Archive for the 'DRM' Category

I will be attending WWDC next week. If anyone wants to meet up, send me an email. We are still looking for a full-time Cocoa developer to work out of our San Francisco office.

doubleTwist is a one year old start-up in San Francisco backed by the same people who were behind Skype and Last.FM. Our mission is to simplify the flow of media to a wide range of CE devices and between family and friends. We are looking for a Cocoa developer to join our Mac team and work on the MacOS X version of doubleTwist. The Mac team currently consists of three people.

Requirements:
3+ years of Objective-C and Cocoa experience
A passion for improving the user experience around digital media

Plusses:
Experience with one or more of these APIs: IOKit, QTKit, CoreAudio
Involvement in/contributions to open source projects
Experience with the iPhone SDK

To apply, send your resume to jon at doubletwist.com. If possible, include code samples and/or links to open source projects you’ve contributed to.

Update: The issue has been resolved. See update at the bottom of the post.

In August 2004, I reverse engineered Apple’s AirTunes protocol and released JustePort, the first non-Apple application to enable streaming to the AirPort Express. Because of my work, Rogue Amoeba was able to develop their $25 AirFoil application - a much more user friendly tool for streaming to the AirPort Express. I didn’t have any problems with this - I released JustePort as open source so that others could build similar applications by learning from my source code. What I did not particularly like though was the product page for Airfoil, claiming “It’s not just for iTunes anymore”. This misleading statement, suggesting that Airfoil was the first tool of its kind and that Rogue Amoeba did the hard work to enable non-Apple streaming to the AirPort Express, has since been removed from the Airfoil product page.

I was reading Rogue Amoeba’s blog today and noticed that they’ve released a Linux version of their Airfoil Speakers application. Airfoil Speakers is a complimentary application to AirFoil that implements the server part of the AirTunes protocol. By installing Airfoil Speakers on a computer (e.g. your home theater PC) you can stream audio to it using Airfoil from another computer. The release of the Linux version of Airfoil Speakers piqued my curiosity so I downloaded it and had a look. It uses .NET and requires mono. I downloaded the Windows version as well and it shares the core with the Linux version.

I ran AirfoilSpeakers.exe (MD5: 82b7ef8c05958ccb6e24289c8b21a27c) from the Windows version through monodis to see if I could find anything interesting. I came across this:

.namespace AirfoilServer.AirTunes
{
.class private auto ansi beforefieldinit Utility
extends [mscorlib]System.Object
{

// method line 853
.method public static hidebysig
default void LeReverse (unsigned int8[] arr, int32 index, int32 length) cil managed
{
// Method begins at RVA 0×104b6
// Code size 16 (0×10)
.maxstack 8
IL_0000: ldsfld bool [mscorlib]System.BitConverter::IsLittleEndian
IL_0005: brfalse.s IL_000f

IL_0007: ldarg.0
IL_0008: ldarg.1
IL_0009: ldarg.2
IL_000a: call void class [mscorlib]System.Array::Reverse(class [mscorlib]System.Array, int32, int32)
IL_000f: ret
} // end of method Utility::LeReverse

// method line 854
.method public static hidebysig
default void LeReverse (unsigned int8[] arr) cil managed
{
// Method begins at RVA 0×104c7
// Code size 11 (0xb)
.maxstack 8
IL_0000: ldarg.0
IL_0001: ldc.i4.0
IL_0002: ldarg.0
IL_0003: ldlen
IL_0004: conv.i4
IL_0005: call void class AirfoilServer.AirTunes.Utility::LeReverse(unsigned int8[], int32, int32)
IL_000a: ret
} // end of method Utility::LeReverse

// method line 855
.method public static hidebysig
default void RijndaelDecrypt (unsigned int8[] Buf, int32 Offset, int32 Count, unsigned int8[] Key, unsigned int8[] IV) cil managed
{
// Method begins at RVA 0×104d4
// Code size 80 (0×50)
.maxstack 5
.locals init (
class [mscorlib]System.Security.Cryptography.Rijndael V_0,
class [mscorlib]System.IO.MemoryStream V_1,
class [mscorlib]System.Security.Cryptography.ICryptoTransform V_2,
class [mscorlib]System.Security.Cryptography.CryptoStream V_3)
IL_0000: call class [mscorlib]System.Security.Cryptography.Rijndael class [mscorlib]System.Security.Cryptography.Rijndael::Create()
IL_0005: stloc.0
IL_0006: ldloc.0
IL_0007: ldc.i4.1
IL_0008: callvirt instance void class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::set_Mode(valuetype [mscorlib]System.Security.Cryptography.CipherMode)
IL_000d: ldloc.0
IL_000e: ldc.i4.1
IL_000f: callvirt instance void class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::set_Padding(valuetype [mscorlib]System.Security.Cryptography.PaddingMode)
IL_0014: newobj instance void class [mscorlib]System.IO.MemoryStream::.ctor()
IL_0019: stloc.1
IL_001a: ldloc.0
IL_001b: ldarg.3
IL_001c: ldarg.s 4
IL_001e: callvirt instance class [mscorlib]System.Security.Cryptography.ICryptoTransform class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::CreateDecryptor(unsigned int8[], unsigned int8[])
IL_0023: stloc.2
IL_0024: ldloc.1
IL_0025: ldloc.2
IL_0026: ldc.i4.1
IL_0027: newobj instance void class [mscorlib]System.Security.Cryptography.CryptoStream::.ctor(class [mscorlib]System.IO.Stream, class [mscorlib]System.Security.Cryptography.ICryptoTransform, valuetype [mscorlib]System.Security.Cryptography.CryptoStreamMode)
IL_002c: stloc.3
IL_002d: ldloc.3
IL_002e: ldarg.0
IL_002f: ldarg.1
IL_0030: ldarg.2
IL_0031: ldc.i4.s 0×10
IL_0033: div
IL_0034: ldc.i4.s 0×10
IL_0036: mul
IL_0037: callvirt instance void class [mscorlib]System.IO.Stream::Write(unsigned int8[], int32, int32)
IL_003c: ldloc.3
IL_003d: callvirt instance void class [mscorlib]System.IO.Stream::Close()
IL_0042: ldloc.1
IL_0043: callvirt instance unsigned int8[] class [mscorlib]System.IO.MemoryStream::ToArray()
IL_0048: ldarg.0
IL_0049: ldc.i4.0
IL_004a: callvirt instance void class [mscorlib]System.Array::CopyTo(class [mscorlib]System.Array, int32)
IL_004f: ret
} // end of method Utility::RijndaelDecrypt

// method line 856
.method public hidebysig specialname rtspecialname
instance default void .ctor () cil managed
{
// Method begins at RVA 0×10530
// Code size 7 (0×7)
.maxstack 8
IL_0000: ldarg.0
IL_0001: call instance void object::.ctor()
IL_0006: ret
} // end of method Utility::.ctor

} // end of class AirfoilServer.AirTunes.Utility
}

That Utility class looks very familiar. Where have I seen those exact functions before? Oh, that’s right, it’s the Utility class licensed under the GPL from my DeDRMS and SharpMusique source code packages.

I can’t say I’m surprised. GPL’ed code is frequently used in violation of the license. MacTheRipper, a popular DVD ripper for MacOS X, has been violating the GPL for years by using libdvdcss and refusing to release the source code.

I’m not going to be too hard on Rogue Amoeba though. Unlike many Mac users, they are against closed platforms. See their blog post about the iPhone SDK as well as the future of code signing in MacOS X.

Update: Quentin from Rogue Amoeba got in touch via email. The code ended up in Airfoil Speakers due to an honest mistake. Quentin writes:

We use a lot of open source software in our products, could not make them as good as we do without it in fact. And as such, we do our best to make sure the licenses are followed. All our commercial software is GPL-free, some use LGPL’ed libraries, and some BSD/MIT code in places. We try to make sure all the code we use is correctly acknowledged, and give back when we can (http://rogueamoeba.com/sources/, www.rogueamoeba.com/utm/2008/01/12/perian-is-awesome/).

So we’ve put together Utility.cs-less versions of Airfoil Speakers to fix our GPL compliance. The Linux version we are pushing out immediately (it’s still in beta technically) here: http://bigblueamoeba.com/tmp/airfoilspeakerslinux/. The Windows version will be officially pushed out this week after testing, but is available right now here: http://bigblueamoeba.com/tmp/airfoilspeakerswindows/

Thanks Quentin!

“Phones will only run apps signed by Apple. It also applies FairPlay to the package.”

– Deric Horn, Apple Inc.

The SDK does look impressive. Hopefully CoreData will get added at some point.

Update: I knew it was too good to be true. From the iPhone HIG:

Only one iPhone application can run at a time, and third-party applications never run in the background. This means that when users switch to another application, answer the phone, or check their email, the application they were using quits. (p. 16)

So much for showing off AIM at the launch event as an example of what you can do with the SDK. Unless you’re someone like AOL, you’re not going to be writing any useful social clients for the iPhone. Oh, and this makes the Kleiner Perkins iFund look even more of a joke than their Java fund a decade ago.

After a lot of hard work, we’ve finally released doubleTwist desktop. The goal of doubleTwist is to simplify the flow of media across devices and social networks. To give an example: say you shot a video with your Nokia N95 cellphone. How do you send that video to your friend and make sure he’ll be able to play it on his iPod or Sony PSP? Yesterday, the easiest solution was to give up. As of today, the answer is doubleTwist. With doubleTwist, you’ll be able to share and sync digital media without worrying about codecs and bitrates.

Download doubleTwist and send us your feedback! If you are a developer and want to add support for a new device, check out our developers page.

I was expecting that the iPhone firmware update would simply relock unlocked iPhones so that they could only be used with AT&T. I was wrong. As you may know by now, after an unlocked iPhone has been upgraded with the 1.1.1 firmware it will refuse to activate with any SIM. The technical evidence so far indicates that this was intentional by Apple. Although the iPhone is still alive, it’s completely useless. It’s essentially a brick.

Has Nokia or Sony Ericsson ever bricked or refused service on an unlocked phone? Not that I’ve heard of, and if they did, they would have been quickly sued in several countries where consumer rights are more strongly protected.

Did Sony ever brick PSPs over homebrew software? Did Microsoft ever overwrite someone’s BIOS with garbage because they detected an illegitimate Windows installation?

In light of other things Apple has done lately, such as adding an encrypted hash to the iPod database to lock out non-Apple software and disabling TV-out on the iPod unless the 3rd party accessory you’re using has an Apple authentication chip, it’s evident that Apple is well on its way to become one of the most consumer hostile tech companies.

When Steve Jobs claimed the iPhone was 5 years ahead of every other phone, was he talking about the iPhone’s revolutionary handcuffs?

In a world where open technologies are increasingly becoming the norm, Apple’s way of Thinking Different means marching in the opposite direction.

Update: According to the iPhone Dev Wiki, there is now a method for downgrading from 1.1.1 to 1.0.2 to revive your iPhone. There’s even a tutorial on YouTube.

Apple issued a FUD-filled press release yesterday about iPhone unlocking. A poster over at Ars, Quitch, offers this view:

So either Apple is intentionally bricking the phone, or their engineers haven’t heard of checksums.

Oh this is a hard one…

Apple’s claim that “unlocking programs available on the Internet cause irreparable damage to the iPhone’s software” is a blatant lie if you use the common sense definition of damage. Apple, of course, is using a different definition of damage: any change to the iPhone software that Apple doesn’t like is considered damage.

In any case, I doubt Apple has intentionally engineered the update to brick any iPhones. According to the iPhone Dev Team, there have been several hundred thousand downloads of the iPhone unlocking software. There’s no way of knowing exactly how many people have actually unlocked their iPhones, but I estimate it’s tens of thousands. Imagine the PR fallout from the iPhone price drop. Now double that… and mix in some lawsuits.

The only way Apple could unintentionally brick any iPhones is if they’re doing a diff patch of the baseband firmware without verifying that the original firmware hasn’t been modified. I doubt they’re doing a diff patch, but we’ll find out later this week when Apple releases the update.

As for the “you’ve modified the sacred firmware!” argument that’s being parroted around by some people, tx2tn over at Ars nails it:

As far as the “you changed the firmware” issues. That’s a load of crap. Yeah, you changed the firmware. So what? There is no great universal mystery about firmware. It’s just code, and under almost any other circumstances (translation - the rest of the world outside of Apple), can be reloaded to just start over. If it can be changed to be hacked, it can be changed to be reset back to normal.

Firmware is not magic.

Update: The iPhone software 1.1.1 update is out. According to early reports an unlocked iPhone will revert to being locked and inactivated with no way to reactivate with any SIM. The update also wipes out 3rd party applications.

I’m selling the 8GB iPhone I used to study the activation process and write Phone Activation Server. If you are interested, please contact me and suggest a price.

Update: the iPhone has been sold.

I’ve found a way to activate a brand new unactivated iPhone without giving any of your money or personal information to NSA AT&T. The iPhone does not have phone capability, but the iPod and WiFi work. Stay tuned!

Update:

Magic iTunes 7.3.0.54 numbers:

Offset 2048912: 33C0C3

Offset 257074: 28

Offset 257013: 33C9B1

Add “127.0.0.1 albert.apple.com” to c:\windows\system32\drivers\etc\hosts

Download Phone Activation Server v1.0 to activate your iPhone for iPod+WiFi use. Note that this application will not do anything unless you understand the magic numbers as well as add the hosts entry. Phone Activation Server (PAS) requires that you have the MS .NET Framework 2.0 installed.

Download PAS v1.0 Source Code.

I’ve been playing with a friend’s iPhone to see how the activation process works (there are people who want an iPhone to use it as an iPod and WiFi device without having to enter into a 2-year AT&T contract).

The following pieces of information are used to activate an iPhone:

• DeviceID
• IMEI
• ICCID

Unfortunately, the activation data is cryptographically signed. The following certificate (”Apple iPhone Activation”, issued by “Apple iPhone Certification Authority”) is used to verify the signature:

-----BEGIN CERTIFICATE-----
MIIDZzCCAk+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJVUzET
MBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlv
biBBdXRob3JpdHkxLTArBgNVBAMTJEFwcGxlIGlQaG9uZSBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTAeFw0wNzA0MTYyMjU1MDJaFw0xNDA0MTYyMjU1MDJaMFsxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQKEwpBcHBsZSBJbmMuMRUwEwYDVQQLEwxBcHBsZSBp
UGhvbmUxIDAeBgNVBAMTF0FwcGxlIGlQaG9uZSBBY3RpdmF0aW9uMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDFAXzRImArmoiHfbS2oPcqAfbEv0d1jk7GbnX7
+4YUlyIfprzBVdlmz2JHYv1+04IzJtL7cL97UI7fk0i0OMY0al8a+JPQa4Ug611T
bqEt+njAmAkge3HXWDBdAXD9MhkC7T/9o77zOQ1oli4cUdzlnYWfzmW0PduOxuve
AeYY4wIDAQABo4GbMIGYMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMB0G
A1UdDgQWBBShoNL+t7Rz/psUaq/NPXNPH+/WlDAfBgNVHSMEGDAWgBTnNCouIt45
YGu0lM53g2EvMaB8NTA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vd3d3LmFwcGxl
LmNvbS9hcHBsZWNhL2lwaG9uZS5jcmwwDQYJKoZIhvcNAQEFBQADggEBAF9qmrUN
dA+FROYGP7pWcYTAK+pLyOf9zOaE7aeVI885V8Y/BKHhlwAo+zEkiOU3FbEPCS9V
tS18ZBcwD/+d5ZQTMFknhcUJwdPqqjnm9LqTfH/x4pw8ONHRDzxHdp96gOV3A4+8
abkoASfcYqvIRypXnbur3bRRhTzAs4VILS6jTyFYymZeSewtBubmmigo1kCQiZGc
76c5feDAyHb2bzEqtvx3WprljtS46QT5CR6YelinZnio32jAzRYTxtS6r3JsvZDi
J07+EHcmfGdpxwgO+7btW1pFar0ZjF9/jYKKnOYNyvCrwszhafbSYwzAG5EJoXFB
4d+piWHUDcPxtcc=
-----END CERTIFICATE-----

We have an opening for an experienced C# developer at DoubleTwist:

You will be tasked with working on both our client software as well as server backend code. Besides coding, you will be responsible for assisting with documentation, building test plans, debugging software, providing design input, and helping in every way to ensure the successful rollout of each phase of the project.

Location: San Francisco

If you are interested, send us your résumé. If you know of someone who might be interested, please forward this to them.