[Cryptography Team] Daap Implementation

Ron Teitelbaum Ron at USMedRec.com
Tue Nov 7 16:22:06 UTC 2006 

Yann, 

It sure looks to me like the sessionID is returned from the server from the
logon.  So you logon and get back a loginresponse with has the 4 byte
sessionid attached to it.  Maybe the problem you are having is with
endianness.  What platform are you working on?  Try changing the sessionID
from AABBCCDD to DDCCBBAA.  If that works then that is your problem and we
can discuss ways of fixing that for a general implementation.  I don't see
anything about the response being encrypted or validated, do you have a
reference to that somewhere?

From: http://molelog.molehill.org/blox/Computers/Macintosh/DAAP3.writeback 

/login
No arguments required (or apparently used).

The response is too short; my current parser handles this by just stopping
when it finds an all-0 tag.

dmap.loginresponse                      0x00000024    
 dmap.status                            0x00000004    number
0x000000c8(200)
 dmap.sessionid                         0x00000004    number
0x0000040e(1038)
==== END ====


The dmap.sessionid will be the value for the 'session-id' parameter to the
following requests.

Ron Teitelbaum
Squeak Cryptography Team Leader

> -----Original Message-----
> From: Yann Monclair
> Sent: Tuesday, November 07, 2006 3:21 AM
> 
> (Sorry if this is a resend, it seems I sent the first email before
> being completely registered to the mailing list, it must have been
> moderated.)
> 
> Hello,
> 
> I just started an implementation of the Digital Audio Access Protocol
> [1] in Squeak. This protocol is used by Apples iTunes [2] to share
> music over a lan. I found very little documentation[3] on this
> protocol, since Apple has decided not to disclose the documentation
> on its specifics.
> I have published the little code I wrote so far on SqueakSource [4].
> I am stuck after the login request. As I understand it, iTunes
> doesn't send you the session-id, but an encrypted id, leaving you to
> decrypt it. Unfortunately, Apple added some byte switching or
> something to the classic MD5 encryption (I'm far from an expert in
> crypto, so I might not be using the appropriate vocabulary). I found
> a c library to connect to daap shares [5], but I didn't really get,
> even after looking at the code.
> 
> I would appreciate any help to figure this session-id thing out :) I
> think having a daap implementation in Squeak, can be really useful
> for multimedia purposes, and we could probably find cool applications :p
> 
> Here the code I write in a workspace to get a daapsession
> 
>   DaapSession connectTo: 'localhost'.
> 
> this will return a DaapSession knowing the server, the content codes
> (typing info) and a DaapLogin. the encrytped session-id is accessible
> via DaapSession>>sid (or DaapLogin>>mlid)
> 
> Thanks,
> 
> Yann
> 
> [1] http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol
> [2] http://www.apple.com/itunes/overview/
> [3] http://tapjam.net/daap/
> [4] http://www.squeaksource.com/daap.html
> [5] http://crazney.net/programs/itunes/authentication.html
> 
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

More information about the Cryptography mailing list