Johansen Cracks AirPort Express Encryption 459
womby writes "DVD Jon has just announced that he cracked the encryption in Apple's AirPort Express. 'I've released JustePort, a tool which lets you stream MPEG4 Apple Lossless files to your AirPort Express. The stream is encrypted with AES and the AES key is encrypted with RSA.' No real details of the process employed in cracking the unit but newsworthy none the less."
Lawyers, start your engines. (Score:3, Interesting)
Re:Lawyers, start your engines. (Score:5, Insightful)
We all know what it should fall under. What category Apple's lawyers make it fall under is a different story.
Re:Lawyers, start your engines. (Score:5, Insightful)
Or, they'll just use their usual methodology and release a Software Update with some non-descript "bug-fixes" that happens to also break JustePort. :-)
Have to update the AE devices.. (Score:3, Interesting)
What they really are worried about is somebody hacking apart the AE device and finding the private key. With that, I could write an AE emulator that would receive transmissions from iTunes... And totally bypass their DRM as well. Not that their DRM is effective
Re:Lawyers, start your engines. (Score:4, Funny)
"Sigh. Everybody so far has said X, Y and Z. Everybody always says X, Y and Z. I'm so sick of it. Moderators, I hate you and your children."
Re:Lawyers, start your engines. (Score:3, Informative)
welcome to the rest of the world, where there is more of them than you
Re:OT: Saddam (Score:3, Insightful)
And we all bow down before you in gratitude, because now we are all safe from Iraq's weapons of mass destruction.
You throw names at the French, but in fact Germany and Russia joined them in insisting that the weapons inspectors should have more time before resorting to an invasion. With hindsight (or even a little foresight, many would argue), it seems they were correct.
But let's just continue calling the French horrible names, shall we? In the name of freedom, of course, becau
Re:Lawyers, start your engines. (Score:3, Informative)
(Extradition for a DMCA offence is pretty much out of the question.)
Too bad... (Score:4, Interesting)
Kjella
Re:Too bad... (Score:3, Informative)
Norway is not in EU [eubusiness.com].
Re:Too bad... (Score:3, Informative)
Re:Too bad... (Score:5, Informative)
We really should have joined EU a long time ago, and I find it absurd to not be in it. One can only hope.
If you want me to elaborate more, just reply, i can cite numerous examples, but I'd rather be on-topic to the post. But al in all, I agree with the grandparents post, it could smell trouble when the EU-DMCA comes into play....
Re:Too bad... (Score:4, Informative)
We're winning against DRM (Score:3, Insightful)
The DeCSS case raised a lot of awareness, and if you compare the reaction in the mainstream towards DeCSS with stories they print now, they are very different. About DeCSS, they were decidedly hostile, now it ranges from neutral to printing HOWTOs on cracking crippled CDs. Several commentators have started to understand why DRM is bad, and so we've got the big mainstream media's attention. In fa
huh, sounds solid... (Score:4, Interesting)
Re:huh, sounds solid... (Score:5, Insightful)
Re:huh, sounds solid... (Score:5, Insightful)
Because Apple needs to stay friendly with the music industry, and that means the RIAA. They'd probably wouldn't mind skipping encryption altogether and saving a buck, but I doubt very many labels would support that scheme.
Re:huh, sounds solid... (Score:4, Insightful)
I just ordered an Airport Express, just to stream audio from my laptop (sucky speakers, can't stand a cable). If I can stream from other sources, great. Even better would be to have other units (any computer) act as "iTunes speakers".
Re: (Score:3, Informative)
Re:huh, sounds solid... (Score:4, Funny)
Re:huh, sounds solid... (Score:3, Informative)
Re:huh, sounds solid... (Score:2)
Great News (Score:5, Interesting)
Of course...Apple isn't always logical like that, and there may be some precedent set that would injure them in court some time later.
Re:Great News (Score:2)
Because they not only want you to buy the Airport Express they want you to buy the iPod and purchase from iTMS.
Re:Great News (Score:5, Interesting)
To be honest, Apple's products become much more useful (and more desirable to purchase) when people come out with neat hacks like this. The only reason I spend big bucks in their music store is because the DRM has been broken through the Hymn project.
Re:Great News (Score:5, Insightful)
The only thing that makes it more attractive is that Apple finds a way to close the hole exposed by John's (or his friends') hack and the RIAA continues to let Apple distribute their wares for a reduced price.
Once Apple cannot guarantee that the music is protected from "theft" then the RIAA will pull the plug on our "cheap" downloading.
Re:Great News (Score:3, Insightful)
This is absurd. Apple can't make any such guarantee, since it is obviously false. Pretending otherwise is just silly. If copy protection worked, we would not need laws to make breaking it illegal.
But beyond that, this hack has nothing to do with copy protection. Using this hack you can only encode streams for playback on the Airport Express, not decrypt them. It do
Re:Great News (Score:3, Funny)
Free as in "asterisk sandwich."
Re:Great News (Score:4, Insightful)
Also, the RIAA probably put some pressure on Apple to encrypt the songs. While I don't like piracy, the thought of someone driving around so they can download music that other people they don't know are listening to is very bizzare.
Re:Great News (Score:5, Informative)
The point of the hack is to permit you to stream music from programs other than iTunes to an AE you have access to and not to hijack AE's.
]{
A simple criterion to know if you are the sucker (Score:3, Insightful)
Re:Great News (Score:4, Informative)
Re:Great News (Score:4, Funny)
Re:Great News (Score:3, Funny)
Re:Great News (Score:3, Insightful)
Re:Great News (Score:3, Interesting)
In fact, Apple recently suggested they may be pursuing legal action against Real for making the iPod compatible [theregister.co.uk] with songs from Real's store. You're still buying an iPod, but Apple is still bent out of shape about it.
Of course, the profit motivation isn't as clear-cut here, but I wouldn't put it past Apple to throw a major hissy here.
Why oh why? (Score:2, Insightful)
Well I'm still waiting for my dealer to get some in stock so I can buy a couple (I have a single storey home that wanders, uhm, well you know what I mean).
Anyway, back on topic, I never really understood why Apple felt the need to encrypt it in the first place. I mean, what next, B&O encrypting the output to speakers? Sony insisting their systems will only work with encrypted mains voltage that you certify has not been used to power any unauthorised (by the RIAA and MPAA) devices?
Re:Why oh why? (Score:4, Interesting)
IIRC, Creative has considered doing just that. Creative had considered opening an online music store which was to be called MuVo - that name sound familiar? It would initially sell CDs ala CDNOW (the site was pretty similar, really, with some significant upgrades from that feature set of course) and then later move to digital downloads.
Naturally, Creative being what they are - a bunch of right bastards, if you want a driver or utility file especially - they were concerned about DRM. From what I understand, one idea that was seriously kicked around was a hardware device, probably USB speakers, being required to listen to the music. It is likely that the device would have had analog audio output, so you could put the music on a tape or something. It's the digital hole that labels want to close, they know they can't do anything about analog copying.
Re:Why oh why? (Score:5, Funny)
Couldn't they encrypt the analog sound as it leaves the speakers, and give the user a DRM-enabled BabelFish?
Re:Why oh why? (Score:5, Insightful)
Try reading my comment again, more slowly. The analog hole is not closable. It quite simply cannot be done. For instance you could take an encrypted digital speaker set, and attenuate the signal going to the speakers down to a 0-1.5V P-P signal, aka "Line Level".
The digital hole is where you make a digital copy without degradation. The former motivation (besides ethics) for consumers to purchase commercial copies of media was quality. Now, with the ability to make a perfect digital copy, that motivation has gone away. Now it basically comes down to convenience and ethics. It's hard to feel too bad about taking some money away from a record label, and it's awfully convenient to just download music without paying for it. Hence the reason the record labels are pissing their corduroys.
Re:Why oh why? (Score:3, Interesting)
songs stripped of DRM transmitted through the air? (Score:3, Insightful)
It is encrypted because otherwise you're transmitting copyrighted works over a medium easily sniffed. The AAC file you bought from iTunes, which can't be played on anything but the system you authorized it for (simplifying here, calm down nitpickers) would be transmitted unencrypted to the Airport Express. It would be an excellent way to decrypt your files and do whatever you want with them- all you
Re:songs stripped of DRM transmitted through the a (Score:3, Insightful)
Somebody please mod SuperBanana down to -1 for this pinheaded comment.
What he doesn't understand is that the Airport *does not even play the original AAC file*. It is converted to Apple Lossless in iTunes before the stream is sent down.
So what's going over the air is simply a losseslly compressed representation of what's coming right out the s/pdif port IN THE CLEAR. And there's no way to get at the original AAC data from either st
Re:songs stripped of DRM transmitted through the a (Score:3, Insightful)
That's the problem in which some idiot sets up an open WLAN and starts sending songs to the AirPort Express.
While the idiot does this, his neighbor, the resourceful hacker, sniffs out the Ethernet frames, pulls down a stream of Apple Lossless Format audio, and saves it to his disk. Now he, and anyone else with technical expertise in range, will have any audio sent to the unit, including music purchased that the iTunes Music Store.
No loss, no fuss, and a
Re:nitpicking (Score:3, Insightful)
I think you are missing a significant point in this story. Jon's hack does NOT crack Apple's encryption. If he had managed to crack AES/RSA this would be a much bigger story. The losslessly compressed stream being sent to Apple Express whether from iTunes or a JustePort equivalent is still an encrypted stream. Without Apple's private key you cannot read the stre
Does anyone know Jon's doctor? (Score:5, Funny)
Re:Does anyone know Jon's doctor? (Score:2, Funny)
Re:Does anyone know Jon's doctor? (Score:5, Funny)
>
> Not only are they made of brass, but he's got five of them.
I want to meet Jon's tailor. I hear he makes pants that fit like a glove.
Re:Does anyone know Jon's doctor? (Score:3, Funny)
Re:Does anyone know Jon's doctor? (Score:4, Informative)
This should be pretty cool (Score:5, Interesting)
Re:This should be pretty cool (Score:3, Insightful)
I'm glad this has been cracked and fully support it, but if the question is "why would Apple be opposed" then I'd point out the similarity of the relationships between iTunes/AirportExpress and InternetExplorer/IIS. Why would Microsoft oppose Apache or Mozilla? Because their existence takes away Microsoft's ownership of t
Re:This should be pretty cool (Score:5, Informative)
You answered your own question. RSA here means the RSA Public Key Cryptography Standard [rsasecurity.com] The AES key (which is a symmetrical cipher key) was encrypted using RSA PKCS.
WTF? (Score:4, Interesting)
Re:WTF? (Score:5, Interesting)
Re:WTF? (Score:4, Informative)
Not really, iTunes always converts streams to Apple Lossless format prior to sending it to an AE (which is most likely the only format the AE understands, obviously).
> So what did I miss? Is this the ability to do that from other programs on other platforms?
Yes, but of course this is going to be the dvdcss case all over again, where the industry will accuse Jon of having made this purely for pirating purposes.
AirTunes == Apple Lossless (Score:3, Informative)
Then AP Extreme converts from Lossless to standard audio. Makes sense now? [google.com]
Re:WTF? (Score:3, Informative)
Exactly.
If so, why does the poster pick out the ability to transfer Apple Lossless files?
He hasnt picked it out, it is the only option! Airport Express understands Apple Losless only. Every other format is recoded by iTunes before it is streamed.
Driver! (Score:5, Interesting)
From the Site... (Score:5, Informative)
Jon Lech Johansen's blog
Wed, 11 Aug 2004
Reversing AirTunes
I've released JustePort, a tool which lets you stream MPEG4 Apple Lossless files to your AirPort Express.
The stream is encrypted with AES and the AES key is encrypted with RSA.
AirPort Express RSA Public Key, Modulus:
59dE8qLieItsH1WgjrcFRKj6eUWqi+bGLOX1HL3
5vOYvfDmFI6oSFXi5ELabWJmT2dKHzBJKa3
KSKv6kDqnw4UwPdpOMXziC/AMj3Z/lUVX1G
OitnZ/bDzPHrTOZz0Dew0uowxf/+sG+NCK3
Q+87X6oV3eaYvt3zWZYD6z5vYTcrtij2VZ9
imNVvYFZeCXg/IdTQ+x4IRdiXNv5hEew==
MD5(JustePort-0.1.tar.gz) = fe13e96751958c6e9d57cce0caa7b17b
Re:From the Site... (Score:5, Interesting)
The fact that he just published the public but not private parts of the key suggests that Apple's product merely wants to see its input data encrypted with this key. I.e. anything encrypted with this key, it will play.
Normally a public key is just that, public, and available to anyone. It sounds like in this case Apple kept the key somewhat secret, and used knowledge of that public key as a form of authorization. Only Apple products knew the public key, so it would only play music from those products.
Now that the public key is published, anyone could encrypt data using it and get Apple's device to play the music.
Jon hasn't broken any encryption here. He has merely learned how to encrypt just like Apple does. It looks to me like the DMCA does not apply to this case.
Re:From the Site... (Score:5, Informative)
There is actually table of 255 public keys encoded in itunes. This is just one of them.
Yay! (Score:3, Funny)
Come to think of it, I'm ONLY going to do this when other people are watching TV! This is gonna be fun!
Frightened (Score:3, Insightful)
Apple Responds Quickly... (Score:5, Funny)
Seriously though, just hire the kid. Give him a 80 hour a week job and enough money he'll stick it out. No more spare time, no more cracks.
I don't see the threat to DRM media here... (Score:5, Interesting)
The real threat is that somebody will take this and figure out how to fake being an AE, then you essentially have iTunes doing the work of defeating its own DRM for you. This would have the advantage (from a piracy standpoint) of being fairly hard for Apple to fix via "bug fix updates", unless they built a way to upgrade the AE firmware the same way. That's something I can see people getting into a tizzy about, but for this particular hack I think the useful purposes far outweigh the piracy ones.
Just a thought.
Not really a threat... (Score:3, Informative)
I investigated this justeport program yesterday, to see what it would take to do exactly that. My goal was not actually to defeat DRM, but to possibly create an emulator for being an AE, so that I could use iTunes to play songs on other computer's speakers. The thought of piping the music to a file did cross my mind, but that was not the g
Must be a new definition of "cracked" (Score:5, Insightful)
I wasn't surprised that the first source I saw report this called it a "crack," but had hoped by the time the story made it to
By the way, you do a real disservice to people trying to fight the DMCA by calling things like this "cracks." Lawyers for the bad guys already think these sorts of hacks are actually illegal cracks. You're bolstering their opinion by conflating the two.
Re:Must be a new definition of "cracked" (Score:3, Informative)
It may be a "public key", but the key was never pubically available before now. The public key was RSA encrypted... it was that encryption that was "cracked".
Legitimate uses for this (Score:4, Interesting)
The point to this long, boring post is that *if* we could stream any audio source from any Mac/PC to our stereos, we would probably buy two or three AEx's. Apple gets my money for the hardware and I get my NHL fix and we are all happy (well, maybe not the Apple lawers but I'm sure they won't go hungry
Is this really a crack? (Score:5, Informative)
Heck, I put a public key for mail in my
AE Streaming Protocol (Score:3, Interesting)
From what I see in the dump, it looks iTunes queries the AE via RTSP, configures it with a password if need be, and then sets up an RTSP record stream to the AE. After that, it just pumps RTSP packets to it.
Part of the RSTP ANNOUNCE request is an RSA AES key.
Re:What? (Score:3, Interesting)
Re:What? (Score:5, Informative)
However, as far as I can tell Johansen no longer has any connections with MoRE. All the software on his site is GPL'ed and copyrighted by himself. MoRE is not mentioned anywhere.
Re:What? (Score:5, Informative)
He reverse engineered FairPlay [theregister.co.uk] and added FairPlay support [videolan.org] to VLC.
Together with the fact that all his recent software has been licensed under the GPL this indicates that he no longer has anything to do with any "cracking" groups.
Re:What? (Score:3, Insightful)
How many cracking groups release their source code under one of the member's full name and licensed under the GPL? The answer doesn't prove anything, but it does indicate something.
He's not a big genius. (Score:5, Interesting)
Almost any good programmer can crack software. They just choose not to, or to keep quiet if they do. Jon is a skilled showman as well as a software cracker. Hey, he got his ass saved from jail by the EFF when all he was doing is fronting others code. Now he's pretty much bulletproof (he doesn't release compiled executables as that was the main DeCSS sticking point), it's only right that he should continue to champion fair use and stand against lazy attempts to be "DMCA compliant", by cracking pointless encryption schemes which only require a little reverse engineering to find the barely hidden key, not cryptanalysis.
I think Jon's doing us a real service, which I appreciate. I don't worship his genius, as he's only doing something I've done myself, albeit on much more media-friendly targets. He could just be cracking Safedisc games in relative anonymity for the same amount of intellectual effort, but instead he's hounding high-profile DRM schemes, starting with the weakest (Apple). Worship him if you want.
Re:He's not a big genius. (Score:4, Insightful)
What is the alternative? WMA? do you have unlimited burns? No? Do you have uniform rights across all songs? No. Can you play WMA in all players including the iPod? No. Ok this last point is equally bad for iTMS and WMA stores but I don't like WMA. iTMS does have one advantage however, it is compatible with both the mac and windows.
If Jon really was a genius and was trying to do the public a service, he would have cracked the WMA DRM. If he could come up with a way for me to be able to purchase songs on Napster (no iTMS in Canada yet) and being able to convert them to AAC format with EasyWMA to play on my mac and iPod, that would be useful to me.
Destroying iTMS is not useful to anyone. Apple's DRM is the lesser of the two evils and it's free enough for me since I don't run linux. Jon is an man with raw intellect but no common sense.
Re:He's not a big genius. (Score:4, Insightful)
Re:He's not a big genius. (Score:4, Insightful)
The lesser of two evils is still evil.
Re:He's not a big genius. (Score:3, Interesting)
Sure, I'd prefer unencrypted 320 kbit AAC files...but this is not Mars, it's Earth and big corporations are still scared that digital media will kill them off. Give it another three years and maybe we'll see that sphincter open a little
Music Industry? (Score:5, Insightful)
LOL!
Understand this... The "music industry" is royally screwed seven ways from Sunday. They know it too, don't kid yourself otherwise.
See, they need *customers*.
In order to exist, the music industry has to convince people to buy what they are pushing. They're between a rock and a hard place here, because if they make that DRM too obnoxious, if they go beyond the line too much, then their own customers will flip them the bird and jump right back onto P2P networks. It's already happened once, in their eyes. Does the P2P scare back around 1998 ring a bell? Napster? Back when it didn't quite suck, I mean.
See, Napster opened a new world for the music industry, because it showed them that the world had changed and now they had to compete with "free". How in the hell does one compete with free products?
DRM is a reaction to this, by trying to make it difficult for people to convert their products into a format than can easily become "free". Unfortunately, this is an impossible task. It's *proven* to be impossible, no less. So they now have to not only compete with "free", but to do it, they have to do something that's absolutely and totally impossible to do. What a bind that puts them in, huh?
The music industry is scared shitless, and with reason. This new medium takes their products and puts it into a form that:
a) damn near eliminates distribution costs,
b) makes low cost viral marketing into one of the most powerful forms of marketing there is through the rapid dissemination of the meme in question,
and c) eliminates all ability to control distribution of their product and thus be able to charge for it.
A and B they love, but C is included in the bargin and they cannot escape it. Furthermore, they're starting to figure out that the combination of A and B on a large enough scale eliminates the need for the middlemen in their business. Artist and customer can directly interact just as easily as middlemen and customers can. Since most of them are middlemen, this naturally makes them nervous. Right now, they're engaging in heavy media spending to combat this knowledge, leading to the current meme of "taking music without paying is stealing" and so on. They're engaging it on both the artist side and the customer side, and if both sides would just wake the hell up, the middlemen would be out of jobs.
So what I'm saying is that the idea that they can NOT offer their product on the internet is an unrealistic notion. They don't have that choice, not really.
If they don't offer something out there, in a light enough restriction no less, then what will happen is that they eventually die off. People will go back to passing around music for free, legislation and lawsuits be damned, they will find a way to do it safely if it comes down to it. Many very bright people are already looking for that way.
And if the artists see that the music companies aren't actively trying to make them some cash by selling their music online, the artists might start waking up en masse and seeing that the old system is unnecessary with the new technological capabilities to directly reach the customers.
So the music industry *will* sell online. They don't have a real choice not to do so anymore. They can no longer pack up their toys and go home, because that would be a losing move.
Re:He's not a big genius. (Score:3, Insightful)
Regards,
-JD-
Re:Stupid stupid stupid (Score:5, Insightful)
Of course he doesn't care about the DMCA. He lives in another country.
Re:Stupid stupid stupid (Score:3, Insightful)
Re:What does it means? (Score:5, Informative)
]{
Re:What does it means? (Score:3, Insightful)
Re:Oh good (Score:4, Insightful)
No, they invest millions so they will get tens of millions in revenue from selling iPod. Don't get me wrong, I like Apple and I'm impressed by Steve Jobs's ability to resurrect the company, but it's still a company, not a charity.
iTMS is selling songs cheaply to gain market share and get people to buy iPods, not to make inexpensive music downloads available.
Re:Oh good (Score:4, Informative)
Darwin is free. Cocoa, Quartz, Carbon, and a number of other technologies that have nothing to do with BSD are not.
Re:What exactly does this guy have against Apple? (Score:3, Interesting)
What makes you think he has any?
While spite may be one of the things that motivates 'crackers', the main reason isn't usually any kind of revenge.
I have some personal experience, (having cracked some copy-protection schemes on games about 10 years ago), and my motivation wasn't any kind of personal vendetta.
I just didn't like copy protection schemes that much; It felt like a withdrawal of trust. The main part of my motivation was simply the challenge.
Re:What exactly does this guy have against Apple? (Score:3, Insightful)
On the other end of the spectrum, maybe he's a hardcore PC guy that wants to use the brilliant systems (hardware and software) that Apple has created. iPods are lauded as the greatest thing since sliced bread, QuickTime, while a little bulky of late, has been an industry standard for years(vs. the bastard
Re:Lossless? (Score:5, Informative)
Among these there is a Lossless compression codec that Apple have put forward for inclusion into the MPEG4 collection.
Assuming he's right... (Score:4, Informative)
Kjella
Re:About DVD Jon... (Score:5, Funny)
Why would the US Government want someone who "knows what the hell is going on". Hell, who would manage him? What department would he report to? Come on, your country is run by a man who probably uses "12345" as the combination on his luggage (encrypted of course, with his Cap'n Crunch decoder ring)
Re:About DVD Jon... (Score:3, Insightful)
Re:About DVD Jon... (Score:3, Interesting)
have a war so you have a good reason to pass fascist shit (cops can now wiretap you without a warrent, much easier to seize assets without a trial or an arrest, etc etc) PATRIOT act, check.
by the way Cheney how's Halliburton doing? Osama's brother is glad you and he could work out so many de
Re:name (Score:3, Funny)
Re:Why is Apple's encryption so weak? (Score:3, Insightful)
Jon really is an asshole with too much time on his hands. What is he going to hack next? Satellite receivers? Computer controlled fridges? Microwaves? Leave our consumer electronics alone Jon.
Re:Why is Apple's encryption so weak? (Score:5, Informative)
The strong encryption was not cracked. The implementation was cracked. No software-only based encryption is secure, period. The audio stream is encrypted with AES. AES is a symmetric key encryption sceme which means that both sides need the same key. The key needs to change over time or the encryption scheme can be cracked.
This leaves the problem of how iTunes can tell the Airport the new key without everyone else listening and knowing the key also. Apple use RSA to secure the key transfer. RSA is a public key encryption system. This means there are two keys one public and one private. The private key is only known by the Airport. The public key is embedded in the iTunes software.
When iTunes wants to send a new AES key to the Airport it uses the RSA public key to encrypt the AES key. This encrypted message can only be decryped with the private key that the Airport has which means the system is secure even though everyone hears the new key in encrypted form.
The problem is that the RSA public key is embedded in the iTunes code. But that code needs to read in the key in order to use it and someone can reverse engineer this process to read the key themselves. This isn't necessaryily an easy thing to do but in a software only solution there is no way to stop it.
Re:Mirrors? (Score:3, Insightful)
I think we need to implement something about Slashdotting, like you cannot post an article unless you're prepared to mirror the site/software you're talking about.
Or maybe Slashdot should offer a small amount of space to mirror sites, then
How about a list of open Windows boxes we can use as FTP servers?