[Cryptography Team] Daap Implementation

Tue Nov 7 16:09:54 UTC 2006

Perfect!

I forwarded this to our Attorney and sent and email to the address you
found.  I'll keep you updated on the legality of doing the work and if I can
get more documentation for you.  

Nice job on getting the information!

Ron

> -----Original Message-----
> From: Yann Monclair
> Sent: Tuesday, November 07, 2006 10:29 AM
> 
> I did some research on the web and I found quite a number of open
> source implementations for  DAAP.
> 
> I found implementations in:
> - c++ (c and objective c wrappers) http://daap.sourceforge.net/
> - java http://getittogether.sourceforge.net/
> - c# (mono) http://www.snorp.net/log/tangerine
> - python http://jerakeen.org/code/PythonDaap/
> - c http://crazney.net/programs/itunes/libopendaap.html
> - ruby http://daapclient.rubyforge.org/
> - perl http://search.cpan.org/~gnat/dapple-0.21/lib/Net/DAAP/DMAP.pm
> There are probably other implementations out there too.
> 
> I also found out a Google Summer of Code project was an
> implementation of DAAP for AmaroK http://code.google.com/soc/kde/
> appinfo.html?csaid=37CD6C87DA8D5F53
> 
> Players like banshee http://banshee-project.org, Rhythmbox http://
> www.gnome.org/projects/rhythmbox/ , or amaroK http://amarok.kde.org
> 
> I also read on the front page of http://daap.sourceforget.net :
> 
> 	May 8, 2003
> 
> 	I have received an email from Amandeep Jawa, Senior Software
> Engineer for iTunes, who worked on DAAP. He says that there will soon
> be 	official documentation for the protocol from Apple, which will
> immensely help in the effort. In the mean time, I'm still going to be
> working on 	libdaap using my reverse-engineered docs.
> 
> 	- Chris Boot
> 
> I haven't found any official daap documentation though. From http://
> www.opendaap.org , I read:
> 
> 	If you're making a commercial product, Apple has now started
> offering the DAAP protocol specification under license.
> 	Email rendezvous at apple.com for details
> 
> I haven't found any explicit licensing on DAAP from Apple.  For
> iTunes I found this page http://developer.apple.com/softwarelicensing/
> agreements/itunes.html .  But I do not think an implementation of
> DAAP relates (at least not directly) to iTunes.
> 
> Maybe the best option would be to send an email to
> rendezvous at apple.com , to ask the license, and maybe also about the
> protocol specifications.
> 
> HTH,
> 
> Yann
> 
> 
> On 7 nov. 06, at 15:38, Ron Teitelbaum wrote:
> 
> > Hi Yann,
> >
> > Thank you for your interest in the Cryptography group and welcome
> > to the
> > team.  Your project sounds very interesting.
> >
> > Before we talk about the Daap implementation I think it would make
> > sense to
> > do some bookkeeping.  Could you spend some time researching the iTunes
> > license?  What we are doing here is developing Open Source code.
> > What I
> > need to know first is if we develop a system that can do Daap
> > connections
> > and sharing could we then distribute our works under an open source
> > license.
> >
> >
> > What I need from you or anyone in the group interested in
> > participating is
> > any links that show the license for Daap, or iTunes.  If you can find
> > something that shows that someone else has done Daap and released
> > it Open
> > Source, or someone that comments that it can be done and
> > redistributed OS
> > that would be helpful.  Once I get that research from you I will
> > review it
> > and get an evaluation from our Attorney so that we can make a
> > decision if
> > this project can be done legally.  It concerns me that the code
> > needs to be
> > reverse engineered.
> >
> > Thanks,
> >
> > Ron Teitelbaum
> > Squeak Cryptography Team Leader
> >
> >> -----Original Message-----
> >> From: Yann Monclair
> >> Sent: Tuesday, November 07, 2006 3:21 AM
> >>
> >> (Sorry if this is a resend, it seems I sent the first email before
> >> being completely registered to the mailing list, it must have been
> >> moderated.)
> >>
> >> Hello,
> >>
> >> I just started an implementation of the Digital Audio Access Protocol
> >> [1] in Squeak. This protocol is used by Apples iTunes [2] to share
> >> music over a lan. I found very little documentation[3] on this
> >> protocol, since Apple has decided not to disclose the documentation
> >> on its specifics.
> >> I have published the little code I wrote so far on SqueakSource [4].
> >> I am stuck after the login request. As I understand it, iTunes
> >> doesn't send you the session-id, but an encrypted id, leaving you to
> >> decrypt it. Unfortunately, Apple added some byte switching or
> >> something to the classic MD5 encryption (I'm far from an expert in
> >> crypto, so I might not be using the appropriate vocabulary). I found
> >> a c library to connect to daap shares [5], but I didn't really get,
> >> even after looking at the code.
> >>
> >> I would appreciate any help to figure this session-id thing out :) I
> >> think having a daap implementation in Squeak, can be really useful
> >> for multimedia purposes, and we could probably find cool
> >> applications :p
> >>
> >> Here the code I write in a workspace to get a daapsession
> >>
> >>   DaapSession connectTo: 'localhost'.
> >>
> >> this will return a DaapSession knowing the server, the content codes
> >> (typing info) and a DaapLogin. the encrytped session-id is accessible
> >> via DaapSession>>sid (or DaapLogin>>mlid)
> >>
> >> Thanks,
> >>
> >> Yann
> >>
> >> [1] http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol
> >> [2] http://www.apple.com/itunes/overview/
> >> [3] http://tapjam.net/daap/
> >> [4] http://www.squeaksource.com/daap.html
> >> [5] http://crazney.net/programs/itunes/authentication.html
> >>