search

postlund / pyatv

A client library for Apple TV and AirPlay devices
https://pyatv.dev
MIT License
888 stars 100 forks source link

Add RSA encryption to support AirPort Express streaming #1077

Closed postlund closed 3 years ago

postlund commented 3 years ago

What feature would you like? The AirPort Express requires encryption when streaming. This is well known and reverse engineered, so it shouldn't be that hard to implement. Just need to do it.

Describe the solution you'd like No particular keys needs to be provided by the user, the private and public keys used for the crypto needs to be bundled. Otherwise this should be transparent (other than the check for supported cryptos needs to be changed).

Any other information to share? Relates to #1059

postlund commented 3 years ago

I did some investigation and trial-and-error yesterday, making me suspect that an AirPort Express updated to the latest version (thus being an AirPlay 2 receiver) does not support RSA encryption anymore. It announces et=0,4, which also seems to confirm this. An ANNOUNCE message which challenge, key and iv yields a 406:

DEBUG [pyatv.raop.rtsp]: Sending RTSP message: b'ANNOUNCE rtsp://10.0.10.254/3518800475 RTSP/1.0\r\nCSeq: 0\r\nUser-Agent: AirPlay/540.31\r\nClient-Instance: 98DDDCB196CF3740\r\nContent-Type: application/sdp\r\nContent-Length: 568\r\nApple-Challenge: 09KF45soMYmvj6dpsUGiIg\r\n\r\nv=0\r\no=iTunes 3518800475 0 IN IP4 10.0.10.254\r\ns=iTunes\r\nc=IN IP4 10.0.10.194\r\nt=0 0\r\nm=audio 0 RTP/AVP 96\r\na=rtpmap:96 AppleLossless\r\na=fmtp:96 352 0 16 40 10 14 2 255 0 0 44100\r\na=rsaaeskey:5QYIqmdZGTONY5SHjEJrqAhaa0W9wzDC5i6q221mdGZJ5ubO6KgyhC6U83wpY87TFdPRdfPQl2kVC7+Uefmx1bXdIUo07ZcJsqMbgtje4w2JQw0bUw2BlzNPmVGQOxfdpGc3LXZzNE0jI1D4conUEiW6rrzikXBhk7Y/i2naw13ayyxaSwtkiJ0ltBQGYGErbV2tx43QSNj7O0JIG9GrF2GZZ6/UHo4VH+ZXgQ4NZvP/QXPCsLutZsvusFDzIEq7TN1fveINOiwrzlN+bckEixvhXlvoQTWE2tjbmQYhMvOFIly5gNbZiXi0l5AdolX4jDC2vndFHqWDks/3sPikNg\r\na=aesiv:zcZmAZtqh7uGcEwPXk0QeA\r\n'
DEBUG [pyatv.raop.rtsp]: Received: b'RTSP/1.0 406 Not Acceptable\r\nContent-Length: 0\r\nServer: AirTunes/366.0\r\nCSeq: 0\r\n\r\n'
DEBUG [pyatv.raop.rtsp]: Got RTSP response to 0: RtspResponse(code=406, message='Not Acceptable', headers={'Content-Length': '0', 'Server': 'AirTunes/366.0', 'CSeq': '0'}, body=''):

I also tried with RAOP-Player, which seems to suffer the same problem. What I get from this is that AirPlay 2 support is probably needed, but I can't be totally sure yet (or at least some other encryption/verification method).

postlund commented 3 years ago

Just need to send auth-setup and request no encryption, then it works just fine. Source is owntone:

https://github.com/owntone/owntone-server/blob/c1db4d914f5cd8e7dbe6c1b6478d68a4c14824af/src/outputs/raop.c#L1568

I also need to check the md field as my AirPort only supports progress (md=2), so can't send any other metadata as that results in an error. Easy enough to fix though. Also need to check if 4 is present in et as that seems to indicate that this step is necessary.