AirPort Express/AirTunes decoder in Software…

I’m now on my 5th AirPort Express as the others have all just died on me (and even this one is a bit flakey).

It’s generally the power supplies that have gone in them – the caps are rated for around 200V so they’re fine on a 110V supply, but give up after a year or so on 240V.

It’s well known that AirPlay (used to be AirTunes) encrypts the stream before sending it to the AirPort Express – people managed to reverse engineer the public key from iTunes to enable an arbitrary application to send audio to an AirPort Express, but up until now there was no way for anything other than an AirPort Express (and now, licensed AirPlay devices) to receive and decode this audio stream.

Each time when my AirPort Express has died, I’ve looked around for a software receiver, and each time I’ve come up empty handed. There has until now been very little documentation and this is due to crypto keys buried in the base station to decrypt the stream from iTunes.

James Laird has gone the distance to rip open the AirPort Express (not an easy task in itself) and dump the ROM inside it, from this ROM image he’s found the RSA private key, whacked a perl program around it and put it on his blog.

Nice work, James.

Grab the perl source from: jhl::mafipulation.

This article was posted by Kai Howells. If you liked this content and have any technical work in the Melbourne area, say hello via my contact form or give me a call on 0419 361 653 - I cover most of the greater Melbourne area and my rates are competitive.

Leave a Reply

Your email address will not be published. Required fields are marked *