Daap Implementation

> -----Original Message-----
> From: Yann Monclair
> Sent: Tuesday, November 07, 2006 3:21 AM
>
> (Sorry if this is a resend, it seems I sent the first email before
> being completely registered to the mailing list, it must have been
> moderated.)
>
> Hello,
>
> I just started an implementation of the Digital Audio Access Protocol
> [1] in Squeak. This protocol is used by Apples iTunes [2] to share
> music over a lan. I found very little documentation[3] on this
> protocol, since Apple has decided not to disclose the documentation
> on its specifics.
> I have published the little code I wrote so far on SqueakSource [4].
> I am stuck after the login request. As I understand it, iTunes
> doesn't send you the session-id, but an encrypted id, leaving you to
> decrypt it. Unfortunately, Apple added some byte switching or
> something to the classic MD5 encryption (I'm far from an expert in
> crypto, so I might not be using the appropriate vocabulary). I found
> a c library to connect to daap shares [5], but I didn't really get,
> even after looking at the code.
>
> I would appreciate any help to figure this session-id thing out :) I
> think having a daap implementation in Squeak, can be really useful
> for multimedia purposes, and we could probably find cool applications :p
>
> Here the code I write in a workspace to get a daapsession
>
>   DaapSession connectTo: 'localhost'.
>
> this will return a DaapSession knowing the server, the content codes
> (typing info) and a DaapLogin. the encrytped session-id is accessible
> via DaapSession>>sid (or DaapLogin>>mlid)
>
> Thanks,
>
> Yann
>
> [1] http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol
> [2] http://www.apple.com/itunes/overview/
> [3] http://tapjam.net/daap/
> [4] http://www.squeaksource.com/daap.html
> [5] http://crazney.net/programs/itunes/authentication.html
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

> Hi Yann,
>
> Thank you for your interest in the Cryptography group and welcome  
> to the
> team.  Your project sounds very interesting.
>
> Before we talk about the Daap implementation I think it would make  
> sense to
> do some bookkeeping.  Could you spend some time researching the iTunes
> license?  What we are doing here is developing Open Source code.  
> What I
> need to know first is if we develop a system that can do Daap  
> connections
> and sharing could we then distribute our works under an open source  
> license.
>
>
> What I need from you or anyone in the group interested in  
> participating is
> any links that show the license for Daap, or iTunes.  If you can find
> something that shows that someone else has done Daap and released  
> it Open
> Source, or someone that comments that it can be done and  
> redistributed OS
> that would be helpful.  Once I get that research from you I will  
> review it
> and get an evaluation from our Attorney so that we can make a  
> decision if
> this project can be done legally.  It concerns me that the code  
> needs to be
> reverse engineered.
>
> Thanks,
>
> Ron Teitelbaum
> Squeak Cryptography Team Leader
>
>> -----Original Message-----
>> From: Yann Monclair
>> Sent: Tuesday, November 07, 2006 3:21 AM
>>
>> (Sorry if this is a resend, it seems I sent the first email before
>> being completely registered to the mailing list, it must have been
>> moderated.)
>>
>> Hello,
>>
>> I just started an implementation of the Digital Audio Access Protocol
>> [1] in Squeak. This protocol is used by Apples iTunes [2] to share
>> music over a lan. I found very little documentation[3] on this
>> protocol, since Apple has decided not to disclose the documentation
>> on its specifics.
>> I have published the little code I wrote so far on SqueakSource [4].
>> I am stuck after the login request. As I understand it, iTunes
>> doesn't send you the session-id, but an encrypted id, leaving you to
>> decrypt it. Unfortunately, Apple added some byte switching or
>> something to the classic MD5 encryption (I'm far from an expert in
>> crypto, so I might not be using the appropriate vocabulary). I found
>> a c library to connect to daap shares [5], but I didn't really get,
>> even after looking at the code.
>>
>> I would appreciate any help to figure this session-id thing out :) I
>> think having a daap implementation in Squeak, can be really useful
>> for multimedia purposes, and we could probably find cool  
>> applications :p
>>
>> Here the code I write in a workspace to get a daapsession
>>
>>   DaapSession connectTo: 'localhost'.
>>
>> this will return a DaapSession knowing the server, the content codes
>> (typing info) and a DaapLogin. the encrytped session-id is accessible
>> via DaapSession>>sid (or DaapLogin>>mlid)
>>
>> Thanks,
>>
>> Yann
>>
>> [1] http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol
>> [2] http://www.apple.com/itunes/overview/
>> [3] http://tapjam.net/daap/
>> [4] http://www.squeaksource.com/daap.html
>> [5] http://crazney.net/programs/itunes/authentication.html
>>
>> _______________________________________________
>> Cryptography mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>> cryptography
>
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography

> -----Original Message-----
> From: Yann Monclair
> Sent: Tuesday, November 07, 2006 10:29 AM
>
> I did some research on the web and I found quite a number of open
> source implementations for  DAAP.
>
> I found implementations in:
> - c++ (c and objective c wrappers) http://daap.sourceforge.net/
> - java http://getittogether.sourceforge.net/
> - c# (mono) http://www.snorp.net/log/tangerine
> - python http://jerakeen.org/code/PythonDaap/
> - c http://crazney.net/programs/itunes/libopendaap.html
> - ruby http://daapclient.rubyforge.org/
> - perl http://search.cpan.org/~gnat/dapple-0.21/lib/Net/DAAP/DMAP.pm
> There are probably other implementations out there too.
>
> I also found out a Google Summer of Code project was an
> implementation of DAAP for AmaroK http://code.google.com/soc/kde/
> appinfo.html?csaid=37CD6C87DA8D5F53
>
> Players like banshee http://banshee-project.org, Rhythmbox http://
> www.gnome.org/projects/rhythmbox/ , or amaroK http://amarok.kde.org
>
> I also read on the front page of http://daap.sourceforget.net :
>
> May 8, 2003
>
> I have received an email from Amandeep Jawa, Senior Software
> Engineer for iTunes, who worked on DAAP. He says that there will soon
> be official documentation for the protocol from Apple, which will
> immensely help in the effort. In the mean time, I'm still going to be
> working on libdaap using my reverse-engineered docs.
>
> - Chris Boot
>
> I haven't found any official daap documentation though. From http://
> www.opendaap.org , I read:
>
> If you're making a commercial product, Apple has now started
> offering the DAAP protocol specification under license.
> Email [hidden email] for details
>
> I haven't found any explicit licensing on DAAP from Apple.  For
> iTunes I found this page http://developer.apple.com/softwarelicensing/
> agreements/itunes.html .  But I do not think an implementation of
> DAAP relates (at least not directly) to iTunes.
>
> Maybe the best option would be to send an email to
> [hidden email] , to ask the license, and maybe also about the
> protocol specifications.
>
> HTH,
>
> Yann
>
>
> On 7 nov. 06, at 15:38, Ron Teitelbaum wrote:
>
> > Hi Yann,
> >
> > Thank you for your interest in the Cryptography group and welcome
> > to the
> > team.  Your project sounds very interesting.
> >
> > Before we talk about the Daap implementation I think it would make
> > sense to
> > do some bookkeeping.  Could you spend some time researching the iTunes
> > license?  What we are doing here is developing Open Source code.
> > What I
> > need to know first is if we develop a system that can do Daap
> > connections
> > and sharing could we then distribute our works under an open source
> > license.
> >
> >
> > What I need from you or anyone in the group interested in
> > participating is
> > any links that show the license for Daap, or iTunes.  If you can find
> > something that shows that someone else has done Daap and released
> > it Open
> > Source, or someone that comments that it can be done and
> > redistributed OS
> > that would be helpful.  Once I get that research from you I will
> > review it
> > and get an evaluation from our Attorney so that we can make a
> > decision if
> > this project can be done legally.  It concerns me that the code
> > needs to be
> > reverse engineered.
> >
> > Thanks,
> >
> > Ron Teitelbaum
> > Squeak Cryptography Team Leader
> >
> >> -----Original Message-----
> >> From: Yann Monclair
> >> Sent: Tuesday, November 07, 2006 3:21 AM
> >>
> >> (Sorry if this is a resend, it seems I sent the first email before
> >> being completely registered to the mailing list, it must have been
> >> moderated.)
> >>
> >> Hello,
> >>
> >> I just started an implementation of the Digital Audio Access Protocol
> >> [1] in Squeak. This protocol is used by Apples iTunes [2] to share
> >> music over a lan. I found very little documentation[3] on this
> >> protocol, since Apple has decided not to disclose the documentation
> >> on its specifics.
> >> I have published the little code I wrote so far on SqueakSource [4].
> >> I am stuck after the login request. As I understand it, iTunes
> >> doesn't send you the session-id, but an encrypted id, leaving you to
> >> decrypt it. Unfortunately, Apple added some byte switching or
> >> something to the classic MD5 encryption (I'm far from an expert in
> >> crypto, so I might not be using the appropriate vocabulary). I found
> >> a c library to connect to daap shares [5], but I didn't really get,
> >> even after looking at the code.
> >>
> >> I would appreciate any help to figure this session-id thing out :) I
> >> think having a daap implementation in Squeak, can be really useful
> >> for multimedia purposes, and we could probably find cool
> >> applications :p
> >>
> >> Here the code I write in a workspace to get a daapsession
> >>
> >>   DaapSession connectTo: 'localhost'.
> >>
> >> this will return a DaapSession knowing the server, the content codes
> >> (typing info) and a DaapLogin. the encrytped session-id is accessible
> >> via DaapSession>>sid (or DaapLogin>>mlid)
> >>
> >> Thanks,
> >>
> >> Yann
> >>
> >> [1] http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol
> >> [2] http://www.apple.com/itunes/overview/
> >> [3] http://tapjam.net/daap/
> >> [4] http://www.squeaksource.com/daap.html
> >> [5] http://crazney.net/programs/itunes/authentication.html
> >>

> -----Original Message-----
> From: Yann Monclair
> Sent: Tuesday, November 07, 2006 3:21 AM
>
> (Sorry if this is a resend, it seems I sent the first email before
> being completely registered to the mailing list, it must have been
> moderated.)
>
> Hello,
>
> I just started an implementation of the Digital Audio Access Protocol
> [1] in Squeak. This protocol is used by Apples iTunes [2] to share
> music over a lan. I found very little documentation[3] on this
> protocol, since Apple has decided not to disclose the documentation
> on its specifics.
> I have published the little code I wrote so far on SqueakSource [4].
> I am stuck after the login request. As I understand it, iTunes
> doesn't send you the session-id, but an encrypted id, leaving you to
> decrypt it. Unfortunately, Apple added some byte switching or
> something to the classic MD5 encryption (I'm far from an expert in
> crypto, so I might not be using the appropriate vocabulary). I found
> a c library to connect to daap shares [5], but I didn't really get,
> even after looking at the code.
>
> I would appreciate any help to figure this session-id thing out :) I
> think having a daap implementation in Squeak, can be really useful
> for multimedia purposes, and we could probably find cool applications :p
>
> Here the code I write in a workspace to get a daapsession
>
>   DaapSession connectTo: 'localhost'.
>
> this will return a DaapSession knowing the server, the content codes
> (typing info) and a DaapLogin. the encrytped session-id is accessible
> via DaapSession>>sid (or DaapLogin>>mlid)
>
> Thanks,
>
> Yann
>
> [1] http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol
> [2] http://www.apple.com/itunes/overview/
> [3] http://tapjam.net/daap/
> [4] http://www.squeaksource.com/daap.html
> [5] http://crazney.net/programs/itunes/authentication.html
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

> Yann,
>
> It sure looks to me like the sessionID is returned from the server  
> from the
> logon.  So you logon and get back a loginresponse with has the 4 byte
> sessionid attached to it.  Maybe the problem you are having is with
> endianness.  What platform are you working on?  Try changing the  
> sessionID
> from AABBCCDD to DDCCBBAA.  If that works then that is your problem  
> and we
> can discuss ways of fixing that for a general implementation.  I  
> don't see
> anything about the response being encrypted or validated, do you  
> have a
> reference to that somewhere?
>
> From: http://molelog.molehill.org/blox/Computers/Macintosh/ 
> DAAP3.writeback
>
> /login
> No arguments required (or apparently used).
>
> The response is too short; my current parser handles this by just  
> stopping
> when it finds an all-0 tag.
>
> dmap.loginresponse                      0x00000024
>  dmap.status                            0x00000004    number
> 0x000000c8(200)
>  dmap.sessionid                         0x00000004    number
> 0x0000040e(1038)
> ==== END ====
>
>
> The dmap.sessionid will be the value for the 'session-id' parameter  
> to the
> following requests.
>
> Ron Teitelbaum
> Squeak Cryptography Team Leader
>
>> -----Original Message-----
>> From: Yann Monclair
>> Sent: Tuesday, November 07, 2006 3:21 AM
>>
>> (Sorry if this is a resend, it seems I sent the first email before
>> being completely registered to the mailing list, it must have been
>> moderated.)
>>
>> Hello,
>>
>> I just started an implementation of the Digital Audio Access Protocol
>> [1] in Squeak. This protocol is used by Apples iTunes [2] to share
>> music over a lan. I found very little documentation[3] on this
>> protocol, since Apple has decided not to disclose the documentation
>> on its specifics.
>> I have published the little code I wrote so far on SqueakSource [4].
>> I am stuck after the login request. As I understand it, iTunes
>> doesn't send you the session-id, but an encrypted id, leaving you to
>> decrypt it. Unfortunately, Apple added some byte switching or
>> something to the classic MD5 encryption (I'm far from an expert in
>> crypto, so I might not be using the appropriate vocabulary). I found
>> a c library to connect to daap shares [5], but I didn't really get,
>> even after looking at the code.
>>
>> I would appreciate any help to figure this session-id thing out :) I
>> think having a daap implementation in Squeak, can be really useful
>> for multimedia purposes, and we could probably find cool  
>> applications :p
>>
>> Here the code I write in a workspace to get a daapsession
>>
>>   DaapSession connectTo: 'localhost'.
>>
>> this will return a DaapSession knowing the server, the content codes
>> (typing info) and a DaapLogin. the encrytped session-id is accessible
>> via DaapSession>>sid (or DaapLogin>>mlid)
>>
>> Thanks,
>>
>> Yann
>>
>> [1] http://en.wikipedia.org/wiki/Digital_Audio_Access_Protocol
>> [2] http://www.apple.com/itunes/overview/
>> [3] http://tapjam.net/daap/
>> [4] http://www.squeaksource.com/daap.html
>> [5] http://crazney.net/programs/itunes/authentication.html
>>
>> _______________________________________________
>> Cryptography mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>> cryptography
>
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography