A little birdie provided me with the following:
As I speculated in my previous blog post on Palm Pre Sync and now confirmed by the image above, when the Pre is in “Media Sync” mode it identifies itself as an Apple iPod. However, it’s only the Mass Storage interface that identifies itself as an iPod. The root USB node (IOUSBDevice) still identifies the device as a Palm Pre (not visible in the image above). This means that Apple can very easily update iTunes to block the Pre.
Update: that the Pre still works with the new iTunes 8.2 release is not surprising and doesn’t mean much. The news about the Pre’s iTunes support came out on Friday. iTunes 8.2 was released on Monday. Software has release cycles that include QA. There’s simply no way Apple could have made changes to how iTunes identifies an iPod and passed the new build through QA in such a short amount of time.
Palm media sync is a feature of webOS that synchronizes seamlessly with iTunes, giving you a simple and easy way to transfer DRM-free music, photos and videos to your Palm Pre.(2) Simply connect Pre to your PC or Mac via the USB cable, select “media sync” on the phone, and iTunes will launch on your computer desktop. You can then choose which DRM-free media files to transfer.
Reading about this on blogs I’ve seen two clueless arguments being repeated:
Palm must be doing this in co-operation with Apple.
That must be why in Palm’s demo iTunes says “Syncing iPod” instead of “Syncing Pre” and Palm investor Roger McNamee called Apple a monopolist when Walt Mossberg asked how Apple is going to feel about this.
This is nothing new. RIM and Nokia have been doing iTunes sync for a while.
No, RIM and Nokia have offered their own software which reads the iTunes XML library file and syncs to their devices. That’s nothing like the Palm Pre which identifies itself to a PC as an iPod and syncs with iTunes directly instead of 3rd party software.
The following is worth noting in Palm’s press release:
(2) Compatible with iTunes 8.1.1 on Windows XP/Vista and Mac OS X version 10.3.9-10.5.7
That’s called covering your rear Translated from PR-speak we get: “Don’t expect this to necessarily work with iTunes 8.1.2″.
So how is Palm doing this? It’s pretty simple, really. We’ll start with the most basic question that doesn’t even involve the Pre: To a PC, what’s the difference between an iPod and a Kingston memory stick? The iPod has a specific USB Vendor Id that identifies it as being an Apple product and a USB Product Id that identifies it as being a specific iPod model. In addition, the iPod’s filesystem has a specific folder and file structure. Modern iPods also respond to a custom USB command that returns an XML file with information about the device.
So how has Palm most likely enabled the Pre to sync directly with iTunes? By doing the following:
- When you select “Media Sync” on the Pre, it will switch its USB interface to use Apple’s Vendor Id and the Product Id for a specific iPod model
- The Pre exposes a filesystem through Mass Storage Class that mimics the structure of an iPod
- The Pre responds to Apple’s custom USB command and returns XML info about the device
What can Apple do about this? When two parties implement an open standard, there’s usually some differences. In this case, there’s two implementations of a proprietary standard and it’s almost guaranteed that there will be differences. Apple will analyze the Pre and find out what those are. They will then be able to update iTunes to tell a real iPod apart from the “PrePod”.
Update: some people are linking to this Apple support article, claiming that’s how the Pre is able to sync with iTunes (of course, these people don’t actually explain the “how” since that would require them to know something about the subject). I didn’t even bother linking to that originally since I thought nobody would be technologically inept enough to use that as an argument: 1) That article has been archived and is no longer updated by Apple, 2) It applies to Mac OS X only, 3) The listed players are over half a decade old, 4) The reason those players were supported was because iTunes included CUSTOM CODE to support those players, 5) The Palm Pre’s iTunes sync capability works without installing any Palm software/plugins, 6) If the Palm Pre was using an iTunes API for 3rd party devices, then iTunes would be identifying the Palm Pre as a Pre, not as an iPod
doubleTwist is a one year old start-up in San Francisco backed by the same people who were behind Skype and Last.FM. Our mission is to simplify the flow of media to a wide range of CE devices and between family and friends. We are looking for a Cocoa developer to join our Mac team and work on the MacOS X version of doubleTwist. The Mac team currently consists of three people.
3+ years of Objective-C and Cocoa experience
A passion for improving the user experience around digital media
Experience with one or more of these APIs: IOKit, QTKit, CoreAudio
Involvement in/contributions to open source projects
Experience with the iPhone SDK
To apply, send your resume to jon at doubletwist.com. If possible, include code samples and/or links to open source projects you’ve contributed to.
Update: The issue has been resolved. See update at the bottom of the post.
In August 2004, I reverse engineered Apple’s AirTunes protocol and released JustePort, the first non-Apple application to enable streaming to the AirPort Express. Because of my work, Rogue Amoeba was able to develop their $25 AirFoil application – a much more user friendly tool for streaming to the AirPort Express. I didn’t have any problems with this – I released JustePort as open source so that others could build similar applications by learning from my source code. What I did not particularly like though was the product page for Airfoil, claiming “It’s not just for iTunes anymore”. This misleading statement, suggesting that Airfoil was the first tool of its kind and that Rogue Amoeba did the hard work to enable non-Apple streaming to the AirPort Express, has since been removed from the Airfoil product page.
I was reading Rogue Amoeba’s blog today and noticed that they’ve released a Linux version of their Airfoil Speakers application. Airfoil Speakers is a complimentary application to AirFoil that implements the server part of the AirTunes protocol. By installing Airfoil Speakers on a computer (e.g. your home theater PC) you can stream audio to it using Airfoil from another computer. The release of the Linux version of Airfoil Speakers piqued my curiosity so I downloaded it and had a look. It uses .NET and requires mono. I downloaded the Windows version as well and it shares the core with the Linux version.
I ran AirfoilSpeakers.exe (MD5: 82b7ef8c05958ccb6e24289c8b21a27c) from the Windows version through monodis to see if I could find anything interesting. I came across this:
.class private auto ansi beforefieldinit Utility
// method line 853
.method public static hidebysig
default void LeReverse (unsigned int8 arr, int32 index, int32 length) cil managed
// Method begins at RVA 0x104b6
// Code size 16 (0x10)
IL_0000: ldsfld bool [mscorlib]System.BitConverter::IsLittleEndian
IL_0005: brfalse.s IL_000f
IL_000a: call void class [mscorlib]System.Array::Reverse(class [mscorlib]System.Array, int32, int32)
} // end of method Utility::LeReverse
// method line 854
.method public static hidebysig
default void LeReverse (unsigned int8 arr) cil managed
// Method begins at RVA 0x104c7
// Code size 11 (0xb)
IL_0005: call void class AirfoilServer.AirTunes.Utility::LeReverse(unsigned int8, int32, int32)
} // end of method Utility::LeReverse
// method line 855
.method public static hidebysig
default void RijndaelDecrypt (unsigned int8 Buf, int32 Offset, int32 Count, unsigned int8 Key, unsigned int8 IV) cil managed
// Method begins at RVA 0x104d4
// Code size 80 (0x50)
.locals init (
class [mscorlib]System.Security.Cryptography.Rijndael V_0,
class [mscorlib]System.IO.MemoryStream V_1,
class [mscorlib]System.Security.Cryptography.ICryptoTransform V_2,
class [mscorlib]System.Security.Cryptography.CryptoStream V_3)
IL_0000: call class [mscorlib]System.Security.Cryptography.Rijndael class [mscorlib]System.Security.Cryptography.Rijndael::Create()
IL_0008: callvirt instance void class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::set_Mode(valuetype [mscorlib]System.Security.Cryptography.CipherMode)
IL_000f: callvirt instance void class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::set_Padding(valuetype [mscorlib]System.Security.Cryptography.PaddingMode)
IL_0014: newobj instance void class [mscorlib]System.IO.MemoryStream::.ctor()
IL_001c: ldarg.s 4
IL_001e: callvirt instance class [mscorlib]System.Security.Cryptography.ICryptoTransform class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::CreateDecryptor(unsigned int8, unsigned int8)
IL_0027: newobj instance void class [mscorlib]System.Security.Cryptography.CryptoStream::.ctor(class [mscorlib]System.IO.Stream, class [mscorlib]System.Security.Cryptography.ICryptoTransform, valuetype [mscorlib]System.Security.Cryptography.CryptoStreamMode)
IL_0031: ldc.i4.s 0x10
IL_0034: ldc.i4.s 0x10
IL_0037: callvirt instance void class [mscorlib]System.IO.Stream::Write(unsigned int8, int32, int32)
IL_003d: callvirt instance void class [mscorlib]System.IO.Stream::Close()
IL_0043: callvirt instance unsigned int8 class [mscorlib]System.IO.MemoryStream::ToArray()
IL_004a: callvirt instance void class [mscorlib]System.Array::CopyTo(class [mscorlib]System.Array, int32)
} // end of method Utility::RijndaelDecrypt
// method line 856
.method public hidebysig specialname rtspecialname
instance default void .ctor () cil managed
// Method begins at RVA 0x10530
// Code size 7 (0x7)
IL_0001: call instance void object::.ctor()
} // end of method Utility::.ctor
} // end of class AirfoilServer.AirTunes.Utility
That Utility class looks very familiar. Where have I seen those exact functions before? Oh, that’s right, it’s the Utility class licensed under the GPL from my DeDRMS and SharpMusique source code packages.
I can’t say I’m surprised. GPL’ed code is frequently used in violation of the license. MacTheRipper, a popular DVD ripper for MacOS X, has been violating the GPL for years by using libdvdcss and refusing to release the source code.
I’m not going to be too hard on Rogue Amoeba though. Unlike many Mac users, they are against closed platforms. See their blog post about the iPhone SDK as well as the future of code signing in MacOS X.
Update: Quentin from Rogue Amoeba got in touch via email. The code ended up in Airfoil Speakers due to an honest mistake. Quentin writes:
We use a lot of open source software in our products, could not make them as good as we do without it in fact. And as such, we do our best to make sure the licenses are followed. All our commercial software is GPL-free, some use LGPL’ed libraries, and some BSD/MIT code in places. We try to make sure all the code we use is correctly acknowledged, and give back when we can (http://rogueamoeba.com/sources/, www.rogueamoeba.com/utm/2008/01/12/perian-is-awesome/).
So we’ve put together Utility.cs-less versions of Airfoil Speakers to fix our GPL compliance. The Linux version we are pushing out immediately (it’s still in beta technically) here: http://bigblueamoeba.com/tmp/airfoilspeakerslinux/. The Windows version will be officially pushed out this week after testing, but is available right now here: http://bigblueamoeba.com/tmp/airfoilspeakerswindows/
I was expecting that the iPhone firmware update would simply relock unlocked iPhones so that they could only be used with AT&T. I was wrong. As you may know by now, after an unlocked iPhone has been upgraded with the 1.1.1 firmware it will refuse to activate with any SIM. The technical evidence so far indicates that this was intentional by Apple. Although the iPhone is still alive, it’s completely useless. It’s essentially a brick.
Has Nokia or Sony Ericsson ever bricked or refused service on an unlocked phone? Not that I’ve heard of, and if they did, they would have been quickly sued in several countries where consumer rights are more strongly protected.
Did Sony ever brick PSPs over homebrew software? Did Microsoft ever overwrite someone’s BIOS with garbage because they detected an illegitimate Windows installation?
In light of other things Apple has done lately, such as adding an encrypted hash to the iPod database to lock out non-Apple software and disabling TV-out on the iPod unless the 3rd party accessory you’re using has an Apple authentication chip, it’s evident that Apple is well on its way to become one of the most consumer hostile tech companies.
When Steve Jobs claimed the iPhone was 5 years ahead of every other phone, was he talking about the iPhone’s revolutionary handcuffs?
In a world where open technologies are increasingly becoming the norm, Apple’s way of Thinking Different means marching in the opposite direction.
So either Apple is intentionally bricking the phone, or their engineers haven’t heard of checksums.
Oh this is a hard one…
Apple’s claim that “unlocking programs available on the Internet cause irreparable damage to the iPhone’s software” is a blatant lie if you use the common sense definition of damage. Apple, of course, is using a different definition of damage: any change to the iPhone software that Apple doesn’t like is considered damage.
In any case, I doubt Apple has intentionally engineered the update to brick any iPhones. According to the iPhone Dev Team, there have been several hundred thousand downloads of the iPhone unlocking software. There’s no way of knowing exactly how many people have actually unlocked their iPhones, but I estimate it’s tens of thousands. Imagine the PR fallout from the iPhone price drop. Now double that… and mix in some lawsuits.
The only way Apple could unintentionally brick any iPhones is if they’re doing a diff patch of the baseband firmware without verifying that the original firmware hasn’t been modified. I doubt they’re doing a diff patch, but we’ll find out later this week when Apple releases the update.
As far as the “you changed the firmware” issues. That’s a load of crap. Yeah, you changed the firmware. So what? There is no great universal mystery about firmware. It’s just code, and under almost any other circumstances (translation – the rest of the world outside of Apple), can be reloaded to just start over. If it can be changed to be hacked, it can be changed to be reset back to normal.
Firmware is not magic.
Update: The iPhone software 1.1.1 update is out. According to early reports an unlocked iPhone will revert to being locked and inactivated with no way to reactivate with any SIM. The update also wipes out 3rd party applications.
Opening: Reverse Engineering Monkey
We’re looking for a code monkey to work on our DRM interoperability technology. Must possess strong skills in the areas of cryptography, reverse engineering,
AJAX, code disassembly, code protection/obfuscation and software optimization. Experience domesticating penguins and eating apples is a plus.
Required skills include C, C++, x86 ASM, DRM and Windows APIs. Strong mathematical knowledge of algorithm analysis and implementation is desired. Minimum of 3 years of directly related experience.
Your favorite number is 0x90.
Location: Antarctica or your home country.
Opening: Senior Software Monkey
We’re looking for a senior code monkey to work on our audio/video products. Must have strong experience designing, implementing, debugging and optimizing userland applications. Multi-platform experience is desired.
Required skills include C, C++, C# and Windows APIs. Requirements include strong experience with current digital audio/video technology (MPEG4, H264 and AAC). Minimum of 5 years of directly related experience.
Location: San Francisco or Norway.
I am moving to a new apartment so I’m cleaning out old stuff. The following is for sale to anyone in San Francisco:
- AirPort Express: Used for a couple of months. This is the device I used when I reverse engineered AirTunes and authored JustePort, the first non-Apple software to support AirTunes. $120.
- HP Photosmart R717: Used for 1.5 years. 1GB MMC card included. Have a look at my gallery for some pictures taken with this camera. $150.
- Unlocked Motorola V330 GSM: Barely used. Charger and car charger included. $100.
- Creative Labs Webcam Live Ultra for Notebook VF0070: Used only a couple of times. $60.
I am also selling a 7 day old 1.83GHz MacBook. Used for testing. Original box. $1120.
Update: The MacBook and the webcam have been sold.