Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple AirPlay Private Key Exposed

Posted by CmdrTaco on from the i-see-what-you-did-there dept.

An anonymous reader writes "James Laird has reverse engineered the Airport Express private key and published an open source AirPort Express emulator. 'My girlfriend moved house, and her Airport Express no longer made it with her wireless access point. I figured it'd be easy to find an ApEx emulator — there are several open source apps out there to play to them. However, I was disappointed to find that Apple used a public-key crypto scheme, and there's a private key hiding inside the ApEx. So I took it apart (I still have scars from opening the glued case!), dumped the ROM, and reverse engineered the keys out of it.'"

78 of 306 comments (clear)

  1. Apple-time by sanosuke001 · · Score: 3, Interesting

    Apple is going to make life a royal pain in the ass for this guy for releasing this publicly...

    --
    -SaNo
    1. Re:Apple-time by Midnight+Thunder · · Score: 2

      You mean he is going to have to go on vacation as well?

      Let's see whether Apple or Sony works out to be the biggest pains when it comes to having their keys exposed.

      --
      Jumpstart the tartan drive.
    2. Re:Apple-time by Mia'cova · · Score: 5, Funny

      Let's see someone add airplay support to the ps3. See how many companies can get pissed off at once. If you play it right, they could be goaded into fighting each other. Fingers crossed! Maybe these companies will finally deliver something entertaining to watch :)

    3. Re:Apple-time by ceoyoyo · · Score: 2

      I doubt it. I think Apple has gotten tired of encrypting AirTunes anyway. Despite the title of the article, AirPlay is not encrypted - only the music portion which is really AirTunes. So it was easy to write an AirTunes receiver for video and photos but not music, I suspect due mostly to historical reasons.

    4. Re:Apple-time by jimicus · · Score: 3, Interesting

      Hmm.

      Music. Being streamed in realtime from one wireless device to another.

      Do you know, I rather suspect the reason for the encryption might be less to do with Apple and more to do with a certain industry we all love to hate. Last two initials of the organisation that represents them are AA.

    5. Re:Apple-time by ceoyoyo · · Score: 3

      Probably. The RIAA had a lot more clout against Apple when the airport express and AirTunes was introduced than they do now though. Apparently Apple isn't worried about the MPAA objecting to their recent negligence in not encrypting the video (and audio associated with video) portion of AirPlay.

    6. Re:Apple-time by guruevi · · Score: 2

      AirTunes (the predecessor to AirPlay) was also 'hacked' and released with even a commercial distributor of software that would work with it (Rogue Amoeba I believe). Apple doesn't so much care about the hacking of their systems, they're probably happy somebody finally did while on the other hand they can claim to the **AA - we implemented your precious DRM so we can keep selling your crap.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  2. Please tell me by MarkRose · · Score: 5, Funny

    If you extract the ROM out of an Apple device, is that a core dump?

    --
    Be relentless!
  3. real easy innit by amn108 · · Score: 4, Funny

    I like how easy he makes it sound :-)

    Things you need to hack the Airport Express:

    1. Girlfriend
    2. A pinch of dissappointment
    3. Wilingness to break open glued Apple casing

    1. Re:real easy innit by BigDish · · Score: 4, Funny

      Have you ever tried to open one of the glued-together cases? That's by far more difficult than getting a girlfriend

    2. Re:real easy innit by gstoddart · · Score: 4, Funny

      1. Girlfriend
      2. A pinch of dissappointment

      Don't know about you, but I've found that #1 can lead to #2 -- and has on several occasions.

      --
      Lost at C:>. Found at C.
    3. Re:real easy innit by hoggoth · · Score: 3, Informative

      /g/=global, ie: substitute all, not just the first occurrence

      --
      - For the complete works of Shakespeare: cat /dev/random (may take some time)
    4. Re:real easy innit by erroneus · · Score: 3, Insightful

      I wouldn't. I've got a wife and I can tell you first hand, it's HARD to have a girlfriend and a wife.

    5. Re:real easy innit by clickclickdrone · · Score: 5, Funny

      >2. A pinch of dissappointment
      The considerably less lethal version of Spock's death grip.

      --
      I want a list of atrocities done in your name - Recoil
    6. Re:real easy innit by somersault · · Score: 2

      Regular Expressions are used in a lot more than just vi..

      --
      which is totally what she said
    7. Re:real easy innit by Midnight+Thunder · · Score: 2

      1. Girlfriend

      That leaves out most slashdotters, right?

      Yeah :'( I am starting to wonder whether I'll find one I want to be with before I'm 60. I am starting to wonder whether I am simply v-sexual - only able to have any relationships with virtual entities. I don't want to be an expert in the theory of human relationships. This is one place where an applied subject is of more interest.

      --
      Jumpstart the tartan drive.
    8. Re:real easy innit by __aaqvdr516 · · Score: 2

      s/vi/perl/g #for example

    9. Re:real easy innit by Lumpy · · Score: 2

      Betting your problem is that your expectations are too high for your assets. I know several super nerdy friends that say...

      "I'll only date HOT chicks!" yet they weigh 380 pounds and dont shower... Guess what, my super nerdy friends have never had any dates let along girlfriends.

      To up the ante and nab the attention of women in your asset range... Clean more often than you think you need it. Yes a shower daily is required, as is teeth brushing and deoderant... try a nice light and popular scent as well.

      Learn to be funny and outgoing. Be someone that talks to others first being a great guy.. buy and read twice "how to win friends and influence people".

      Update your wardrobe. For whatever Clique you like get some updates for what you wear. If the new Brass and green glass steampunk glasses are the rage in your steampunk life, then that is what you need. DONT attempt to date outside your style... A goth-grunge pothead is not going to score a abercrombie wearing chick in daddy's convertible.

      Learn about the other sex.. do you know the signs that she likes you or is at least not repulsed? Hint: she is not going to tell you. you need to read human reaction.

      Finally, re-assess your reality with your goals.... Again, if you are not a perfectly crafted example of the human male, you have ZERO chance of landing a mega hottie unless you can over come it with buckets full of money. And then you only have arm candy with no brain who only wants your cash. Dont get me wrong, it's fun to see how far arm candy will go, but they are not a "keeper" past the first few weeks.

      Now: here are some secrets... if you are a uber Nerd, there ARE hot uber nerd girls out there, they just dont dress hot, or even know they are hot. One in the SCA group I know looks like a dog most of the time until I caught her changing her clothes, she wears baggy everything to hide that she is actually smoking hot, and if she actually did something with her hair and got that giant mole cut off her face she would be something to behold... Problem is if you help them out of their "uglify myself" shell and let them realize how hot they are, they realize how hot you are not if you dont transform yourself as well.

      Hot nerdy girls are rare as hell, you have a 1 in 10000 chance of seeing a hot nerdy girl. so Lower your sights. start at "not a mouth breather" and work up from there.

      --
      Do not look at laser with remaining good eye.
    10. Re:real easy innit by Lumpy · · Score: 4, Funny

      Not if you freeze them with dry ice and hit them with a hammer...

      Yes it works with glued together cases as well.

      --
      Do not look at laser with remaining good eye.
    11. Re:real easy innit by StikyPad · · Score: 3, Funny

      Marriage: It's a lot of work, but in the long run, eventually one of you dies.

      --
      https://www.eff.org/https-everywhere
  4. Hooray! by RobbieThe1st · · Score: 2

    If only we had more people like this around; people willing and able to void the warranty and hack things. I know there are a few, but every story like this is great. James, good work!

    1. Re:Hooray! by fuzzyfuzzyfungus · · Score: 2

      Arguably, extracting the private key that serves as the artificial restriction preventing 3rd party software and/or devices from serving as airplay sinks is a much more value-creating activity than just reselling the widget.

  5. Open source win by jhigh · · Score: 4, Insightful

    Score one for the good guys. This is just further proof that security through obscurity is a myth. You cannot expect that keeping everything locked inside your proprietary case is going to keep it secure. The best security is sunlight. Let the community poke and prod at your software and/or hardware and it will only improve your offering.

    --
    Social Engineering Expert: Because there is no patch for stupidity.
    1. Re:Open source win by agentgonzo · · Score: 4, Insightful

      This is just further proof that security through obscurity is a myth.

      Unfortunately, you can boil the entirety of information theory to 'security through obscurity'. Airplay uses public key encryption and is in that sense 'secure'. Everything that needs to read the encrypted content (in this case the airplay device) needs to have the key to decrypt it. Thus you can argue that the whole system is 'security through obscurity' because it is relying on the 'obscurity' of the private key that the end-user can't get access to (unless the pry it open with a butterknife and dump the ROM).

    2. Re:Open source win by rsilvergun · · Score: 2

      I haven't read the post, but my understanding is cracks like this are possible because companies cut corners to get their code running on low end embedded devices. As chips get faster they stop cutting those corners and the hacks go away :(

      --
      Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    3. Re:Open source win by queazocotal · · Score: 2, Insightful

      Yes. Eventually.
      Reverse engineering and hacking closed stuff is ____NOT___ a victory.
      It sends the wrong signals.
      'Protected stuff sells just fine'.
      'We don't need to worry about little guys stealing our market as the nerds can hack our cheap boxes'.
      'Appeasing content providers is an easy buisness model'

      The problem with hacking is that it's getting easier to protect stuff.
      A decade ago, if you were making a router, you had little choice to make it from a CPU chip, a ROM chip, and a RAM chip.
      All soldered to a board, with comparatively accessible traces.

      Ok - worst case, you needed to desolder the flash, and it was really annoying to do.

      There is almost no way to protect keys in this beyond the 'normal' code obfuscation methods.

      Now, increasingly security architecture is moving on-chip, and becoming cheap. Partially as a
      side-effect of making devices more flexible.
      Many or even most small 32 bit chips now have a small area of ROM that handles the initial boot,
      and some user-settable one-time writable memory.

      Because it's 'free' (a K or two), these often now include routines that will let the user on initial flash
      (or in production of the a large number of chips) say 'only boot from a bootloader with key authenticated
      by the in-ROM key'

      To get to this key is practically very hard - especially if the vendor has taken measures - covering the few
      bytes of ROM in question with metalisation - to prevent this.
      You can't get at it with a soldering iron.
      You can't often now even get at the off-'chip' RAM or ROM easily now, as it's not on seperate chips, it's on
      chips laminated to the CPU.

      Geohot - for example - did nothing at all clever cryptographically.
      He exploited a basic bug in the implementation that is the sort of thing you get when someone reads the
      manpage on a crypto function, and implements it, not really understanding all of the twiddly bits, and leaving
      some out.

      Getting crypto right with modern chips is getting increasingly easy - it is not more expensive or needing more
      hardware to get it right, it simply needs employing someone with a clue to look over your code.
      Drop 20K on http://www.schneier.com/ - for example - or basically anyone that's actually understood crypto,
      and is not just writing it as a 'normal' program.

      The only 'right' way to respond to this is to buy open platforms.
      Unfortunately, this is often hard.

    4. Re:Open source win by YesIAmAScript · · Score: 2

      You repeat the mantra, but do you understand it?

      How would the open source community solve this problem?

      What version of device authentication doesn't involve having a critical secret key on the device being authenticated? Such a secret is the very basis upon which authentication works.

      The only possible solution to this that I know if is different hardware that guards the key better and I don't know that the open source community is going to provide that.

      --
      http://lkml.org/lkml/2005/8/20/95
    5. Re:Open source win by sjames · · Score: 2

      Except that this isn't what is meant by security by obscurity. Knowing the RSA algorithm doesn't allow you to read anything as long as reasonable keys are chosen. Using rot13 for "security" would be security by obscurity. So would using an undocumented protocol or port number.

      This is a related problem that you can't distribute a key widely and keep it to yourself at the same time. You can TRY to limit the uses of the key, but eventually someone cracks the case and obtains it anyway.

      Sony's problem is related but different. They didn't implement the key security properly, so someone was able to derive the secret key from the public key.

  6. DMCA violation by sideslash · · Score: 3, Insightful

    This guy should just meekly accept that his girlfriend's expensive gadgets don't work for her anymore. How dare he tinker around and fix things. (At least I think they imported some flavor of the DMCA down under.)

  7. open-source library sharing incoming? by gblues · · Score: 3, Interesting

    Does this mean we can finally get an iTunes-alike that can work with iTunes 7+ library sharing?

    1. Re:open-source library sharing incoming? by Nerdfest · · Score: 2

      Aren't there *open*, non-proprietary protocols that are a better choice for streaming music and video?

    2. Re:open-source library sharing incoming? by ari_j · · Score: 2

      Don't ask. Tell. What protocol should we be using that allows us to use one relatively clean user interface on the computer to purchase, play, and stream audio and video content including movie rentals and television show subscriptions (iTunes) that quickly and easily, without nerd intervention, can also send content to our television through an inexpensive set-top box (Apple TV), to our stereo through a reasonably-priced wireless access point (Airport Express), or to our hands through a tablet (iPad)?

    3. Re:open-source library sharing incoming? by Chrontius · · Score: 2

      Well, frankly, I have no bleeding idea. I've seen a lot of utter shit that claimed to do the job, and I particularly suggest avoiding the Mvix box.

      I'm going to give a few criteria, because Ari J wasn't quite clear enough.

      1. Streams from PCs
      2. Has on-board storage for when my laptop is absent
      3. Doesn't suck.

  8. Re:Editor ? by Majik+Sheff · · Score: 4, Funny

    Two things that appear to be true about the author of the article and not about you:

    1. The author's first language was not English
    2. The author has a girlfriend.

    Between English tenses and a hot European chick, I know which one I'd prefer to be conjugating.

    --
    Women are like electronics: you don't know how damaged they are until you try to turn them on.
  9. Re:Slashdotter already by Anonymous Coward · · Score: 5, Informative

    Here's the key on the VideoLan boards.

    Airport RSA Key

  10. posted to vlc-devel list by pinkishpunk · · Score: 5, Informative

    he did a post to the vlc-devel list here, http://mailman.videolan.org/pipermail/vlc-devel/2011-April/079616.html It private rsa key is there, might be a good thing to download, if you are worried apple might do something stupid.

  11. SHAirport 0.01 backup copy by pixline · · Score: 3, Informative

    Here's the code you would have find on that page. I saved it earlier, here you go: http://www.multiupload.com/0EUN2QKDMT (Yes, it does include something like a private key. Don't ask me if it's THAT key, I don't know.)

  12. The best part by AK76 · · Score: 5, Interesting

    From the README:
    "Thanks also to Apple for obfuscating the private key in the ROM image, using a
    scheme that made the deobfuscation code itself stand out like a flare."

  13. Re:Interesting... by Stavr0 · · Score: 2

    How long before we see some hacked firmware for normal routers, I wonder?

    That's a great idea... but I can't seem to find the audio-out on my Linksys router ...

  14. Re:and how many people use Airport? by characterZer0 · · Score: 5, Interesting

    I bought one once. I set up the network for a small organization and every time there was any kind of problem they blamed the WiFi router and called me. I bought a Airport and threw that in there instead. Now they have just as many problems but they assume that the Apple product cannot possibly be the issue, and I have not received a complaint from them since. It has been a almost two years. It was well worth the $180 to me.

    --
    Go green: turn off your refrigerator.
  15. Re:Slashdotter already by Hazel+Bergeron · · Score: 5, Informative

    And here's a post which may or may not receive a takedown notice from Apple. Remove the extra spaces inserted to evade the lameness filter.

    -----BEGIN RSA PRIVATE KEY-----
    MIIEpQIBAAKCAQEA59dE8qLie ItsH1WgjrcFRKj6eUWqi+bGLOX1HL3U3GhC/j0Qg90u3sG/1CUt
    wC5vOYvfDmFI6oSFXi5ELabWJ mT2dKHzBJKa3k9ok+8t9ucRqMd6DZHJ2YCCLlDRKSKv6kDqnw4U
    wPdpOMXziC/AMj3Z/lUVX1G7W SHCAWKf1zNS1eLvqr+boEjXuBOitnZ/bDzPHrTOZz0Dew0uowxf /+sG+NCK3eQJVxqcaJ/vEHKIVd 2M+5qL71yJQ+87X6oV3eaYvt3zWZYD6z5vYTcrtij2VZ9Zmni/
    UAaHqn9JdsBWLUEpVviYnhimN VvYFZeCXg/IdTQ+x4IRdiXNv5hEewIDAQABAoIBAQDl8Axy9XfW
    BLmkzkEiqoSwF0PsmVrPzH9Ks nwLGH+QZlvjWd8SWYGN7u1507HvhF5N3drJoVU3O14nDY4TFQAa
    LlJ9VM35AApXaLyY1ERrN7u9AL Kd2LUwYhM7Km539O4yUFYikE2nIPscEsA5ltpxOgUGCY7b7ez5
    NtD6nL1ZKauw7aNXmVAvmJTcuP xWmoktF3gDJKK2wxZuNGcJE0uFQEG4Z3BrWP7yoNuSK3dii2jm
    lpPHr0O/KnPQtzI3eguhe0TwUem/e YSdyzMyVx/YpwkzwtYL3sR5k0o9rKQLtvLzfAqdBxBurciz
    aaA/L0HIgAmOit1GJA2saMxTVPNh AoGBAPfgv1oeZxgxmotiCcMXFEQEWflzhWYTsXrhUIuz5jFu
    a39GLS99ZEErhLdrwj8rDDViRVJ5s kOp9zFvlYAHs0xh92ji1E7V/ysnKBfsMrPkk5KSKPrnjndM
    oPdevWnVkgJ5jxFuNgxkOLMuG9i53 B4yMvDTCRiIPMQ++N2iLDaRAoGBAO9v//mU8eVkQaoANf0Z
    oMjW8CN4xwWA2cSEIHkd9AfFkftuv8 oyLDCG3ZAf0vrhrrtkrfa7ef+AUb69DNggq4mHQAYBp7L+
    k5DKzJrKuO0r+R0YbY9pZD1+/g9dVt9 1d6LQNepUE/yY2PP5CNoFmjedpLHMOPFdVgqDzDFxU8hL
    AoGBANDrr7xAJbqBjHVwIzQ4To9pb4B NeqDndk5Qe7fT3+/H1njGaC0/rXE0Qb7q5ySgnsCb3DvA
    cJyRM9SJ7OKlGt0FMSdJD5KG0XPIpA VNwgpXXH5MDJg09KHeh0kXo+QA6viFBi21y340NonnEfdf
    54PX4ZGS/Xac1UK+pLkBB+zRAoGAf0 AY3H3qKS2lMEI4bzEFoHeK3G895pDaK3TFBVmD7fV0Zhov
    17fegFPMwOII8MisYm9ZfT2Z0s5Ro3s5r kt+nvLAdfC/PYPKzTLalpGSwomSNYJcB9HNMlmhkGzc
    1JnLYT4iyUyx6pcZBmCd8bD0iwY/FzcgN DaUmbX9+XDvRA0CgYEAkE7pIPlE71qvfJQgoA9em0gI
    LAuE4Pu13aKiJnfft7hIjbK+5kyb3TysZvoyD nb3HOKvInK7vXbKuU4ISgxB2bB3HcYzQMGsz1qJ
    2gG0N5hvJpzwwhbhXqFKA4zaaSrw622wD niAK5MlIE0tIAKKP4yxNGjoD2QYjhBGuhvkWKaXTyY=
    -----END RSA PRIVATE KEY-----

  16. Very cool hack! by GameboyRMH · · Score: 2, Insightful

    Now what the hell's an AirPlay and what good is it to me?

    Oh, it's an Apple-proprietary media streaming protocol? Well, I give an A+ for l33tness, but an F for choosing a useful target.

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
    1. Re:Very cool hack! by guzziguy · · Score: 2

      As someone who owns an AirPlay-enabled Denon AV receiver, I can tell you from first-hand experience that AirPlay is a pretty useful and slick feature. By selecting the Denon as the output in my iPod/iTunes/Whatever and hitting "play", the Denon will automatically wake up, switch to the correct (network) input, and start playing the stream. If the TV is on, song info is displayed there (as well as on the front of the AVR). Also, you can adjust the volume of the AVR simply by using the normal volume controls on whatever device is doing the streaming.

      Now, is this any good to you? Maybe, maybe not. I was impressed by how well the integration worked, though.

  17. I use airport express. Several. by tivoKlr · · Score: 2

    The airport express is 99 bucks I believe. If my stupid work firewall didn't block the "apple everything" then I could look and see. I know I've seen them for $89 and $79 at times... Throw 3 or 4 around your house, they're awesome just for the airplay aspect, regardless of the other features (router, printer sharing).

    --
    Ocean is land, covered with water.
  18. Re:and how many people use Airport? by necro81 · · Score: 2

    He was specifically referring to the Airport Express, which retails for $99. [link]

    And for that pricetag, you get the ability to stream music from basically any device on the network (server, laptop, iPhone, etc.) to wherever the Airport is. You also get wireless printing.

    I shouldn't be surprised that a guy, when confronted with a broken Airport Express, would go through all the effort of breaking it open, dumping the ROM, and reverse engineering the private key. People get curious, people like to tinker, and the human race is better for it. But, on the other hand, you can pick up an Airport Express for $25-$50 on craiglist or ebay and saved yourself a whole lot of trouble.

  19. Link to the source code and perl script by sheetzam · · Score: 4, Informative

    http://mafipulation.org/static/shairport-0.02.tar.gz. c source code and perl script included. Link still working as I post this.

    --
    "Actually, I enjoyed this in the same vague, horrible way I enjoyed the A-Team" P. Opus
  20. Re:"Reverse Engineering" how? by _0xd0ad · · Score: 2

    The ROM doesn't just contain data; it contains both code and data. Reverse engineering the code was necessary to determine where in the code/data the private key was located. They could have put it anywhere on the ROM.

  21. Re:Good guys? Really? by Squiggle · · Score: 5, Insightful

    You're pro-open source, so that makes you a "good guy"? I like chocolate, you like vanilla, ergo, I am good, you are bad.

    Does being pro-freedom make you a good guy? Does believing that everyone should have free access make you a good guy? Does helping your others make you a good guy?

    Free software ideology isn't about the end product, it isn't chocolate versus vanilla, it is about process and access: how do we choose what gets made, how do we make it, who gets to make it and who gets access to what has been made?

    --
    Complexity Happens
  22. Key question by jamescford · · Score: 2

    So, was she impressed?

  23. Re:and how many people use Airport? by mR.bRiGhTsId3 · · Score: 2

    The airport express is $99 and is one of the few consumer routers that properly supports ipv6

  24. What does it do? by the_other_chewey · · Score: 3, Interesting

    Could someone familiar with Apple stuff please explain
    what exactly this key is for?

    Why would a wifi AP need a secret key?

    1. Re:What does it do? by ceoyoyo · · Score: 5, Informative

      The Airport Express AP has an audio out jack. An iPhone, iPod Touch, iPad or iTunes can route music to that device. Unfortunately when it was introduced Apple decided to encrypt the stream so only Airport Expresses were valid receivers. Now anything that has a network connection and can run a program can be the receiver.

    2. Re:What does it do? by LoganDzwon · · Score: 2

      the "secret" key is a thing they are obligated to support to comply with their contracts with the music companies. You can always tell when it's something like that because they will put the bare minimum effort into it.

  25. Re:Slashdotter already by Fex303 · · Score: 4, Funny

    That's amazing! I've got the same combination on my luggage!

  26. Re:Nonchalant by daid303 · · Score: 2

    If Apple follows the same tactics as Sony, then he doesn't need to worry. People will come around to remove his harddrives for him soon enough!

  27. Re:Slashdotter already by Shakrai · · Score: 5, Funny

    No one time pad. Less space than a TrueCrypt container. Lame.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  28. Re:Good guys? Really? by Hijacked+Public · · Score: 4, Insightful

    how do we choose what gets made

    By either making it yourself, or by purchasing something made by someone else only when it fits all your particular requirements.

    how do we make it, who gets to make it and who gets access to what has been made?

    If you truly value freedom, and not just freedom for you and those who agree with your particular worldview, you don't 'choose' those things. You allow people to be free to make whatever they like however they like and you react to those choices as above.

    Apple's products are Apple's right up to the point where they sell them to you. If they choose to not make the source code for their software available and sell it only as a compiled version, that is their choice. If they choose to offer only their own means on installing additional software, their choice.

    To argue they should be obligated differently is fine with me, but to cloak that under the guise of promoting 'freedom' is not.

    --
    "Sacrifice for the good of The State" - The State
  29. Re:Cue lawsuit in ... by jrumney · · Score: 5, Informative

    The DCMA has an exception for reverse engineering for compatibility. In this case, the private key is not protecting content, it is protecting Apple's monopoly on interoperating with iDevices in a particular way, so it was fair game.

  30. Re:and how many people use Airport? by snowraver1 · · Score: 3, Funny

    I replaced my wife with a laptop too! The sex has never been better!

    --
    Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
  31. Getting iTunes to talk to remote speakers by martijnd · · Score: 4, Informative

    From: http://www.cocoadev.com/index.pl?AirTunesEncryption

    The Apple-Challenge / Apple-Response is iTunes' method to verify that it's talking to an Airport Express; it may be similar to the DAAP one which has been reverse-engineered. These headers are optional when talking to the Airport Express, so it's possible for other programs to talk to the Express but it'll be difficult to get iTunes to talk to something other than the Airport Express.

    Until we get the private key out of the AirPortExpress, it's not possible to convince iTunes to send anything to a non-AirPortExpress client (say, another computer pretending to be an AirPortExpress).

    Seems that problem has now been solved.

  32. Re:and how many people use Airport? by necro81 · · Score: 2, Informative

    By "streaming music" I mean that it has an audio-out port: you can plug it directly into a stereo and play the music from your computer (or other wireless device on the local network) to your stereo. Most wireless routers don't do that: you usually need some additional piece of equipment to bridge from the network to your audio gear (e.g. a Sonos player). Also, the bit about wireless printing also isn't facile: the Airport Express has a built-in print server and a USB port for connecting printers to it. There are other wireless routers with that feature, but it is hardly universal. So in addition to being a fine wireless router for slinging bits around the aether it also has some very useful network-to-real-world features that make it more useful than a commodity router. And, when the Airport Express first came out 5-6 six years ago, this combination of features was unique in a wireless router, particularly at that price point.

  33. No by unassimilatible · · Score: 2, Insightful

    Like IP or not, the Constitution speaks to patent and copyright. I happen to believe that IP laws can, but not always do in practice, increase innovation. As an Apple stockholder, I'd prefer people don't hack their products, and that Steve Jobs decides how Apple software will be designed. You might disagree, and think other people's intellectual property should be "free," but it doesn't make you a good guy, except, apparently here on Mod Abuse Central, where I got modded "flamebait" for daring to not toe the party line. Real flame there!

    So no, you're entitled to your views, but imposing them on someone else does not make you good. It makes you kind of officious actually. And people who modded me flamebait for saying it, you are definitely not good.

    --
    Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
    1. Re:No by unassimilatible · · Score: 2

      That's rich. A government that is big enough to give companies like Apple all the IP rights they want is big enough to take them away from the rest of us.

      Actually, the Constitution guarantees both Apple and you certain rights. But if you only want yours protected, you're a hypocrite - and short sighted. Once the camel's nose is under the tent, he doesn't care whose sandwich he eats.

      The thing is, though, once I buy the product, it isn't Apple's anymore, and I can and will do with it as I please.

      The DMCA or other IP laws might disagree. Ignore laws at your own peril. Flaunt them publicly, and invite even more peril. If you're really willing to test your dogma at the risk of prosecution or lawsuit, good for you. But I'll bet you're just the kind of guy who would complain if his boss read his e-mail on work servers, arguing for the privacy of your proprietary words.

      If you're not an Apple user, why do you care what they do, officious boy? If you are, you bought it eyes wide open. In the latter case, you're like the person who buys cigs with the big nanny warning label, then sues after he gets cancer.

      --
      Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
  34. If apple wants to lock things away... by HalAtWork · · Score: 2

    If Apple wants to lock things away, how does going public help? Would the public shoot themselves in the foot by improving the protection on Apple's tools? Would the public help perfect DRM to keep the important stuff locked away from themselves? Or would we just take it and do what *we* want with it? Opening everything may be for the ultimate good, but that's not what Apple cares about. So of course they're going to go with obscurity. Which for-profit businesses are altruistic?

    --
    Twinstiq, game news
  35. Re:and how many people use Airport? by Albanach · · Score: 2

    (This has got to be a dumb question, but once someone answers it, I think I'll start to understand how the Airport is special.)

    Not dumb. You're assuming it's just some sort of wireless router or access point. It does more.

    It has audio out and a USB connector. Audio out can be connected to speakers, so you can take music that you're listening to on your iPod and say, play this in the Living Room. The airport express in the living room can then start playing your audio to the hi-fi. I'm not sure if you can do it from the iPad, but paying from iTunes you should also be able to play multiroom audio if you have several Airport Express.

    Similarly you can print to a printer attached by USB to an airport express.

  36. Re:and how many people use Airport? by Anonymous Coward · · Score: 2, Funny

    Because the audio jack fits just right?

  37. Re:and how many people use Airport? by dkuntz · · Score: 2

    Most WiFi routers do not have a 3.5mm audio out jack. A vast number do not have USB ports which will recognize printers and drives (and even work with USB hubs so you can have both).

    He doesnt mean you can stream from 1 PC to another, or print to a network printer, or a printer attached to another PC. Plug speakers into Airport Express. Stream music to Airport Express. Music comes out of speakers. No further PC required.

    --
    OMG... I have a sig?
  38. Re:Good guys? Really? by CharlyFoxtrot · · Score: 2

    Are you honestly suggesting that he killed his wife over open vs. closed source?

    What ? No ! I was refuting the assertion that liking open source makes you a good guy. You can be an open source guy and still be a murderous asshole. So :

    Q > Does being pro-freedom make you a good guy? Does believing that everyone should have free access make you a good guy? Does helping your others make you a good guy?

    A > No (or more accurately: not necessarily)

    --
    If all else fails, immortality can always be assured by spectacular error.
  39. Re:[speculation] Apple's reaction by Spykk · · Score: 2

    Then he will just need to pull the new key out of the firmware update. The cat is already out of the bag so to speak.

  40. Re:Slashdotter already by hey! · · Score: 5, Funny

    Thanks for that. One thing about getting older is that your memory doesn't dish up all the bits you need on time. So you end up having conversations like this:

    Me: Hahaha!
    Wife: What's so funny?
    Me: Look what this guy wrote: 'That's amazing! I've got the same combination on my luggage!' Haha!
    Wife: Why is that funny?
    Me [frowning]: I don't know.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  41. Re:Slashdotter already by capmilk · · Score: 4, Funny

    What the hell do you have in your luggage that needs THAT?!?

    An Airport Express Station.

  42. Look at the forest, not the trees by awtbfb · · Score: 3, Interesting

    Everyone is looking at the tree, not the forest. While everyone is going to jump on the "Apple did this to make money" argument, you know a major reason for this key was Apple's way of keeping content providers happy. Now that it's broken, there is a new "analog hole" for audio and video content. It is easy to imagine a computer using this to create a digital media file rather than routing to speakers. I suspect it won't be long before content providers pressure Apple into using secondary data to confirm iTunes is talking to a legit device.

    1. Re:Look at the forest, not the trees by PhunkySchtuff · · Score: 3, Interesting

      You can't stream video to an AirPort Express, so there's no new analog hole for video content.
      Even with protected audio content, you could still burn this to a CD as Red Book CDDA audio, which you could then freely "Rip, Mix, Burn" so it hasn't really enabled anything new for audio either.

      What it does allow for is replacing a dead AirPort Express with something more reliable. Those little fuckers (earlier models at least) had a very bad habit of just randomly dying, and usually after a bit more than one year old, conveniently out of warranty. The fault was 200V rated capacitors used in the power supply that were fine in a 110V supply area but eventually died when on 240V...

      --
      Specialist Mac support for creative pros, Melbourne
  43. Re:Cue lawsuit in ... by sabt-pestnu · · Score: 2

    You may be right, but that doesn't mean that he would not be required to prove it in a court of law. 's why SLAPP legislation exists as well. Don't like what someone is doing? Sue them. Either you run them out of money and roll over them in court, or they settle "your way".

  44. Re:Slashdotter already by dgatwood · · Score: 3, Funny

    What is there to understand?

    His girlfriend was the director of programming for Fox and changed the time slot for House. This made her Airport Express mad at her, so it is withholding sex with her other wireless access point as punishment.

    I mean, jeez. How hard can it be to understand? Seems pretty straightforward to me.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  45. Re:Cue lawsuit in ... by Kamiza+Ikioi · · Score: 2

    Since when has that ever stopped companies from initiating pointless lawsuits?

    --
    I8-D
  46. Re:Cue lawsuit in ... by Radium+Eyes · · Score: 3, Informative

    In this case, the private key is not protecting content

    It does protect content, somewhat—iTunes decrypts (and decompresses and recompresses as Apple Lossless) DRMed audio before sending it to an Airport Express. Emulating an Airport Express allows one to obtain the decrypted audio, though not in its original oompressed form; it's no more of a hole than burning to a CD.

  47. Re:Dumped the ROM by _0xd0ad · · Score: 2

    Either by plugging into a programming interface, or if there is none by removing the ROM chip from its socket or de-soldering it and then reading it with a special device. You do know the basic gist of how a ROM works? You give it voltage, a clock, and an address, and you get a single unit of memory (byte or word). You record the contents of that memory cell, increment the address counter, pulse the clock, and you get the next unit of memory. Etc. Obviously you use a computerized device that does that automatically.