{"id":60574,"date":"2022-08-08T09:48:06","date_gmt":"2022-08-08T01:48:06","guid":{"rendered":"https:\/\/www.bijienetworks.com\/?p=60574"},"modified":"2022-08-08T09:48:06","modified_gmt":"2022-08-08T01:48:06","slug":"airplay-image-transfer-cracking-example","status":"publish","type":"post","link":"https:\/\/www.bijienetworks.com\/news\/airplay-image-transfer-cracking-example","title":{"rendered":"\u591a\u5c4f\u4e92\u52a8\uff0cAirPlay\uff0c\u65e0\u7ebf\u6295\u5c4f AirplaySDK\u2014Airplay\u955c\u50cf\u4f20\u8f93\u7834\u89e3\u793a\u4f8b"},"content":{"rendered":"
AirPlay\u7248\u672c\u7e41\u591a\uff0c\u534f\u8bae\u4e5f\u6bd4\u8f83\u591a\uff1a\u955c\u50cf\uff0c\u975e\u955c\u50cf\uff0c\u56fe\u7247\uff0c\u89c6\u9891\uff0c\u97f3\u9891\uff0c\u7b2c\u4e09\u65b9app<\/span>\u7b49\u7b49\u5404\u79cd\u534f\u8bae\u4e4b\u95f4\u90fd\u6709\u5dee\u522b\uff0c\u4ee5\u540e\u4f1a\u6162\u6162\u7ed9\u5927\u5bb6\u4ecb\u7ecd\u7684\u3002<\/p>\n \u8981\u5b9e\u73b0AirPlay<\/span>\u7684\u7b2c\u4e00\u6b65\u5c31\u662f\u8981\u5b9e\u73b0ios<\/span>\u4e0eAirPlay<\/span>\u4e4b\u95f4\u7684\u76f8\u4e92\u53d1\u73b0\uff0c\u53ef\u4ee5\u4f7f\u7528zeroconf<\/span>\uff0cmdns<\/span>\u7b49\u5f00\u6e90\u534f\u8bae\u6765\u5b9e\u73b0\uff0c\u4e0b\u4e00\u7ae0\u4f1a\u8be6\u7ec6\u4ecb\u7ecd\u4ecb\u7ecd\u8fd9\u51e0\u79cd\u53d1\u73b0\u534f\u8bae\u3002<\/p>\n \u8981\u5b9e\u73b0airPlay<\/span>\u7684\u955c\u50cfServer<\/span>\u7aef\u529f\u80fd\uff0c\u8981\u4ece\u4ee5\u4e0b\u51e0\u4e2a\u65b9\u9762\u6765\u8003\u8651<\/p>\n <\/p>\n \u53d1\u73b0\u8fc7\u7a0b<\/strong><\/p>\n \u4f7f\u7528Bonjour<\/span>\uff0c\u53ef\u4ee5\u53c2\u8003mDNSResponder<\/span>\uff0cjmdns<\/span>\uff0c\u6ce8\u518c\u4e24\u4e2a\u670d\u52a1:airtunes<\/span>\u548cairplay<\/span>\uff0cAirplayTxt<\/span>\u4ee5\u53caRaopTxt<\/span>\u7167\u7740demo<\/span>\u586b\u5199\u5c31\u53ef\u4ee5\u4e86\uff0c\u4e5f\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u8981\u6c42\u4fee\u6539\u5176\u4e2d\u7684\u503c\uff0c<\/p>\n \u9700\u8981\u6ce8\u610f\u7684\u5982\u4e0b\uff1a<\/p>\n airtunes:\u00a0\u00a0 \u201c12345@wirelessdisplay\u201d , \u201d_raop._tcp.\u201dairplay:\u00a0\u00a0\u00a0 \u201cwirelessdisplay\u201d , \u201d_airplay._tcp.\u201d<\/p>\n \u53c2\u6570\u4e2d\u201d_airplay._tcp.<\/span>\u201d\u548c\u2019\u2019_raop._tcp.<\/span>\u201d\u4e0d\u53ef\u4fee\u6539\u3002<\/p>\n \u53d1\u5e03\u4e86\u670d\u52a1\u4e4b\u540e\uff0cios<\/span>\u8bbe\u5907\u4e2d\u5e94\u8be5\u5c31\u53ef\u4ee5\u641c\u7d22\u5230Server<\/span>\u7aef\u4e86<\/p>\n \u534f\u5546\u8fc7\u7a0b<\/strong><\/p>\n c-s: pair-setup<\/p>\n s-c: xxx<\/p>\n c-s: pair-verify<\/p>\n s-c: xxx<\/p>\n c-s: fp-setup<\/p>\n s-c: xxx<\/p>\n c-s: fp-setup<\/p>\n s-c: xxx<\/p>\n setup<\/p>\n setup response<\/p>\n setup<\/p>\n setup respnose<\/p>\n pair-setup\uff0cpair-verify<\/span>\u914d\u5bf9\u9a8c\u8bc1\uff0cServer<\/span>\u7aef\u6839\u636e\u6536\u5230\u7684\u4fe1\u606f\u8fdb\u884c\u56de\u590d\uff0c\u683c\u5f0f\u7c7b\u4f3cRTSP<\/span><\/p>\n fp-setup(\u7b2c\u4e00\u6b21\u548c\u7b2c\u4e8c\u6b21)<\/span>\uff0cFairplay<\/span>\u76f8\u5173\u3002<\/p>\n \u7b2c\u4e00\u6b21setup<\/span>\u9636\u6bb5\u4f1a\u6536\u5230\u4e00\u5927\u4e32\u6570\u636e\uff0c\u662f\u6309\u7167plist<\/span>\u683c\u5f0f\u751f\u6210\u7684\uff0c\u7528\u76f8\u5e94\u7684\u65b9\u6cd5\u8fdb\u884c\u89e3\u6790\u53ef\u4ee5\u5f97\u5230ekey<\/span>\u548ceiv<\/span>\u7b49\u4fe1\u606f\uff0c\u7528\u4e8e\u540e\u7eed\u7684\u89e3\u5bc6\u3002<\/p>\n \u7b2c\u4e8c\u6b21setup<\/span>\u9636\u6bb5\u83b7\u5f97type<\/span>\uff0c\u901a\u8fc7type<\/span>\u6765\u5224\u65ad\u89c6\u9891\u6570\u636e\u6216\u97f3\u9891\u6570\u636e\uff0c\u901a\u77e5\u63a5\u6536\u7aef\u5efa\u7acb\u4f20\u8f93\u901a\u9053\u51c6\u5907\u8fdb\u884c\u97f3\u89c6\u9891\u6570\u636e\u7684\u53d1\u9001\uff0c\u52a0\u5bc6\u8fc7\u7684\u5c4f\u5e55\u955c\u50cf\u6570\u636e\u901a\u8fc7\u6307\u5b9a\u7684\u7aef\u53e3(<\/span>\u4e00\u822c\u4e3a7100)<\/span>\u53d1\u9001\u5230\u63a5\u6536\u7aef\u3002<\/p>\n \u63a5\u6536\u7aef\u6536\u5230\u53d1\u9001\u8fc7\u6765\u7684\u6570\u636e\u540e\u8fdb\u884c\u89e3\u5bc6\uff0c\u89e3\u5bc6\u540e\u7684\u6570\u636e\u5c31\u53ef\u4ee5\u8fdb\u884c\u64ad\u653e\u4e86\u3002<\/p>\n \u4e2d\u95f4\u4e5f\u53ef\u80fd\u4f1a\u6709GET_PARAMETER<\/span>\uff0cSET_PARAMETER<\/span>\u6765\u8c03\u6574\u97f3\u91cf\u7b49\u4fe1\u606f\u3002<\/p>\n <\/p>\n \u89e3\u5bc6\u90e8\u5206\u76ee\u524d\u4e3b\u8981\u6709\u4e24\u79cd\u65b9\u6cd5\uff1a<\/p>\n 1.\u4eceapptv<\/span>\u6216macOS<\/span>\u83b7\u53d6\u3002<\/p>\n 2.\u4ece\u5e02\u9762\u4e0a\u5df2\u6709\u7684\u53ef\u6295\u5c4f\u4ea7\u54c1\u4e2d\u83b7\u53d6\u3002<\/p>\n AIRPLAY\u955c\u50cf\u6295\u5c4f\u8fc7\u7a0b\u4e2d\uff0c\u97f3\u89c6\u9891\u6570\u636e\u90fd\u662f\u52a0\u5bc6\u8fc7\u7684\uff0c\u5bf9\u4e8e\u63a5\u6536\u7aef\u6765\u8bf4\uff0c\u9700\u8981\u6b63\u786e\u89e3\u5bc6\u540e\u624d\u80fd\u5bf9\u97f3\u89c6\u9891\u6570\u636e\u8fdb\u884c\u5904\u7406\uff0c\u97f3\u9891\u548c\u89c6\u9891\u7684\u89e3\u5bc6\u8fc7\u7a0b\u8fd8\u4e0d\u4e00\u6837\u3002\u97f3\u9891\u76f8\u5bf9\u7b80\u5355\u4e00\u70b9\uff0c\u89c6\u9891\u4f1a\u590d\u6742\u4e00\u4e9b\u3002\u8fd9\u4e00\u5757\u7684\u89e3\u5bc6\u8fc7\u7a0b\u662f\u6ca1\u6709\u516c\u5f00\u7684\uff0c\u662f\u82f9\u679c\u81ea\u8eab\u7684Fairplay DRM<\/span>\u534f\u8bae\u90e8\u5206\u3002\u73b0\u5728\u5e02\u9762\u4e0a\u7684\u7b2c\u4e09\u65b9Airplay<\/span>\u63a5\u6536\u7aef\u65e0\u975e\u90fd\u662f\u901a\u8fc7\u9006\u5411\u8fc7\u7a0b\u7834\u89e3\u4e86\u76f8\u5173\u90e8\u5206\u3002<\/p>\n \u672c\u6587\u9488\u5bf9\u97f3\u9891\u7684\u5904\u7406\u505a\u4e00\u4e2a\u4ecb\u7ecd\uff0c\u97f3\u9891\u90e8\u5206\u7684\u5904\u7406\u76f8\u5bf9\u7b80\u5355\u4e00\u70b9\u3002<\/p>\n \u89e3\u5bc6\u8fc7\u7a0b<\/strong>:<\/span><\/p>\n 1 \u97f3\u9891\u91c7\u7528AES CBC128<\/span>\u8fdb\u884c\u52a0\u5bc6\uff0c\u8fd9\u4e00\u90e8\u5206\u53ef\u4ee5\u4f7f\u7528\u5f00\u6e90\u7684openssl<\/span>\u5e93\u8fdb\u884c\u5904\u7406<\/p>\n 2 \u8be5\u7b97\u6cd5\u9700\u8981\u89e3\u5bc6\u7684\u8f93\u5165\u53c2\u6570\u5305\u62ecaeskey<\/span>\uff0caeskiv<\/span>\uff0c\u901a\u8fc7ANNOUNCE\u8bf7\u6c42\u4e2d\u643a\u5e26\uff0cANNOUNCE<\/span>\u8bf7\u6c42\u540c\u65f6\u8fd8\u4f1a\u643a\u5e26\u97f3\u9891\u7684\u7f16\u7801\u4fe1\u606f\u3002<\/p>\n \u901a\u8fc7\u89e3\u5bc6\u8fc7\u7a0b\u540e\uff0c\u6211\u4eec\u4f1a\u5f97\u5230AAC<\/span>\u7f16\u7801\u7684\u97f3\u9891\u6570\u636e\uff0c\u64ad\u653e\u5668\u64ad\u653eAAC<\/span>\u6570\u636e\u8fd8\u9700\u8981\u5bf9\u5176\u8fdb\u884c\u89e3\u7801\u3002<\/p>\n \u5728\u6211\u4eec\u5b9e\u73b0\u7684\u63a5\u6536\u7aef\u7a0b\u5e8f\uff0c\u534f\u5546\u51fa\u6765\u7684\u662fAAC-ELD<\/span>\u7f16\u7801\u3002\u5bf9\u4e8eAAC<\/span>\u7684\u89e3\u7801\uff0c\u53ef\u4ee5\u4f7f\u7528\u4e00\u4e9b\u5f00\u6e90\u7684\u5e93\uff0c\u5982fdk,ffmpeg<\/span>\u7b49\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528android<\/span>\u63d0\u4f9b\u7684MediaCodec<\/span>\u8fdb\u884c\u89e3\u7801\u3002<\/p>\n \u4f46\u7b14\u8005\u66fe\u7ecf\u5728\u67d0\u4e9bAndroid<\/span>\u624b\u673a\u4e0a\u53d1\u73b0\uff0c\u89e3\u7801AAC-ELD<\/span>\u6709\u95ee\u9898\u3002\u63a8\u8350\u5927\u5bb6\u7528fdk<\/span>\u8fdb\u884c\u89e3\u7801\u3002<\/p>\n \u4f7f\u7528fdk<\/span>\u5bf9aac<\/span>\u8fdb\u884c\u89e3\u7801\uff0c\u5176\u5b9e\u5728\u7f51\u4e0a\u4e5f\u80fd\u627e\u5230\u5f88\u591a\u4f8b\u5b50\uff0c\u4f46\u7b14\u8005\u53d1\u73b0\u5f88\u591a\u4f8b\u5b50\u6709\u4e00\u5904\u9519\u8bef\uff0c\u5728\u4f4e\u7248\u672c\u7684fdk<\/span>\u4e0a\u4e0d\u4f1a\u51fa\u73b0\u9519\u8bef\uff0c\u4f46\u662f\u5728\u9ad8\u7248\u672c\u7684fdk<\/span>\u4f1a\u51fa\u73b0crash<\/span>\u8fd9\u6837\u7684\u95ee\u9898\u3002\u8bdd\u4e0d\u591a\u8bf4\uff0c\u76f4\u63a5\u901a\u8fc7\u90e8\u5206\u4ee3\u7801\u6765\u8bf4\u660e\u8fc7\u7a0b\u3002<\/p>\n \u521d\u59cb\u5316\u89e3\u7801\u5668\uff1a<\/p>\n \u4e0a\u8ff0\u4ee3\u7801\u4e2deld_conf<\/span>\u8fd9\u4e00\u5757\u7684\u503c\u5bf9\u5e94android MediaCodec aac<\/span>\uff0cCSD buffer #0<\/span>\u5177\u4f53\u4ec0\u4e48\u542b\u4e49\u770b\u89c4\u8303\u5427\u3002<\/p>\n \u6bcf\u6b21\u7f16\u7801\u548c\u53d1\u9001\u7684\u91c7\u7528\u6570\u4e3a480<\/span>\uff0c\u6545\u4e0b\u9762\u7533\u8bf7\u5bf9\u5e94\u957f\u5ea6\u7684Buffer<\/span><\/p>\n <\/p>\n \u89e3\u7801\u8fc7\u7a0b<\/strong>:<\/span><\/p>\n aacDecoder_DecodeFrame\u586b\u5165\u7684\u53c2\u6570\u4e3apcm_size<\/span>\uff0c\u5176\u5355\u4f4d\u4e3ashort,<\/span>\u800c\u4e0d\u662fbyte<\/span>\u3002\u7f51\u4e0a\u7684\u4f8b\u5b50\u5f88\u591a\u90fd\u662f\u5728\u8fd9\u91cc\u9519\u8bef\u3002\u8bf7\u5404\u4f4d\u52a1\u5fc5\u6ce8\u610f\u3002<\/p>\n\n
\n
\n