Apple's AirPort, AirPlay private key cracked

An enterprising hacker has obtained the private keys for Apple's AirPlay media streaming system, enabling third-party applications to take advantage of the system without needing approval from the Cupertino-based company.

Previous attempts to open AirPlay to third-party exploitation had failed due to Apple's use of a public-key cryptography system which required AirPlay applications to be signed using Apple's private signing key. Third-party apps, which do not have access to the key, don't get to play - and are simply ignored by AirPlay.

James Laird, an enterprising Australian hacker, was dismayed to find that the failure of an Apple AirPort Express unit meant that AirPlay, wireless printing, and other Mac-specific goodies were lost to him. "I figured it'd be easy to find an ApEx emulator," he explained. "There are several open source apps out there to play to them."

Sadly, Laird rapidly ran into the same problem that other users had found before him: the in-built cryptography system that blocks third-party applications. Figuring that the private key must be stored in the AirPort Express unit, he dismantled the now-defunct device - "I still have scars from opening the glued case," he joked - and dumped the firmware from the read only memory.

Once the firmware was extracted from the device, Laird was able to search it for the keys - reverse-engineering the system and creating a third-party application that contained a valid signature and which would work with AirPlay devices. A similar method was used to crack the private key used by Sony to prevent third-party applications from running on its PlayStation 3 console - and which has led to legal trouble for those involved.

Dubed 'ShairPort,' the application, written in a combination of Perl and C, is still in the very early stages of development, and has several bugs - including one which means that the package is incompatible with the Mac version of iTunes, although it works with the Windows release.

It's a promising start, however - and Laird's release of the code under an open-source licence means that it's likely that AirPlay support will find its way into all kinds of open-source packages whether Apple approves or not.

More information, and a link to download the source code, is available from Laird's website.