream key?

[lovgrandma]

I have been building an RTMP proxy in Golang. I have built the handshake but even fi I turn the entire incoming bytes to a string nowhere in it is the stream key


See here:
Data ☻♦☺►♥�¶☻connect?�♥♥app☻♠stream♦type☻
nonprivatflashVer☻▼FMLE/3.0 (compatible; FMSc/1.0)♠swfUrl☻↨rtmp://127.0.0.1/stream♣tcUrl☻↨rtmp://127.0.0.1/stream


No where do I see stream key which is:
d319637b-ac26-4fbf-b90d-4d2ea4c4d21f

Wondering if there is a C program that can just extract these headers and stream key? More importantly the stream key, i can extract headers as needed.

 

[AaronD]

Don't have anything to help, but:

...stream key which is:
d319637b-ac26-4fbf-b90d-4d2ea4c4d21f

I hope you're not doing anything serious with that key, because now anyone can stream to it. Nothing else required.

The stream key is like a password, and should be treated accordingly. Which *might* be why it doesn't appear in plaintext???

 

[lovgrandma]

Don't have anything to help, but:

I hope you're not doing anything serious with that key, because now anyone can stream to it. Nothing else required.

The stream key is like a password, and should be treated accordingly. Which *might* be why it doesn't appear in plaintext???

This is my local machine it doesn't matter. I built the infra for setting private keys per each user

I am reading into RTMP chunking

 

[AaronD]

This is my local machine it doesn't matter.

It's not a password for your local machine. It's a password for your streaming account. If I put that key into my copy of OBS, then I can stream to your account. Your computer is not needed at all, nor is your login.

At any rate, I would still not expect the key to appear in plaintext, or even trivially obfuscated. I'd expect it to be cryptographically secure, because of the previous paragraph. Good luck extracting *that*!

I built the infra for setting private keys per each user

???

 

[lovgrandma]

It's not a password for your local machine. It's a password for your streaming account. If I put that key into my copy of OBS, then I can stream to your account. Your computer is not needed at all, nor is your login.

At any rate, I would still not expect the key to appear in plaintext, or even trivially obfuscated. I'd expect it to be cryptographically secure, because of the previous paragraph.


???

....

I am building an RTMP livestreaming server. I am processing incoming RTMP streams on a golang service that I have built to transcode multiple livestreams into flv playlists at a time. I am now making an RTMP proxy to redirect streams to the appropriate port and I must decode the stream key.

I made the stream key. Each user has it generated when they create a user and it is stored in my postgres database. It is all on my local machine. It doesn't matter that the world knows my key because I am running this infrastructure on my machine, which of course has no tunnel to the WWW. I am hosting the infra for streaming locally to be deployed to production and I built the infra for setting these private keys, being used as stream keys for each user.

I am using RTMP, not RTMPS so it should not be cryptographically secure. I just need the functionality for decoding the stream key.

In any case I am able to decode some strings using the AMF0 spec https://rtmp.veriskope.com/pdf/amf0-file-format-specification.pdf

But no where do I see the stream key I put in OBS

Length 7Text connect
Length 6Text stream
Length 10Text nonprivate
Length 31Text FMLE/3.0 (compatible; FMSc/1.0)
Length 23Text rtmp://127.0.0.1/stream
Length 23Text rtmp://127.0.0.1/stream

 

[AaronD]

That makes sense now. Thanks!

Unfortunately, I can't really help though, except to say that the key encryption and content encryption are not the same thing. I still think the key is secure, even if nothing else is.

 

[lovgrandma]

I can just add the stream key to the URL but I would like to use the stream key input that these types of streaming softwares come with so if any engineers at OBS can assist that would be appreciated.

This is in initial CONNECT RTMP chunks after handshake.

 

[lovgrandma]

I think it is in "play" or "publish" RTMP chunks not "connect". Nevermind.