Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Wireless (Apple) Encryption Security Media Media (Apple) Music Hardware

Johansen Cracks AirPort Express Encryption 459

womby writes "DVD Jon has just announced that he cracked the encryption in Apple's AirPort Express. 'I've released JustePort, a tool which lets you stream MPEG4 Apple Lossless files to your AirPort Express. The stream is encrypted with AES and the AES key is encrypted with RSA.' No real details of the process employed in cracking the unit but newsworthy none the less."
This discussion has been archived. No new comments can be posted.

Johansen Cracks AirPort Express Encryption

Comments Filter:
  • by flamingnight ( 234353 ) <chris.garaffa@NOsPam.gmail.com> on Thursday August 12, 2004 @09:45AM (#9947832)
    I wonder if Apple Legal will have a DMCA fit about this. And how good their case would be.
    • by garcia ( 6573 ) * on Thursday August 12, 2004 @09:47AM (#9947854)
      Of course they will, I don't even know why you bothered to mention it. The real question is will it fit under the provisions allowing for reverse engineering or will it fall under the category of malicious code breaking?

      We all know what it should fall under. What category Apple's lawyers make it fall under is a different story.
    • by Anonymous Coward
      why would they ?, Jon is from Norway where US laws and ideals do not apply

      welcome to the rest of the world, where there is more of them than you

    • Their case might be good, but it would also be irrelevant - as the chap concerned (and presumably his internet server) aren't in the US.

      (Extradition for a DMCA offence is pretty much out of the question.)
    • Too bad... (Score:4, Interesting)

      by Kjella ( 173770 ) on Thursday August 12, 2004 @10:17AM (#9948196) Homepage
      ...there is no DMCA here :D Of course, once the EUCD is passed into law (sooner or later), it may be a problem.

      Kjella
      • Re:Too bad... (Score:3, Informative)

        ...there is no DMCA here :D Of course, once the EUCD is passed into law (sooner or later), it may be a problem.

        Norway is not in EU [eubusiness.com].
        • Re:Too bad... (Score:3, Informative)

          by Ost99 ( 101831 ) *
          Doesn't matter. Norway still has to implement EUCD.
      • Re:Too bad... (Score:4, Informative)

        by arcade ( 16638 ) on Thursday August 12, 2004 @11:23AM (#9949077) Homepage
        Last time I spoke to Per (Jon's father), he told me that Jon has moved to France. Still no DMCA, but maybe the EUCD will come in play quite a bit faster down there than here in Norway.

      • I don't think it will. We're winning this, DRM won't have the protection it has under the DMCA, I'm pretty sure.

        The DeCSS case raised a lot of awareness, and if you compare the reaction in the mainstream towards DeCSS with stories they print now, they are very different. About DeCSS, they were decidedly hostile, now it ranges from neutral to printing HOWTOs on cracking crippled CDs. Several commentators have started to understand why DRM is bad, and so we've got the big mainstream media's attention. In fa

  • huh, sounds solid... (Score:4, Interesting)

    by kippy ( 416183 ) on Thursday August 12, 2004 @09:48AM (#9947862)
    Well it sounds like Apple did the right thing by using AES and RSA which are both industry standard and not some crazy "applecrypt" or something. Must be a really weak key or poor implementation or the protocol.
  • Great News (Score:5, Interesting)

    by Rura Penthe ( 154319 ) on Thursday August 12, 2004 @09:48AM (#9947865)
    This is great news. I want any application I own on any platform (OS X/Windows/Linux/Zeta!) to be capable of streaming to an Airport Express. I can't imagine that this would really upset Apple since you're still buying their hardware. It just lets you use the hardware with more applications. If iTunes is still the best and most elegant way, people will use that.

    Of course...Apple isn't always logical like that, and there may be some precedent set that would injure them in court some time later.
    • I can't imagine that this would really upset Apple since you're still buying their hardware.

      Because they not only want you to buy the Airport Express they want you to buy the iPod and purchase from iTMS.
      • Re:Great News (Score:5, Interesting)

        by Rude Turnip ( 49495 ) <valuation&gmail,com> on Thursday August 12, 2004 @09:56AM (#9947955)
        You can use an Airport Express and never buy anything from iTMS or purchase an iPod...just use your own MP3 collection. All three hardware products depend upon iTunes, but neither hardware item requires the other to use.

        To be honest, Apple's products become much more useful (and more desirable to purchase) when people come out with neat hacks like this. The only reason I spend big bucks in their music store is because the DRM has been broken through the Hymn project.
        • Re:Great News (Score:5, Insightful)

          by garcia ( 6573 ) * on Thursday August 12, 2004 @10:00AM (#9947989)
          To be honest, Apple's products become much more useful (and more desirable to purchase) when people come out with neat hacks like this.

          The only thing that makes it more attractive is that Apple finds a way to close the hole exposed by John's (or his friends') hack and the RIAA continues to let Apple distribute their wares for a reduced price.

          Once Apple cannot guarantee that the music is protected from "theft" then the RIAA will pull the plug on our "cheap" downloading.
          • Re:Great News (Score:3, Insightful)

            by raytracer ( 51035 )

            Once Apple cannot guarantee that the music is protected from "theft" then the RIAA will pull the plug on our "cheap" downloading.

            This is absurd. Apple can't make any such guarantee, since it is obviously false. Pretending otherwise is just silly. If copy protection worked, we would not need laws to make breaking it illegal.

            But beyond that, this hack has nothing to do with copy protection. Using this hack you can only encode streams for playback on the Airport Express, not decrypt them. It do

    • Re:Great News (Score:4, Insightful)

      by foidulus ( 743482 ) * on Thursday August 12, 2004 @09:54AM (#9947922)
      Well, a potential abuse of this system could be wardriving with cannibal corpse. If crackers can figure out how to encrypt the songs, they can war drive around till they find an AE and play, "Entrails Ripped From a Virgin's Cunt" instead of the Seasame Street sings the family wanted to play. There are valid reasons to having this encrypted.
      Also, the RIAA probably put some pressure on Apple to encrypt the songs. While I don't like piracy, the thought of someone driving around so they can download music that other people they don't know are listening to is very bizzare.
      • Re:Great News (Score:5, Informative)

        by Kristoph ( 242780 ) on Thursday August 12, 2004 @10:06AM (#9948068)
        The hack in question does not permit you to stream to the AE unless you have access to the network on which the AE resides. If you did gain access to that network in some way you could still engage in the "abuse" you mention through iTunes without this hack.

        The point of the hack is to permit you to stream music from programs other than iTunes to an AE you have access to and not to hijack AE's.

        ]{
      • There is a simple criterion: if you, the user, have a way to read your private keys, it is fine. Encryption is here to help you. When your stuff is encrypted and you can not read your own private keys, the encryption is not here to help you. And you are, definitely, a sucker.
    • Re:Great News (Score:3, Insightful)

      by MacGod ( 320762 )
      The only concern I would have if I were in Apple's legal department, would be that if something like the INDUCE act passes, making it illegal to enable people to commit copyright infringement, then they might be liable, since now you are streaming perfect, digital music to all your neighbours.
    • Re:Great News (Score:3, Interesting)

      by sammy baby ( 14909 )

      Of course...Apple isn't always logical like that, and there may be some precedent set that would injure them in court some time later.

      In fact, Apple recently suggested they may be pursuing legal action against Real for making the iPod compatible [theregister.co.uk] with songs from Real's store. You're still buying an iPod, but Apple is still bent out of shape about it.

      Of course, the profit motivation isn't as clear-cut here, but I wouldn't put it past Apple to throw a major hissy here.

  • Why oh why? (Score:2, Insightful)

    by CountBrass ( 590228 )

    Well I'm still waiting for my dealer to get some in stock so I can buy a couple (I have a single storey home that wanders, uhm, well you know what I mean).

    Anyway, back on topic, I never really understood why Apple felt the need to encrypt it in the first place. I mean, what next, B&O encrypting the output to speakers? Sony insisting their systems will only work with encrypted mains voltage that you certify has not been used to power any unauthorised (by the RIAA and MPAA) devices?

    • Re:Why oh why? (Score:4, Interesting)

      by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Thursday August 12, 2004 @09:55AM (#9947944) Homepage Journal

      I mean, what next, B&O encrypting the output to speakers?

      IIRC, Creative has considered doing just that. Creative had considered opening an online music store which was to be called MuVo - that name sound familiar? It would initially sell CDs ala CDNOW (the site was pretty similar, really, with some significant upgrades from that feature set of course) and then later move to digital downloads.

      Naturally, Creative being what they are - a bunch of right bastards, if you want a driver or utility file especially - they were concerned about DRM. From what I understand, one idea that was seriously kicked around was a hardware device, probably USB speakers, being required to listen to the music. It is likely that the device would have had analog audio output, so you could put the music on a tape or something. It's the digital hole that labels want to close, they know they can't do anything about analog copying.

      • by ideonode ( 163753 ) on Thursday August 12, 2004 @10:29AM (#9948314)
        they can't do anything about analog copying

        Couldn't they encrypt the analog sound as it leaves the speakers, and give the user a DRM-enabled BabelFish?

    • Anyway, back on topic, I never really understood why Apple felt the need to encrypt it in the first place.

      It is encrypted because otherwise you're transmitting copyrighted works over a medium easily sniffed. The AAC file you bought from iTunes, which can't be played on anything but the system you authorized it for (simplifying here, calm down nitpickers) would be transmitted unencrypted to the Airport Express. It would be an excellent way to decrypt your files and do whatever you want with them- all you

      • This is blatantly obvious and I'm not sure why the poster was modded up 5

        Somebody please mod SuperBanana down to -1 for this pinheaded comment.

        What he doesn't understand is that the Airport *does not even play the original AAC file*. It is converted to Apple Lossless in iTunes before the stream is sent down.

        So what's going over the air is simply a losseslly compressed representation of what's coming right out the s/pdif port IN THE CLEAR. And there's no way to get at the original AAC data from either st
        • It's there to protect Apple from the Idiot Problem.

          That's the problem in which some idiot sets up an open WLAN and starts sending songs to the AirPort Express.

          While the idiot does this, his neighbor, the resourceful hacker, sniffs out the Ethernet frames, pulls down a stream of Apple Lossless Format audio, and saves it to his disk. Now he, and anyone else with technical expertise in range, will have any audio sent to the unit, including music purchased that the iTunes Music Store.

          No loss, no fuss, and a
  • by Anonymous Coward on Thursday August 12, 2004 @09:49AM (#9947869)
    I want to know if he really does have testicles made of brass.
  • by sith ( 15384 ) on Thursday August 12, 2004 @09:54AM (#9947937)
    Since all he got was the public key, you can't actually decrypt streams that are being sent. What it means is that programs can now stream music to the AEx. This should be really cool, especially once something like AudioHiJack or Wiretap comes along that lets you redirect all your system audio to it. I'd love to be able to stream non-iTunes audio formats that way (real player radio stations and whatnot). Anyways, can't see how this hurts apple - more people have incentive to use the AEx, Apple doesn't have to support their use of it that way, and the protected music is still protected. Hizzah?
    • can't see how this hurts apple - more people have incentive to use the AEx, Apple doesn't have to support their use of it that way, and the protected music is still protected. Hizzah?

      I'm glad this has been cracked and fully support it, but if the question is "why would Apple be opposed" then I'd point out the similarity of the relationships between iTunes/AirportExpress and InternetExplorer/IIS. Why would Microsoft oppose Apache or Mozilla? Because their existence takes away Microsoft's ownership of t

  • WTF? (Score:4, Interesting)

    by Philosinfinity ( 726949 ) on Thursday August 12, 2004 @09:56AM (#9947952)
    Maybe I missed something, and I haven't been able to RTFA for obvious reasons. But doesn't the Airport Express take any stream sent to it from iTunes 4.6 or greater? What I am getting at is, on my iBook, I should be able to stream any file that plays from iTunes to the Airport Express. So what did I miss? Is this the ability to do that from other programs on other platforms? If so, why does the poster pick out the ability to transfer Apple Lossless files?
    • Re:WTF? (Score:5, Interesting)

      by PsychoSpunk ( 11534 ) on Thursday August 12, 2004 @10:09AM (#9948101)
      This is a proverbial "last mile" problem: How do I get any sound to the Airport Express? The known elements are that the Airport Express plays Apple Lossless streamed from the client computer running iTunes. So the solution to the "last mile" is to figure out how to stream any Apple Lossless file to the Airport Express and not rely on a specific program. The conversion to Apple Lossless is left as an exercise for the reader, as they say.
    • Re:WTF? (Score:4, Informative)

      by IntergalacticWalrus ( 720648 ) on Thursday August 12, 2004 @10:18AM (#9948199)
      > But doesn't the Airport Express take any stream sent to it from iTunes 4.6 or greater?

      Not really, iTunes always converts streams to Apple Lossless format prior to sending it to an AE (which is most likely the only format the AE understands, obviously).

      > So what did I miss? Is this the ability to do that from other programs on other platforms?

      Yes, but of course this is going to be the dvdcss case all over again, where the industry will accuse Jon of having made this purely for pirating purposes.
    • To quote from MacFixit [macfixit.com]: AirTunes decodes your music on the local computer and then re-encodes it using Apple Lossless format before broadcasting it to the AirPort Extreme.

      Then AP Extreme converts from Lossless to standard audio. Makes sense now? [google.com]

    • Re:WTF? (Score:3, Informative)

      Is this the ability to do that from other programs on other platforms?

      Exactly.

      If so, why does the poster pick out the ability to transfer Apple Lossless files?

      He hasnt picked it out, it is the only option! Airport Express understands Apple Losless only. Every other format is recoded by iTunes before it is streamed.
  • Driver! (Score:5, Interesting)

    by nuxx ( 10153 ) on Thursday August 12, 2004 @09:57AM (#9947969) Homepage
    Now all we need is some sort of software-based audio out driver for OS X (like Cycling 74 [cycling74.com]'s Soundflower [synthesisters.com]) which allows you to reroute OS X audio output to the Airport Express. This would be *ideal*, as then it'd be possible to stream audio from practically anything to your stereo. Digitally!
  • From the Site... (Score:5, Informative)

    by Anonymous Coward on Thursday August 12, 2004 @10:04AM (#9948033)
    So sue me
    Jon Lech Johansen's blog
    Wed, 11 Aug 2004
    Reversing AirTunes

    I've released JustePort, a tool which lets you stream MPEG4 Apple Lossless files to your AirPort Express.

    The stream is encrypted with AES and the AES key is encrypted with RSA.

    AirPort Express RSA Public Key, Modulus:
    59dE8qLieItsH1WgjrcFRKj6eUWqi+bGLOX1HL3U 3GhC/j0Qg9 0u3sG/1CUtwC
    5vOYvfDmFI6oSFXi5ELabWJmT2dKHzBJKa3k 9ok+8t9ucRqMd6 DZHJ2YCCLlDR
    KSKv6kDqnw4UwPdpOMXziC/AMj3Z/lUVX1G7 WSHCAWKf1zNS1e Lvqr+boEjXuB
    OitnZ/bDzPHrTOZz0Dew0uowxf/+sG+NCK3e QJVxqcaJ/vEHKI Vd2M+5qL71yJ
    Q+87X6oV3eaYvt3zWZYD6z5vYTcrtij2VZ9Z mni/UAaHqn9Jds BWLUEpVviYnh
    imNVvYFZeCXg/IdTQ+x4IRdiXNv5hEew==
    Exponent: AQAB

    MD5(JustePort-0.1.tar.gz) = fe13e96751958c6e9d57cce0caa7b17b
    • Re:From the Site... (Score:5, Interesting)

      by SiliconEntity ( 448450 ) on Thursday August 12, 2004 @12:06PM (#9949678)
      This RSA public key can also be expressed in hex as:
      000000 e7 d7 44 f2 a2 e2 78 8b 6c 1f 55 a0 8e b7 05 44
      000010 a8 fa 79 45 aa 8b e6 c6 2c e5 f5 1c bd d4 dc 68
      000020 42 fe 3d 10 83 dd 2e de c1 bf d4 25 2d c0 2e 6f
      000030 39 8b df 0e 61 48 ea 84 85 5e 2e 44 2d a6 d6 26
      000040 64 f6 74 a1 f3 04 92 9a de 4f 68 93 ef 2d f6 e7
      000050 11 a8 c7 7a 0d 91 c9 d9 80 82 2e 50 d1 29 22 af
      000060 ea 40 ea 9f 0e 14 c0 f7 69 38 c5 f3 88 2f c0 32
      000070 3d d9 fe 55 15 5f 51 bb 59 21 c2 01 62 9f d7 33
      000080 52 d5 e2 ef aa bf 9b a0 48 d7 b8 13 a2 b6 76 7f
      000090 6c 3c cf 1e b4 ce 67 3d 03 7b 0d 2e a3 0c 5f ff
      0000a0 eb 06 f8 d0 8a dd e4 09 57 1a 9c 68 9f ef 10 72
      0000b0 88 55 dd 8c fb 9a 8b ef 5c 89 43 ef 3b 5f aa 15
      0000c0 dd e6 98 be dd f3 59 96 03 eb 3e 6f 61 37 2b b6
      0000d0 28 f6 55 9f 59 9a 78 bf 50 06 87 aa 7f 49 76 c0
      0000e0 56 2d 41 29 56 f8 98 9e 18 a6 35 5b d8 15 97 82
      0000f0 5e 0f c8 75 34 3e c7 82 11 76 25 cd bf 98 44 7b
      a 2048 bit RSA public key. The exponent is hex 0x10001, which is decimal 65537, a very commonly used exponent for RSA encryption.

      The fact that he just published the public but not private parts of the key suggests that Apple's product merely wants to see its input data encrypted with this key. I.e. anything encrypted with this key, it will play.

      Normally a public key is just that, public, and available to anyone. It sounds like in this case Apple kept the key somewhat secret, and used knowledge of that public key as a form of authorization. Only Apple products knew the public key, so it would only play music from those products.

      Now that the public key is published, anyone could encrypt data using it and get Apple's device to play the music.

      Jon hasn't broken any encryption here. He has merely learned how to encrypt just like Apple does. It looks to me like the DMCA does not apply to this case.
      • Re:From the Site... (Score:5, Informative)

        by codework ( 252361 ) on Thursday August 12, 2004 @01:06PM (#9950530) Homepage
        As someone else who has recovered the public key from iTunes, I can say He did break a form of encryption. The public keys are encryped in itunes albit it with a very simple rolling xor algo.

        There is actually table of 255 public keys encoded in itunes. This is just one of them.
  • Yay! (Score:3, Funny)

    by Luckboy ( 152985 ) on Thursday August 12, 2004 @10:11AM (#9948126)
    Now I can divert all my system sounds to the Airport Express so I can get beeps in the living room in glorius 5.1 Surround Sound while I use the computer in the bedroom!

    Come to think of it, I'm ONLY going to do this when other people are watching TV! This is gonna be fun!
  • Frightened (Score:3, Insightful)

    by iamdrscience ( 541136 ) on Thursday August 12, 2004 @10:13AM (#9948147) Homepage
    I read this headline as "Johansen Cracks Airborne Express Encryption". I was a little uneasy in that second or so before I read the blurb about the article.
  • by PetoskeyGuy ( 648788 ) on Thursday August 12, 2004 @10:22AM (#9948249)
    ...by posting a story to slashdot his website while their lawyers and henchmen race towards DVD Jon in a black supersonic jet straight out of X-Men. (yes I verbed slashdot, but I googled and seems to be ok to do now)

    Seriously though, just hire the kid. Give him a 80 hour a week job and enough money he'll stick it out. No more spare time, no more cracks.
  • by Lurch00 ( 56120 ) on Thursday August 12, 2004 @11:02AM (#9948784)
    Can somebody explain to me how _this_ hack threatens the DRM protected content? AFAICT, itunes decrpyts the content, converts it to this lossless stream, reencrypts it to protect it in transit, and streams it to the AE. There's no threat to the DRM media here at all, since you have to have an unprotected source to start with.

    The real threat is that somebody will take this and figure out how to fake being an AE, then you essentially have iTunes doing the work of defeating its own DRM for you. This would have the advantage (from a piracy standpoint) of being fairly hard for Apple to fix via "bug fix updates", unless they built a way to upgrade the AE firmware the same way. That's something I can see people getting into a tizzy about, but for this particular hack I think the useful purposes far outweigh the piracy ones.

    Just a thought.
    • by Otto ( 17870 )
      The real threat is that somebody will take this and figure out how to fake being an AE, then you essentially have iTunes doing the work of defeating its own DRM for you.

      I investigated this justeport program yesterday, to see what it would take to do exactly that. My goal was not actually to defeat DRM, but to possibly create an emulator for being an AE, so that I could use iTunes to play songs on other computer's speakers. The thought of piping the music to a file did cross my mind, but that was not the g
  • by DavyByrne ( 30170 ) on Thursday August 12, 2004 @11:06AM (#9948848) Homepage
    Since when is using a publicly available public key to encrypt a stream of data from an application and send it to a device considered "cracking?" It seems to me that this is a good ol' hack (read: clever piece of software), just like DeCSS or the other thing he did with protected iTunes tracks.

    I wasn't surprised that the first source I saw report this called it a "crack," but had hoped by the time the story made it to /. the error would be corrected.

    By the way, you do a real disservice to people trying to fight the DMCA by calling things like this "cracks." Lawyers for the bad guys already think these sorts of hacks are actually illegal cracks. You're bolstering their opinion by conflating the two.
    • Since when is using a publicly available public key to encrypt a stream of data from an application and send it to a device considered "cracking?"

      It may be a "public key", but the key was never pubically available before now. The public key was RSA encrypted... it was that encryption that was "cracked".
  • by Sturm ( 914 ) on Thursday August 12, 2004 @11:37AM (#9949286) Journal
    One of the things that dissapointed me about the AEx was the inability to stream to it from other audio sources. For instance... Living in Kentucky, I don't have a clear view of the southern sky so I can't get Direct TV, so I can't get NHL Center Ice, so I can't watch my beloved Colorado Avalanche. Luckily for me, nhl.com streams the radio broadcasts of all the games via Windows Media Player. That works great since I can listen to them on my Mac or my Windows box. We had an old laptop connected to the stereo and via wireless connection could listen to the games. After last season, the laptop died and after I heard about the AEx I thought that might be cheaper than buying a used laptop to replace the broken one. But obviously, you can't stream to the AEx from WMP, so I was out of luck. I know I can buy some other device to stream audio to the stereo but we do use iTunes on both our Macs and PCs so the AEx would fit well into our setup.
    The point to this long, boring post is that *if* we could stream any audio source from any Mac/PC to our stereos, we would probably buy two or three AEx's. Apple gets my money for the hardware and I get my NHL fix and we are all happy (well, maybe not the Apple lawers but I'm sure they won't go hungry :)
  • by mpaque ( 655244 ) on Thursday August 12, 2004 @12:17PM (#9949831)
    It appears that he's just published the public key. That may allow him to ENCRYPT music for play over Airport Express, but it doesn't let him decrypt the stream.

    Heck, I put a public key for mail in my .plan and sigs. I don't think that enables anyone to crack my mail. They can SEND me mail, but that's sort of the whole idea, isn't it?
  • by derubergeek ( 594673 ) * on Thursday August 12, 2004 @12:57PM (#9950404) Homepage Journal
    Since the link is still being hammered, and I'm the impatient type, I ran tcpdump on an iTunes to AE stream.

    From what I see in the dump, it looks iTunes queries the AE via RTSP, configures it with a password if need be, and then sets up an RTSP record stream to the AE. After that, it just pumps RTSP packets to it.

    Part of the RSTP ANNOUNCE request is an RSA AES key.

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry

Working...