0x00 Introduction

Years ago, when I watched “The Silent War”, the listening segments deeply attracted me and left a lasting impression.

Back then, for ordinary people like us, achieving remote listening technology required purchasing expensive equipment.

However, with recent rapid technological advancements, the average home broadband speed has reached 100M, and 4G mobile networks have become widespread, with 5G also starting to be commercially available (Go Huawei, Go China). In such an environment, achieving the listening technology seen in movies has become much easier.

Now, please join me on this “listening” journey.

0x01 Required Materials

1. Raspberry Pi

2. USB Microphone

3. VPS Server

Most home broadband connections do not have a public IP, making it impossible to connect directly from the outside. Therefore, a VPS server is needed to achieve FRP internal network penetration, allowing direct access to the home host.

4. Mobile Phone

5. VLC App

VLC is a free, open-source, cross-platform multimedia player and framework that can play most multimedia files, as well as DVD, audio CD, VCD, and various streaming protocols.

6. Headphones

0x02 Technology Introduction

The main technologies used in this article are: setting up an audio live streaming media server using nginx + rtmp and FRP internal network penetration.

What is nginx?

Nginx is a high-performance HTTP and reverse proxy web server that also provides IMAP/POP3/SMTP services.

What is RTMP?

RTMP stands for Real Time Message Protocol, which is an application layer protocol proposed by Adobe to solve the multiplexing and packetizing problems of multimedia data transmission streams. With the development of VR technology, fields like video live streaming have become increasingly active, and RTMP, widely used in the industry, has regained the attention of developers.

What is FRP?

FRP stands for fast reverse proxy. Simply put, FRP is a reverse proxy software that is lightweight yet powerful, allowing devices behind a LAN or firewall to provide services to the outside world.

0x03 Environment Setup

3.1 Setting Up an Audio Live Streaming Media Server on Raspberry Pi with nginx + rtmp

1. Install Required Dependencies

sudo apt-get install build-essential libpcre3 libpcre3-dev libssl-dev

2. Install nginx and rtmp

wget http://nginx.org/download/nginx-1.17.0.tar.gzwget https://github.com/arut/nginx-rtmp-module/archive/master.ziptar -zxvf nginx-1.17.0.tar.gzunzip master.zipcd nginx-1.17.0./configure --with-http_ssl_module --add-module=../nginx-rtmp-module-mastermakesudo make install

3. Modify nginx Configuration File

Run sudo nano /usr/local/nginx/conf/nginx.conf and add the following content.

# RTMP protocolrtmp {   # Create a service listening on port 1935, which is the default RTMP port    server {        listen 1935;   #default port        chunk_size 4096;        # Create an application named live that supports live streaming        application live {            live on;         }    }}

4. Start nginx + rtmp Streaming Media Server

sudo /usr/local/nginx/sbin/nginx

5. Install ffmpeg

sudo apt install ffmpeg

6. Plug the USB microphone into the Raspberry Pi’s USB port, and start ffmpeg to capture audio from the USB microphone in real time, streaming it to the nginx + rtmp media server set up on the Raspberry Pi.

ffmpeg -f alsa -ac 2 -i hw:1,0 -ar 44100 -f flv rtmp://192.168.1.150/live/audio

Parameter Explanation

Main Parameters:

-f Set output format

-i Set input stream (hw:1,0 refers to the external USB audio capture device; hw:1,0’s 1 refers to the first external device, as the Raspberry Pi does not have an internal sound card, only an external USB audio capture card can be used);

-ar Set sampling rate (since the output is in flv format, the sampling rate can only be chosen from 44100, 22050, and 11025);

Note: 192.168.1.150 is the IP address of the Raspberry Pi.

7. Use VLC software on the Windows client to open the network stream, with the address “rtmp://192.168.1.150/live/audio”, to listen to the audio captured by the Raspberry Pi microphone.

Currently, listening can be achieved within the same Wi-Fi network as the Raspberry Pi. To listen from anywhere over the internet, the following FRP internal network penetration needs to be set up.

3.2 Setting Up FRP Internal Network Penetration Service on Raspberry Pi

3.2.1 Server – frps (VPS Server)

1. Download the program

My VPS server runs on Ubuntu and uses the arm64 architecture, so I need to download the arm64 version of the frp software.

wget --no-check-certificate https://github.com/fatedier/frp/releases/download/v0.20.0/frp_0.20.0_linux_amd64.tar.gz

Extract

tar -xzvf frp_0.20.0_linux_amd64.tar.gz

Create Folder

sudo mkdir -p /usr/local/frp

Move

sudo mv frp_0.18.0_linux_amd64 /usr/local/frpcd /usr/local/frp

Ensure frps Program Has Executable Permissions

chmod +x frps

Note: There are four main files to focus on in the directory: frpc, frpc.ini, frps, and frps.ini. The first two files are for the client, while the latter two are for the server.

2. Configure the Program

First, delete the frpc and frpc.ini files, then proceed with the configuration by editing ./frps.ini:

[common]bindport = 9000           # Port for communication with the clientauto_token = hell.world      # Token for the client to connect to the server

Verify if frps is installed successfully:

./frps -c frps.ini

If no error messages appear, it means the configuration is correct and can be used normally.

Then press Ctrl + C to terminate the program.

3. Make frps Start on Boot

Edit the /etc/rc.local file and add the startup command before the exit 0 statement (if present):

nohup /usr/local/frpfrps -c /usr/local/frp/frps.ini &

3.2.2 Client – frpc (Raspberry Pi)

1. Download FRP:

wget https://github.com/fatedier/frp/releases/download/v0.20.0/frp_0.20.0_linux_arm.tar.gz

2. Modify the frpc.ini file:

[common]server_addr = XXX.XXX.XXX.XXX  # Public IP of VPS serverserver_port = 9000                    # Must match the bind_port of the serverauto_token = hello.world            # Token for the client to connect to the server

[RTMP]type = tcp               # Connection protocollocal_ip = 127.0.0.1     # Internal server IPlocal_port = 1935         # Default RTMP portremote_port = 6000       # Custom access internal RTMP port

3. Start frpc:

Run ./frpc -c ./frpc.ini to start in the foreground; to start in the background, use:

nohup ./frpc -c ./frpc.ini &

At this point, the FRP internal network penetration is set up.

0x04 Start Remote Listening

Use your phone to download VLC Media Player and connect your headphones to the phone (unless you want the listening content to be heard by those around you, of course, you can choose not to connect the headphones).

Open the VLC software on your phone, go to the network stream, and enter the address “rtmp://XXX.XXX.XXX.XXX:6000/live/audio”.

Note: XXX.XXX.XXX.XXX is the IP address of the VPS server.

Wait a moment, and you will hear the real-time sound remotely through the headphones. Note that there is a delay in the sound, which is about 2 seconds for my network; specific measurements are needed.

Note: If the connection fails, you can close the VLC software and retry a few times.

0x05 Conclusion

When I heard the remote sound through the headphones, I was incredibly excited and wanted to share this joy with everyone.

If you like it, please support it.

*This article is an original work by:xutiejun, this article belongs to the FreeBuf original reward program, and reproduction is prohibited without permission

Exciting Recommendations