Slashdot Mirror
Johansen Cracks AirPort Express Encryption
womby writes "DVD Jon has just announced that he cracked the encryption in Apple's AirPort Express. 'I've released JustePort, a tool which lets you stream MPEG4 Apple Lossless files to your AirPort Express. The stream is encrypted with AES and the AES key is encrypted with RSA.' No real details of the process employed in cracking the unit but newsworthy none the less."
Of course they will, I don't even know why you bothered to mention it. The real question is will it fit under the provisions allowing for reverse engineering or will it fall under the category of malicious code breaking?
We all know what it should fall under. What category Apple's lawyers make it fall under is a different story.
What's NOT solid is the whole concept of selling products which contain the encrypt and decrypt keys to customers, and thinking that they're never going to be able to recover those keys from the product you just put in their hands.
Well, a potential abuse of this system could be wardriving with cannibal corpse. If crackers can figure out how to encrypt the songs, they can war drive around till they find an AE and play, "Entrails Ripped From a Virgin's Cunt" instead of the Seasame Street sings the family wanted to play. There are valid reasons to having this encrypted.
Also, the RIAA probably put some pressure on Apple to encrypt the songs. While I don't like piracy, the thought of someone driving around so they can download music that other people they don't know are listening to is very bizzare.
Or, they'll just use their usual methodology and release a Software Update with some non-descript "bug-fixes" that happens to also break JustePort. :-)
He just doesn't give a shit for petty politics (DMCA crap).
Of course he doesn't care about the DMCA. He lives in another country.
To be honest, Apple's products become much more useful (and more desirable to purchase) when people come out with neat hacks like this.
The only thing that makes it more attractive is that Apple finds a way to close the hole exposed by John's (or his friends') hack and the RIAA continues to let Apple distribute their wares for a reduced price.
Once Apple cannot guarantee that the music is protected from "theft" then the RIAA will pull the plug on our "cheap" downloading.
whats more the question is why is Apple encrypting in the first place and why cant i disable it ?
Because Apple needs to stay friendly with the music industry, and that means the RIAA. They'd probably wouldn't mind skipping encryption altogether and saving a buck, but I doubt very many labels would support that scheme.
and they invest millions to make inexpensive music downloads available (at almost no profit)
No, they invest millions so they will get tens of millions in revenue from selling iPod. Don't get me wrong, I like Apple and I'm impressed by Steve Jobs's ability to resurrect the company, but it's still a company, not a charity.
iTMS is selling songs cheaply to gain market share and get people to buy iPods, not to make inexpensive music downloads available.
Try reading my comment again, more slowly. The analog hole is not closable. It quite simply cannot be done. For instance you could take an encrypted digital speaker set, and attenuate the signal going to the speakers down to a 0-1.5V P-P signal, aka "Line Level".
The digital hole is where you make a digital copy without degradation. The former motivation (besides ethics) for consumers to purchase commercial copies of media was quality. Now, with the ability to make a perfect digital copy, that motivation has gone away. Now it basically comes down to convenience and ethics. It's hard to feel too bad about taking some money away from a record label, and it's awfully convenient to just download music without paying for it. Hence the reason the record labels are pissing their corduroys.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
What is the alternative? WMA? do you have unlimited burns? No? Do you have uniform rights across all songs? No. Can you play WMA in all players including the iPod? No. Ok this last point is equally bad for iTMS and WMA stores but I don't like WMA. iTMS does have one advantage however, it is compatible with both the mac and windows.
If Jon really was a genius and was trying to do the public a service, he would have cracked the WMA DRM. If he could come up with a way for me to be able to purchase songs on Napster (no iTMS in Canada yet) and being able to convert them to AAC format with EasyWMA to play on my mac and iPod, that would be useful to me.
Destroying iTMS is not useful to anyone. Apple's DRM is the lesser of the two evils and it's free enough for me since I don't run linux. Jon is an man with raw intellect but no common sense.
Jesus was a compassionate social conservative who called individuals to sin no more.
Since when is using a publicly available public key to encrypt a stream of data from an application and send it to a device considered "cracking?" It seems to me that this is a good ol' hack (read: clever piece of software), just like DeCSS or the other thing he did with protected iTunes tracks.
/. the error would be corrected.
I wasn't surprised that the first source I saw report this called it a "crack," but had hoped by the time the story made it to
By the way, you do a real disservice to people trying to fight the DMCA by calling things like this "cracks." Lawyers for the bad guys already think these sorts of hacks are actually illegal cracks. You're bolstering their opinion by conflating the two.
What if his actions cause the music industry to loss confidence in that DRM?
:-)
LOL!
Understand this... The "music industry" is royally screwed seven ways from Sunday. They know it too, don't kid yourself otherwise.
See, they need *customers*.
In order to exist, the music industry has to convince people to buy what they are pushing. They're between a rock and a hard place here, because if they make that DRM too obnoxious, if they go beyond the line too much, then their own customers will flip them the bird and jump right back onto P2P networks. It's already happened once, in their eyes. Does the P2P scare back around 1998 ring a bell? Napster? Back when it didn't quite suck, I mean.
See, Napster opened a new world for the music industry, because it showed them that the world had changed and now they had to compete with "free". How in the hell does one compete with free products?
DRM is a reaction to this, by trying to make it difficult for people to convert their products into a format than can easily become "free". Unfortunately, this is an impossible task. It's *proven* to be impossible, no less. So they now have to not only compete with "free", but to do it, they have to do something that's absolutely and totally impossible to do. What a bind that puts them in, huh?
The music industry is scared shitless, and with reason. This new medium takes their products and puts it into a form that:
a) damn near eliminates distribution costs,
b) makes low cost viral marketing into one of the most powerful forms of marketing there is through the rapid dissemination of the meme in question,
and c) eliminates all ability to control distribution of their product and thus be able to charge for it.
A and B they love, but C is included in the bargin and they cannot escape it. Furthermore, they're starting to figure out that the combination of A and B on a large enough scale eliminates the need for the middlemen in their business. Artist and customer can directly interact just as easily as middlemen and customers can. Since most of them are middlemen, this naturally makes them nervous. Right now, they're engaging in heavy media spending to combat this knowledge, leading to the current meme of "taking music without paying is stealing" and so on. They're engaging it on both the artist side and the customer side, and if both sides would just wake the hell up, the middlemen would be out of jobs.
So what I'm saying is that the idea that they can NOT offer their product on the internet is an unrealistic notion. They don't have that choice, not really.
If they don't offer something out there, in a light enough restriction no less, then what will happen is that they eventually die off. People will go back to passing around music for free, legislation and lawsuits be damned, they will find a way to do it safely if it comes down to it. Many very bright people are already looking for that way.
And if the artists see that the music companies aren't actively trying to make them some cash by selling their music online, the artists might start waking up en masse and seeing that the old system is unnecessary with the new technological capabilities to directly reach the customers.
So the music industry *will* sell online. They don't have a real choice not to do so anymore. They can no longer pack up their toys and go home, because that would be a losing move.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.