Hacker News new | comments | show | ask | jobs | submit login

Could someone explain the implications of this?

edit: it looks like it would allow another software to show up as an Airport Express in iTunes, thus becoming the potential target of streaming audio over WiFi from iTunes. But am I right?

The Airport Express public key was previously known, which allowed anyone to write a program to stream audio to an Apple Airport Express. Now that the private key is known, anyone can write a program to receive audio from iTunes, or from another program that sends to Airport Express.

This means you will be able to easily send audio to other rooms in your house with something like XBMC running on a PC, nettop, or netbook.

edit: Just to clarify - previously you could do this:

iTunes -- stream to --> Apple Airport Express

3rd party software -- stream to --> Apple Airport Express

Now you can do this:

iTunes -- stream to --> 3rd party software/hardware

Speculation: If iTunes plays the role of the Fairplay DRM decoder and relied on the channel between iTunes and the Airplay device being encrypted to secure content would it now be possible to use the private key to masquerade as a capable Airplay device and dump a the stream pure and DRM free? Would this work for video enabled Airplay devices?

If so, Apple and this hacker are about to be lawyered hard by the MPAA.

AFAIK, very little iTunes music is DRMed these days anyway.

It doesn't. The Airplay device receives ALAC (Apple lossless audio) data, so this doesn't get you anything that wasn't already easily available by other means.

Yes, provided you were the MitM, you could capture every song streamed. However, Apple is far more likely to be worried about someone writing an AirPlay emulator that keeps perfect copies on it's local hard drive. They probably built encryption in just to satisfy any possible media company objections about the copying of streamed media.

Airport Express only streams audio out (no movies/tv/video), so it would be the RIAA, not the MPAA.

Apple TVs work similarly now for video streamed from iPhone/iPad/iPod Touch devices since iOS 4.2. Might they use the same private key?


Now you can do this: iTunes -- stream to --> 3rd party software/hardware

How is this all that ground breaking from what you've been able to do with Rogue Amoeba apps for a while now?


From the Rogue Amoeba website:


"Airfoil Speakers works pretty much like an AirPort Express from the point of view of Airfoil. It advertises its services over Bonjour, then uses the same AirTunes 2 protocol that Apple uses. However, despite using the same protocol, iTunes won’t talk to Airfoil Speakers. iTunes uses cryptographic authentication to ensure that it only talks to real AirPort Expresses, and we weren’t able to mimic that. Until Apple removes those checks, Airfoil Speakers will only work with Airfoil 3 and Airfoil for Windows."

And I doubt this will change, as Rogue Amoeba adopting Apple's private key would be a huge DMCA violation.

In fact, I don't see how this private key getting "outed" is going to hurt Apple at all in any countries where things like DMCA exist.

IIRC, the traditional way around such legal ambiguity is for the project to offer a configuration variable akin to "input your favorite private key here." If the user is in a country which permits use of the AirPlay key, great, if not then the project can continue to operate as before. Either way, the project is indemnified because /they/ didn't provide the key.

IIRC, one of the few exemptions to DMCA is interoperability. That, and this circumvention does literally nothing to aid piracy.

It's dead, Jim!

"Now that the AirTunes private key is known, it could allow for 3rd party software to act like AirTunes devices. If this for example would be implemented in XBMC, Plex, Boxee etc you could send audio from your IOS device straight to XBMC using IOS built-in Airplay support."

Can someone explain to me why this comment was deaded?

I'd like to know this as well.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact