
Yacd – Decrypts FairPlay applications on iOS 13.4.1 and lower, no jb required - todsacerdoti
https://github.com/DerekSelander/yacd
======
rntksi
"FairPlay is a digital rights management (DRM) technology developed by Apple
Inc. It is built into the MP4 multimedia file format as an encrypted AAC audio
layer, and was used until April 2009 by the company to protect copyrighted
works sold through iTunes Store, allowing only authorized devices to play the
content."

"FairPlay-protected files are regular MP4 container files with an encrypted
AAC audio layer. The layer is encrypted using the AES algorithm. The master
key required to decrypt the audio layer is also stored in encrypted form in
the MP4 container file. The key required to decrypt the master key is called
the "user key".[1][2] When a user registers a new computer with iTunes, the
device requests authorization from Apple's servers, thereby gaining a user
key. Upon attempting to play a file, the master key stored within the file is
then matched to the user key, and if successful, allows playing.[2] FairPlay
allows unlimited music burns to CDs and unlimited music synchronization to
iPods, but restricts listening to three Mac computers.[3]"

I still don't understand what would "FairPlay applications" entail? Anyone
care to explain further?

~~~
avaloneon
> I still don't understand what would "FairPlay applications" entail? Anyone
> care to explain further?

Apps on iOS are kept encrypted until runtime, presumably to deter piracy.

Obviously this makes reverse engineering/studying apps difficult, hence all
the interest in a way to get unencrypted apps

~~~
grishka
And as is usual with DRM, all it takes to defeat is one jailbroken device. Or,
in this case, just one running an old enough iOS version.

------
MitchBarker
What is the lowest version of iOS that you can use this on?

My main iPhone I always keep up to date because I don't want it to be
exploited, but I have an old iOS device laying around that runs iOS 9.3.5.

Would this work on iOS 9.3.5? And can the current version of Xcode on Catalina
target iOS 9.3.5?

~~~
geofft
It's based on Psychic Paper
[https://siguza.github.io/psychicpaper/](https://siguza.github.io/psychicpaper/)
, which the author says has "been there probably for as [long as] provisioning
profiles were a thing"
[https://twitter.com/s1guza/status/1255641705342214145](https://twitter.com/s1guza/status/1255641705342214145)
, so probably...

------
saagarjha
Oh, this is nice, I’ll have to try it out. However, it does seem to rely on an
actual device to do the decryption: I wonder if it would be possible to
reverse the FairPlay algorithm itself so this can be done off-device.

~~~
ajconway
It must be possible to do on ARM Macs once they are released. Even if they are
still encrypted (regular macOS App Store are not), extracting the key from
macOS memory has to be simpler than on an iOS device.

------
icodestuff
Is there a version of this that runs on 13.5, since that's jail-breakable?

