Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
AirPort Express Reportedly Cracked
- Thread starter MacRumors
- Start date
- Sort by reaction score
NusuniAdmin said:
But, any AI software designed will be done so by a human. No computer will ever be able to generate a truely random number. They all use a formula to create them which can be 'cracked'.
It's quite clear that AE is intended for more than just music. My personal feeling is that sooner than later we will be able to get system output directly fed to the AE. this would mean that 3rd party devs don't need to do anything special to their apps for this to work - in fact it's apple that has been a little slow, but they are of course testing the appeal of this nifty device.
I will buy one as soon as it hits $89. i really don't think apple can justify the price tag just for that "cool" feature. look at what it costs for a linksys router and i don't think the inside of the AE is that much more expensive if even at all. Linksys has more plastic...
Krohde
UPDATE: I think if you want a 'fool proof' AE system the computer should download the AE's unique key (just like with unique MAC address) - unique for every AE (i.e. a series based encryption identifier).
I will buy one as soon as it hits $89. i really don't think apple can justify the price tag just for that "cool" feature. look at what it costs for a linksys router and i don't think the inside of the AE is that much more expensive if even at all. Linksys has more plastic...
Krohde
UPDATE: I think if you want a 'fool proof' AE system the computer should download the AE's unique key (just like with unique MAC address) - unique for every AE (i.e. a series based encryption identifier).
stcanard said:
I think it will be hard for them to keep the public key secret for any length of time. The harder they try to obfuscate it, the more enjoyment the hackers (real hackers) will get out of uncovering it. Furthermore, changing the firmware means changing iTunes at the same time, which just about guarantees that they will have thousands of support calls from people for whom one or both update goes wrong leading to their expensive toy not working.
What's probably worrying Apple a lot more is the prospect of people tearing apart their AirPort Expresses to try to reverse-engineer the firmware. Did they put the private keys in the firmware image? Or is it safely stashed in an FPGA somewhere, so that it will be much harder to unearth? As soon as someone digs out the private keys, that is when the RIAA will have to start worrying about people being decrypt DRM-protected music.
~Shard~ said:Brute force definitely isn't the preferred method though - cracking something like MD5 or RSA using it would essentially take years with a supercomputer.
When I worked at the CSE in Ottawa (Communications Security Establishment, the Canadian NSA), they had Canada's most powerful computer there, a Cray T3E, I believe, and although we could rip through sequential-based encryption algorithms such as DES, 3DES, etc., using pure brute force on encryption such as SHA-1, RSA, etc. would be infeasible. Not impossible - but infeasible.
MD5 and SHA-1 are a one way hash functions for blobs of data. You don't crack these in the traditional sense other word since you cannot reconstruct the original message from them. They are not a form of message encryption but are used for verification (signing) of messages. If the MD5s of two blobs match then the two message match with an extreme level of confidence. Note that MD5 is not really consider to be viable for message verification any longer since ways of constructing (largely different) messages that have a MD5 hash match that of a different message have been found. In other words someone could inject a message other then the one you should receive yet the MD5 hash wouldn't detect it (assuming you got the MD5 hash in a secure fashion). So far using SHA-1 appears to be more resilient to this.
RSA is an asymmetric (aka public-key) cypher that is easier to "crack" then a symmetric cypher such as 3DES or AES at similar key lengths (and in many ways much longer key lengths). RSA is also more computational expensive then say AES for a generally weaker encryption. That is why RSA keys are very large (1024 bits) fro RSA and why RSA is often used only to transfer shared keys for a symmetric cypher like AES. The real data transfer is often done using a symmetric cypher not a public key system since the more data you transfer via many public key systems (using the same keys) the easier they can be to attack.
Studies exist as do rumors that RSA can be attacked without having to attack the key space while so far no practical methods have been found to attack AES (or even 3DES that I know of) that are faster then brute force attacking the key space.
So am curious on how you folks "rip through sequential-based encryption algorithms such as ... 3DES, etc."? I could see you doing DES but not 3DES unless you happened to be using poorly chosen keys.
krohde said:
Wouldn't work either - that could still be reverse engineered. Whatever iTunes does to stream audio to the AE, can be done by a reverse engineered application.
The only way I see this could possibly work is if the AE is restricted to playing audio that is encrypted by a third party before it enters iTunes to begin with. But that would be quite inconvenient, to say the least.
discstickers said:
I could see this being an option. Before you can use your AirPort Express to stream iTunes music to it, you have to physically connect the two via Ethernet. A small utility generates an encryption key and links the two together. The AirPort Express or computer can store as many unique keys as needed to connect to each other. Am I missing something, or is the 'hassle' of physically connecting the AExpress to the computer the only drawback to this method?
This really means next to nothing, the only thing is you can use a different program to play the audio out, but thats not a big deal iTunes is free, and if you care enough to buy an AE you probably use iTunes, this might even spike AE sales for people who will never use iTunes.
but really no biggy
but really no biggy
krohde said:
I don't think that you will be able to stream ANY audio to an AirPort Express because of latency. There is a half second to a full second of pause between audio commands my laptop send to my AirPort Express and hearing the sound change. In a game this can cause big problems as many games rely rather heavily on sound to cue the player. In a movie, latency of more than 1/10th of a second can be jarring and a full second would be downright unusable! However, if the feature is built in to the application, it could adjust the video playback to compensate for audio latency. While we might see this in DVD Player or a few games, Tiger will not and logistically can not have the option to run ALL computer sound through an AirPort Express.
jfw said:
I agree entirely, as I said earlier I believe Jobs has even admitted this himself (with respect to any drm, not just the airport express encryption).
I'm not certain from a business perspective this even entirely worries Apple -- It's completely unrelated to ITMS sales, it's completely unrelated to iPod sales, it's completey unrelated to Mac sales, it's completely unrelated to airport express sales; it's a very different matter than Real hacking FairPlay.
My understanding of the purpose of this encryption was to stop people from intercepting (and thus recording) the signal, and this is still 100% effective for that.
It wouldn't surprise me if Apple was planning a quicktime API call to allow this anyway, and if we had waited 6 months the same thing could have been accomplised through a published interface.
Really I don't see why the RIAA would have a real problem with this. It's just sending an audio signal from a different application. It's not like he figured out how to send the stream from iTunes to something else. If that happened then the RIAA would definately have something to be pissed about.
ruud said:
Yup, this is the fundamental paradox of encryption based DRM.
By definition the player (be it a DVD player, CD player, MP3 player) must have the capability to decrypt the stream to be able to render it.
By definition the consumer must have access to the player to be able to play the media.
Therefore the industry is providing the consumer with the means to defeat the DRM, and they have no choice but to do that.
That's why there is such a push for laws protecting this (e.g. the DMCA in the US). Since a technological solution is impossible the only recourse is to scare people away from trying. The problem is it only takes one...
krohde said:
The Airport Express is also a print server. I think standalone print centers (IE converts USB to Ethernet) costs about $100. Airport Express isn't that unreasonably at the moment.
ryanw said:
When AirTunes came out, I thought, 'Cool now I can watch DVDs on my Powerbook and have decent sound without running a 5m cable through the room', then it sunk in that so far the sound has to come from iTunes...
About that image delaying, I guess since the laser can not read from two different positions on a DVD, one would have to buffer the images for about a second. Let's 6GB = 3h, that is around 500k per second, presumably that has to be decrypted and decompressed, otherwise you wouldn't get the sound out. Taking a compression ratio of 10 (I'm just guessing), that would be 5MB which could easily be stored in RAM. The idea should work without problems.
The RIAA will give a ****? Yeah... sure they will. The Airport Express isn't critical to DRM in any way... and neither is this 'hack'. It would be like the RIAA going after Audio Hijack or any other utility that allows sound output.
Do you really think the RIAA would take an interest in something like this? No music is being stolen. If they're going to pressure Apple to fix this, why aren't they pressuring Apple to remove digital audio (optical, no less) output from the G5s? Digital audio output would seem more threatening to their dastardly goals than a crack in the Airport Express' security key.
Speaking of Audio Hijack , I wouldn't be surprised to see this 'hack' as an option in a future release.
Do you really think the RIAA would take an interest in something like this? No music is being stolen. If they're going to pressure Apple to fix this, why aren't they pressuring Apple to remove digital audio (optical, no less) output from the G5s? Digital audio output would seem more threatening to their dastardly goals than a crack in the Airport Express' security key.
Speaking of Audio Hijack , I wouldn't be surprised to see this 'hack' as an option in a future release.
I would like to see the reverse...
I would like to see software that would allow me to build the reverse of this... I would like to have a piece of software running on my existing HTPC that would run and pretend to be an AirPort Express on my home network. Thus enabling the button at the bottom of iTunes 4.6 and allowing me to stream audio to my home theatre. I could do it with something like shoutcast but iTunes is better.
I would like to see software that would allow me to build the reverse of this... I would like to have a piece of software running on my existing HTPC that would run and pretend to be an AirPort Express on my home network. Thus enabling the button at the bottom of iTunes 4.6 and allowing me to stream audio to my home theatre. I could do it with something like shoutcast but iTunes is better.
jdlaronde said:
In theory trivial except that one doesn't have the private key that relates to the public key that iTunes uses. Your AirPort Express look-a-like wouldn't know how to decrypt the AES key that is needed to uncompress the data stream being sent.
Now if you could get iTunes to use a different public key, one for a private key that you know, you could get it to work but of course this likely requires modify the iTunes executable (which they may or may not take steps to make difficult).
Just to make it clear, this means one thing. You can stream anything you want to an AE. The data being broadcast is still secure against anybody else intercepting and decrypting it. The AE is still the only device that can decrypt the stream.
The only possible issue is that anyone on the network could stream anything they want to the AE. But then they could do that before, if they had iTunes. This really doesn't seem like a big deal.
The only possible issue is that anyone on the network could stream anything they want to the AE. But then they could do that before, if they had iTunes. This really doesn't seem like a big deal.
I think this is the longest a thread with such deep technical content has stayed completely civil