Apple AirPlay Private Key Exposed 306
An anonymous reader writes "James Laird has reverse engineered the Airport Express private key and published an open source AirPort Express emulator. 'My girlfriend moved house, and her Airport Express no longer made it with her wireless access point. I figured it'd be easy to find an ApEx emulator — there are several open source apps out there to play to them. However, I was disappointed to find that Apple used a public-key crypto scheme, and there's a private key hiding inside the ApEx. So I took it apart (I still have scars from opening the glued case!), dumped the ROM, and reverse engineered the keys out of it.'"
Re:Slashdotter already (Score:5, Informative)
Here's the key on the VideoLan boards.
Airport RSA Key [videolan.org]
posted to vlc-devel list (Score:5, Informative)
SHAirport 0.01 backup copy (Score:3, Informative)
Re:Slashdotter already (Score:5, Informative)
And here's a post which may or may not receive a takedown notice from Apple. Remove the extra spaces inserted to evade the lameness filter.
-----BEGIN RSA PRIVATE KEY----- /+sG+NCK3eQJVxqcaJ/vEHKIVd 2M+5qL71yJQ+87X6oV3eaYvt3zWZYD6z5vYTcrtij2VZ9Zmni/
MIIEpQIBAAKCAQEA59dE8qLie ItsH1WgjrcFRKj6eUWqi+bGLOX1HL3U3GhC/j0Qg90u3sG/1CUt
wC5vOYvfDmFI6oSFXi5ELabWJ mT2dKHzBJKa3k9ok+8t9ucRqMd6DZHJ2YCCLlDRKSKv6kDqnw4U
wPdpOMXziC/AMj3Z/lUVX1G7W SHCAWKf1zNS1eLvqr+boEjXuBOitnZ/bDzPHrTOZz0Dew0uowxf
UAaHqn9JdsBWLUEpVviYnhimN VvYFZeCXg/IdTQ+x4IRdiXNv5hEewIDAQABAoIBAQDl8Axy9XfW
BLmkzkEiqoSwF0PsmVrPzH9Ks nwLGH+QZlvjWd8SWYGN7u1507HvhF5N3drJoVU3O14nDY4TFQAa
LlJ9VM35AApXaLyY1ERrN7u9AL Kd2LUwYhM7Km539O4yUFYikE2nIPscEsA5ltpxOgUGCY7b7ez5
NtD6nL1ZKauw7aNXmVAvmJTcuP xWmoktF3gDJKK2wxZuNGcJE0uFQEG4Z3BrWP7yoNuSK3dii2jm
lpPHr0O/KnPQtzI3eguhe0TwUem/e YSdyzMyVx/YpwkzwtYL3sR5k0o9rKQLtvLzfAqdBxBurciz
aaA/L0HIgAmOit1GJA2saMxTVPNh AoGBAPfgv1oeZxgxmotiCcMXFEQEWflzhWYTsXrhUIuz5jFu
a39GLS99ZEErhLdrwj8rDDViRVJ5s kOp9zFvlYAHs0xh92ji1E7V/ysnKBfsMrPkk5KSKPrnjndM
oPdevWnVkgJ5jxFuNgxkOLMuG9i53 B4yMvDTCRiIPMQ++N2iLDaRAoGBAO9v//mU8eVkQaoANf0Z
oMjW8CN4xwWA2cSEIHkd9AfFkftuv8 oyLDCG3ZAf0vrhrrtkrfa7ef+AUb69DNggq4mHQAYBp7L+
k5DKzJrKuO0r+R0YbY9pZD1+/g9dVt9 1d6LQNepUE/yY2PP5CNoFmjedpLHMOPFdVgqDzDFxU8hL
AoGBANDrr7xAJbqBjHVwIzQ4To9pb4B NeqDndk5Qe7fT3+/H1njGaC0/rXE0Qb7q5ySgnsCb3DvA
cJyRM9SJ7OKlGt0FMSdJD5KG0XPIpA VNwgpXXH5MDJg09KHeh0kXo+QA6viFBi21y340NonnEfdf
54PX4ZGS/Xac1UK+pLkBB+zRAoGAf0 AY3H3qKS2lMEI4bzEFoHeK3G895pDaK3TFBVmD7fV0Zhov
17fegFPMwOII8MisYm9ZfT2Z0s5Ro3s5r kt+nvLAdfC/PYPKzTLalpGSwomSNYJcB9HNMlmhkGzc
1JnLYT4iyUyx6pcZBmCd8bD0iwY/FzcgN DaUmbX9+XDvRA0CgYEAkE7pIPlE71qvfJQgoA9em0gI
LAuE4Pu13aKiJnfft7hIjbK+5kyb3TysZvoyD nb3HOKvInK7vXbKuU4ISgxB2bB3HcYzQMGsz1qJ
2gG0N5hvJpzwwhbhXqFKA4zaaSrw622wD niAK5MlIE0tIAKKP4yxNGjoD2QYjhBGuhvkWKaXTyY=
-----END RSA PRIVATE KEY-----
Link to the source code and perl script (Score:4, Informative)
http://mafipulation.org/static/shairport-0.02.tar.gz [mafipulation.org]. c source code and perl script included. Link still working as I post this.
Re:real easy innit (Score:4, Informative)
/g/=global, ie: substitute all, not just the first occurrence
Re:Cue lawsuit in ... (Score:5, Informative)
Getting iTunes to talk to remote speakers (Score:5, Informative)
From: http://www.cocoadev.com/index.pl?AirTunesEncryption
The Apple-Challenge / Apple-Response is iTunes' method to verify that it's talking to an Airport Express; it may be similar to the DAAP one which has been reverse-engineered. These headers are optional when talking to the Airport Express, so it's possible for other programs to talk to the Express but it'll be difficult to get iTunes to talk to something other than the Airport Express.
Until we get the private key out of the AirPortExpress, it's not possible to convince iTunes to send anything to a non-AirPortExpress client (say, another computer pretending to be an AirPortExpress).
Seems that problem has now been solved.
Re:and how many people use Airport? (Score:3, Informative)
Re:What does it do? (Score:5, Informative)
The Airport Express AP has an audio out jack. An iPhone, iPod Touch, iPad or iTunes can route music to that device. Unfortunately when it was introduced Apple decided to encrypt the stream so only Airport Expresses were valid receivers. Now anything that has a network connection and can run a program can be the receiver.
Re:Cue lawsuit in ... (Score:3, Informative)
In this case, the private key is not protecting content
It does protect content, somewhat—iTunes decrypts (and decompresses and recompresses as Apple Lossless) DRMed audio before sending it to an Airport Express. Emulating an Airport Express allows one to obtain the decrypted audio, though not in its original oompressed form; it's no more of a hole than burning to a CD.