ruud said:
But in that scheme all you could do is crack your own security, which isn't a lot of fun. This prevents anyone else from picking up your stream and decrypting it and 'stealing' your music.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
AirPort Express Reportedly Cracked
- Thread starter MacRumors
- Start date
- Sort by reaction score
But in that scheme all you could do is crack your own security, which isn't a lot of fun. This prevents anyone else from picking up your stream and decrypting it and 'stealing' your music.
stoid said:
Ahh but there has to be a common method for them to communicate this information to the Airport Express (unless you're talking about a custom firmware for each and every unit sold?)
So all you have to do is build the man-in-the-middle driver that sends the same configuration info, and thus the same key...
From what I've read of the more technical discussions of this software over at Slashdot, this software would NOT, in fact, allow you to use third party software to play over the AEx.
The software unlocks the connection between the computer and the AEx, but the audio stream still has to be in the format the AEx is expecting: Apple Lossless. And there's only one program that can create Apple Lossless files: iTunes.
So maybe you could stream AL files with the software from your Linux box, but you would have to create the files on a Mac or PC first. Third party software couldn't stream because AL is a proprietary format and Apple could sue them for creating a program that could encode in it.
So if you have a Mac or PC with iTunes this software really will do nothing for you you can't do already: Listen to AL on your stereo.
The software unlocks the connection between the computer and the AEx, but the audio stream still has to be in the format the AEx is expecting: Apple Lossless. And there's only one program that can create Apple Lossless files: iTunes.
So maybe you could stream AL files with the software from your Linux box, but you would have to create the files on a Mac or PC first. Third party software couldn't stream because AL is a proprietary format and Apple could sue them for creating a program that could encode in it.
So if you have a Mac or PC with iTunes this software really will do nothing for you you can't do already: Listen to AL on your stereo.
Why would RIAA care?
Why would the RIAA care about you streaming mp3's from say, winamp or the like? You can do it in your own home with iTunes, why would adding additional player support (WMP has copyright protection built in too) be an Issue to them? Think this through please.
bob_the_gorilla said:
Why would the RIAA care about you streaming mp3's from say, winamp or the like? You can do it in your own home with iTunes, why would adding additional player support (WMP has copyright protection built in too) be an Issue to them? Think this through please.
stoid said:
And how is this different from say SHOUTCAST mp3 streaming that I tunes supports the playing of??? Again you have to play the music for them to steal it, highly unlikely... You people are too afraid of the law. If the RIAA is going to go after Apple for allowing you to stream and they haven't shut down shoutcast, then they have their priorities mixed up. It's much easier to capture a stream from shoutcast than it is snooping next to your neighbor's wireless network, hoping and waiting for him to capture "Brown eyed girl" when he wants it. This is just a stupid way of thinking.
I do this already
My HTPC is a linux box. I have it running a web server with a php interface that allows me to use my wireless Dell Axim via a web browser to select music and play it. No Itunes required.
How to HTPC using linux
Myth TV <--Linux HTPC software
Been there, done that and didn't have to pay any company to do it. Just read the manuals and documentation and did it myself. If people would learn stuff about computers and how to ACTUALLY use them to do what they want them to do and not wait for someone to sell them something, we'd be a lot better off. People are amazed that my HTPC runs better than any windoze unit and I can control it via my pocket pc--the whole thing!
jdlaronde said:
My HTPC is a linux box. I have it running a web server with a php interface that allows me to use my wireless Dell Axim via a web browser to select music and play it. No Itunes required.
How to HTPC using linux
Myth TV <--Linux HTPC software
Been there, done that and didn't have to pay any company to do it. Just read the manuals and documentation and did it myself. If people would learn stuff about computers and how to ACTUALLY use them to do what they want them to do and not wait for someone to sell them something, we'd be a lot better off. People are amazed that my HTPC runs better than any windoze unit and I can control it via my pocket pc--the whole thing!
a step closer to what we really need
I'm all for this hack. Kudos to the young fella that cracked this. Hopefully, this will lead to another crack that will allow me to play MY music (rightfully purchased) simulcast across multiple AEs and even just off my computer and one AE at the same time - just like I could if I had a convoluted wiring scheme... wait, wasn't it things like this that the wireless revolution was supposed to solve????
I'm all for this hack. Kudos to the young fella that cracked this. Hopefully, this will lead to another crack that will allow me to play MY music (rightfully purchased) simulcast across multiple AEs and even just off my computer and one AE at the same time - just like I could if I had a convoluted wiring scheme... wait, wasn't it things like this that the wireless revolution was supposed to solve????
this guy is a stud. hopefully we will be able to stream ALL audio over the Airport Express, not just iTunes. now let's watch programmers do their magic and exploit airport express' full potential, not apple's limited, close-minded vision.
Has anyone noticed that this whole thing spookily resembles Real's recent anouncement of Harmony? And whether or not Apple is ok/not ok with it, someone seems to have taken down Jon Johansen's blog (http://nanocrew.net/blog/).....is Apple Legal responsible, or did it not have the needed bandwidth to handle traffic? Note: It has been down for several hours...
NusuniAdmin said:
You can prove mathematically that any encription based in mathmatics can be broken. Governments have known this for years. The most secure encrption is technically very simple but impossible to crack and not based in mathmatics at all (it's based in randomness - there are no formulas used, simply substitution) and are called 'one-time pads'. As the name implies - they can only be used once (without being massively compromised) and thus are only worth the hassle for really, really secret stuff. Unles you have access to a truly random source (a quantum decay) they're very hard to make. any lack of randomness can be used to compromise your system. Bad (meaning non-random) one time pads are useless.
Thus - most encyption used by anyone (including the government) is crackable but based on the difficulty of finding the products of large prime numbers. As this is mathmatically based it's vulnerable. Nothing ever secured this way will ever be 100% secure and as computer speeds increase doing the work to find the primes gets easier.
Anyway - sorry to geek out a little but that's why Apple cannot - even in theory - secure its products. One-time pads are impossible (you'd need a new one every time you used a program) and everything else is vulnerable.
This crack was inevitable. Apple's 're-securing' will only last till someone can be bothered to break it.
Penman.
And even one-time crypto would not help in that situation as the user (aka the enemy) controls at least one place where a copy would have to exist.
If you don't control the hardware you've already lost.
And a firmware update for AE could be extremely helpful in getting the private key out of it.
If you don't control the hardware you've already lost.
And a firmware update for AE could be extremely helpful in getting the private key out of it.
KevanDual2.5 said:
Surely you could use a noise source like a Zener Diode, sample the absolute value of the noise generated at intervals, and use those values for the random number generator. Easy to do, i would have thought. No algorithm going on, just measuring thermal noise.
And it all depends on which "brand" of AI you are talking about. The GOFAI (Good old fashioned Artificial Intelligence) is procedural. But there are other "flavours" around (none of which, so far, have produced "intelligence" as such), which are based on non-programmed coding, such as neural nets, which are "trained" rather than progralmmed.
ryanw said:
i was thinking that it would be sweet if in Tiger they let the Airport Extreme be a sound device output and just let everything running on the system play through it. i'm sure they could work out some kind of offset to the system so that video/audio would be in sync.
stoid said:
The pad has to be the same length as the message being sent, and it can't be used ever again. So for every play of every song, the AE base station and iTunes would need to generate identical random keys the size of the song. That's simply not feasible. You can't just store the keys either. That'd be pointless, as they could be found out easily.
Personally, I'd usually prefer listening to the audio through good headphones while watching a DVD on a PowerBook display. Hard to describe, but there's a certain kind of distracting discontinuity when audio "overwhelms" video when viewing on a small screen. Sort of analogous to watching video on a decent large screen while listening to its audio track with a weak audio system. For me there's a distinct kind of discomfortable when audio/video become too imbalanced. Surely the experience would be different with a well-placed 30" Apple cinema display.JoePike said:
This sounds like a cool idea, but it would completely suck if there was any delay at all. Sure, they could compensate for the latency in the audio by delaying the video but would you want to use a computer where what you typed or your mouseclicks didn't show up for a full second? You would go nuts trying to use the GUI with any kind of delay.ExoticFish said:
DVD playback is another thing entirely because no one will care about a slight delay in video. You won't get frustrated with the delay in the GUI (unless you're trying to pause a movie at an exact moment).
It's been said that this is next to useless because you need to encode in Apple Lossless to send the Express. I'm unclear about this as you can easily export in Apple Lossless from QuickTime Pro. So can you access the capabilities of QT Pro from your own app without having to pay anything to Apple? Does the end user need to have pro or is the 'pro' bit just in regard to the QuickTime app itself?
If apps can just freely access the full QuickTime API on any machine with QuickTime on it then there's no reason at all that other developers won't be able to ad it to their own apps is there?
If apps can just freely access the full QuickTime API on any machine with QuickTime on it then there's no reason at all that other developers won't be able to ad it to their own apps is there?
I have a copy
I managed to get the source code before slashdot took down his site. After messing around for a little while i got it to compile for Windows XP and OSX.
I managed to get the source code before slashdot took down his site. After messing around for a little while i got it to compile for Windows XP and OSX.
BrianKonarsMac said:
This mentality bothers me the same as the Harmony-on-iPod crowd. It's wrong because Apple ought to be able to operate its own vision of things. You don't walk into Starbucks with your own bag and say, "I love your machines, but I brought my own coffee this time."
