(Sorry if this is a resend, it seems I sent the first email before being completely registered to the mailing list, it must have been moderated.)
Hello,
I just started an implementation of the Digital Audio Access Protocol [1] in Squeak. This protocol is used by Apples iTunes [2] to share music over a lan. I found very little documentation[3] on this protocol, since Apple has decided not to disclose the documentation on its specifics. I have published the little code I wrote so far on SqueakSource [4]. I am stuck after the login request. As I understand it, iTunes doesn't send you the session-id, but an encrypted id, leaving you to decrypt it. Unfortunately, Apple added some byte switching or something to the classic MD5 encryption (I'm far from an expert in crypto, so I might not be using the appropriate vocabulary). I found a c library to connect to daap shares [5], but I didn't really get, even after looking at the code.
I would appreciate any help to figure this session-id thing out :) I think having a daap implementation in Squeak, can be really useful for multimedia purposes, and we could probably find cool applications :p
Here the code I write in a workspace to get a daapsession
DaapSession connectTo: 'localhost'.
this will return a DaapSession knowing the server, the content codes (typing info) and a DaapLogin. the encrytped session-id is accessible via DaapSession>>sid (or DaapLogin>>mlid)
Thanks,
Yann
[1] http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol [2] http://www.apple.com/itunes/overview/ [3] http://tapjam.net/daap/ [4] http://www.squeaksource.com/daap.html [5] http://crazney.net/programs/itunes/authentication.html
Hi Yann,
Thank you for your interest in the Cryptography group and welcome to the team. Your project sounds very interesting.
Before we talk about the Daap implementation I think it would make sense to do some bookkeeping. Could you spend some time researching the iTunes license? What we are doing here is developing Open Source code. What I need to know first is if we develop a system that can do Daap connections and sharing could we then distribute our works under an open source license.
What I need from you or anyone in the group interested in participating is any links that show the license for Daap, or iTunes. If you can find something that shows that someone else has done Daap and released it Open Source, or someone that comments that it can be done and redistributed OS that would be helpful. Once I get that research from you I will review it and get an evaluation from our Attorney so that we can make a decision if this project can be done legally. It concerns me that the code needs to be reverse engineered.
Thanks,
Ron Teitelbaum Squeak Cryptography Team Leader
-----Original Message----- From: Yann Monclair Sent: Tuesday, November 07, 2006 3:21 AM
(Sorry if this is a resend, it seems I sent the first email before being completely registered to the mailing list, it must have been moderated.)
Hello,
I just started an implementation of the Digital Audio Access Protocol [1] in Squeak. This protocol is used by Apples iTunes [2] to share music over a lan. I found very little documentation[3] on this protocol, since Apple has decided not to disclose the documentation on its specifics. I have published the little code I wrote so far on SqueakSource [4]. I am stuck after the login request. As I understand it, iTunes doesn't send you the session-id, but an encrypted id, leaving you to decrypt it. Unfortunately, Apple added some byte switching or something to the classic MD5 encryption (I'm far from an expert in crypto, so I might not be using the appropriate vocabulary). I found a c library to connect to daap shares [5], but I didn't really get, even after looking at the code.
I would appreciate any help to figure this session-id thing out :) I think having a daap implementation in Squeak, can be really useful for multimedia purposes, and we could probably find cool applications :p
Here the code I write in a workspace to get a daapsession
DaapSession connectTo: 'localhost'.
this will return a DaapSession knowing the server, the content codes (typing info) and a DaapLogin. the encrytped session-id is accessible via DaapSession>>sid (or DaapLogin>>mlid)
Thanks,
Yann
[1] http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol [2] http://www.apple.com/itunes/overview/ [3] http://tapjam.net/daap/ [4] http://www.squeaksource.com/daap.html [5] http://crazney.net/programs/itunes/authentication.html
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
I did some research on the web and I found quite a number of open source implementations for DAAP.
I found implementations in: - c++ (c and objective c wrappers) http://daap.sourceforge.net/ - java http://getittogether.sourceforge.net/ - c# (mono) http://www.snorp.net/log/tangerine - python http://jerakeen.org/code/PythonDaap/ - c http://crazney.net/programs/itunes/libopendaap.html - ruby http://daapclient.rubyforge.org/ - perl http://search.cpan.org/~gnat/dapple-0.21/lib/Net/DAAP/DMAP.pm There are probably other implementations out there too.
I also found out a Google Summer of Code project was an implementation of DAAP for AmaroK http://code.google.com/soc/kde/ appinfo.html?csaid=37CD6C87DA8D5F53
Players like banshee http://banshee-project.org, Rhythmbox http:// www.gnome.org/projects/rhythmbox/ , or amaroK http://amarok.kde.org
I also read on the front page of http://daap.sourceforget.net :
May 8, 2003
I have received an email from Amandeep Jawa, Senior Software Engineer for iTunes, who worked on DAAP. He says that there will soon be official documentation for the protocol from Apple, which will immensely help in the effort. In the mean time, I'm still going to be working on libdaap using my reverse-engineered docs.
- Chris Boot
I haven't found any official daap documentation though. From http:// www.opendaap.org , I read:
If you're making a commercial product, Apple has now started offering the DAAP protocol specification under license. Email rendezvous@apple.com for details
I haven't found any explicit licensing on DAAP from Apple. For iTunes I found this page http://developer.apple.com/softwarelicensing/ agreements/itunes.html . But I do not think an implementation of DAAP relates (at least not directly) to iTunes.
Maybe the best option would be to send an email to rendezvous@apple.com , to ask the license, and maybe also about the protocol specifications.
HTH,
Yann
On 7 nov. 06, at 15:38, Ron Teitelbaum wrote:
Hi Yann,
Thank you for your interest in the Cryptography group and welcome to the team. Your project sounds very interesting.
Before we talk about the Daap implementation I think it would make sense to do some bookkeeping. Could you spend some time researching the iTunes license? What we are doing here is developing Open Source code. What I need to know first is if we develop a system that can do Daap connections and sharing could we then distribute our works under an open source license.
What I need from you or anyone in the group interested in participating is any links that show the license for Daap, or iTunes. If you can find something that shows that someone else has done Daap and released it Open Source, or someone that comments that it can be done and redistributed OS that would be helpful. Once I get that research from you I will review it and get an evaluation from our Attorney so that we can make a decision if this project can be done legally. It concerns me that the code needs to be reverse engineered.
Thanks,
Ron Teitelbaum Squeak Cryptography Team Leader
-----Original Message----- From: Yann Monclair Sent: Tuesday, November 07, 2006 3:21 AM
(Sorry if this is a resend, it seems I sent the first email before being completely registered to the mailing list, it must have been moderated.)
Hello,
I just started an implementation of the Digital Audio Access Protocol [1] in Squeak. This protocol is used by Apples iTunes [2] to share music over a lan. I found very little documentation[3] on this protocol, since Apple has decided not to disclose the documentation on its specifics. I have published the little code I wrote so far on SqueakSource [4]. I am stuck after the login request. As I understand it, iTunes doesn't send you the session-id, but an encrypted id, leaving you to decrypt it. Unfortunately, Apple added some byte switching or something to the classic MD5 encryption (I'm far from an expert in crypto, so I might not be using the appropriate vocabulary). I found a c library to connect to daap shares [5], but I didn't really get, even after looking at the code.
I would appreciate any help to figure this session-id thing out :) I think having a daap implementation in Squeak, can be really useful for multimedia purposes, and we could probably find cool applications :p
Here the code I write in a workspace to get a daapsession
DaapSession connectTo: 'localhost'.
this will return a DaapSession knowing the server, the content codes (typing info) and a DaapLogin. the encrytped session-id is accessible via DaapSession>>sid (or DaapLogin>>mlid)
Thanks,
Yann
[1] http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol [2] http://www.apple.com/itunes/overview/ [3] http://tapjam.net/daap/ [4] http://www.squeaksource.com/daap.html [5] http://crazney.net/programs/itunes/authentication.html
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ cryptography
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ cryptography
Perfect!
I forwarded this to our Attorney and sent and email to the address you found. I'll keep you updated on the legality of doing the work and if I can get more documentation for you.
Nice job on getting the information!
Ron
-----Original Message----- From: Yann Monclair Sent: Tuesday, November 07, 2006 10:29 AM
I did some research on the web and I found quite a number of open source implementations for DAAP.
I found implementations in:
- c++ (c and objective c wrappers) http://daap.sourceforge.net/
- java http://getittogether.sourceforge.net/
- c# (mono) http://www.snorp.net/log/tangerine
- python http://jerakeen.org/code/PythonDaap/
- c http://crazney.net/programs/itunes/libopendaap.html
- ruby http://daapclient.rubyforge.org/
- perl http://search.cpan.org/~gnat/dapple-0.21/lib/Net/DAAP/DMAP.pm
There are probably other implementations out there too.
I also found out a Google Summer of Code project was an implementation of DAAP for AmaroK http://code.google.com/soc/kde/ appinfo.html?csaid=37CD6C87DA8D5F53
Players like banshee http://banshee-project.org, Rhythmbox http:// www.gnome.org/projects/rhythmbox/ , or amaroK http://amarok.kde.org
I also read on the front page of http://daap.sourceforget.net :
May 8, 2003
I have received an email from Amandeep Jawa, Senior Software Engineer for iTunes, who worked on DAAP. He says that there will soon be official documentation for the protocol from Apple, which will immensely help in the effort. In the mean time, I'm still going to be working on libdaap using my reverse-engineered docs.
- Chris Boot
I haven't found any official daap documentation though. From http:// www.opendaap.org , I read:
If you're making a commercial product, Apple has now started offering the DAAP protocol specification under license. Email rendezvous@apple.com for details
I haven't found any explicit licensing on DAAP from Apple. For iTunes I found this page http://developer.apple.com/softwarelicensing/ agreements/itunes.html . But I do not think an implementation of DAAP relates (at least not directly) to iTunes.
Maybe the best option would be to send an email to rendezvous@apple.com , to ask the license, and maybe also about the protocol specifications.
HTH,
Yann
On 7 nov. 06, at 15:38, Ron Teitelbaum wrote:
Hi Yann,
Thank you for your interest in the Cryptography group and welcome to the team. Your project sounds very interesting.
Before we talk about the Daap implementation I think it would make sense to do some bookkeeping. Could you spend some time researching the iTunes license? What we are doing here is developing Open Source code. What I need to know first is if we develop a system that can do Daap connections and sharing could we then distribute our works under an open source license.
What I need from you or anyone in the group interested in participating is any links that show the license for Daap, or iTunes. If you can find something that shows that someone else has done Daap and released it Open Source, or someone that comments that it can be done and redistributed OS that would be helpful. Once I get that research from you I will review it and get an evaluation from our Attorney so that we can make a decision if this project can be done legally. It concerns me that the code needs to be reverse engineered.
Thanks,
Ron Teitelbaum Squeak Cryptography Team Leader
-----Original Message----- From: Yann Monclair Sent: Tuesday, November 07, 2006 3:21 AM
(Sorry if this is a resend, it seems I sent the first email before being completely registered to the mailing list, it must have been moderated.)
Hello,
I just started an implementation of the Digital Audio Access Protocol [1] in Squeak. This protocol is used by Apples iTunes [2] to share music over a lan. I found very little documentation[3] on this protocol, since Apple has decided not to disclose the documentation on its specifics. I have published the little code I wrote so far on SqueakSource [4]. I am stuck after the login request. As I understand it, iTunes doesn't send you the session-id, but an encrypted id, leaving you to decrypt it. Unfortunately, Apple added some byte switching or something to the classic MD5 encryption (I'm far from an expert in crypto, so I might not be using the appropriate vocabulary). I found a c library to connect to daap shares [5], but I didn't really get, even after looking at the code.
I would appreciate any help to figure this session-id thing out :) I think having a daap implementation in Squeak, can be really useful for multimedia purposes, and we could probably find cool applications :p
Here the code I write in a workspace to get a daapsession
DaapSession connectTo: 'localhost'.
this will return a DaapSession knowing the server, the content codes (typing info) and a DaapLogin. the encrytped session-id is accessible via DaapSession>>sid (or DaapLogin>>mlid)
Thanks,
Yann
[1] http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol [2] http://www.apple.com/itunes/overview/ [3] http://tapjam.net/daap/ [4] http://www.squeaksource.com/daap.html [5] http://crazney.net/programs/itunes/authentication.html
Yann,
It sure looks to me like the sessionID is returned from the server from the logon. So you logon and get back a loginresponse with has the 4 byte sessionid attached to it. Maybe the problem you are having is with endianness. What platform are you working on? Try changing the sessionID from AABBCCDD to DDCCBBAA. If that works then that is your problem and we can discuss ways of fixing that for a general implementation. I don't see anything about the response being encrypted or validated, do you have a reference to that somewhere?
From: http://molelog.molehill.org/blox/Computers/Macintosh/DAAP3.writeback
/login No arguments required (or apparently used).
The response is too short; my current parser handles this by just stopping when it finds an all-0 tag.
dmap.loginresponse 0x00000024 dmap.status 0x00000004 number 0x000000c8(200) dmap.sessionid 0x00000004 number 0x0000040e(1038) ==== END ====
The dmap.sessionid will be the value for the 'session-id' parameter to the following requests.
Ron Teitelbaum Squeak Cryptography Team Leader
-----Original Message----- From: Yann Monclair Sent: Tuesday, November 07, 2006 3:21 AM
(Sorry if this is a resend, it seems I sent the first email before being completely registered to the mailing list, it must have been moderated.)
Hello,
I just started an implementation of the Digital Audio Access Protocol [1] in Squeak. This protocol is used by Apples iTunes [2] to share music over a lan. I found very little documentation[3] on this protocol, since Apple has decided not to disclose the documentation on its specifics. I have published the little code I wrote so far on SqueakSource [4]. I am stuck after the login request. As I understand it, iTunes doesn't send you the session-id, but an encrypted id, leaving you to decrypt it. Unfortunately, Apple added some byte switching or something to the classic MD5 encryption (I'm far from an expert in crypto, so I might not be using the appropriate vocabulary). I found a c library to connect to daap shares [5], but I didn't really get, even after looking at the code.
I would appreciate any help to figure this session-id thing out :) I think having a daap implementation in Squeak, can be really useful for multimedia purposes, and we could probably find cool applications :p
Here the code I write in a workspace to get a daapsession
DaapSession connectTo: 'localhost'.
this will return a DaapSession knowing the server, the content codes (typing info) and a DaapLogin. the encrytped session-id is accessible via DaapSession>>sid (or DaapLogin>>mlid)
Thanks,
Yann
[1] http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol [2] http://www.apple.com/itunes/overview/ [3] http://tapjam.net/daap/ [4] http://www.squeaksource.com/daap.html [5] http://crazney.net/programs/itunes/authentication.html
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Ron,
I see two possibilities for the error I get:
1. http://crazney.net/programs/itunes/authentication.html New for iTunes 4.5 - 29 April 2004.
Yesterday Apple released a new version of iTunes which updates the DAAP protocol. Amongst these changes to the protocol include a new authentication algorithm. They have changed the strings that get used for the hash table, include a few more things in the hash table - and more importantly, no longer use a real MD5 algorithm.
This is one year after your quote, so I assume it's an update with more recent iTunes.
2. Maybe I automatically (not sure how) logout after each request, thus expiring the session-id I just gathered, I read that that problem occured with wget. if you close the connection. I'll try to keep the connection open and see from there
**EDIT** 2. doesn't seem to be the problem, because when after a request, I'm still listed as a connected client in iTunes.
Yann
(this may be a resend, my email client sometimes gets confused between my different identities...)
On 7 nov. 06, at 17:22, Ron Teitelbaum wrote:
Yann,
It sure looks to me like the sessionID is returned from the server from the logon. So you logon and get back a loginresponse with has the 4 byte sessionid attached to it. Maybe the problem you are having is with endianness. What platform are you working on? Try changing the sessionID from AABBCCDD to DDCCBBAA. If that works then that is your problem and we can discuss ways of fixing that for a general implementation. I don't see anything about the response being encrypted or validated, do you have a reference to that somewhere?
From: http://molelog.molehill.org/blox/Computers/Macintosh/ DAAP3.writeback
/login No arguments required (or apparently used).
The response is too short; my current parser handles this by just stopping when it finds an all-0 tag.
dmap.loginresponse 0x00000024 dmap.status 0x00000004 number 0x000000c8(200) dmap.sessionid 0x00000004 number 0x0000040e(1038) ==== END ====
The dmap.sessionid will be the value for the 'session-id' parameter to the following requests.
Ron Teitelbaum Squeak Cryptography Team Leader
-----Original Message----- From: Yann Monclair Sent: Tuesday, November 07, 2006 3:21 AM
(Sorry if this is a resend, it seems I sent the first email before being completely registered to the mailing list, it must have been moderated.)
Hello,
I just started an implementation of the Digital Audio Access Protocol [1] in Squeak. This protocol is used by Apples iTunes [2] to share music over a lan. I found very little documentation[3] on this protocol, since Apple has decided not to disclose the documentation on its specifics. I have published the little code I wrote so far on SqueakSource [4]. I am stuck after the login request. As I understand it, iTunes doesn't send you the session-id, but an encrypted id, leaving you to decrypt it. Unfortunately, Apple added some byte switching or something to the classic MD5 encryption (I'm far from an expert in crypto, so I might not be using the appropriate vocabulary). I found a c library to connect to daap shares [5], but I didn't really get, even after looking at the code.
I would appreciate any help to figure this session-id thing out :) I think having a daap implementation in Squeak, can be really useful for multimedia purposes, and we could probably find cool applications :p
Here the code I write in a workspace to get a daapsession
DaapSession connectTo: 'localhost'.
this will return a DaapSession knowing the server, the content codes (typing info) and a DaapLogin. the encrytped session-id is accessible via DaapSession>>sid (or DaapLogin>>mlid)
Thanks,
Yann
[1] http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol [2] http://www.apple.com/itunes/overview/ [3] http://tapjam.net/daap/ [4] http://www.squeaksource.com/daap.html [5] http://crazney.net/programs/itunes/authentication.html
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ cryptography
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ cryptography
cryptography@lists.squeakfoundation.org