Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple AirPlay Private Key Exposed

Posted by CmdrTaco on from the i-see-what-you-did-there dept.

An anonymous reader writes "James Laird has reverse engineered the Airport Express private key and published an open source AirPort Express emulator. 'My girlfriend moved house, and her Airport Express no longer made it with her wireless access point. I figured it'd be easy to find an ApEx emulator — there are several open source apps out there to play to them. However, I was disappointed to find that Apple used a public-key crypto scheme, and there's a private key hiding inside the ApEx. So I took it apart (I still have scars from opening the glued case!), dumped the ROM, and reverse engineered the keys out of it.'"

25 of 306 comments (clear)

  1. Please tell me by MarkRose · · Score: 5, Funny

    If you extract the ROM out of an Apple device, is that a core dump?

    --
    Be relentless!
  2. real easy innit by amn108 · · Score: 4, Funny

    I like how easy he makes it sound :-)

    Things you need to hack the Airport Express:

    1. Girlfriend
    2. A pinch of dissappointment
    3. Wilingness to break open glued Apple casing

    1. Re:real easy innit by BigDish · · Score: 4, Funny

      Have you ever tried to open one of the glued-together cases? That's by far more difficult than getting a girlfriend

    2. Re:real easy innit by gstoddart · · Score: 4, Funny

      1. Girlfriend
      2. A pinch of dissappointment

      Don't know about you, but I've found that #1 can lead to #2 -- and has on several occasions.

      --
      Lost at C:>. Found at C.
    3. Re:real easy innit by clickclickdrone · · Score: 5, Funny

      >2. A pinch of dissappointment
      The considerably less lethal version of Spock's death grip.

      --
      I want a list of atrocities done in your name - Recoil
    4. Re:real easy innit by Lumpy · · Score: 4, Funny

      Not if you freeze them with dry ice and hit them with a hammer...

      Yes it works with glued together cases as well.

      --
      Do not look at laser with remaining good eye.
  3. Open source win by jhigh · · Score: 4, Insightful

    Score one for the good guys. This is just further proof that security through obscurity is a myth. You cannot expect that keeping everything locked inside your proprietary case is going to keep it secure. The best security is sunlight. Let the community poke and prod at your software and/or hardware and it will only improve your offering.

    --
    Social Engineering Expert: Because there is no patch for stupidity.
    1. Re:Open source win by agentgonzo · · Score: 4, Insightful

      This is just further proof that security through obscurity is a myth.

      Unfortunately, you can boil the entirety of information theory to 'security through obscurity'. Airplay uses public key encryption and is in that sense 'secure'. Everything that needs to read the encrypted content (in this case the airplay device) needs to have the key to decrypt it. Thus you can argue that the whole system is 'security through obscurity' because it is relying on the 'obscurity' of the private key that the end-user can't get access to (unless the pry it open with a butterknife and dump the ROM).

  4. Re:Editor ? by Majik+Sheff · · Score: 4, Funny

    Two things that appear to be true about the author of the article and not about you:

    1. The author's first language was not English
    2. The author has a girlfriend.

    Between English tenses and a hot European chick, I know which one I'd prefer to be conjugating.

    --
    Women are like electronics: you don't know how damaged they are until you try to turn them on.
  5. Re:Slashdotter already by Anonymous Coward · · Score: 5, Informative

    Here's the key on the VideoLan boards.

    Airport RSA Key

  6. posted to vlc-devel list by pinkishpunk · · Score: 5, Informative

    he did a post to the vlc-devel list here, http://mailman.videolan.org/pipermail/vlc-devel/2011-April/079616.html It private rsa key is there, might be a good thing to download, if you are worried apple might do something stupid.

  7. The best part by AK76 · · Score: 5, Interesting

    From the README:
    "Thanks also to Apple for obfuscating the private key in the ROM image, using a
    scheme that made the deobfuscation code itself stand out like a flare."

  8. Re:and how many people use Airport? by characterZer0 · · Score: 5, Interesting

    I bought one once. I set up the network for a small organization and every time there was any kind of problem they blamed the WiFi router and called me. I bought a Airport and threw that in there instead. Now they have just as many problems but they assume that the Apple product cannot possibly be the issue, and I have not received a complaint from them since. It has been a almost two years. It was well worth the $180 to me.

    --
    Go green: turn off your refrigerator.
  9. Re:Slashdotter already by Hazel+Bergeron · · Score: 5, Informative

    And here's a post which may or may not receive a takedown notice from Apple. Remove the extra spaces inserted to evade the lameness filter.

    -----BEGIN RSA PRIVATE KEY-----
    MIIEpQIBAAKCAQEA59dE8qLie ItsH1WgjrcFRKj6eUWqi+bGLOX1HL3U3GhC/j0Qg90u3sG/1CUt
    wC5vOYvfDmFI6oSFXi5ELabWJ mT2dKHzBJKa3k9ok+8t9ucRqMd6DZHJ2YCCLlDRKSKv6kDqnw4U
    wPdpOMXziC/AMj3Z/lUVX1G7W SHCAWKf1zNS1eLvqr+boEjXuBOitnZ/bDzPHrTOZz0Dew0uowxf /+sG+NCK3eQJVxqcaJ/vEHKIVd 2M+5qL71yJQ+87X6oV3eaYvt3zWZYD6z5vYTcrtij2VZ9Zmni/
    UAaHqn9JdsBWLUEpVviYnhimN VvYFZeCXg/IdTQ+x4IRdiXNv5hEewIDAQABAoIBAQDl8Axy9XfW
    BLmkzkEiqoSwF0PsmVrPzH9Ks nwLGH+QZlvjWd8SWYGN7u1507HvhF5N3drJoVU3O14nDY4TFQAa
    LlJ9VM35AApXaLyY1ERrN7u9AL Kd2LUwYhM7Km539O4yUFYikE2nIPscEsA5ltpxOgUGCY7b7ez5
    NtD6nL1ZKauw7aNXmVAvmJTcuP xWmoktF3gDJKK2wxZuNGcJE0uFQEG4Z3BrWP7yoNuSK3dii2jm
    lpPHr0O/KnPQtzI3eguhe0TwUem/e YSdyzMyVx/YpwkzwtYL3sR5k0o9rKQLtvLzfAqdBxBurciz
    aaA/L0HIgAmOit1GJA2saMxTVPNh AoGBAPfgv1oeZxgxmotiCcMXFEQEWflzhWYTsXrhUIuz5jFu
    a39GLS99ZEErhLdrwj8rDDViRVJ5s kOp9zFvlYAHs0xh92ji1E7V/ysnKBfsMrPkk5KSKPrnjndM
    oPdevWnVkgJ5jxFuNgxkOLMuG9i53 B4yMvDTCRiIPMQ++N2iLDaRAoGBAO9v//mU8eVkQaoANf0Z
    oMjW8CN4xwWA2cSEIHkd9AfFkftuv8 oyLDCG3ZAf0vrhrrtkrfa7ef+AUb69DNggq4mHQAYBp7L+
    k5DKzJrKuO0r+R0YbY9pZD1+/g9dVt9 1d6LQNepUE/yY2PP5CNoFmjedpLHMOPFdVgqDzDFxU8hL
    AoGBANDrr7xAJbqBjHVwIzQ4To9pb4B NeqDndk5Qe7fT3+/H1njGaC0/rXE0Qb7q5ySgnsCb3DvA
    cJyRM9SJ7OKlGt0FMSdJD5KG0XPIpA VNwgpXXH5MDJg09KHeh0kXo+QA6viFBi21y340NonnEfdf
    54PX4ZGS/Xac1UK+pLkBB+zRAoGAf0 AY3H3qKS2lMEI4bzEFoHeK3G895pDaK3TFBVmD7fV0Zhov
    17fegFPMwOII8MisYm9ZfT2Z0s5Ro3s5r kt+nvLAdfC/PYPKzTLalpGSwomSNYJcB9HNMlmhkGzc
    1JnLYT4iyUyx6pcZBmCd8bD0iwY/FzcgN DaUmbX9+XDvRA0CgYEAkE7pIPlE71qvfJQgoA9em0gI
    LAuE4Pu13aKiJnfft7hIjbK+5kyb3TysZvoyD nb3HOKvInK7vXbKuU4ISgxB2bB3HcYzQMGsz1qJ
    2gG0N5hvJpzwwhbhXqFKA4zaaSrw622wD niAK5MlIE0tIAKKP4yxNGjoD2QYjhBGuhvkWKaXTyY=
    -----END RSA PRIVATE KEY-----

  10. Link to the source code and perl script by sheetzam · · Score: 4, Informative

    http://mafipulation.org/static/shairport-0.02.tar.gz. c source code and perl script included. Link still working as I post this.

    --
    "Actually, I enjoyed this in the same vague, horrible way I enjoyed the A-Team" P. Opus
  11. Re:Good guys? Really? by Squiggle · · Score: 5, Insightful

    You're pro-open source, so that makes you a "good guy"? I like chocolate, you like vanilla, ergo, I am good, you are bad.

    Does being pro-freedom make you a good guy? Does believing that everyone should have free access make you a good guy? Does helping your others make you a good guy?

    Free software ideology isn't about the end product, it isn't chocolate versus vanilla, it is about process and access: how do we choose what gets made, how do we make it, who gets to make it and who gets access to what has been made?

    --
    Complexity Happens
  12. Re:Apple-time by Mia'cova · · Score: 5, Funny

    Let's see someone add airplay support to the ps3. See how many companies can get pissed off at once. If you play it right, they could be goaded into fighting each other. Fingers crossed! Maybe these companies will finally deliver something entertaining to watch :)

  13. Re:Slashdotter already by Fex303 · · Score: 4, Funny

    That's amazing! I've got the same combination on my luggage!

  14. Re:Slashdotter already by Shakrai · · Score: 5, Funny

    No one time pad. Less space than a TrueCrypt container. Lame.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  15. Re:Good guys? Really? by Hijacked+Public · · Score: 4, Insightful

    how do we choose what gets made

    By either making it yourself, or by purchasing something made by someone else only when it fits all your particular requirements.

    how do we make it, who gets to make it and who gets access to what has been made?

    If you truly value freedom, and not just freedom for you and those who agree with your particular worldview, you don't 'choose' those things. You allow people to be free to make whatever they like however they like and you react to those choices as above.

    Apple's products are Apple's right up to the point where they sell them to you. If they choose to not make the source code for their software available and sell it only as a compiled version, that is their choice. If they choose to offer only their own means on installing additional software, their choice.

    To argue they should be obligated differently is fine with me, but to cloak that under the guise of promoting 'freedom' is not.

    --
    "Sacrifice for the good of The State" - The State
  16. Re:Cue lawsuit in ... by jrumney · · Score: 5, Informative

    The DCMA has an exception for reverse engineering for compatibility. In this case, the private key is not protecting content, it is protecting Apple's monopoly on interoperating with iDevices in a particular way, so it was fair game.

  17. Getting iTunes to talk to remote speakers by martijnd · · Score: 4, Informative

    From: http://www.cocoadev.com/index.pl?AirTunesEncryption

    The Apple-Challenge / Apple-Response is iTunes' method to verify that it's talking to an Airport Express; it may be similar to the DAAP one which has been reverse-engineered. These headers are optional when talking to the Airport Express, so it's possible for other programs to talk to the Express but it'll be difficult to get iTunes to talk to something other than the Airport Express.

    Until we get the private key out of the AirPortExpress, it's not possible to convince iTunes to send anything to a non-AirPortExpress client (say, another computer pretending to be an AirPortExpress).

    Seems that problem has now been solved.

  18. Re:What does it do? by ceoyoyo · · Score: 5, Informative

    The Airport Express AP has an audio out jack. An iPhone, iPod Touch, iPad or iTunes can route music to that device. Unfortunately when it was introduced Apple decided to encrypt the stream so only Airport Expresses were valid receivers. Now anything that has a network connection and can run a program can be the receiver.

  19. Re:Slashdotter already by hey! · · Score: 5, Funny

    Thanks for that. One thing about getting older is that your memory doesn't dish up all the bits you need on time. So you end up having conversations like this:

    Me: Hahaha!
    Wife: What's so funny?
    Me: Look what this guy wrote: 'That's amazing! I've got the same combination on my luggage!' Haha!
    Wife: Why is that funny?
    Me [frowning]: I don't know.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  20. Re:Slashdotter already by capmilk · · Score: 4, Funny

    What the hell do you have in your luggage that needs THAT?!?

    An Airport Express Station.