9 Replies
      Latest reply on Sep 13, 2019 2:17 AM by karlg_arris
      noamtk Level 1 Level 1 (0 points)

        Since the source code for the KSM is open and the spec explains exactly the structure of the CKC, what's stopping pirates from hacking FairPlay by parsing the CKC and extracting the content key? Is there a shared secret that they would need (that secret would have to somehow be shared between the device and the KSM).


        The FairPlay certificate, being a public key, is also public knowledge; depending on the setup, it's usually shared on an Internet-facing server or as a resource in the app.

        • Re: What stops pirates from extracting the key from the CKC?
          noamtk Level 1 Level 1 (0 points)

          The guide says, under "Identifying Your FPS App with an Application Certificate":


          Every playback app that uses FPS must find the media’s key server and establish communication with that server. When messages can be exchanged between the iOS device and the key server, the app must send the server an FPS-created SPC message. This message contains a hash of the Application Certificate identifying your private key.


          Verify that the hash value in bytes 152-171 of the SPC correctly identifies the private key of the developer from which the module expects to receive SPC messages.


          In the code sample shown in the iOS FPS Client sample (included in the SDK), kTestAppCert contains the Application Certificate.


          Who's private key does it refer? The certificate we pass to iOS when creating an SPC is the one issued by Apple specifically for FPS purposes (its CN attribute begins with "FairPlay Streaming"). The application doesn't have the private key for this certificate, only the KSM has it.

          Which certificate is the Application Certificate -- that "FairPlay Streaming" certificate or the one used to sign the app for AppStore distribution?

          I don't see kTestAppCert anywhere in the code sample.