Slashdot Mirror
Johansen Cracks AirPort Express Encryption
womby writes "DVD Jon has just announced that he cracked the encryption in Apple's AirPort Express. 'I've released JustePort, a tool which lets you stream MPEG4 Apple Lossless files to your AirPort Express. The stream is encrypted with AES and the AES key is encrypted with RSA.' No real details of the process employed in cracking the unit but newsworthy none the less."
I wonder if Apple Legal will have a DMCA fit about this. And how good their case would be.
Well it sounds like Apple did the right thing by using AES and RSA which are both industry standard and not some crazy "applecrypt" or something. Must be a really weak key or poor implementation or the protocol.
Blaze a trail to the New World
This is great news. I want any application I own on any platform (OS X/Windows/Linux/Zeta!) to be capable of streaming to an Airport Express. I can't imagine that this would really upset Apple since you're still buying their hardware. It just lets you use the hardware with more applications. If iTunes is still the best and most elegant way, people will use that.
Of course...Apple isn't always logical like that, and there may be some precedent set that would injure them in court some time later.
He is just a front figure of a large international cracking group. He has already been to court once, and is protected by a largely fair norwegian legal-system, so each time the group have something controversial (whenever they have something) they have him release it.
Since all he got was the public key, you can't actually decrypt streams that are being sent. What it means is that programs can now stream music to the AEx. This should be really cool, especially once something like AudioHiJack or Wiretap comes along that lets you redirect all your system audio to it. I'd love to be able to stream non-iTunes audio formats that way (real player radio stations and whatnot). Anyways, can't see how this hurts apple - more people have incentive to use the AEx, Apple doesn't have to support their use of it that way, and the protected music is still protected. Hizzah?
IIRC, Creative has considered doing just that. Creative had considered opening an online music store which was to be called MuVo - that name sound familiar? It would initially sell CDs ala CDNOW (the site was pretty similar, really, with some significant upgrades from that feature set of course) and then later move to digital downloads.
Naturally, Creative being what they are - a bunch of right bastards, if you want a driver or utility file especially - they were concerned about DRM. From what I understand, one idea that was seriously kicked around was a hardware device, probably USB speakers, being required to listen to the music. It is likely that the device would have had analog audio output, so you could put the music on a tape or something. It's the digital hole that labels want to close, they know they can't do anything about analog copying.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Maybe I missed something, and I haven't been able to RTFA for obvious reasons. But doesn't the Airport Express take any stream sent to it from iTunes 4.6 or greater? What I am getting at is, on my iBook, I should be able to stream any file that plays from iTunes to the Airport Express. So what did I miss? Is this the ability to do that from other programs on other platforms? If so, why does the poster pick out the ability to transfer Apple Lossless files?
Now all we need is some sort of software-based audio out driver for OS X (like Cycling 74's Soundflower) which allows you to reroute OS X audio output to the Airport Express. This would be *ideal*, as then it'd be possible to stream audio from practically anything to your stereo. Digitally!
...there is no DMCA here :D Of course, once the EUCD is passed into law (sooner or later), it may be a problem.
Kjella
Live today, because you never know what tomorrow brings
First he cracks Fairplay, now this. What's his beef?
What makes you think he has any?
While spite may be one of the things that motivates 'crackers', the main reason isn't usually any kind of revenge.
I have some personal experience, (having cracked some copy-protection schemes on games about 10 years ago), and my motivation wasn't any kind of personal vendetta.
I just didn't like copy protection schemes that much; It felt like a withdrawal of trust. The main part of my motivation was simply the challenge.
(And the reward of people thinking you were some kind of genius)
Many people like to solve crossword puzzles, Richard Feynman liked to pick locks. Some of us like to reverse-engineer.
"Apple seems to be a good open source neighbor so far."
I must've missed where I can download the source code to iTunes. Or OS X (not Darwin, OS X). Or anything.
Besides, isn't hacking something the ultimate compliment? It says that its a product worth buying, owning, and tinkering with.
I have a BMW. I love to tinker. I don't sit there and say "Oh dear, BMW is so good to me, I won't modify my BMW in any way because they're just nice, jolly Germans that we all love!".
No, I'm tearing it apart adding things, trying to make the interior nicer, the source system better, the car faster.
But doing the same to Apple means that I'm a bad guy?
Yep, that's the analog hole all right. It's just not what was being discussed.
I've had this sig for three days.
Maybe it appears that way to the layman, but to other programmers and computer scientists, he's just doing what comes naturally.
Almost any good programmer can crack software. They just choose not to, or to keep quiet if they do. Jon is a skilled showman as well as a software cracker. Hey, he got his ass saved from jail by the EFF when all he was doing is fronting others code. Now he's pretty much bulletproof (he doesn't release compiled executables as that was the main DeCSS sticking point), it's only right that he should continue to champion fair use and stand against lazy attempts to be "DMCA compliant", by cracking pointless encryption schemes which only require a little reverse engineering to find the barely hidden key, not cryptanalysis.
I think Jon's doing us a real service, which I appreciate. I don't worship his genius, as he's only doing something I've done myself, albeit on much more media-friendly targets. He could just be cracking Safedisc games in relative anonymity for the same amount of intellectual effort, but instead he's hounding high-profile DRM schemes, starting with the weakest (Apple). Worship him if you want.
Can somebody explain to me how _this_ hack threatens the DRM protected content? AFAICT, itunes decrpyts the content, converts it to this lossless stream, reencrypts it to protect it in transit, and streams it to the AE. There's no threat to the DRM media here at all, since you have to have an unprotected source to start with.
The real threat is that somebody will take this and figure out how to fake being an AE, then you essentially have iTunes doing the work of defeating its own DRM for you. This would have the advantage (from a piracy standpoint) of being fairly hard for Apple to fix via "bug fix updates", unless they built a way to upgrade the AE firmware the same way. That's something I can see people getting into a tizzy about, but for this particular hack I think the useful purposes far outweigh the piracy ones.
Just a thought.
IIRC, ALE is integrated into the quicktime codec. If you have an application that can use the quicktime Codec (iTunes, Quicktime player, IE, Safari, etc) then it can also encode/decode ALE streams.
It is encrypted because otherwise you're transmitting copyrighted works over a medium easily sniffed.
Oh My GOD! Lets shut down commercial radio! (talk about easy to sniff) and those cars that drive by with the tunes cranked up and the windows down -- We need to send the RIAA weasel-boy after them. Someone nearby could have a tape recorder.
Don't bother arguing about "pristine" digital copies. Yes, I know that over the air the format is lossless, but the fact that it was transcoded from a crappy MP3 makes the whole "Digital is different from analog" argument stupid.
You want a gaping digital hole? Look at CD sales. If the RIAA cared about protecting high quality digital content from trivial "sniffing" they would outlaw the CD tomorrow. If course this is never going to happen. It is much easier to make a huge stink about a theoretical hole that may allow a trickle of dubious content get in the hands of folks who didn't pay for it than address the hemmorage of pristine unprotected content direct from the industry.
Why is unprotected CDs OK, but unprotected airports somehow a threat to the industry?
One of the things that dissapointed me about the AEx was the inability to stream to it from other audio sources. For instance... Living in Kentucky, I don't have a clear view of the southern sky so I can't get Direct TV, so I can't get NHL Center Ice, so I can't watch my beloved Colorado Avalanche. Luckily for me, nhl.com streams the radio broadcasts of all the games via Windows Media Player. That works great since I can listen to them on my Mac or my Windows box. We had an old laptop connected to the stereo and via wireless connection could listen to the games. After last season, the laptop died and after I heard about the AEx I thought that might be cheaper than buying a used laptop to replace the broken one. But obviously, you can't stream to the AEx from WMP, so I was out of luck. I know I can buy some other device to stream audio to the stereo but we do use iTunes on both our Macs and PCs so the AEx would fit well into our setup. :)
The point to this long, boring post is that *if* we could stream any audio source from any Mac/PC to our stereos, we would probably buy two or three AEx's. Apple gets my money for the hardware and I get my NHL fix and we are all happy (well, maybe not the Apple lawers but I'm sure they won't go hungry
if Bush's playing at being stupid has actually convinced anyone that he is a dull man, then he's become more dangerous already. play stupid so people think you are harmless and at worst a target of caricactures, check.
have a war so you have a good reason to pass fascist shit (cops can now wiretap you without a warrent, much easier to seize assets without a trial or an arrest, etc etc) PATRIOT act, check.
by the way Cheney how's Halliburton doing? Osama's brother is glad you and he could work out so many deals together.
The fact that he just published the public but not private parts of the key suggests that Apple's product merely wants to see its input data encrypted with this key. I.e. anything encrypted with this key, it will play.
Normally a public key is just that, public, and available to anyone. It sounds like in this case Apple kept the key somewhat secret, and used knowledge of that public key as a form of authorization. Only Apple products knew the public key, so it would only play music from those products.
Now that the public key is published, anyone could encrypt data using it and get Apple's device to play the music.
Jon hasn't broken any encryption here. He has merely learned how to encrypt just like Apple does. It looks to me like the DMCA does not apply to this case.
"I have people skills! I'm good with people, damn it! Why can't you people see that?!" -- Office Space
Also, you had a brainfart on illicit vs. elicit. Illicit is illegal. Elicit is to extract information. You should concentrate on bettering yourself and your language skills before you claim to know Johansen. For all you know, he could be a well-adjusted nerd.
DRM is bad for consumers. Consumers who purchase DRMed items should be ashamed for perpetuating this travesty against our society.
I wholeheartedly support Jon and I hope he continues to crack these DRMs. After he cracked FairPlay, I actually bought a few iTMS songs (which I wouldn't before) and then transcoded them into MP3 to play in my car deck. Then I realized I was helping Apple DRM so I stopped buying them again. Until companies trust their customers, the world of digital media is going to suck, BADLY.
Chris
From what I see in the dump, it looks iTunes queries the AE via RTSP, configures it with a password if need be, and then sets up an RTSP record stream to the AE. After that, it just pumps RTSP packets to it.
Part of the RSTP ANNOUNCE request is an RSA AES key.
Trust me. This is an inactive account. Regardless of what the
I think we can all agree that in our profit obsessed society most electronic gadget manufacturing companies care about one thing: profit.
That said, consider the following:
Current Revenue Figures for Major Record Companies:
2002 Warner Music Group (sold in 2003): $4.2B USD
2003 Sony Music: $5.3B USD
2003 Universal Music: $5.0B USD
2003 Sony Electronics Revenue: $41.1B
SOURCE: Respective 2002, & 2003 corporate annual reports.
As you can see, the COMBINED revenue for the top 3 music companies can't come close to Sony's electronic arm ALONE. Pick some other electronic companies and you'll arrive at exactly the same answer.
This is exactly the reason Sony manufactures MP3 players today. Companies can make far money from electronics than they ever will from music, and this simple economic fact does not bode well for the music companies.
They can pay lobbyist, the electronics companies can pay MORE lobbyist. They can pay off politicians, the electronics companies can pay off MORE politicians and on and on.
Rich...
In order for such an update to work, it'd have to be an update to the AE devices themselves. And they'd have to update iTunes at the same time. And then it'd be probably just as easy to break open iTunes to get the public key again, and there you go.
What they really are worried about is somebody hacking apart the AE device and finding the private key. With that, I could write an AE emulator that would receive transmissions from iTunes... And totally bypass their DRM as well. Not that their DRM is effective anyway, but it's just one more way to do it, you know?
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.