Slashdot Mirror
Johansen Cracks AirPort Express Encryption
womby writes "DVD Jon has just announced that he cracked the encryption in Apple's AirPort Express. 'I've released JustePort, a tool which lets you stream MPEG4 Apple Lossless files to your AirPort Express. The stream is encrypted with AES and the AES key is encrypted with RSA.' No real details of the process employed in cracking the unit but newsworthy none the less."
London, England - Top GNAA officials have confirmed the long-rumored launch of the company's new European division, putting to rest myths that the organization had reached stagnancy in its membership.
The announcement came on the heels of the 2nd quarter membership and financial report of GNAA, Inc, which had reported a 15% decline in new memberships, down from 250,000 in the previous quarter. Investor confidence in the public company's stock dropped shortly afterwards, amid rumors of corruption and poor management in the highest levels of GNAA.
"The launch of GNAA Europe should put to rest these myths, as well as open up an entirely new market," announced GNAA spokesman penisbird, speaking from the new GNAA Europe headquarters recently constructed in downtown London. "For years, statistics have shown that Europe, with its generally more liberal atmosphere than that of the United States, contains a higher percentage of gay niggers. As GNAA membership places stringent standards on both the race and sexual orientation of its applicants, a higher percentage of potential candidates can only work to our advantage. From our consumer polls and surveys, we expect to accept nearly 10,000 members into GNAA Europe in the first week alone."
The new GNAA Europe headquarters, described as one of the most technologically advanced and nigger-friendly corporate headquarters ever built, is a sure indicator of GNAA's current success. With its lavish outside garden, complete with African sculpture from renowned sculptor Gary Niger, as well as its grand lobby featuring a 3-story ceiling and ornate gold decorations, the building has attracted much attention from tourists and local residents alike. Even more impressive is that which is not seen by the casual visitor: the specially constructed "pleasure centers," accesible only to GNAA members, allow for extravagent orgies with more than 100 participants each. Located on the upper floors of the building, they provide food, entertainment, and bedding for orgy-goers, as well as a wide selection of sex toys, including whips, chains, lube, dildos, gloryhole booths, and even a sample of GNAA's mysterious new pleasure-enhancing drug, code-named "NIGGERSEED."
Since its inception in 1992, GNAA, the Gay Nigger Association of America, has been dedicated to uniting gay niggers for one common purpose: to be gay niggers. Its rapid growth after its IPO showed strong public interest in the endeavor, which is the first of its kind. More recently, GNAA has posted profits in excess of $500 million every quarter in the last 4 years, placing it among the most profitable of organization of its kind.
About GNAA:
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.
Are you GAY ?
Are you a NIGGER ?
Are you a GAY NIGGER ?
If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America and the World! You, too, can be a part of GNAA if you join today!
Why not? It's quick and easy - only 3 simple steps!
Politicians are all the same, they promise to build a bridge even when there is no river.
god bless him! freeing our streams.
I wonder if Apple Legal will have a DMCA fit about this. And how good their case would be.
I couldn't help but think of my buddy's smoking hot new girlfriend. Is this wrong?
Is this guy like a genius or what?
Why hasn't some big company hired his talented behind?
what up wid dat?
w000rr0r
1 1. jpg
http://www.forbiddensensations.com/products/107
It means that you can capture the streamed audio in the way from a Mac to an AirPort Express? It means you can stream encrypted audio to the AirPort Express? If it's not the first, then I don't see much problem. If it is the second, how is it different than streaming without any cryptography? (I hear that's possible but no one has confirmed it to me yet)
ps: Can't read the article, slashdoted.
Why hasn't he been kidnapped from his country and be forced to work for the US Government yet? He seems to be one of a handful of people who knows what the hell is going on.
Well it sounds like Apple did the right thing by using AES and RSA which are both industry standard and not some crazy "applecrypt" or something. Must be a really weak key or poor implementation or the protocol.
Blaze a trail to the New World
Slashdotted before the first comment. Mirrors anyone? Google cache seems to be from last week, thus useless.
Media that can be recorded and distributed can be recorded and distributed.
-kfg
This is great news. I want any application I own on any platform (OS X/Windows/Linux/Zeta!) to be capable of streaming to an Airport Express. I can't imagine that this would really upset Apple since you're still buying their hardware. It just lets you use the hardware with more applications. If iTunes is still the best and most elegant way, people will use that.
Of course...Apple isn't always logical like that, and there may be some precedent set that would injure them in court some time later.
Well I'm still waiting for my dealer to get some in stock so I can buy a couple (I have a single storey home that wanders, uhm, well you know what I mean).
Anyway, back on topic, I never really understood why Apple felt the need to encrypt it in the first place. I mean, what next, B&O encrypting the output to speakers? Sony insisting their systems will only work with encrypted mains voltage that you certify has not been used to power any unauthorised (by the RIAA and MPAA) devices?
Bad analogies are like waxing a monkey with a rainbow.
I want to know if he really does have testicles made of brass.
This is so stupid. Somebody needs to smack this moron's parents about for a while and see if they can explain why they never taught their stupid kid that it's not always smart to do something, even if you can.
It's an arms race. All this technical thuggery will do is cause the content industry to increase their efforts to lobby for more and more legislation and push their efforts to lock down the computers so that they aren't openly programmable.
So for all you geniuses out there: Even though your relatively clever, try not to be stupid. Dumb fucks.
here. From July 10, tho...
This is so wrong! No one should hack or crack apple products because apple is teh best!!!11!one They are the ones trying to be fair with their DRM! When apple makes DRM IT IS A GOOD THING! why cant these people hack other company's products instead of apple. why hurt a company that gives so much?
...bcause Apple and Steve Jobs are dying: Sell stock now.
Apple Computer, Inc. (AAPL), beset by angry creditors and faced with severe G5 production problems, is on the verge of bankruptcy and total collapse. Apple continues to nosedive into oblivion, as confirmed by industry watchers, investors, and, most painfully, by customers themselves.
As a recent study by Bank of America Securities puts it, Apple ekes out its small existence by peddling new hardware to its existing customers; once those customers are satisfied, Apple will run out of steam . If these disastrous financial forecasts aren't enough, one need only look to Netcraft for confirmation that Apple's market share among Web servers is slowly dwindling down to zero. The market share of Mac OS X is now eclipsed even by that of FreeBSD, another OS that is deeply imperiled.
But the abysmal server presence of OS X is the least of Apple's worries. Apple's most recent quarterly report indicates a death spiral of cash loss. Indeed, Apple has hemorrhaged some $276 million in the last quarter, while racking up a dizzying $2.4 billion in debt. Revenue from sales of the iPod, the portable music player that is barely keeping Apple afloat in this shipwreck of fiscal woe, declined dramatically, threatening to shrink further an already miniscule
lifeline.
Likewise, sales of the eMac, iMac and Power Macintosh G5 lines continue to skid. Apple is unable to secure G5 processors in sufficient numbers to supply its customers with Power Macintosh G5 and iMac computers, as Steve Jobs himself recently admitted, sending Apple stock into a deadly tailspin. The staggering decline in sales numbers confirms it: there is no doubt that one-time Apple customers, dismayed with the floundering ineptitude of their favorite company, have begun turning away in droves, seeking cheaper, faster hardware from manufacturers such as Dell.
Apple teeters on the precipice of doom, one step away from plummeting to its ultimate nadir of bankruptcy, chaos, and implosion. And with the crushing recent news that Steve Jobs has been diagnosed with terminal cancer, the forthcoming leadership vacuum and low morale at Apple will only hasten the inevitable. Wise investors will quickly dump AAPL stock and abandon the doomed company, now less than one year away from complete disintegration.
It's time to move to a new platform: Apple is dead.
Since all he got was the public key, you can't actually decrypt streams that are being sent. What it means is that programs can now stream music to the AEx. This should be really cool, especially once something like AudioHiJack or Wiretap comes along that lets you redirect all your system audio to it. I'd love to be able to stream non-iTunes audio formats that way (real player radio stations and whatnot). Anyways, can't see how this hurts apple - more people have incentive to use the AEx, Apple doesn't have to support their use of it that way, and the protected music is still protected. Hizzah?
Maybe I missed something, and I haven't been able to RTFA for obvious reasons. But doesn't the Airport Express take any stream sent to it from iTunes 4.6 or greater? What I am getting at is, on my iBook, I should be able to stream any file that plays from iTunes to the Airport Express. So what did I miss? Is this the ability to do that from other programs on other platforms? If so, why does the poster pick out the ability to transfer Apple Lossless files?
Now all we need is some sort of software-based audio out driver for OS X (like Cycling 74's Soundflower) which allows you to reroute OS X audio output to the Airport Express. This would be *ideal*, as then it'd be possible to stream audio from practically anything to your stereo. Digitally!
Uglified for your torture.
First he cracks Fairplay, now this. What's his beef? Apple did not drag him into court. Apple seems to be a good open source neighbor so far.
more likely, why hasn't he been arrested and sent to solitary confinement in Gitmo? you know the RIAA is the linchpin of American democracy and freedom;>
All Apple does invent one great product after another:
iPod
G5
Powerbook
OS X
Cinema Display
(for openers)
and they invest millions to make inexpensive music downloads available (at almost no profit). But they don't sell shovelboxes at $299 each, so let's kick Apple in the face again. Sounds great.
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.
I read this as just "airport" and couldn't work out what was happening.
Not trolling, just curious why Apple would use a slight variation on an existing word rather than something new and/or descriptive.
To have a right to do a thing is not at all the same as to be right in doing it
Maybe he can stream some bandwidth to his slashdotted site... Oh the pain, oh the agony...
Lets see how long until the thing is shut down by apple now its on slashdot.
My UID is prime is yours?
So sue me
U 3GhC/j0Qg9 0u3sG/1CUtwCk 9ok+8t9ucRqMd6 DZHJ2YCCLlDR7 WSHCAWKf1zNS1e Lvqr+boEjXuBe QJVxqcaJ/vEHKI Vd2M+5qL71yJZ mni/UAaHqn9Jds BWLUEpVviYnh
Exponent: AQAB
Jon Lech Johansen's blog
Wed, 11 Aug 2004
Reversing AirTunes
I've released JustePort, a tool which lets you stream MPEG4 Apple Lossless files to your AirPort Express.
The stream is encrypted with AES and the AES key is encrypted with RSA.
AirPort Express RSA Public Key, Modulus:
59dE8qLieItsH1WgjrcFRKj6eUWqi+bGLOX1HL3
5vOYvfDmFI6oSFXi5ELabWJmT2dKHzBJKa3
KSKv6kDqnw4UwPdpOMXziC/AMj3Z/lUVX1G
OitnZ/bDzPHrTOZz0Dew0uowxf/+sG+NCK3
Q+87X6oV3eaYvt3zWZYD6z5vYTcrtij2VZ9
imNVvYFZeCXg/IdTQ+x4IRdiXNv5hEew==
MD5(JustePort-0.1.tar.gz) = fe13e96751958c6e9d57cce0caa7b17b
...Even though your relatively clever, try not to be stupid. (emphasis mine)
That would be "you're".
...It's an arms race. All this technical thuggery will do is cause the content industry to increase their efforts to lobby for more and more legislation and push their efforts to lock down the computers so that they aren't openly programmable...
So just give up? What about letting your members of congress know what you think? Oh, they're not listening to non-corporate citizens anymore? Well, what about your document that says to the effect:
The responsibility of the citizenry to overthrow through any means a government that has become tyranical or corrupt.
Personally I'd almost like to see Dubya win the next election down there (I'm up here, eh). Just because it would hasten the point of time when average americans would have to choose to let themselves become slaves or take up arms and overthrow the old regime.
All the bitching and whining in the world won't change a damn thing but maybe joining your local NRA chapter (despite Michael Moore) just might.
Shh.
Indeed, why not just say "stream 4ny+h1ng! w00+!"?
That means a lot more to most people anyway.
The difference between spam and poop is that you don't have to dig through septic tanks looking for real food. -- Me
Now I can divert all my system sounds to the Airport Express so I can get beeps in the living room in glorius 5.1 Surround Sound while I use the computer in the bedroom!
Come to think of it, I'm ONLY going to do this when other people are watching TV! This is gonna be fun!
...will be all the gnashing of teeth here from the Apple fanatics talking about how he is destroying a good product.
The funnier part will be the inevitable Asshat who will say "I hope Apple sues him...", as if Apple is the only successful thing in their life.
Anyway, the real hackers will give him a round of applause because a thing worth owning is a thing worth hacking.
P.S. The only thing Apple's legal team is good at is sending threatening letters to Apple Fan sites that publish a picture of a new Mac a few days early.
I read this headline as "Johansen Cracks Airborne Express Encryption". I was a little uneasy in that second or so before I read the blurb about the article.
128kb AAC is so far from perfect that you'd have to be a tin-earred Apple fanatic to claim its anywhere *close* to CD quality.
No matter how much you like your iPod, 128kb AAC is not CD quality. Its just not.
0wn3d.
This is not insightful, sorry.
stream MPEG4 Apple Lossless files
Since when is MPEG4 lossless?? What is this talking about?
-molo
Using your sig line to advertise for friends is lame.
I have examined this case very carefully, and I've concluded that this youngster has a deathwish.
...there is no DMCA here :D Of course, once the EUCD is passed into law (sooner or later), it may be a problem.
Kjella
Live today, because you never know what tomorrow brings
Then AP Extreme converts from Lossless to standard audio. Makes sense now?
"Apple seems to be a good open source neighbor so far."
I must've missed where I can download the source code to iTunes. Or OS X (not Darwin, OS X). Or anything.
Besides, isn't hacking something the ultimate compliment? It says that its a product worth buying, owning, and tinkering with.
I have a BMW. I love to tinker. I don't sit there and say "Oh dear, BMW is so good to me, I won't modify my BMW in any way because they're just nice, jolly Germans that we all love!".
No, I'm tearing it apart adding things, trying to make the interior nicer, the source system better, the car faster.
But doing the same to Apple means that I'm a bad guy?
...by posting a story to slashdot his website while their lawyers and henchmen race towards DVD Jon in a black supersonic jet straight out of X-Men. (yes I verbed slashdot, but I googled and seems to be ok to do now)
Seriously though, just hire the kid. Give him a 80 hour a week job and enough money he'll stick it out. No more spare time, no more cracks.
...I suppose he's talking about the Apple lossless codec in a MPEG4 container format (it is more than just a video codec, you know...)
Kjella
Live today, because you never know what tomorrow brings
We have same-sex marriages that allow members of our society with a higher concentration of melanin, to be who they are in public!
Also the exchange rate is favourable for GNAA expansion in the mass-media vertical market.
Which is nice.
Maybe it appears that way to the layman, but to other programmers and computer scientists, he's just doing what comes naturally.
Almost any good programmer can crack software. They just choose not to, or to keep quiet if they do. Jon is a skilled showman as well as a software cracker. Hey, he got his ass saved from jail by the EFF when all he was doing is fronting others code. Now he's pretty much bulletproof (he doesn't release compiled executables as that was the main DeCSS sticking point), it's only right that he should continue to champion fair use and stand against lazy attempts to be "DMCA compliant", by cracking pointless encryption schemes which only require a little reverse engineering to find the barely hidden key, not cryptanalysis.
I think Jon's doing us a real service, which I appreciate. I don't worship his genius, as he's only doing something I've done myself, albeit on much more media-friendly targets. He could just be cracking Safedisc games in relative anonymity for the same amount of intellectual effort, but instead he's hounding high-profile DRM schemes, starting with the weakest (Apple). Worship him if you want.
Sad. Apple is a marketing outfit known mostly for their product placements in movies like "Legally Blonde" and sitcoms like "Sex and the City". I'm surprised losers actually overpay for the right to consider themselves cool. They probably think "gee, I'm running the fastest PC in the world".
They'll have some justification for the cold meanhearted bastard lawyers Steve Jobs will let loose on the guys who reverse engineered Apple. Apple's alway been about protecting their "Intellectual Property" and keeping their users in their little cage where they can't hurt Microsoft.
If making product is such a hardship on Apple, then they shouldn't do it! They should just sit back and hold back all those great (ha ha ) products as a way of punishing us!
Why do you think buying an apple product and then using it the way you want is kicking Apple in the face? And why do you think Apple is doing "us" a favor by selling overpriced, underperforming music ("well dude, iTMS sounds just like the CD to me when I listen on my apple ear buds! And anyway, just because they charge $10/album for lossy music that I can't copy to a non-apple device, I should be grateful")?
When I first read your little rant, I thought "Fucktard!", but I would never call you that, because it would be very rude.
So then, I thought "Asshat", but I quickly realized that was pretty rude, so I would never call you that either.
Finally, I assumed you must be a "retard", but that's insulting to a lot of the retarded people in the world.
I could assume you're trolling, but that doesn't seem the right word either.
So it seems you're either stupid or an idiot, but you'll have to help me as to which is more appropriate. Perhaps you should ask your family and co-workers which fit you best. Or maybe we should have a poll here on "Ask Slashdot!"?
OK, I know Google is my friend and all but I have no idea what this technology is about, or why this matters. Some kinda dealy where I can stream music wirelessly to some unit I plug into my stereo?
/.ers that would go look it up too.
I'd go look it up, but this gives somebody a chance to enlighten all those other non-Apple
Flame on!
Okay, having read the blurb and the site being down, it would appear that while you can now stream from other platforms/programs you still need to have the Apple Lossless files, which some programs can not even read. So, basically, this program has allowed you to use different programs, assuming that you already have the appropriate HW/SW. So why bother using the other programs/platforms?
Do they intentionally make the encryption weak? Is all encryption as breakable as Apple's?
It is encrypted because otherwise you're transmitting copyrighted works over a medium easily sniffed. The AAC file you bought from iTunes, which can't be played on anything but the system you authorized it for (simplifying here, calm down nitpickers) would be transmitted unencrypted to the Airport Express. It would be an excellent way to decrypt your files and do whatever you want with them- all you would need would be a second machine with a wireless card, or probably even just running a sniffer locally on the system doing the transmitting.
This is blatantly obvious and I'm not sure why the poster was modded up 5, Insightful- time to start meta-moderating again as it seems mods are getting lazy. Folks, if you've got mod points, check out some of the non-front page stories- they NEED the mod attention. I'm so sick of people just knee-jerk moderating, especially to posts which have ALREADY been modded up- and then people like me who eventually get mod points have to come along and mod something "overrated" to knock it down (only to be undone by some moron 5 seconds later who doesn't look at the comment's previous moderations).
Please help metamoderate.
It sounds like it can just stream any MPEG4 Apple Lossless file to an Airport Express. What that means is that people can develop their own software that uses Apple Lossless files (encouraging codec adoption) to power Apple Airport Express units (encouraging hardware sales). Apple is primarily a hardware company -- they make most of their money by selling machines of various sorts, be they computers, iPods, displays, or...wireless access points.
This will probably be obsoleted soon by an SDK anyway -- this does nothing to aid or abet copyright infringement, and third party software can only help move the merch.
I contacted the guys at Rogue Amoeba about wanting to send RealPlayer audio to the APEX, and they sent me to this article. It works great for me, I dunno why they haven't publicized it more.
-truth
I had a steady B+ in my AI class until I failed the Turing test...
Unfortunately it's not bullshit but a sour reality for countries participating in the European Economic Area without being a member of EU. A bad case of power politics, I know, where a larger entity bullies smaller ones (in this case Norway, Iceland and Liechtenstein). It's one thing I'm shamed of being an EU citizen.
Can somebody explain to me how _this_ hack threatens the DRM protected content? AFAICT, itunes decrpyts the content, converts it to this lossless stream, reencrypts it to protect it in transit, and streams it to the AE. There's no threat to the DRM media here at all, since you have to have an unprotected source to start with.
The real threat is that somebody will take this and figure out how to fake being an AE, then you essentially have iTunes doing the work of defeating its own DRM for you. This would have the advantage (from a piracy standpoint) of being fairly hard for Apple to fix via "bug fix updates", unless they built a way to upgrade the AE firmware the same way. That's something I can see people getting into a tizzy about, but for this particular hack I think the useful purposes far outweigh the piracy ones.
Just a thought.
Since when is using a publicly available public key to encrypt a stream of data from an application and send it to a device considered "cracking?" It seems to me that this is a good ol' hack (read: clever piece of software), just like DeCSS or the other thing he did with protected iTunes tracks.
/. the error would be corrected.
I wasn't surprised that the first source I saw report this called it a "crack," but had hoped by the time the story made it to
By the way, you do a real disservice to people trying to fight the DMCA by calling things like this "cracks." Lawyers for the bad guys already think these sorts of hacks are actually illegal cracks. You're bolstering their opinion by conflating the two.
...EU and EFTA (which was once a Nordic organization) has an agreement. Of EFTA, only Norway remains of any size (along with Iceland and Luxembourg, I believe). We are all part of EUs "inner market" among other things. Once upon a time there was a balance, where EFTA actually had some power of negotiation and a realistic chance to veto. Now, the EU passes directives, and "ultimatums" Norway. We're also part of Schengen (passport-free travel) and lots of other "EU" projects, while actually not being members.
In short, it is a stupid position. But the vote was turned down both in 1972 and 1994, and we're unlikely to enter the EU any time soon. And we're equally unlikely to return to a standard trade agreement, as nearly all trade is with the EU. So basicly, any EU directive will be implemented in Norway for the foreseeable future, despite having no real influence on EUs political process. Democracy at work, sigh.
Kjella
Live today, because you never know what tomorrow brings
Imaging being able to drive around pumping out some kick-ass thrash metal straight into peoples homes! Muhahaha.
This is blatantly obvious and I'm not sure why the poster was modded up 5
Somebody please mod SuperBanana down to -1 for this pinheaded comment.
What he doesn't understand is that the Airport *does not even play the original AAC file*. It is converted to Apple Lossless in iTunes before the stream is sent down.
So what's going over the air is simply a losseslly compressed representation of what's coming right out the s/pdif port IN THE CLEAR. And there's no way to get at the original AAC data from either stream, even if you could decrypt it, because it's already been decompressed in iTunes!!!
The granparent's point is perfectly valid. The encryption over the air accomplishing nothing. It is just a placebo that Apple gives the music companies.
It is encrypted because otherwise you're transmitting copyrighted works over a medium easily sniffed.
Oh My GOD! Lets shut down commercial radio! (talk about easy to sniff) and those cars that drive by with the tunes cranked up and the windows down -- We need to send the RIAA weasel-boy after them. Someone nearby could have a tape recorder.
Don't bother arguing about "pristine" digital copies. Yes, I know that over the air the format is lossless, but the fact that it was transcoded from a crappy MP3 makes the whole "Digital is different from analog" argument stupid.
You want a gaping digital hole? Look at CD sales. If the RIAA cared about protecting high quality digital content from trivial "sniffing" they would outlaw the CD tomorrow. If course this is never going to happen. It is much easier to make a huge stink about a theoretical hole that may allow a trickle of dubious content get in the hands of folks who didn't pay for it than address the hemmorage of pristine unprotected content direct from the industry.
Why is unprotected CDs OK, but unprotected airports somehow a threat to the industry?
Apple can continue to sell Indie music and under any terms it wants. Apple's ITMS is the new paradigm for selling music on the internet. If the RIAA wants to cut it's own throat and see all its music vanish from the most popular online music store, let them.
Apple should start working on a deal with radio stations to buy indie music to play, increasing the sale of it just in case the RIAA does pull the plug on selling their stuff, most of which is crap anyway.
The encryption over the air accomplishing nothing.
What I meant to say is "...nothing in terms of copy protection".
Apple knows this. Quoth Jobs:
When we first went to talk to these record companies -- about eighteen months ago -- we said, "None of this technology that you're talking about's gonna work. We have Ph.D.s here who know the stuff cold, and we don't believe it's possible to protect digital content."
And I'm sure the record companies are figuring it out now too.
So why encrypt?
Because thanks to the DMCA which makes it ILLEGAL to crack even the most trivial of encryptions, Apple has a powerful anti-competitive tool at their disposal, which lets them use the force of law to lock out anyone who would make devices and software to compete with theirs by supporting the same formats. There, I said it. Sorry, Apple fans, but it's dirty business over there.
Is it possible that the music is encrypted from iTunes to the Airport Express as a second line of defense? Think about it: with a properly setup network with WAP/WEP all traffic is encrypted. This second layer of encryption is more of a speed bump for unprotected networks, right? It makes sense to me. How many people (non-tech) reliably set passwords on their wireless networks?
{This also prevents you from *easily* creating a 'radio station' via Airport, right?}
Sometimes, an existing word can strike a good balance between protection and recognition.
Marks lying between descriptive and arbitrary are often called "suggestive" marks. Another example is SHITBEGONE for a brand of toilet paper.
It's like calling your tissue product "PillowSoft Tissues" -- you'll have no recourse to stop competitors from coming out with "Kleenex Pillow Soft".
Or "ShitBegone brand Pillow Soft Toilet Paper".
Exactly. You could accomplish EXACTLY the same thing by ripping to CD (which iTunes and FairPlay allow), then encode the cd with AAC Lossless. There I have circumvented the protection offered by the Airport Express. Well, ok I can't sniff random peoples tunes this way but is that really a major problem that the copyright holders should be worried about as apposed to say the fact that their general hostility towards new technologies means that those technologies invariably get used by pirates first?
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
One of the things that dissapointed me about the AEx was the inability to stream to it from other audio sources. For instance... Living in Kentucky, I don't have a clear view of the southern sky so I can't get Direct TV, so I can't get NHL Center Ice, so I can't watch my beloved Colorado Avalanche. Luckily for me, nhl.com streams the radio broadcasts of all the games via Windows Media Player. That works great since I can listen to them on my Mac or my Windows box. We had an old laptop connected to the stereo and via wireless connection could listen to the games. After last season, the laptop died and after I heard about the AEx I thought that might be cheaper than buying a used laptop to replace the broken one. But obviously, you can't stream to the AEx from WMP, so I was out of luck. I know I can buy some other device to stream audio to the stereo but we do use iTunes on both our Macs and PCs so the AEx would fit well into our setup. :)
The point to this long, boring post is that *if* we could stream any audio source from any Mac/PC to our stereos, we would probably buy two or three AEx's. Apple gets my money for the hardware and I get my NHL fix and we are all happy (well, maybe not the Apple lawers but I'm sure they won't go hungry
iTunes-> AudioHijack -> Multiple Airport Express bases => your music in each room around the house. Would this work? I understand there might be a small sync issue between different stations, but I can live with some echo.
Trollem mirabilem hanc subnotationis exigiutas non caperet
.... on my "sacksonite" plastic garbage bag luggage, you insensitive clod!
It's always very interesting to see these little Open-Source quirks pop-up - I mean, it's obvious the guy is going to have his ass handed to him by Apple, so why bother? It feels like there's some kind of "Greater Good" vibe that goes through, and makes people willing to do foolish things for the OS community. Like a martyr of open-source technology, in a sense. People sacking themselves in the name of Linus. In other news, we're about one week away from suicide bombings on the Redmond HQ by Linux totalists.
Sure, but since you can now stream with something *OTHER* than iTunes, that means all the Linux kiddies can do it too (not just the elites with their shiny PowerBook G4s).
Someone is WRONG on the Internet!
OK, so what's the correct mod for and "Insightful" or "Informative" post that is neither?
It appears that he's just published the public key. That may allow him to ENCRYPT music for play over Airport Express, but it doesn't let him decrypt the stream.
.plan and sigs. I don't think that enables anyone to crack my mail. They can SEND me mail, but that's sort of the whole idea, isn't it?
Heck, I put a public key for mail in my
I contacted Rouge Amoeba asking them to implement this into their Audio Hijack product. This is what they replied:
e sCompany-2004-07-24
:)
Jeppe,
It'd be cool, until we get sued by Apple for using illegal, reverse-engineered code. For now, see this article.
http://www.rogueamoeba.com/utm/posts/Article/Thre
-Paul
--
Rogue Amoeba Software Support
support@rogueamoeba.com
>
>
>next feature in audiohijack? would be cool
He did neither break AES, nor RSA. He simply found the public key of the AirportExpress device. (At least this is what german newsticker heise reports.)
I'm no fan boy but to say that DVD Jon should be applauded is plain idiocy. Let's pretend you folks actually write software for a living. Active term here being for your living, your frigging livelihood. You the know, the way you can afford your internet connection and that cool overpriced silicon filled plastic box processing the bits you're reading this on, and some schmuck "hacks" your software, so that it can serve some purpose other than you intended in your original purpose for writing the software. All your work, your time, and possible profit that would enable you to mod your silicon filled plastic box and pay your isp for your internet connection now gone since some self absorbed dingle berry can feel smart to other hacker's around the world? You're your software is now being used whatever way people feel, not to mention, they are using it for free, since it was probably pushed out via torrent. Seems fair doesn't it?
Isn't it obvious? That's where the ad folks spend all their time!
Which is also why you see ads for iBooks and Powerbooks in airplanes. Not exactly my fav place to use a computer...
IANAL, but I've seen actors play them on TV
It's ROGUE!
Guh. It even says Rogue in the website link you posted.
From the readme and makefile, it compiles to produce an .exe. Not much use to the mac users.
Anyone know how? The readme includes a link to http://www.go-mono.com, but working out how would take a lot of time.
Make a tarball of the site, seed a torrent, then slashdotters can slashdot themselves.
What is the robbing of a bank, compared to the founding of a bank? -- Bertolt Brecht
Reverse engineering is legal.
(Oh wait, amoeabas don't have backbones to begin with.)
How about cracking the WMA DRM? Has no one cracked this yet?
It's either on the beat or off the beat, it's that easy.
I moderate therefore I rule!
--
Ah, the logic that leads to accepting another party or policy even if that policy will screw you the same way: "Destroying iTMS is not useful to anyone. Apple's DRM is the lesser of the two evils and it's free enough for me since I don't run linux.".
The lesser of two evils is still evil. If you give a proprietor a chance, any proprietor, they'll play you like an instrument. The freedom to at least share verbatim copies doesn't take a holiday just because you're not interested in a particular kernel. DVD Jon did not "destroy" iTunes Music Service.
From what I see in the dump, it looks iTunes queries the AE via RTSP, configures it with a password if need be, and then sets up an RTSP record stream to the AE. After that, it just pumps RTSP packets to it.
Part of the RSTP ANNOUNCE request is an RSA AES key.
Trust me. This is an inactive account. Regardless of what the
with an insane amount of pay by Verisign or Apple or Microsoft or any media related company?
It would be MUCH cheaper from their perspective in the long run.
I think we can all agree that in our profit obsessed society most electronic gadget manufacturing companies care about one thing: profit.
That said, consider the following:
Current Revenue Figures for Major Record Companies:
2002 Warner Music Group (sold in 2003): $4.2B USD
2003 Sony Music: $5.3B USD
2003 Universal Music: $5.0B USD
2003 Sony Electronics Revenue: $41.1B
SOURCE: Respective 2002, & 2003 corporate annual reports.
As you can see, the COMBINED revenue for the top 3 music companies can't come close to Sony's electronic arm ALONE. Pick some other electronic companies and you'll arrive at exactly the same answer.
This is exactly the reason Sony manufactures MP3 players today. Companies can make far money from electronics than they ever will from music, and this simple economic fact does not bode well for the music companies.
They can pay lobbyist, the electronics companies can pay MORE lobbyist. They can pay off politicians, the electronics companies can pay off MORE politicians and on and on.
Rich...
From my post:
(simplifying here, calm down nitpickers)
Why hello, Sean "Nitpicker" Adams. I didn't mention the format conversion because it is pointless. Apple put the encryption in to keep the music industry happy, because otherwise, copyrighted works would be there for the taking with no encryption.
So what's going over the air is simply a losseslly compressed representation of what's coming right out the s/pdif port IN THE CLEAR.
Hey, can your neighbor snoop your S/PDIF port and record off it? No? Thought so. Can some guy with a cantenna a mile away sniff your S/PDIF port? No?
Hey, does S/PDIF contain copyright management technology? Yup, it does, and most S/PDIF devices will refuse to record a stream with the copyright flag set- so even if your neighbor snuck into your house and plugged in to that S/PDIF port with their gear- unless it was pro equipment, they could listen but not record.
So, why don't you....STFU?
Please help metamoderate.
well, no matter how you look at it, Jon will be down for awhile thanks to us
Hee hee hee, that's funny!
The real threat is that somebody will take this and figure out how to fake being an AE, then you essentially have iTunes doing the work of defeating its own DRM for you.
;)
I investigated this justeport program yesterday, to see what it would take to do exactly that. My goal was not actually to defeat DRM, but to possibly create an emulator for being an AE, so that I could use iTunes to play songs on other computer's speakers. The thought of piping the music to a file did cross my mind, but that was not the goal.
But the short answer is that there's not enough in here to do it.
The way is works is that you generate an AES key. You encrypt that key using the RSA Public Key. You send that to the AE, which decrypts it with its private key. Then you use the AES key to stream the music over.
To pretend to be an AE, you need to know the private key inside the AE. Without it, you can't decrypt the AES key iTunes sends you, and you can't decrypt the stream of music.
Faking the protocol is pretty easy, since it's mainly RTSP with some extra headers. Faking iTunes into seeing you as an AE device is also pretty easy. Just use various Rendezvous utilities to broadcast yourself as an available RAOP service. But you can't decrypt the stream without that private key.
In theory, you could modify a copy of iTunes by changing the public key in there. Then you could make it work with your AE emulator program, but it wouldn't work with real AE devices anymore. Still, could be useful if you want a wacky way to bypass the DRM.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
US laws can apply wherever they please. Ask Saddam.
Umm...Saddam violated many UN resolutions. Those are international law. The UN was just a bunch of pussies and wouldn't enforce their own laws (partly because of those fucktard French holding up the UNSC), so we did it for them.
aah....feel that karma burn...
I used to get high on life, but I developed a tolerance. Now I need something stronger.
The iPod does make Apple some money, but their primary goal seems to be making Apple's DRM-technology the basis for all things DRM.
Recently on slashdot
There are a number of companies out there making wireless and wired music playback devices. Most have more features than Apple's. Many (if not all) allow you to stream whatever the hell you like to them. I use a Squeezebox, the server code is open source perl, the hacker community is encouraged by the manufacturer and is very active making cool plugins and add-ons. I still don't get why people pay the money for the locked down DRM-infested Apple junk and then wait for DVD Jon to hack it for them.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
This is the whole point: Encryption works fine when the receiver and the attacker are on different sides. As soon as the receiver is the potential attacker, you will run into problems. The DRM guys will have a hard time to cure this problem. But only as long as we don't give away root access to our own machines, like already projected by some large and well known companies.
In order for such an update to work, it'd have to be an update to the AE devices themselves. And they'd have to update iTunes at the same time. And then it'd be probably just as easy to break open iTunes to get the public key again, and there you go.
What they really are worried about is somebody hacking apart the AE device and finding the private key. With that, I could write an AE emulator that would receive transmissions from iTunes... And totally bypass their DRM as well. Not that their DRM is effective anyway, but it's just one more way to do it, you know?
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
What if his actions cause the music industry to loss confidence in that DRM?
:-)
LOL!
Understand this... The "music industry" is royally screwed seven ways from Sunday. They know it too, don't kid yourself otherwise.
See, they need *customers*.
In order to exist, the music industry has to convince people to buy what they are pushing. They're between a rock and a hard place here, because if they make that DRM too obnoxious, if they go beyond the line too much, then their own customers will flip them the bird and jump right back onto P2P networks. It's already happened once, in their eyes. Does the P2P scare back around 1998 ring a bell? Napster? Back when it didn't quite suck, I mean.
See, Napster opened a new world for the music industry, because it showed them that the world had changed and now they had to compete with "free". How in the hell does one compete with free products?
DRM is a reaction to this, by trying to make it difficult for people to convert their products into a format than can easily become "free". Unfortunately, this is an impossible task. It's *proven* to be impossible, no less. So they now have to not only compete with "free", but to do it, they have to do something that's absolutely and totally impossible to do. What a bind that puts them in, huh?
The music industry is scared shitless, and with reason. This new medium takes their products and puts it into a form that:
a) damn near eliminates distribution costs,
b) makes low cost viral marketing into one of the most powerful forms of marketing there is through the rapid dissemination of the meme in question,
and c) eliminates all ability to control distribution of their product and thus be able to charge for it.
A and B they love, but C is included in the bargin and they cannot escape it. Furthermore, they're starting to figure out that the combination of A and B on a large enough scale eliminates the need for the middlemen in their business. Artist and customer can directly interact just as easily as middlemen and customers can. Since most of them are middlemen, this naturally makes them nervous. Right now, they're engaging in heavy media spending to combat this knowledge, leading to the current meme of "taking music without paying is stealing" and so on. They're engaging it on both the artist side and the customer side, and if both sides would just wake the hell up, the middlemen would be out of jobs.
So what I'm saying is that the idea that they can NOT offer their product on the internet is an unrealistic notion. They don't have that choice, not really.
If they don't offer something out there, in a light enough restriction no less, then what will happen is that they eventually die off. People will go back to passing around music for free, legislation and lawsuits be damned, they will find a way to do it safely if it comes down to it. Many very bright people are already looking for that way.
And if the artists see that the music companies aren't actively trying to make them some cash by selling their music online, the artists might start waking up en masse and seeing that the old system is unnecessary with the new technological capabilities to directly reach the customers.
So the music industry *will* sell online. They don't have a real choice not to do so anymore. They can no longer pack up their toys and go home, because that would be a losing move.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Judging by these other posts... Monkey balls and holes.
Instead of purchasing legal, limited music, and then hacking it to play on 'disallowed' or 'unsupported' hardware, we should pirate...
...what the left is doing. Oddly enough, the same Creative that considered "encrypted speaker output" to inconvenience pirates and defenders of the free world also released a tool (bundled with a lot of their sound cards) that would defeat it! I believe it's called the "Creative Recorder" (-25 points for originality). In any case, it could record audio from a variety of sources, including direct ripping of the audio currently being played by your sound card! With a tool like that, you wouldn't even need to crack the encryption to get flawless digital copies of your music!
Why call it "cracking" when somebody basically takes apart a machine and learns how it works?
Imagine doing this with a non-software product. Let's say you install a lamp in your closet because you discovered there is a A/C wire in the wall, so you splice the wire to install a lamp. Did you "crack" something?
Calling it "cracking" just perpetuates the idea that because something is difficult for the average joe in the street, it must be illegal or wrong.
This is just like when I took electronics apart as a kid and learned how it works!! "Hey, if I connect these two wires, it beeps! Cool! I'll install a switch!"
The DeCSS case raised a lot of awareness, and if you compare the reaction in the mainstream towards DeCSS with stories they print now, they are very different. About DeCSS, they were decidedly hostile, now it ranges from neutral to printing HOWTOs on cracking crippled CDs. Several commentators have started to understand why DRM is bad, and so we've got the big mainstream media's attention. In fact, it looks like they are grabbing headlines from /. :-)
Recently, a parliament member from the liberal party (Venstre, a small member of the ruling coalition) expressed support for Electronic Frontier Norway's amendment to EUCD, which will allow people to access legally obtained content with any means necessary and allow creating of tools to do it. I'm also very certain Socialist Left (SV, a medium sized opposition party) will support this too. Two major parties, the conservatives (Høyre, which is in government with the liberals, go figure), and the Labour party say they await a report from the Consumer Ombudsman's office. They haven't held a very clear position on DRM, but I expect it to come out in opposition to DRM.
With all this, I think EFNs proposed EUCD amendments have a very good chance of being included, and in that case, we'll still have a pretty well balanced copyright regime. It will still be possible to develop stuff that is not under the absolute control of the entertainment industry, and that may just save freedom of expression and technological progress for everyone.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
It's there to protect Apple from the Idiot Problem.
That's the problem in which some idiot sets up an open WLAN and starts sending songs to the AirPort Express.
While the idiot does this, his neighbor, the resourceful hacker, sniffs out the Ethernet frames, pulls down a stream of Apple Lossless Format audio, and saves it to his disk. Now he, and anyone else with technical expertise in range, will have any audio sent to the unit, including music purchased that the iTunes Music Store.
No loss, no fuss, and as long as you don't re-encode it, you've got audio just as good as what Apple's selling, although it's a bit larger.
The encryption isn't to protect the owner of the music or the hardware. It's there to keep you from inadvertently broadcasting music to anyone else. If you want to make a CD of iTunes Music Store tracks and copy that CD a few million times, they can't stop you. That's your choice. They're just limiting the distribution of this content in a way that only shares your music with the parties and devices of *your* choosing.
Yes, it's mostly to placate the music companies. What really throws me off is that people on Slashdot, a fairly security-savvy site, are complaining about *more* encryption. I certainly don't want some bozo capturing the audio I'm supposedly only broadcasting to my AirPort Express. If this makes it tougher for him to do so even after somehow cracking my WPA setup, then Apple's doing something *right.*
Raptor
"Procrastination is great. It gives me a lot more time to do things that I'm never going to do."
-truth
I had a steady B+ in my AI class until I failed the Turing test...
...makes mark in air about where Jon's slate would be. (-:
Hello from Oz.
Got time? Spend some of it coding or testing
What has he got to lose now?
Got time? Spend some of it coding or testing
...pounded the living hell out of the target.
And missed.
Sure, you got Sodomy Insane eventually, hoorah for that, but how are you going to set about repairing your rep with the circa 5-10% of the remaining population who are now hurting everyone in sight for "revenge", and how are you going to deal with all of those nations who watched you roll in, and thought to themselves, "what if those self-blind, meddling vigilantes pick me next time around?"
So much for subtlety, now how are you going to deal with the consequences of you collective actions?
Got time? Spend some of it coding or testing
If you read the details of the encryption system, it's easy to see that there is no mechanism to prevent other programs from using the AirPort Express's AirTunes system. It's set up so that streaming audio cannot be eavesdropped upon and recorded. It's also set up so that a program running on some other computer on the network cannot pretend to be an AirPort Express, thereby gaining access to the digital audio stream. But it is not set up to avoid other programs using it to play music. The only thing preventing that is a lack of documentation.
Because there was no documentation, this is a hack. He had to reverse engineer the protocol and build a client which worked without any documentation or reference implementations or any of that, so it's definitely a hack. But it isn't a crack. He didn't defeat any cryptographic or DRM system (which also means that the DMCA is a non-concern). What happened was that there was an undocumented cryptographic protocol and he wrote a client which implemented it. I applaud him, but calling it a "crack" is just plain old bad reporting. Keith Irwin
It knows where to find all manner of legitimately free stuff, and some if that free stuff is excellent.
You rate tracks (including kiboshing them completely), and it selects new ones based on what people like you liked, plus a small seeding of totally random stuff (not all of which is G or PGR or anything like it, be warned). It works pretty well, I have a growing collection of totally non-mainstream stuff that I like. The only thing you need to give up is the herd mentality you picked up as a teenager, where you have to be different, but different in fundamentally the same way all yer mates.
Got time? Spend some of it coding or testing
There is a simple criterion: if you, the user, have a way to read your private keys, it is fine. Encryption is here to help you. When your stuff is encrypted and you can not read your own private keys, the encryption is not here to help you. And you are, definitely, a sucker.
The granparent's point is perfectly valid. The encryption over the air accomplishing nothing. It is just a placebo that Apple gives the music companies.
I agree with everything you said with regards to the decryption providing nothing new in terms of breaking DRM, but there is one thing you might not have thought of before: The encryption also accomplishes the beneficial step of encrypting audio so that a nosy neighbor can't listen to your music as well. Of course, with WPA or WEP turned on you are double encrypting the data anyway.
Cheers.
"When the president does it, that means it's not illegal." - Richard M. Nixon
If google can offer it then why not do it on /. ?
Sounds like a simple idea to me.
"While the idiot does this, his neighbor, the resourceful hacker, sniffs out the Ethernet frames, pulls down a stream of Apple Lossless Format audio, and saves it to his disk. Now he, and anyone else with technical expertise in range, will have any audio sent to the unit, including music purchased that the iTunes Music Store."
Would that technical expertise include the ability to compute an RSA private key from the corresponding public key? Because this hack only includes Apple's public key. The stream is still encrypted (using AES and the AES key is encrypted with Apple's public RSA key).
Without Apple's private key you can sniff all you want and all you will get is random pile of bits. The Apple Express can play the music because it has the private key. You don't.
I was specifying what would happen *without* the so-called unnecessary encryption. Sorry if that wasn't clear. I still think that while it's a nice little nod to the record companies, it's also just a Damned Good Idea. If I want to run Pirate WiFi Radio, I'll run it. I'm happy to have Apple lock that down the rest of the time. :)
Raptor
"Procrastination is great. It gives me a lot more time to do things that I'm never going to do."
Yes, I can see that way of reading your comments. There are so many others acting as if this exploit strips the DRM and talk about invoking the DMCA that I felt something had to be said to keep the discussion closer to the actual facts. I've got nothing against counter-factual hypotheticals, I just need to pay closer attention.
So, OK, with Mono I can compile it on OS X -- and I get a Windows executable. A fat lot that does me since I don't own a Windows box. Has anyone gotten an OS X binary out of this source code?
This just makes me think of driving down the road, finding an AE, and now crafting a DOS attack with my 0wn content. Or even more sophisticated, man in the middle with subluminal content.
Neighbors music to loud, play something for them...
This also brings to mind several scenes from the movie "Real Genius".
It's a nice idea, but wired solutions are still the way to go ( EG: Squeeze Box http://www.slimdevices.com/ ) if you want to have real security.
Lets face it. Compared to most other streaming formats (you all know which one I'm exempting here - **cough**realmedia**cough**), WMA is a pretty shoddy codec/format.
Founder & COO, Hayai India (hayai.in) / USA (hayaibroadband.com)
Although, if you could really be bothered, you can convert from WMA to MP3 and then if you would like, from MP3 to MP3Pro, AAC/MP4, or even OGG. If you really wanted to completely remove DRM, you could always from from MP3 to WAV and back...
Of course, I would hate to think about the quality of the end-result... Personally, I quite like MP3Pro given its high quality, small(er) filesize. I also quite like OGG, except for the fact it is not as widely supported by default... otherwise they have a fine codec/format going there.
Founder & COO, Hayai India (hayai.in) / USA (hayaibroadband.com)