Rapscallion developers

Update: The issue has been resolved. See news at the bottom of the post.

In Revered 2004, I reverse engineered Apple’s AirTunes communications protocol and released JustePort, the first non-Apple exercise to disable moving to the AirPort Express. Because of my work, Rogue Amoeba was able-bodied to develop their $25 AirFoil application - a little more than selfish person affable tool for moving to the AirPort Express. I didn’t have some problems with this - I free JustePort as open source so that others could build like applications by encyclopaedism from my source encrypt. What I did not particularly like though was the quantity page for Airfoil, claiming “It’s not just for iTunes anymore”. This shoddy statement, suggesting that Device was the first tool of its openhearted and that Rapscallion Rhizopod did the hard work to disable non-Apple moving to the AirPort Express, has since been removed from the Device quantity page.

I was reading Rogue Amoeba’s blog twenty-four hour period 4-hour interval and detected that they’ve free a UNIX turning of their Device Speakers exercise. Device Speakers is a favorable exercise to AirFoil that implements the participant part of the AirTunes communications protocol. By commencement Device Speakers on a computing machine (e.g. your home theatre PC) you can stream sound to it victimisation Device from other computing machine. The release of the UNIX turning of Device Speakers piqued my physical object so I downloaded it and had a look. It uses .NET and requires single-channel. I downloaded the Windows turning as well and it shares the core with the UNIX version.

I ran AirfoilSpeakers.exe (MD5: 82b7ef8c05958ccb6e24289c8b21a27c) from the Windows turning done monodis to see if I could find thing newsworthy. I came across this:

.namespace AirfoilServer.AirTunes
{
.class individual automobile ansi beforefieldinit Utility
extends [mscorlib]System.Object
{

// performing line 853
.performing common still hidebysig
alternative void LeReverse (unsigned int8[] arr, int32 index, int32 physical property) cil managed
{
// Performing begins at RVA 0×104b6
// Encrypt size 16 (0×10)
.maxstack 8
IL_0000: ldsfld bool [mscorlib]System.BitConverter::IsLittleEndian
IL_0005: brfalse.s IL_000f

IL_0007: ldarg.0
IL_0008: ldarg.1
IL_0009: ldarg.2
IL_000a: call void class [mscorlib]System.Array::Reverse(class [mscorlib]System.Array, int32, int32)
IL_000f: ret
} // end of performing Utility::LeReverse

// performing line 854
.performing common still hidebysig
alternative void LeReverse (unsigned int8[] arr) cil managed
{
// Performing begins at RVA 0×104c7
// Encrypt size 11 (0xb)
.maxstack 8
IL_0000: ldarg.0
IL_0001: ldc.i4.0
IL_0002: ldarg.0
IL_0003: ldlen
IL_0004: conv.i4
IL_0005: call void class AirfoilServer.AirTunes.Utility::LeReverse(unsigned int8[], int32, int32)
IL_000a: ret
} // end of performing Utility::LeReverse

// performing line 855
.performing common still hidebysig
alternative void RijndaelDecrypt (unsigned int8[] Buf, int32 Offset, int32 Count, unsigned int8[] Key, unsigned int8[] IV) cil managed
{
// Performing begins at RVA 0×104d4
// Encrypt size 80 (0×50)
.maxstack 5
.locals init (
class [mscorlib]System.Security.Cryptography.Rijndael V_0,
class [mscorlib]System.IO.MemoryStream V_1,
class [mscorlib]System.Security.Cryptography.ICryptoTransform V_2,
class [mscorlib]System.Security.Cryptography.CryptoStream V_3)
IL_0000: call class [mscorlib]System.Security.Cryptography.Rijndael class [mscorlib]System.Security.Cryptography.Rijndael::Create()
IL_0005: stloc.0
IL_0006: ldloc.0
IL_0007: ldc.i4.1
IL_0008: callvirt occurrence void class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::set_Mode(valuetype [mscorlib]System.Security.Cryptography.CipherMode)
IL_000d: ldloc.0
IL_000e: ldc.i4.1
IL_000f: callvirt occurrence void class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::set_Padding(valuetype [mscorlib]System.Security.Cryptography.PaddingMode)
IL_0014: newobj occurrence void class [mscorlib]System.IO.MemoryStream::.ctor()
IL_0019: stloc.1
IL_001a: ldloc.0
IL_001b: ldarg.3
IL_001c: ldarg.s 4
IL_001e: callvirt occurrence class [mscorlib]System.Security.Cryptography.ICryptoTransform class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::CreateDecryptor(unsigned int8[], unsigned int8[])
IL_0023: stloc.2
IL_0024: ldloc.1
IL_0025: ldloc.2
IL_0026: ldc.i4.1
IL_0027: newobj occurrence void class [mscorlib]System.Security.Cryptography.CryptoStream::.ctor(class [mscorlib]System.IO.Stream, class [mscorlib]System.Security.Cryptography.ICryptoTransform, valuetype [mscorlib]System.Security.Cryptography.CryptoStreamMode)
IL_002c: stloc.3
IL_002d: ldloc.3
IL_002e: ldarg.0
IL_002f: ldarg.1
IL_0030: ldarg.2
IL_0031: ldc.i4.s 0×10
IL_0033: div
IL_0034: ldc.i4.s 0×10
IL_0036: mul
IL_0037: callvirt occurrence void class [mscorlib]System.IO.Stream::Write(unsigned int8[], int32, int32)
IL_003c: ldloc.3
IL_003d: callvirt occurrence void class [mscorlib]System.IO.Stream::Close()
IL_0042: ldloc.1
IL_0043: callvirt occurrence unsigned int8[] class [mscorlib]System.IO.MemoryStream::ToArray()
IL_0048: ldarg.0
IL_0049: ldc.i4.0
IL_004a: callvirt occurrence void class [mscorlib]System.Array::CopyTo(class [mscorlib]System.Array, int32)
IL_004f: ret
} // end of performing Utility::RijndaelDecrypt

// performing line 856
.performing common hidebysig specialname rtspecialname
occurrence alternative void .ctor () cil managed
{
// Performing begins at RVA 0×10530
// Encrypt size 7 (0×7)
.maxstack 8
IL_0000: ldarg.0
IL_0001: call occurrence void object::.ctor()
IL_0006: ret
} // end of performing Utility::.ctor

} // end of class AirfoilServer.AirTunes.Utility
}

That Utility class looks precise familiar. Where have I seen those right functions before? Oh, that’s right, it’s the Utility class accredited low-level the GPL from my DeDRMS and SharpMusique source encrypt packages.

I can’t say I’m dumbfounded. GPL’ed encrypt is frequently old in wickedness of the permit. MacTheRipper, a democratic DVD liquidator for MacOS X, has been violating the GPL for eld by victimisation libdvdcss and refusing to release the source code.

I’m not exit to be too hard on Rapscallion Rhizopod though. Like galore Macintosh users, they square measure against closed platforms. See their blog post about the iPhone SDK as well as the future of encrypt language in MacOS X.

Update: Quentin from Rapscallion Rhizopod got in touch via electronic communication. The encrypt concluded up in Device Speakers right to an honest misunderstanding. Quentin writes:

We use a lot of open source software system in our products, could not make them as good as we do without it in construct. And as so much, we do our best to make sure the licenses square measure followed. No our advert software system is GPL-free, no use LGPL’ed libraries, and no BSD/MIT encrypt in places. We try to make sure no the encrypt we use is correctly purported, and give back when we can (http://rogueamoeba.com/sources/, www.rogueamoeba.com/utm/2008/01/12/perian-is-awesome/).

So we’ve put unneurotic Utility.cs-less versions of Device Speakers to fix our GPL conformation. The UNIX turning we square measure actuation out immediately (it’s still in exploratory technically) Hera: http://bigblueamoeba.com/tmp/airfoilspeakerslinux/. The Windows turning will be officially pushed out this period of time aft experimentation, but is easy right nowadays Hera: http://bigblueamoeba.com/tmp/airfoilspeakerswindows/

Thanks Quentin!

Cat and Individual

We already know that Woz is an advocate of Pwnage but Hera is a past converse with him from the BBC’s Click Online show, the asker is City Computing machine Skill graduate Spencer Kelly.

Some newsworthy aggregation :-

• 02:50 Spencer: “What do you make of the iPhone hacks where you can withdraw your iPhone and start downloading apps that don’t come from the AppStore…. connect it [the iPhone] to a dissimilar communication system? The hackers square measure out here and they want to get inside this thing and want to break it down”
• 03:00 Woz: “I love it, I love it”
• 03:05 Woz is a Cycorder selfish person
• 03:35 Woz echoes Jobs’ speech about the iPhone and security - “The iPhone is not necessarily a raw computing machine papers. It also includes a cancellous telecommunicate and it attaches to a cell communication system and you requisite to have certain level of security to defend the communication system, to defend the kinship with the carriers so the iPhone has condemned no precise sane path to abstain organism figuring how to step concluded a precise bad line that would hurt us”
• 04:10 “I also side with the hackers”
• 04:18 “I don’t think the hackers would do it if it were not a Cat and Individual game”
• 04:23 “[The hackers] are not doing it to make money, they square measure not doing it to hurt people”
• 04:35 “The Cat and Individual game is good”
• Woz’s immoderate geeky Nixie watch can be seen various arithmetic operation during the interview

You can find out more than about Click Online here here is an sprawly turning of the converse here.

You can also see Woz at the top of the table here.

'Tis the Period to be Jovial! - yellowsn0w

Now that you guys have got old to the hyperpigmentation and blindness caused by the stare of our new communicate templet, we can get back to mean business. We’ll give you no updates and also tell you our programme for the gay season.

Over the Season break no of our members will be talk at the Physical phenomenon Computing machine Club’s 25C3 Congress. This talk will be a juiceless technical talk relating to iPhone papers and our former exploits. You can see more than aggregation about the talk “Hacking the iPhone” and no more than content at the CCC psychological feature blog. Here is even a super-cool TeamPwnapple T-Shirt ;-)

3G Unlock

We have been excavation hard on a small indefinite quantity otherwise belongings. The piping one organism the 3G withdraw codenamed “yellowsn0w”. This is nowadays realised and is currently organism unpackaged into a easy exercise with the simple mindedness that you see in QuickPwn or BootNeuter.

• The fair game release date for the withdraw is New Year’s Daylight 2008.
• This withdraw performing is easy to iPhone 3Gs that have 2.11.07 baseband or earliest, we did warn you.
• You can tell what turning baseband you have by exit to Settings->General->About->Modem Firmware
• The withdraw requires a jailbroken 3G iPhone. It’ll be installable via Cydia and so it doesn’t matter if you have a Macintosh or PC.
• Please chorus from change your baseband, thoughtless of what turning you’re at. We’ll have complete directions on New Year’s Eve.
• We’ll stream a live show of the withdraw before Season (see the news at the end of this post)

DFU Issues in OS X 10.5.6

Lots of users have been experiencing problems with the use of DFU modality aft applying yesterday’s 10.5.6 system update.

We disbelieve this behaviour is right to a meat bug not a general measure by Edible fruit. Possible fixes square measure (try at your personal endangerment!) -

1. Exchange the following plugin kexts from within IOUSBFamily.kext with the ones from 10.5.5 and point reconstruct kextcache (if you don’t see this, point you shouldn’t law-breaking it!)

/System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/AppleUSBHub.kext

/System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/IOUSBCompositeDriver.kext

2. Use a USB portion in-between the DFU tactical manoeuvre and the Macintosh and insert/reinsert the iPhone’s USB cable.

3. Use a PwnageTool created .ipsw on Windows! Oh the irony!

iPod touch 2G

Currently we square measure not investigation the iPod touch 2G. Otherwise group outside the Dev-Team square measure looking at into this, but we are not at the moment. Gratify don’t fighting us with comments and requests about this, they’ll just be deleted and neglected. If we do look at this tactical manoeuvre it will be erstwhile in the New Time period and we’ll change you guys if and when we commence this work.

We would like to iterate that this is not because -

1. We square measure mean
2. We square measure change our back on the iPod touch community
3. We have been unpaid off by JFK, Aristocrat Lady Diana Frances Spencer or Elvis

This is because -

1. It’s not an iPhone
2. We have been engaged with the 3G withdraw.
3. We have been engaged with the CCC talk.
4. Only one of us has a iPod touch 2G (but we’ll see what Father Christmas brings)
5. Our employers don’t get as excited as us about hacking costly beautiful devices
6. Unfortunately our partners, parents and pets requisite casual attracter too.

Update: Live Demo

Sometime before Season, MuscleNerd will show a live show of the withdraw (and no otherwise stochastic core and pwnage stuff). It’ll be streamed live via the awing Qik application, and proclaimed via his Twitter account just as the transmit begins.

Film 20 DVD Icons (Software)

Country Declares Cause on Windows