[Cryptography Team] Daap Implementation
yann at monclair.info
Tue Nov 7 17:03:50 UTC 2006
I see two possibilities for the error I get:
New for iTunes 4.5 - 29 April 2004.
Yesterday Apple released a new version of iTunes which updates the
DAAP protocol. Amongst these changes to the protocol include a new
authentication algorithm. They have changed the strings that get used
for the hash table, include a few more things in the hash table - and
more importantly, no longer use a real MD5 algorithm.
This is one year after your quote, so I assume it's an update with
more recent iTunes.
2. Maybe I automatically (not sure how) logout after each request,
thus expiring the session-id I just gathered, I read that that
problem occured with wget. if you close the connection. I'll try to
keep the connection open and see from there
**EDIT** 2. doesn't seem to be the problem, because when after a
request, I'm still listed as a connected client in iTunes.
(this may be a resend, my email client sometimes gets confused
between my different identities...)
On 7 nov. 06, at 17:22, Ron Teitelbaum wrote:
> It sure looks to me like the sessionID is returned from the server
> from the
> logon. So you logon and get back a loginresponse with has the 4 byte
> sessionid attached to it. Maybe the problem you are having is with
> endianness. What platform are you working on? Try changing the
> from AABBCCDD to DDCCBBAA. If that works then that is your problem
> and we
> can discuss ways of fixing that for a general implementation. I
> don't see
> anything about the response being encrypted or validated, do you
> have a
> reference to that somewhere?
> From: http://molelog.molehill.org/blox/Computers/Macintosh/
> No arguments required (or apparently used).
> The response is too short; my current parser handles this by just
> when it finds an all-0 tag.
> dmap.loginresponse 0x00000024
> dmap.status 0x00000004 number
> dmap.sessionid 0x00000004 number
> ==== END ====
> The dmap.sessionid will be the value for the 'session-id' parameter
> to the
> following requests.
> Ron Teitelbaum
> Squeak Cryptography Team Leader
>> -----Original Message-----
>> From: Yann Monclair
>> Sent: Tuesday, November 07, 2006 3:21 AM
>> (Sorry if this is a resend, it seems I sent the first email before
>> being completely registered to the mailing list, it must have been
>> I just started an implementation of the Digital Audio Access Protocol
>>  in Squeak. This protocol is used by Apples iTunes  to share
>> music over a lan. I found very little documentation on this
>> protocol, since Apple has decided not to disclose the documentation
>> on its specifics.
>> I have published the little code I wrote so far on SqueakSource .
>> I am stuck after the login request. As I understand it, iTunes
>> doesn't send you the session-id, but an encrypted id, leaving you to
>> decrypt it. Unfortunately, Apple added some byte switching or
>> something to the classic MD5 encryption (I'm far from an expert in
>> crypto, so I might not be using the appropriate vocabulary). I found
>> a c library to connect to daap shares , but I didn't really get,
>> even after looking at the code.
>> I would appreciate any help to figure this session-id thing out :) I
>> think having a daap implementation in Squeak, can be really useful
>> for multimedia purposes, and we could probably find cool
>> applications :p
>> Here the code I write in a workspace to get a daapsession
>> DaapSession connectTo: 'localhost'.
>> this will return a DaapSession knowing the server, the content codes
>> (typing info) and a DaapLogin. the encrytped session-id is accessible
>> via DaapSession>>sid (or DaapLogin>>mlid)
>>  http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol
>>  http://www.apple.com/itunes/overview/
>>  http://tapjam.net/daap/
>>  http://www.squeaksource.com/daap.html
>>  http://crazney.net/programs/itunes/authentication.html
>> Cryptography mailing list
>> Cryptography at lists.squeakfoundation.org
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
More information about the Cryptography