RTMP & RTMPE Protocols [email protected] 

RTMP • RTMP (Real Time Message Protocol) is TCP based protocol which is developed for streaming audio, video and data over internet, between Flash player and server • Stream was split into fragments. Fragment sizes are: • default: 64 bytes for audio, 128 bytes for video and others • but can change dynamically 

RTMPE • RTMPE (Real Time Message Protocol Encrypted) wrap RTMP session in a light encryption layer. • RTMPE using Anonymous Diffie-Hellman to provide verification mechanism between client and server • Adobe advertises RTMPE as a method for secure content delivery, but this claim is false 

RTMP Packet format 

6 7 8 9 10 11 1 2 3 4 5 0 Packet header full contains 12 bytes. But the size of header are can change 

chunk header type 0 

0 1 2 3 time stamp chunk header type 

0 1 2 3 6 4 5 packet length (bytes)not include header size chunk header type time stamp 

0 1 2 3 6 4 5 7 message type id chunk header type time stamp packet length (bytes)not include header size 

0 8 9 10 11 1 2 3 6 4 5 7 destination id with little endian order chunk header type time stamp packet length (bytes)not include header size message type id 

chunk header type 6 7 8 9 10 11 0 1 2 3 4 5 0 1 2 3 4 5 6 7 header type stream id 

6 7 8 9 10 11 0 1 2 3 4 5 0 1 2 3 4 5 6 7 00 12 bytes Specify packet header size chunk header type header type stream id 0 1 2 3 4 5 6 7 8 9 10 11 

6 7 8 9 10 11 0 1 2 3 4 5 0 1 2 3 4 5 6 7 00 12 bytes 0 1 2 3 4 5 6 7 8 9 10 11 01 8 bytes 0 1 2 3 4 5 6 7 chunk header type header type stream id Specify packet header size 

6 7 8 9 10 11 0 1 2 3 4 5 0 1 2 3 4 5 6 7 00 12 bytes 01 8 bytes 10 4 bytes chunk header type header type stream id Specify packet header size 0 1 2 3 4 5 6 7 8 9 10 11 0 1 2 3 4 5 6 7 0 1 2 3 

6 7 8 9 10 11 0 1 2 3 4 5 0 1 2 3 4 5 6 7 00 12 bytes 01 8 bytes 10 4 bytes 11 1 byte 0 chunk header type header type stream id Specify packet header size 0 1 2 3 4 5 6 7 8 9 10 11 0 1 2 3 4 5 6 7 0 1 2 3 

6 7 8 9 10 11 0 1 2 3 4 5 0 1 2 3 4 5 6 7 00 12 bytes 01 8 bytes 10 4 bytes 11 1 byte 0 Other missing field derived from above message chunk header type header type stream id Specify packet header size 0 1 2 3 4 5 6 7 8 9 10 11 0 1 2 3 4 5 6 7 0 1 2 3 

6 7 8 9 10 11 0 1 2 3 4 5 message type id 0x01 Set packet size 0x03 Bytes read 0x04 Type control 0x05 Server bandwidth 0x06 Client bandwidth 0x08 Audio type 0x09 Video type 0 

6 7 8 9 10 11 0 1 2 3 4 5 message type id 0x01 Set packet size 0x03 Bytes read 0x04 Type control 0x05 Server bandwidth 0x06 Client bandwidth 0x08 Audio type 0x09 Video type 0x0F Flex stream send 0x10 Flex shared object 0x11 AMF3 message 0x12 Info message 0x13 Shared object 0x14 AMF0 object 0x16 Flash video 0 

Action Message Format • AMF was binary format use to serialize object and XML • AMF contains many pairs key/value key: type String value: has many types depend on AMF0/AMF3 

Hand shake • Handshake was performed after TCP connection establish • Base on handshake phase, client and server can determine protocol is RTMP or RTMPE • In handshake, client and server exchange 3 messages 

Hand shake RTMP 

Client first exchange Bytes Description 0 command 1:1536 random bytes Command byte: 0x03 unencrypted (RTMP) 0x06 encrypted (RTMPE) ox09 undocumented Random message 0:3 32-bit system time 4:7 client version 8:11 obfuscated pointer to Genuine FP key 12:1531 random data, 128-bit DH key 1532:1535 obfuscated pointer to 128-bit DH key Generate DH key + Calculate location of DH public key base on last 4 bytes + Generate DH private and public key and replace 16 bytes (128 bit) from the location with public key Generate Client digest + Calculate client digest location base on bytes 8-11 + Generate client digest using HMACsha256 algorithm and replace 32 bytes from digest location with the new one Algorithm was described more details at http://lkcl.net/rtmp/RTMPE.txt Hand shake RTMPE 

There are 2 server message come to client First message have 2 types of format Client read server message and calculate server public key Using client private key was calculate at last step, and server public key to generate DHSharedSecret Using DHSharedSecret, ARC4 KeyIn and KeyOut are calculate based on server public key and client public key. KeyIn and KeyOut are used to decrypt and encrypt incoming and outgoing data Second message come after first message was read. Client validate server message using client public key After handshake, ACR4 KeyIn and KeyOut was used for exchange “encrypted” data Hand shake RTMPE 

RTMPE implementation • Beside RED5 implement RTMPE protocol, there are some other open source also support RTMPE • rtmpdump http://rtmpdump.mplayerhq.hu/ (C/C++) • crtmpserver http://www.rtmpd.com/ (C/C++)