Apple's AirTunes/AirPlay private key extracted and published

The Airport Express has given up its AirTunes secrets
Source: Apple Developer James Laird has extracted the AirTunes/AirPlay private key from an Apple Airport Express, opening the way for third-party applications to play back iTunes streams. Apple's iTunes allows users to direct audio streams to appropriately enabled devices around the network; the Airport Express, for example, has audio output ports which can be connected to Hi-Fi or speaker systems. The stream was sent encrypted with the public key by iTunes and decoded using the private key hidden in the device.

Laird explained in a blog posting that he physically disassembled an Airport Express unit, "dumped the ROM and reverse engineered the keys out of it". Using the keys he has created ShairPort, an open source Perl/C replacement for an Airport Express's music playing functionality which implements a ROAP (Remote Audio Output Protocol) server. He was prompted to create the application when his girlfriend's Airport Express would no longer connect to his Wi-Fi network.

Shairport requires the avahi-daemon to be running to announce its availability on the local network and Laird is currently fixing an issue where it doesn't work properly with iTunes on a Mac. Other developers have begun mirroring the code on Github. In the application's README file, Laird thanked "Apple for obfuscating the private key in the ROM image, using a scheme that made the deobfuscation code itself stand out like a flare."

(djwm)