Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Encryption Networking Television Wireless Networking Apple

Apple AirPlay Private Key Exposed 306

An anonymous reader writes "James Laird has reverse engineered the Airport Express private key and published an open source AirPort Express emulator. 'My girlfriend moved house, and her Airport Express no longer made it with her wireless access point. I figured it'd be easy to find an ApEx emulator — there are several open source apps out there to play to them. However, I was disappointed to find that Apple used a public-key crypto scheme, and there's a private key hiding inside the ApEx. So I took it apart (I still have scars from opening the glued case!), dumped the ROM, and reverse engineered the keys out of it.'"
This discussion has been archived. No new comments can be posted.

Apple AirPlay Private Key Exposed

Comments Filter:
  • by Anonymous Coward on Monday April 11, 2011 @09:50AM (#35780802)

    Here's the key on the VideoLan boards.

    Airport RSA Key []

  • by pinkishpunk ( 1461107 ) on Monday April 11, 2011 @09:51AM (#35780828)
    he did a post to the vlc-devel list here, [] It private rsa key is there, might be a good thing to download, if you are worried apple might do something stupid.
  • by pixline ( 2028580 ) on Monday April 11, 2011 @09:53AM (#35780868)
    Here's the code you would have find on that page. I saved it earlier, here you go: [] (Yes, it does include something like a private key. Don't ask me if it's THAT key, I don't know.)
  • by Hazel Bergeron ( 2015538 ) on Monday April 11, 2011 @10:06AM (#35781020) Journal

    And here's a post which may or may not receive a takedown notice from Apple. Remove the extra spaces inserted to evade the lameness filter.

    MIIEpQIBAAKCAQEA59dE8qLie ItsH1WgjrcFRKj6eUWqi+bGLOX1HL3U3GhC/j0Qg90u3sG/1CUt
    wC5vOYvfDmFI6oSFXi5ELabWJ mT2dKHzBJKa3k9ok+8t9ucRqMd6DZHJ2YCCLlDRKSKv6kDqnw4U
    wPdpOMXziC/AMj3Z/lUVX1G7W SHCAWKf1zNS1eLvqr+boEjXuBOitnZ/bDzPHrTOZz0Dew0uowxf /+sG+NCK3eQJVxqcaJ/vEHKIVd 2M+5qL71yJQ+87X6oV3eaYvt3zWZYD6z5vYTcrtij2VZ9Zmni/
    BLmkzkEiqoSwF0PsmVrPzH9Ks nwLGH+QZlvjWd8SWYGN7u1507HvhF5N3drJoVU3O14nDY4TFQAa
    LlJ9VM35AApXaLyY1ERrN7u9AL Kd2LUwYhM7Km539O4yUFYikE2nIPscEsA5ltpxOgUGCY7b7ez5
    NtD6nL1ZKauw7aNXmVAvmJTcuP xWmoktF3gDJKK2wxZuNGcJE0uFQEG4Z3BrWP7yoNuSK3dii2jm
    lpPHr0O/KnPQtzI3eguhe0TwUem/e YSdyzMyVx/YpwkzwtYL3sR5k0o9rKQLtvLzfAqdBxBurciz
    aaA/L0HIgAmOit1GJA2saMxTVPNh AoGBAPfgv1oeZxgxmotiCcMXFEQEWflzhWYTsXrhUIuz5jFu
    a39GLS99ZEErhLdrwj8rDDViRVJ5s kOp9zFvlYAHs0xh92ji1E7V/ysnKBfsMrPkk5KSKPrnjndM
    oPdevWnVkgJ5jxFuNgxkOLMuG9i53 B4yMvDTCRiIPMQ++N2iLDaRAoGBAO9v//mU8eVkQaoANf0Z
    oMjW8CN4xwWA2cSEIHkd9AfFkftuv8 oyLDCG3ZAf0vrhrrtkrfa7ef+AUb69DNggq4mHQAYBp7L+
    k5DKzJrKuO0r+R0YbY9pZD1+/g9dVt9 1d6LQNepUE/yY2PP5CNoFmjedpLHMOPFdVgqDzDFxU8hL
    AoGBANDrr7xAJbqBjHVwIzQ4To9pb4B NeqDndk5Qe7fT3+/H1njGaC0/rXE0Qb7q5ySgnsCb3DvA
    cJyRM9SJ7OKlGt0FMSdJD5KG0XPIpA VNwgpXXH5MDJg09KHeh0kXo+QA6viFBi21y340NonnEfdf
    54PX4ZGS/Xac1UK+pLkBB+zRAoGAf0 AY3H3qKS2lMEI4bzEFoHeK3G895pDaK3TFBVmD7fV0Zhov
    17fegFPMwOII8MisYm9ZfT2Z0s5Ro3s5r kt+nvLAdfC/PYPKzTLalpGSwomSNYJcB9HNMlmhkGzc
    1JnLYT4iyUyx6pcZBmCd8bD0iwY/FzcgN DaUmbX9+XDvRA0CgYEAkE7pIPlE71qvfJQgoA9em0gI
    LAuE4Pu13aKiJnfft7hIjbK+5kyb3TysZvoyD nb3HOKvInK7vXbKuU4ISgxB2bB3HcYzQMGsz1qJ
    2gG0N5hvJpzwwhbhXqFKA4zaaSrw622wD niAK5MlIE0tIAKKP4yxNGjoD2QYjhBGuhvkWKaXTyY=
    -----END RSA PRIVATE KEY-----

  • by sheetzam ( 454981 ) on Monday April 11, 2011 @10:09AM (#35781056) Homepage []. c source code and perl script included. Link still working as I post this.

  • Re:real easy innit (Score:4, Informative)

    by hoggoth ( 414195 ) on Monday April 11, 2011 @10:11AM (#35781076) Journal

    /g/=global, ie: substitute all, not just the first occurrence

  • by jrumney ( 197329 ) on Monday April 11, 2011 @10:41AM (#35781428)
    The DCMA has an exception for reverse engineering for compatibility. In this case, the private key is not protecting content, it is protecting Apple's monopoly on interoperating with iDevices in a particular way, so it was fair game.
  • by martijnd ( 148684 ) on Monday April 11, 2011 @10:44AM (#35781450)


    The Apple-Challenge / Apple-Response is iTunes' method to verify that it's talking to an Airport Express; it may be similar to the DAAP one which has been reverse-engineered. These headers are optional when talking to the Airport Express, so it's possible for other programs to talk to the Express but it'll be difficult to get iTunes to talk to something other than the Airport Express.

    Until we get the private key out of the AirPortExpress, it's not possible to convince iTunes to send anything to a non-AirPortExpress client (say, another computer pretending to be an AirPortExpress).

    Seems that problem has now been solved.

  • by necro81 ( 917438 ) on Monday April 11, 2011 @11:00AM (#35781612) Journal
    By "streaming music" I mean that it has an audio-out port: you can plug it directly into a stereo and play the music from your computer (or other wireless device on the local network) to your stereo. Most wireless routers don't do that: you usually need some additional piece of equipment to bridge from the network to your audio gear (e.g. a Sonos player). Also, the bit about wireless printing also isn't facile: the Airport Express has a built-in print server and a USB port for connecting printers to it. There are other wireless routers with that feature, but it is hardly universal. So in addition to being a fine wireless router for slinging bits around the aether it also has some very useful network-to-real-world features that make it more useful than a commodity router. And, when the Airport Express first came out 5-6 six years ago, this combination of features was unique in a wireless router, particularly at that price point.
  • Re:What does it do? (Score:5, Informative)

    by ceoyoyo ( 59147 ) on Monday April 11, 2011 @11:25AM (#35781934)

    The Airport Express AP has an audio out jack. An iPhone, iPod Touch, iPad or iTunes can route music to that device. Unfortunately when it was introduced Apple decided to encrypt the stream so only Airport Expresses were valid receivers. Now anything that has a network connection and can run a program can be the receiver.

  • by Radium Eyes ( 1041164 ) on Monday April 11, 2011 @01:35PM (#35783494)

    In this case, the private key is not protecting content

    It does protect content, somewhat—iTunes decrypts (and decompresses and recompresses as Apple Lossless) DRMed audio before sending it to an Airport Express. Emulating an Airport Express allows one to obtain the decrypted audio, though not in its original oompressed form; it's no more of a hole than burning to a CD.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling