Slashdot Mirror
Johansen Cracks AirPort Express Encryption
womby writes "DVD Jon has just announced that he cracked the encryption in Apple's AirPort Express. 'I've released JustePort, a tool which lets you stream MPEG4 Apple Lossless files to your AirPort Express. The stream is encrypted with AES and the AES key is encrypted with RSA.' No real details of the process employed in cracking the unit but newsworthy none the less."
why would they ?, Jon is from Norway where US laws and ideals do not apply
welcome to the rest of the world, where there is more of them than you
Their case might be good, but it would also be irrelevant - as the chap concerned (and presumably his internet server) aren't in the US.
(Extradition for a DMCA offence is pretty much out of the question.)
So sue me
U 3GhC/j0Qg9 0u3sG/1CUtwCk 9ok+8t9ucRqMd6 DZHJ2YCCLlDR7 WSHCAWKf1zNS1e Lvqr+boEjXuBe QJVxqcaJ/vEHKI Vd2M+5qL71yJZ mni/UAaHqn9Jds BWLUEpVviYnh
Exponent: AQAB
Jon Lech Johansen's blog
Wed, 11 Aug 2004
Reversing AirTunes
I've released JustePort, a tool which lets you stream MPEG4 Apple Lossless files to your AirPort Express.
The stream is encrypted with AES and the AES key is encrypted with RSA.
AirPort Express RSA Public Key, Modulus:
59dE8qLieItsH1WgjrcFRKj6eUWqi+bGLOX1HL3
5vOYvfDmFI6oSFXi5ELabWJmT2dKHzBJKa3
KSKv6kDqnw4UwPdpOMXziC/AMj3Z/lUVX1G
OitnZ/bDzPHrTOZz0Dew0uowxf/+sG+NCK3
Q+87X6oV3eaYvt3zWZYD6z5vYTcrtij2VZ9
imNVvYFZeCXg/IdTQ+x4IRdiXNv5hEew==
MD5(JustePort-0.1.tar.gz) = fe13e96751958c6e9d57cce0caa7b17b
DeCSS was indeed released by the group, MoRE, 4 years ago (MoRE had 3 members, you call that "large"?).
However, as far as I can tell Johansen no longer has any connections with MoRE. All the software on his site is GPL'ed and copyrighted by himself. MoRE is not mentioned anywhere.
The hack in question does not permit you to stream to the AE unless you have access to the network on which the AE resides. If you did gain access to that network in some way you could still engage in the "abuse" you mention through iTunes without this hack.
The point of the hack is to permit you to stream music from programs other than iTunes to an AE you have access to and not to hijack AE's.
]{
The point of the hack is to permit you to stream audio to an AE from a program other than iTunes.
]{
iTunes 4.6 converts the streams to Appple Lossless first, the AEx only accepts Apple Lossless.
.sig error: carrier signal lost.
GET YOUR WEAPONS READY! --DR.LIGHT
> But doesn't the Airport Express take any stream sent to it from iTunes 4.6 or greater?
Not really, iTunes always converts streams to Apple Lossless format prior to sending it to an AE (which is most likely the only format the AE understands, obviously).
> So what did I miss? Is this the ability to do that from other programs on other platforms?
Yes, but of course this is going to be the dvdcss case all over again, where the industry will accuse Jon of having made this purely for pirating purposes.
Then AP Extreme converts from Lossless to standard audio. Makes sense now?
MPEG4 is not a single standard - but a collection.
Among these there is a Lossless compression codec that Apple have put forward for inclusion into the MPEG4 collection.
Matt Thompson - Actuality - Insert product here.
...I suppose he's talking about the Apple lossless codec in a MPEG4 container format (it is more than just a video codec, you know...)
Kjella
Live today, because you never know what tomorrow brings
...there is no DMCA here :D Of course, once the EUCD is passed into law (sooner or later), it may be a problem.
Norway is not in EU.
Is this the ability to do that from other programs on other platforms?
Exactly.
If so, why does the poster pick out the ability to transfer Apple Lossless files?
He hasnt picked it out, it is the only option! Airport Express understands Apple Losless only. Every other format is recoded by iTunes before it is streamed.
Doesn't matter. Norway still has to implement EUCD.
---- Sig. gone.
It's worth mentioning that Johansen is a member of the open source VideoLAN project, which develops the libdvdcss library and VLC multimedia player.
He reverse engineered FairPlay and added FairPlay support to VLC.
Together with the fact that all his recent software has been licensed under the GPL this indicates that he no longer has anything to do with any "cracking" groups.
It sounds like it can just stream any MPEG4 Apple Lossless file to an Airport Express. What that means is that people can develop their own software that uses Apple Lossless files (encouraging codec adoption) to power Apple Airport Express units (encouraging hardware sales). Apple is primarily a hardware company -- they make most of their money by selling machines of various sorts, be they computers, iPods, displays, or...wireless access points.
This will probably be obsoleted soon by an SDK anyway -- this does nothing to aid or abet copyright infringement, and third party software can only help move the merch.
they didn't "invent" OS X, they stole it from BSD and overcharged for it. keep shelling out your $130 every year for a "secure" OS.
Darwin is free. Cocoa, Quartz, Carbon, and a number of other technologies that have nothing to do with BSD are not.
Yes, Norway is in fact the country implementing the EU-regulations the most (EU countries included) . We have a trade agreements etc with the EU, and we implement all the EU directives.
:-)
We really should have joined EU a long time ago, and I find it absurd to not be in it. One can only hope.
If you want me to elaborate more, just reply, i can cite numerous examples, but I'd rather be on-topic to the post. But al in all, I agree with the grandparents post, it could smell trouble when the EU-DMCA comes into play....
Rest in peace Malin "looxn" Kristiansen. We miss you...
RSA encrypted AES key
You answered your own question. RSA here means the RSA Public Key Cryptography Standard The AES key (which is a symmetrical cipher key) was encrypted using RSA PKCS.
"Karma can only be portioned out by the cosmos." -Homer Simpson
Which Mac doesn't have speakers in it? I've used a variety of Macs, three different models of PowerMac, and a Titanium PowerBook included, and all of them had speakers.
You are not alone. This is not normal. None of this is normal.
No speakers? Apart from the iMac, the eMac, and all their laptops, right? ;)
Join the Free Software Foundation
Balls on a Brass Monkey have nothing to do with testicles.
---
Origins of the saying "Cold enough to freeze the balls off a brass monkey!"
In the heyday of sailing ships, all war ships and many freighters carried iron cannons. Those cannons fired round iron cannon balls. It was necessary to keep a good supply near the cannon, but prevent them from rolling about the deck. The best storage method devised was a square based pyramid with one ball on top, resting on four resting on nine which rested on sixteen.
Thus, a supply of thirty cannon balls could be stacked in a small area right next to the cannon. There was only one problem - how to prevent the bottom layer from sliding/rolling from under the others? The solution was a metal plate called a "Monkey," with sixteen round indentations. If this plate was made of iron, the iron balls would quickly rust to it. The solution to the rusting problem was to make "Brass Monkeys."
Few landlubbers realize that brass contracts much more and much faster than iron when chilled. Consequently, when the temperature dropped too far, the brass indentations would shrink so much that the cannon balls would roll right off the monkey. Thus, it was quite literally, "Cold enough to freeze the balls off a brass monkey!"
I'm going to go back in my box and will think within the limits of my box: MS Sucks Linux Good I read too much Slashdot.
Last time I spoke to Per (Jon's father), he told me that Jon has moved to France. Still no DMCA, but maybe the EUCD will come in play quite a bit faster down there than here in Norway.
"Rune Kristian Viken" - http://www.nwo.no - arca
Nice try, but Bzzzzt! Wrong answer. That expression was probably just as vulgar as it sounds.
I read the internet for the articles.
The strong encryption was not cracked. The implementation was cracked. No software-only based encryption is secure, period. The audio stream is encrypted with AES. AES is a symmetric key encryption sceme which means that both sides need the same key. The key needs to change over time or the encryption scheme can be cracked.
This leaves the problem of how iTunes can tell the Airport the new key without everyone else listening and knowing the key also. Apple use RSA to secure the key transfer. RSA is a public key encryption system. This means there are two keys one public and one private. The private key is only known by the Airport. The public key is embedded in the iTunes software.
When iTunes wants to send a new AES key to the Airport it uses the RSA public key to encrypt the AES key. This encrypted message can only be decryped with the private key that the Airport has which means the system is secure even though everyone hears the new key in encrypted form.
The problem is that the RSA public key is embedded in the iTunes code. But that code needs to read in the key in order to use it and someone can reverse engineer this process to read the key themselves. This isn't necessaryily an easy thing to do but in a software only solution there is no way to stop it.
SYS 49152
It appears that he's just published the public key. That may allow him to ENCRYPT music for play over Airport Express, but it doesn't let him decrypt the stream.
.plan and sigs. I don't think that enables anyone to crack my mail. They can SEND me mail, but that's sort of the whole idea, isn't it?
Heck, I put a public key for mail in my
Since when is using a publicly available public key to encrypt a stream of data from an application and send it to a device considered "cracking?"
It may be a "public key", but the key was never pubically available before now. The public key was RSA encrypted... it was that encryption that was "cracked".
The real threat is that somebody will take this and figure out how to fake being an AE, then you essentially have iTunes doing the work of defeating its own DRM for you.
;)
I investigated this justeport program yesterday, to see what it would take to do exactly that. My goal was not actually to defeat DRM, but to possibly create an emulator for being an AE, so that I could use iTunes to play songs on other computer's speakers. The thought of piping the music to a file did cross my mind, but that was not the goal.
But the short answer is that there's not enough in here to do it.
The way is works is that you generate an AES key. You encrypt that key using the RSA Public Key. You send that to the AE, which decrypts it with its private key. Then you use the AES key to stream the music over.
To pretend to be an AE, you need to know the private key inside the AE. Without it, you can't decrypt the AES key iTunes sends you, and you can't decrypt the stream of music.
Faking the protocol is pretty easy, since it's mainly RTSP with some extra headers. Faking iTunes into seeing you as an AE device is also pretty easy. Just use various Rendezvous utilities to broadcast yourself as an available RAOP service. But you can't decrypt the stream without that private key.
In theory, you could modify a copy of iTunes by changing the public key in there. Then you could make it work with your AE emulator program, but it wouldn't work with real AE devices anymore. Still, could be useful if you want a wacky way to bypass the DRM.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
No. The key thing (pardon the pun) is that there are separate public and private keys. What he has done is isolate the public key (the one iTunes has) which would allow a separate program to send a stream to the AE just as iTunes does. But to decrypt the stream coming from iTunes you would need to know the private key that is embedded in the AE.
An important part of public key encryption is that knowing the public key does not allow you to determine the private key easily. This is a one-way hack.
SYS 49152