iPhone Application Key Leaked

HighWizard writes with word from Engadget that the iPhone SDK Key has been leaked early. "We're not exactly sure how this all went down, but we trust Erica Sadun over at TUAW when she says that it appears that the iPhone's SDK key — which will probably be required by all 'official' third-party apps — has been leaked. Two different sites currently have the key posted, but it's all just for show until next month, when the SDK hits for real — and the code is undoubtedly changed."

Bummer :-(

[Whiney Mac Fanboy (963289)]

If you find something like this, you sit on it until after release. Now, Apple will probably update the release version of the SDK with a tighter authorisation system.

Regardless, it's fruitless for Apple to try & stop free third party apps. If enough people are interested, there will always be someone able & willing to crack Apple's DRM.

Oh, and here's a special message for any Apple Fanboi's in the house [188458a6d1...d43774.com]. (not my site)

Re:Bummer :-(

[SpeedyDX (1014595)]

Regardless, it's fruitless for Apple to try & stop free third party apps.

Yeah, the core of the problem is locking-in the SDK in the first place. They should adopt a less rotten attitude and just open it up for any developer to contribute free apps to the platform.

OK, I'm done. Ready to take the karma beating.

Re:Bummer :-(

[fangorious (1024903)]

can you try to pear down the puns?

Re:

[SeaFox (739806)]

can you try to pear down the puns?

I thought they were berry funny.

Re:

[Arthur Grumbine (1086397)]

trying to top that would be an exercise fruitility...

Re:Bummer :-(

[DeepZenPill (585656)]

They're only sewing the seeds of their own destruction by introducing more restrictions to developers.

Re:Bummer :-(

[marimbaman (194066)]

sowing.

*sigh*

Re:Bummer :-(

[webmaster404 (1148909)]

Exactly, just look at game consoles. Just a few days ago they managed to find a way to run homebrew code on the Wii without a modchip. All DRM is quickly broken if there is enough interest. I still don't get why they do it, if I get a computer, I should be able to run whatever program I want on it, change the OS, overclock it ETC.

Re:Bummer :-(

[Jeff DeMaagd (2015)]

Game consoles aren't sold as general purpose computers. The hardware is purely a means to an end, what they're really trying to sell is the games. With the Wii, they're still hard enough to get in many places, I don't think they want to sell them to people that aren't going to be buying the games. With the other two consoles, they're sold at a loss with the intent that it will be made up for in licence fees, so it's not necessarily in their best interest to let you do just anything with them.

Re:

[LKM (227954)]

This is kind of a hard problem. In principle, I agree. I bought the damn machine, now let me do whatever the hell I want with it. It's kind of insane that I have a PS3 sitting next to my sofa and pretty much all I can do with it is play games. I could install Linux, but then I'd have to cope with the hypervisor... It would be great if I could just run unlicensed third-party apps inside the normal PS3 interface. Stuff like VLC would be really useful on something like the PS3.

On the other hand, you can't have

Re:

[penix1 (722987)]

It has little to do with the user's protection. Let's face it, they don't give a crap about users that break their phones. After all, they are there to sell new phones to the one that breaks their old phone.

It has everything to do with protecting the phone network which *IS* their responsibility to repair when trashed. Users be damned when it comes to breaking the phone but break the network, we can't have that!

Re:Bummer :-(

[amorsen (7485)]

It has everything to do with protecting the phone network which *IS* their responsibility to repair when trashed. Users be damned when it comes to breaking the phone but break the network, we can't have that!

It is quite difficult to break the phone network with a phone, especially when you can't mess with the actual GSM/EDGE chip but only the one running programs. If that's the excuse to lock the phone, it's a seriously bad one.

Breaking the network is easy

[LKM (227954)]

It is quite difficult to break the phone network with a phone

It's difficult with a phone, but it becomes easier when you write software that runs on hundreds of thousands or millions of phones. Write an e-mail client which checks mail every hour. Forget to randomize when that occurs every hour. Next time the check triggers, millions of phones access the network at the same time. And that was that.

Re:Breaking the network is easy

[John Whitley (6067)]

Don't sell those users an unlimited data plan then!

Here's a clue for you and the mod that marked you "+1 Insightful": Limiting data plans has ZERO effect on a DDOS [wikipedia.org]. None of the individual phones in the scenario described will come anywhere near a bandwidth cap. It's only the conjunction of all phones acting simultaneously that hose the network and/or services on the network.

Re:

[el_nino (4271)]

Actually, you can mess with the iPhone's GSM modem, called the baseband. SIM unlocking involves changing the baseband software which is run on the actual GSM chip.

This is totally unrelated to jailbreaking the OS to run homebrew apps, though. And it's still a poor excuse.

Re:Bummer :-(

[Tony Hoyle (11698)]

Other phones seem to have no problem allowing 3rd party apps on them.. even ones by independent developers.

The iphone is locked down for a single reason - to stop people breaking out of the AT&T monopoly. Apple don't give a crap about a jailbreak or 3rd party apps really.. you wanna break your phone, they'll happily sell you another one. The do care about the kickbacks they get from their chosen provider in each country.

Re:

[dreamchaser (49529)]

The restrictions on third-party apps is always done in the interest of the user.

That is utter drivel. If there IS any benefit to the end user it is secondary to keeping the platform locked for profit reasons. Neither Apple nor AT&T care about the user's best interest except where it correlates to sales and profit.

Re:Bummer :-(

[SYFer (617415)]

What, you're not overclocking your watch? Luser.

You can actually see the hour hand moving on mine. Sure, I've singed my wrist a few times, but nothing a few heat sinks and thermal putty couldn't fix. 12:40 AM West Coast? Ha. I've got 2:15.

Re:

[Random Destruction (866027)]

Exactly like those things. If I want to tear apart my microwave for some upgrade I've dreamed up, then I don't want some DRM or TrustedCooking BS messing it all up.

3 Second Burritos here I come!

Re:Bummer :-(

[TubeSteak (669689)]

Now, Apple will probably update the release version of the SDK with a tighter authorisation system.

What makes you think that crackers got the key from the SDK's "authorization system" and not from an Apple insider?

Re:Bummer :-(

[Admiral Ag (829695)]

Forgive me if I misunderstand you, but where does it say that Apple is not going to allow free app downloads?

I can see why they would want an authorization system, because they have already expressed their worries about iPhone malware. Moreover, Apple was going to have to distribute the apps anyway, because most people use iTunes to manage their iPhones. The hackers among us will find a way around it, but the idea seems to be to protect ordinary users, not frustrate the uber leet among us (of which I am not one).

I'd be surprised if there weren't free downloads anyway along with the pay stuff. It may well be in the interest of some developers to offer free apps that complement their pay offerings or web services. The kind of small widgets that people will make are free anyway (and Dashboard widgets tend to be free). Podcasts are free, so it's not like iTunes doesn't already offer free content. Hell, they offer free DRMed songs every week.

In any case, even if the apps do start off on a pay basis, I'm guessing that pressure from developers will lead to free apps being offered.

Re:

[Whiney Mac Fanboy (963289)]

Forgive me if I misunderstand you, but where does it say that Apple is not going to allow free app downloads?

It's not that Apple not going to allow free app downloads - the issue is how much Apple will charge to sign your app.

If the charge is anything other than $0, it becomes impractical for third party developers to offer their apps for free.

Re:Bummer :-(

[Mr2001 (90979)]

Apple could easily take the route of S60v3, and allow the conscientious user to disable the security requirement.

They could, but is there any reason to believe they will? Has Apple ever passed up an opportunity to take advantage of platform lock-in?

And as a truly responsible geek, you really should go out and look at the pre-existing signed application schemes before you continue this nonsensical panic. Even if you only look at the ones I've referenced here today (Nokia's S60v3+ and Sony Ericsson's UIQ3.x)

Well, let's add Qualcomm's BREW to that list as an example of why the "panic" is appropriate.

Ask any of the tens of millions of customers affected by BREW in the US about the last time they installed a free app on their phone, and if you're lucky, they'll describe a trial version of a game that disabled itself after 15 minutes. If not, they'll just laugh at the absurd concept of putting software on their phone without paying a monthly subscription or a hefty up-front charge.

Re:

[Tony Hoyle (11698)]

Steve jobs has previously referenced the Symbian model.

In that you have developer keys, which are free (the SDK download is free), tied to your IMEI and allow you to sign applications for your phone as much as you like. These can access most functions but not critical phone functions.

This leads to two classes of apps:

1. 'official' apps, which have been through the vetting process and got a 'proper' key - this is much easier than it used to be, (there are plenty of small companies making profit selling app

18 84 58 A6 D1 50 34 DF E3 86 F2 3B 61 D4 37 74

[by Anonymous Coward]

     

but it's all just for show until next month....

[clambake (37702)]

... when the SDK hits for real -- and the code is undoubtedly changed. ... and re-leaked.

Re:

[BitZtream (692029)]

Not likely, where I work, we use public/private key pairs to sign all code the goes out the door. Each developer has their own key pair for doing internal work on components which must be signed to work in our system, and only myself (I'm the lead developer/buildmaster) and the CEO have the password to the master certificate. One of our developers COULD leak their key. At which point I would promptly point to the part of their contract which stipulates doing so is grounds for immediate termination.

Consid

Let me guess

[Mr. Ksoft (975875)]

09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c0?

Re:Let me guess

[Swampash (1131503)]

No, it's

up up down down left right left right sel start

Meh

[MrCopilot (871878)]

I wish I cared, I tried extra hard but still nothing.

If I want a phone I can modify I should buy a phone that allows it.

Is the iPhone sleek and sexy? Of course, but so are a host of supermodels that I would not want to get into a 2 hour conversation with let alone a 2 yr relationship.

I feel the same way about the iPhone, I'd like to play with one for a little while, but thats about it.

Re:Meh

[Anakron (899671)]

host of supermodels ... 2 hour conversation

eh? You're doing it wrong!

Re:Meh

[BitZtream (692029)]

I call bullshit. Its not like your going to get better conversation in the 2 hours to 2 years you're going to spend playing WoW instead.

Slashdot - rumours for nerds

[enoz (1181117)]

We're not exactly sure how this all went down, but we trust Erica Sadun over at TUAW when she says that it appears that the iPhone's SDK key -- which will probably be required by all 'official' third-party apps -- has been leaked.

Next month, when the SDK comes out, apparently this key may or may not work. Fantastic!

Here's another SDK key that was apparently discovered on a blog so is probably true:
47 6F 47 65 74 41 46 69 72 73 74 69 4C 69 66 65

"It's true, a blog confirms it!"

Symmetric key used to protect iPhone?!

[Myria (562655)]

The purported key is only 16 bytes. There is no current public-key algorithm capable of maintaining security at a 128-bit key size. If that's a legitimate key, it's definitely a symmetric key. Symmetric cryptography has the obvious problem that the device necessarily must have the key inside of it somewhere, meaning that a reverse engineer could find it.

If Apple used a symmetric key to protect against unauthorized software, it would imply incompetence with cryptography. I highly doubt this is true. It's more likely that it's not.

Re:Symmetric key used to protect iPhone?!

[BitZtream (692029)]

Its far more likely that its simply an md5 fingerprint or something silly. One of the blogs listed in the summary is for a guy who loves stringing people along in an extremely retarded way. Definately some attention issues. Either way, I'm not aware of any public/private key systems that would be considered very secure with a 128 bit key since you need a considerably larger key size with public/private key systems because large your limited to using prime numbers and stuff like that. While I'm not sure of the exact time involved, but since 1024bit certificates are considered 'weak' now days, I doubt cracking a 128 bit private key would be extremely difficult, especially with the possiblity of using distributed computing over the internet. Its either a hash or a symetrical encryption key used to obsfucate something to have the hax0rs waste some time, or a horrible implementation. You pick

Publishing this takes balls.

[Kaenneth (82978)]

The key I got from an Apple insider is: 01 02 03 04 05

Re:

[filterban (916724)]

Amazing! That's the same combination that I have on my luggage!

Re:Does It Really Matter?

[fangorious (1024903)]

Since you asked, I've seen plenty. Including two people I work with (a Java developer and an InstallShield developer), one unlocked for Tmobile. Seen a few at grocery stores and hockey rinks. Also know of at least one person at Harmonix who has one. I want one myself (but I'm waiting for the final word on first telecom immunity and second the current lawsuits against AT&T and friends). I like the interface. Everyone I know who has played with one agrees that it has the best interface. I've tried to use other similar features on nokia, samsung, and motorola phones, and even manage to convince myself of their adequacy. Until I pick up an iphone and realize the sad truth that for the market segment it targets, nothing else I've tried out comes close to the iphone.

Re:

[RulerOf (975607)]

It is awkward to hold.
It is awkward to talk into/listen to.
It too big/bulky compared to the better phones out there.
...
It is overpriced.
It has a shitty contract.

Fixed that to make it sound more like you just described my Blackberry 8830. However, unlike an iPhone owner, I was attracted to the Blackberry because of the convergence it offered me. I've had the device for two months now and I'm about an order of magnitude more organized than I was before I got it. Of course, that doesn't mean that everyone in the world is going to be attracted to my phone's sleek features... Er, I mean Exchange integration, but that one feature alone makes it better than any ot

Re:

[AKAImBatman (238306)]

Has anyone ACTUALLY seen someone in REAL LIFE with an iPhone?

Four off the top of my head. Three coworkers and a friend from Canada. (He unlocked it to work with Rogers.) I could probably come up with more if I thought hard enough about it.

In comparison, everyone I know who had a Windows Mobile phone ended up drop-kicking it and replacing with just a plain-jane phone. Biggest complaint? "At least I can make calls on this phone. Which is more than I can say for my Windows phone..."

The iPhone is the best phone I've ever owned.

[LKM (227954)]

(Sorry, this is going to be a somewhat lengthy rant which isn't directed solely at parent, but at other posts asking about what people see in the iPhone)

I live in Switzerland, where the phone isn't even officially sold. I own an iPhone, I know six other people who own iPhones, and I've seen three people whom I don't know with iPhones on the street. So yeah, tons of people own iPhones, and they use them.

Personally, the iPhone is the best cell phone I've ever owned. It's also the cheapest cell phone I've ever owned. I use my cell phone as an organizer. I use the calendar extensively, I write and receive a lot of SMS messages. I generally use smartphones. I've owned a P800, a Treo 650, and a P990i. These phones suck compared to the iPhone.

For example, the P990i supports wifi - in theory. Actually using wifi means that you have to add each network you want to use to your list of networks (which involves going through a lengthy wizard where you tell the damn phone what specific setup the wifi network uses). This generally means that you have to create a second list of networks, because otherwise, you have wifi and umts in the same list, which means you never know whether the phone is actually using umts instead. So you create two lists, add wifi networks to the second list, tell the phone (or application, because sometimes that works on the application level and sometimes on the phone level) that you want to use the second list with the wifi network, then you connect to the network, and finally you can use the damn wifi network. After my P990i crashed half a year after I bought it and deleted all settings, I never bothered to go through this again. I simply avoided using wifi.

On the iPhone, you open Safari. If it can find a wifi network you've already used, it'll use that. If not, it'll give you a list of networks it can see. You pick one. If it's protected, it asks for the password. It connects. And that's all there is to it.

And don't get me started on how fucking abysimal the user interface on the P990i is. It's slow, with tons of crappy animations which add nothing to the UI other than preventing you from getting to where you want to be. The web browser on that thing is the worst piece of shit I've ever used. It's practically useless. Entering an appointment into the calendar actually takes around 20 taps with the stylus. In fact, it is so complicated that they added a second way of entering appointments using a shortcut menu entry, which takes a few taps less, but sometimes crashes or simply does not work at all. Oh, and when the phone crashes, it restarts and tels you that it had to restart in order to improve functionality. The phone crashes, and then it insults your intelligence, too.

The Treo was better - at least the UI was not designed by blind monkey on acid. Unfortunately, it had other issues, such as the fact that there is pretty much no multitasking. For example, if you open a site in the browser (which is better than the one in the P990i, but still sucks), get an SMS, write an answer to the SMS and go back to the browser, the state is lost and you start fresh.

I heard Windows Mobile was slightly better, but the last time I used it (admittedly a few years ago), it seemed to me the user interface was basically akin to using Windows 95 on a really really small screen.

In comparison to every other phone I've ever used, the iPhone is a breath of fresh air. It works the way you expect, it's damn fast, the browser is actually so usable that I often simply use the iPhone instead of going to my computer. The screen is beautiful and large, which makes it possible to watch movies during train rides. It synchronizes perfectly well with all computers I own, and when I start listening to a podcast on the iPhone, my iPod picks up where I stopped listening, and I can restart exactly where I was when I go jogging.

Everything about the iPhone is well thought out, and for once, I actaully like using my cell phone.

So screw the "emo demographic". People use the iPhone because it's quite simply one of the best - possibly the best - cell phones available, despite the fact that you can't install applications without jailbreaking it first.

Re:

[Tom (822)]

Has anyone ACTUALLY seen someone in REAL LIFE with an iPhone?

Every time I walk by the mirror in the hallway, yes. Why? You too dumb to realize that with four million sold there are roughly... well, let's not overcomplicate things, just call it "lots of"... people who have one?

Re:

[schnikies79 (788746)]

From the department of redundancy department.

Sigh. Sorry about that.

Re:

[NalosLayor (958307)]

Seriously? You're sneering at 1 in 100? Selling one copy of your product to every 100 Americans in half a year? That's staggeringly successful. I'm no apple fanboy, but come on, that's freakin' impressive.

Re:

[DECS (891519)]

Microsoft isn't selling Vista at retail at all. Even new PCs, which typically all come with whatever version of Windows Microsoft wants, have vastly outnumbered the sales of 100M Vista licenses Microsoft is counting. That means most new PCs sold in 2007 shipped with XP!

As for the OP wondering where the iPhones are, if you live in the middle of nowhere, you might be seeing a diluted number of iPhones. Try going to a concert in a major US city and not spotting lots of them. An increasing number of the amateur

Re:Does It Really Matter?

[by Anonymous Coward]

... which is ironic knowing the vendor lock-in Apple does.

Yeah, total lock-in. I just wish that, when the time comes that I start to feel the lock-in, it would be possible to install Windows XP, or Vista, or one of those many x86 Linux distros on my MacBook. Oh wait, I can install any one of those. I could even run all of them at the same time along with Mac OS X and run any application I feel like.

Dang Apple and their lock-in.

Re:

[aesiamun (862627)]

No you can't export it, but you can copy all your photos, all of your music to another machine and just get on with life.

I'm not sure what the problem is here.

Re:why all the effort?

[lymond01 (314120)]

the iphone is a locked down piece of crap.

If anything locked down is a piece of crap then I guess you're right. But if you're saying it's locked down and is a piece of crap on its own, I think I disagree. Me and probably 95% of the people who have ever touched one.

Opinions aside, I wonder if Apple was so against opening it up because they wanted to reserve the right to change the APIs to fit any updates they planned in the future. With control of the few installed apps, they can make core changes to the OS to extend the abilities of the iPhone, then rewrite the parts of the apps to fit with the new core. If they let anyone make apps, they'd either break them everytime the core changed (see the last 3 updates for examples) or they'd have to stabilize the core (which is probably what they've done now that they're releasing an SDK).

I wonder if this is just prep for iPhone 2...let people go crazy with the first iPhone, and save the lockdown for the greater iPhone 2 soon to arrive.

"Dude...3G is cool and all, but you can't even customize your apps on iPhone2. Check out this gnarly rdesktop client I've made..."

answer on the 3rd party apps question

[SethJohnson (112166)]

I like the iPhone because it's fun but why are we fighting so hard just to make it run programs that we want?

The main reason Apple wants to control 3rd-party apps on the phone is because they've got a commitment to AT&T not to allow users to circumvent their traditional cell phone profit centers. This is: Ringtones, SMS, and cell phone minutes. If the thing were an open platform, the first thing people would install would be a VOIP client and an SMS app that uses email addresses instead of SMS phone

Re:

[bnenning (58349)]

I think iPhones are a bit more constrained in some ways, it's a portable computer, but a handset platform like that doesn't necessarily have hardware preemptive multitasking to assure that the device can recover from an errant program.

It's running a Darwin kernel, so it certainly has preemptive multitasking and memory protection. In my limited experience writing iPhone apps, if you stomp on an invalid memory location the app just dies and it goes back to the main screen