Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Software Your Rights Online

Clean-Room RTMPE Spec Created From rtmpdump 115

lkcl writes "A clean-room RTMPE specification has been created using the source code of rtmpdump-v1.6 for guidance. Adobe recently issued a DMCA take-down notice against SourceForge, resulting in copies of rtmpdump hitting quite a few bittorrent sites worldwide."
This discussion has been archived. No new comments can be posted.

Clean-Room RTMPE Spec Created From rtmpdump

Comments Filter:
  • good job for all those involved
  • Why? (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Saturday May 23, 2009 @05:41PM (#28070273) Journal
    IANAL, etc. but my distinct impression was that cleanrooming wouldn't(outside of curious edge cases) save you from the DMCA. For copyright claims, the more layers of cleanroom, the better; but the DMCA only cares if the code constitutes a circumvention device or not. It could be based on a cracked copy of some proprietary adobe tool, OSS based on network sniffing of the proprietary tool, written according to a spec based on the OSS implementation, or, for that matter, produced by the Oracle of Delphi based on instructions from Olympus.
    • Re: (Score:3, Insightful)

      by h4rr4r ( 612664 )

      That is easy to deal with, just hand off the spec to a developer outside the USA. The DMCA does not matter anywhere else.

      • Re: (Score:3, Informative)

        That is easy to deal with, just hand off the spec to a developer outside the USA. The DMCA does not matter anywhere else.

        Unless they have their own DCMA. Trade agreements tend to make these things spread to other countries.

      • Re:Why? (Score:4, Insightful)

        by fuzzyfuzzyfungus ( 1223518 ) on Saturday May 23, 2009 @06:34PM (#28070565) Journal
        True enough. In that case, though, why bother with the cleanrooming? rtmpdump can simply be hosted offshore, as I'm sure it already is.
      • by tepples ( 727027 ) <tepplesNO@SPAMgmail.com> on Saturday May 23, 2009 @07:09PM (#28070709) Homepage Journal

        That is easy to deal with, just hand off the spec to a developer outside the USA. The DMCA does not matter anywhere else.

        Unless other major developed countries have legislation substantially equivalent to 17 USC 1201, as MichaelSmith pointed out. France has DADVSI, for instance. The United States government has been pushing such legislation as part of "free trade" agreements with several countries. And even if the spec is reimplemented in a country with no DMCA-alike, it also matters once the implementation is imported into the United States.

      • by 0xB00F ( 655017 )

        That is easy to deal with, just hand off the spec to a developer outside the USA. The DMCA does not matter anywhere else.

        Try telling that to Dmitry Skylarov [cybercrime.gov].

    • IIUC, DMCA take-down notices only apply to copyright infringement. They are not applicable to "circumvention devices". That is a different part of the DMCA.

      I say again this is not a take-down notice. It is more likely a cease and desist. (I can't find a copy of the letter so I can't be sure about that.)

      • Re: (Score:3, Informative)

        by LocalH ( 28506 )

        http://www.chillingeffects.org/anticircumvention/notice.cgi?NoticeID=25159 [chillingeffects.org]

        It's a takedown. Technically, based on the letter itself, I think they abused this one.

        • Re: (Score:3, Interesting)

          by mdmkolbe ( 944892 )

          Thanks for the link, but is it a proper takedown?

          I think the problem hinges on the use in the law (17 USC 512) of the phrase "material that is claimed to be infringing or to be the subject of infringing activity" (emphasis mine).

          The rtmpdump does not infringe on any of Adobe's rtmp copyrights and Adobe don't claim it does (see section (a) of the letter). Thus Adobe must be claiming that rtmpdump is the subject of infringing activity. However this raises two issues.

          First, does Adobe own the copyright on an

    • by haruchai ( 17472 )
      Oracle bought Borland,too?
    • > DMCA only cares if the code constitutes a circumvention device or not.

      A DMCA takedown notice, which is what Sourceforge received, is about copyright infringement. It is not about circumvention. Read the notice posted at ChillingEffects. Adobe has asserted that the RTMPE documents hosted at Sourceforge infringe its copyrights. If they are clean room implementations this cannot be true.

  • WTF is RTMPE? (Score:5, Insightful)

    by Anonymous Coward on Saturday May 23, 2009 @05:41PM (#28070275)

    If you're going to post an article about some obscure bullshit nobody's ever heard of, you could at least give people some hint at WTF you're talking about. "RTMPE" doesn't even show up on Wikipedia. God forbid you elaborate your terse, two sentence summary.

    • It does, however, show up in a Google search [lmgtfy.com]. You had the initiative to check Wikipedia, but you were too lazy to check Google?

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        You're missing the point. Providing an introduction to what you're about to discuss is covered in probably 5th grade English. It's pretty basic shit.

        If the "editor" or submitter wanted me to take their information seriously they should have given some idea of what they were talking about. As it stands, all I got out of the summary was "OMG! Here are some links to illegal content on torrent sites." If it's as important as they seem to think, maybe they should expend the extra 30 seconds of effort and

      • Re:WTF is RTMPE? (Score:5, Insightful)

        by hazem ( 472289 ) on Saturday May 23, 2009 @07:25PM (#28070791) Journal

        It's a common problem with the summaries on slashdot that less-common acronyms are not explained. The world of nerds is pretty vast and it's impossible for all of us to keep up with every possible acronym, system, software, etc.

        It would have been trivial to add ", a proprietary protocol developed by Adobe Systems for streaming audio, video and data over the Internet," right after the first instance of RTMPE and it would have made the summary much more useful and informative.

        • Re: (Score:1, Flamebait)

          by Hurricane78 ( 562437 )

          When you can write a whole comment, you can also fill the holes in your knowledge, by looking it up.
          Oh, and if you do not knew it, because you do not care, why did you open/read it then?

        • Like providing a link to what it is where it says the word RTMPE, just in the old says of 1994 html. Where people did place more active links to blocks of text. Even a tooltip cannot hurt really. Or a moreinfo icon.

          Who is lazy now? the author or the consumer?

          But I forget, we dont expect much professionalism of design or human aesthetics here, it is a techy site, where like man pages can be written poorly.

        • It would have been trivial to add ", a proprietary protocol developed by Adobe Systems for streaming audio, video and data over the Internet," right after the first instance of RTMPE and it would have made the summary much more useful and informative.

          That would imply /. has editors.

        • by mishehu ( 712452 )
          My favorite tech acronym: PCMCIA

          People Can't Memorize Computer Industry Acronyms.
          • by MikeDX ( 560598 )
            It's a close call between that, and TWAIN Technology Without An Inteligent Name... Of course then there's SCSI which (apparently) was meant to sound "SEXY"
            • by Fred_A ( 10934 )

              It's a close call between that, and TWAIN

              Technology Without An Inteligent Name...

              Of course then there's SCSI which (apparently) was meant to sound "SEXY"

              I've always heard it pronounced as "scuzzy" or spelled out. Maybe it's a Euro thing.

              • by steveg ( 55825 )

                It's not. Pretty much everybody calls it "scuzzy", but that doesn't mean the originators realized that would happen.

        • I don't know, when an explanation is provided, it just irritates me. For instance, if they'd put "An session-aware, sockets-based protocol which delivers most Internet traffic" after every mention of TCP. It's that kind of dumbing down -- and it inevitably is dumbing down, as you're generally trying to explain in one sentence what would really take several paragraphs (or a book) -- that often leads me to believe the mainstream press has no clue about technology.

          Again, you're already on the Internet. Chances

        • by lkcl ( 517947 )

          unfortunately, that would entail agreeing that it is a proprietary protocol, when in fact it is a bodged use of industry-standard crypto primitives (Diffie-Hellmann, HMACsha256 and RC4) to give the clients who buy FMS3 the illusion of security.

          the lack of man-in-the-middle attack protection, the use of magic constants and the reliance on information that is publicly accessible all make it really difficult to accept the word "proprietary".

          unless you redefine the word "proprietary" to be synonymous with "shit

      • by haruchai ( 17472 )
        How this this get modded up to 5+ Insightful? The poster didn't open the first link nor did a Google search. True, the article post didn't spell out what RTMPE is but it did clearly state that Adobe issued a DMCA. Since Slashdot has seen fit to give considerably more mod points, perhaps it could also raise the bar on posts. Too many posts get modded up to 5 far too quickly and the meta-moderation doesn't happen fast enough
        • The commenter went to more trouble than the story submitter and shouldn't have to. Furthermore, this story is stupid and boring, as is your post.

    • by bonch ( 38532 )

      It doesn't matter. All that matters is that the story has the word "DMCA" in it and embarrasses a company. Bam, instant front page Slashdot story.

    • If you're going to post an article about some obscure bullshit nobody's ever heard of, you could at least give people some hint at WTF you're talking about. "RTMPE" doesn't even show up on Wikipedia. God forbid you elaborate your terse, two sentence summary.

      ok, who gave this anonymous douchebag a +5 insightful when they didn't even have the common sense to use the google.

      good grief.

    • Re: (Score:1, Flamebait)

      by Khyber ( 864651 )

      If you're going to read a geek site be up on your terminology or get the fuck out.

      That is all, Mr. Moral Orel.

    • by bcmm ( 768152 )
      Summary assumed you already read Slashdot?
    • by hitmark ( 640295 )

      Try RTMP then:
      http://en.wikipedia.org/wiki/Real_Time_Messaging_Protocol [wikipedia.org]

      First result google gave...

    • "RTMPE" doesn't even show up on Wikipedia.

      Sure it does [wikipedia.org], you insensitive clod

  • by Anonymous Coward on Saturday May 23, 2009 @05:43PM (#28070283)

    Rob Savoye (long time GNU developer) talks at FOSDEM 2009 about how he did the cleanroom reverse engineering of RTMP, on which rtmpdump is based.

    Also he mentions about how wireshark includes an RTMP decoder based on his work.

    http://www.fosdem.org/2009/interview/rob+savoye

    Can't seem to find the link to the video of the actual talk, but it must be somewhere around there.

    http://www.fosdem.org/2009/schedule/events/reverse_engineering

  • RTMPE? WTF! (Score:2, Informative)

    by Anonymous Coward

    OK WTF is that all about and should I care?

    Subbys, please don't assume everyone reading your article is as clued up as you and do try and add a little explanation to your text - especially if you use abbreviations.

    Yeah, I could Google it, but that would be like needing an encyclopedia by your side just to read a newspaper.

    • Re:RTMPE? WTF! (Score:5, Informative)

      by Qubit ( 100461 ) on Saturday May 23, 2009 @06:15PM (#28070461) Homepage Journal

      OK WTF is that all about...

      RTMP is the Real Time Messaging Protocol that Adobe has developed for streaming stuff over the Internet.

      Red5 [wikipedia.org] is a Free Software (LGPL) implementation of the RTMP.

      Cygnal [gnashdev.org] is the Gnash project's [gnashdev.org] RTMP server (also Free Software).

      Also see more docs on RTMP on the Gnash wiki [gnashdev.org], and RTMPE on this other wiki [multimedia.cx].

      ... and should I care?

      Would you like to have control over the software that you run and use? Are you concerned about your software and/or hardware implementing things like the Broadcast Flag [wikipedia.org]? Do you believe in Free Software because it gives you control over your computer?

      If you answered "yes" to any of those questions, then you probably should care, as what's going on right now is making it difficult or impossible for you to run Free Software (or even to pick software) to interact with the RTMP protocol -- a protocol that a given website might require you to use to interact with their media content.

      • Is there some reason why you cant just copy the video file from your browser cache (like you can do with other streaming video files) ? Otherwise this seems trivial to work around.

    • by Grendel Drago ( 41496 ) on Sunday May 24, 2009 @10:03AM (#28074847) Homepage

      I, also, was confused. This is the issue, as I understand it after reading some of the links.

      Copyright holders want to be able to paste something resembling their previous business model onto the internet. The urge is understandable, but it's not really a plausible goal--consider the hoops that had to be jumped to get books on the Kindle--so we see attempts to enforce the business model with laws rather than code.

      More concretely, if you're just sending a regular old HTTP request to get some flash video, it's vulnerable to a trivial replay attack--just resend your request from your downloader. Adding cookies makes the replay attack only slightly less trivial. So, Adobe engineered their own (presumably obfuscated; I haven't looked) protocol, RTMP. It was reverse-engineered. Adobe then released an encrypted variant of RTMP, RTMPE.

      RTMPE was, of course, reverse-engineered, but because it used cryptography, it's apparently covered under the DMCA, and so Adobe can sue people who explain how to get around it.

      The fundamental problem is that data is being sent to an untrusted player on an uncontrolled host. Without something like Trusted Computing, it's impossible to completely prevent users from doing what they want with data that you send to them--which is why this is a DRM issue.

      In short, it's the same DRM story. Companies try to use bound-to-fail technologies to prevent users from doing what they want with data on their own machines--usually, this means copying it--and when this inevitably fails, they start suing people. We're at the "suing people" stage.

  • by bertok ( 226922 ) on Saturday May 23, 2009 @05:55PM (#28070355)

    Clearly, Slashdot editors are strategically shaved monkeys trained to click "accept" or "reject" in exchange for bananas.

    Define obscure acronyms in the articles!

    RTMP is the Real Time Messaging Protocol [wikipedia.org] used by Adobe Flash

  • by Sir_Lewk ( 967686 ) <sirlewk&gmail,com> on Saturday May 23, 2009 @05:56PM (#28070367)

    59KB is kind of absurdly small to justify a torrent, but what the hell, I'll seed it.

  • Vote for it (Score:2, Interesting)

    by masshuu ( 1260516 )

    We need people to nominate it on sourceforge

    heres a handy dandy link(everyone who reads this should vote for it):
    http://sourceforge.net/community/cca09/nominate/?project_name=rtmpdump&project_url=http://sourceforge.net/projects/rtmpdump/ [sourceforge.net]"

    • I just went and nominated rtmpdump, and you, dear reader, should go nominate them, too!

      I would find it deliciously amusing if we could get the /. editors to post this link as a new article, seeing as how /. shares corporate overlords with SourceForge.

      • Why did Sourceforge take the project down? The project was a clean room reverse engineer. Therefore it did nothing illegal; they stole no code.

  • Adobe hasn't read 'How to win friends and Influence people'
  • by Qubit ( 100461 ) on Saturday May 23, 2009 @06:24PM (#28070503) Homepage Journal

    Just as Prof. David Touretzky has his Gallery of DeCSS Descramblers [cmu.edu], perhaps some other CS Prof would like to put up a website talking about the protocol?

    I haven't looked at the code yet, but I'd assume that the bulk of it is considered acceptable by Adobe. So what small piece of it is the target of Adobe's DMCA takedown? Is it something that we can put on a T-shirt? :-)

    • by lkcl ( 517947 )

      i've done an analysis (and updated the document). RTMPE is nothing more than a way to link content with the original SWF file (by way of its hash and its size), and an SSL-like end-to-end secrecy algorithm.

  • by Anonymous Coward on Saturday May 23, 2009 @07:21PM (#28070773)

    Here is some more detailed info on the RTMPdump DMCA takedown.

    http://linuxcentre.net/rtmpdump-can-be-used-to-download-copyrighted-works-like-a-web-browser/ [linuxcentre.net]

  • we needed another reason _not_ to use flash...?
  • by lkcl ( 517947 ) <lkcl@lkcl.net> on Sunday May 24, 2009 @07:02AM (#28073797) Homepage

    i've updated the RTMPE.txt document, after doing some analysis this morning. there are two aspects to it: one is an end-to-end secrecy algorithm that is similar to SSL; the other aspect links the size and a hash of the original SWF file (through which the content is supposed to be streamed) into the handshake process.

    there are no passwords used. there is no security. there is no authentication.

    conclusion: RTMPE is definitely not a copyright protection mechanism. all the information needed to obtain the content is publicly available.

    • Re: (Score:3, Interesting)

      conclusion: RTMPE is definitely not a copyright protection mechanism. all the information needed to obtain the content is publicly available.

      Sadly, I don't think the former doesn't follow from the latter--you don't need to be a good or even plausible system to be considered a copyright protection mechanism.

      By the way--thank you for doing this work. It's usually pretty thankless, and it has the potential to piss off armies of lawyers. Thank you.

  • For the record,

    yet another mirror [zapto.org]

    well outside the reach of the DMCA and also of software patents in particular.

  • About two years ago we were trying to create an h264 streaming solution since flash had just implemented it. Things were going well encoding wise, but streaming h264 was a nightmare because the only protocol flash would let you stream it from was RTMP. And guess what, adobe wanted thousands for it's use (licensing was based on concurrent users IIRC).
    I had a look at a few attempts to create RTMP servers but they were all in the alpha stage, and would mostly just get stuck in a loop. We even went so far as t

Kiss your keyboard goodbye!

Working...