about the apple music store protocol
just being curious about what goes on behind the scenes.
radio
- GET http://pri.kts-af.net/xml/index.xml?username=AppleApp1
- which returns an xml document, asking for authentication with 'CRAM-MD5'
- GET http://pri.kts-af.net/xml/index.xml?sid=[ ... ]&tuning_id=-12
- returns the top level genre list
- GET http://pri.kts-af.net/xml/index.xml?sid=[ ... ]&tuning_id=8090&show_field[]=description&show_field[]=long_description&show_field[]=num_users&show_field[]=max_users
- returns the list for 'electronica'
- GET http://pri.kts-af.net/redir/index.pls?esid=[ ... ]&url_no=1&client_id=7&uid=[ ... ]&clicksrc=xml
- then redirects to the actual radio station
music store
- GET http://phobos.apple.com/storeBag.xml.gz
- gets the top level application list for the music store
- GET http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.app.store.DirectAction/storeFront
- gets the storefront application
- GET http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.app.store.DirectAction/storeFront?countryVerified=1
- gets top level genre list, and lost of other top something lists.
- GET http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.app.store.DirectAction/viewGenre?genreId=16
- gets the genre specific front page
- GET http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.app.store.DirectAction/browseStore
- gets just the genrelist
- from here stuff is encrypted on the line
- GET http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.app.store.DirectAction/browseGenre?genreId=16
- GET http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.app.store.DirectAction/browseArtist?genreId=16&artistId=911943
- GET http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.app.store.DirectAction/browseAlbum?genreId=16&artistId=911943&playlistId=220217
- GET http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.app.store.DirectAction/browseArtist?genreId=16&artistId=913583
- GET http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.app.store.DirectAction/browseAlbum?genreId=16&artistId=913583&playlistId=214485
recovering the key
What I have tried sofar:
- try every 16, 24 and 32 byte string from the iTunes binary as
a key to decrypt the data, and see if something gzipped comes out
( = starts with 0x1f, 0x8b, 0x08, 0x00 )
- look at disassembled iTunes. - bummer, it is huge. and I am
not very familiar with powerpc assembler
assuming that it can be decrypted this way:
RIJNDAEL_context c;
rijndael_setup(&c, keysize, key);
c.mode= MODE_CBC;
block_decrypt(&c, cipherdata, RIJNDAEL_BLOCKSIZE, plain, iv);
other people who did some research on the music store