Apple's iTunes DRM Cracked?

joekra writes "The author of DeCSS is back in the spotlight with a new application called QTFairUse. The new application attempts to convert DRM'd AACs to non-DRM'd AACs on Windows machines. MacRumors has done some limited testing on it and has found it doesn't yet work as advertised... but they do offer a look into how it works."

Also discussed on Hydrogen Audio

[eddy]

thread here.

QuickTime hacked, not Apple DRM cracked

[neonstz]

I read the comments on MacRumours, and basically this program is not an Apple DRM crack but a hack for QuickTime (windows version) which dumps the decrypted AAC stream to disk before it is sent to the AAC. This is done by patching QuickTime and writing the data in memory to disk. It is easy for Apple to change QuickTime to make this app useless, but it is nevertheless an interesting approach.

That said, it is certainly possible to reverse-engineer the decryption routine in QuickTime instead of hacking the application itself. It is just a matter of time.

Re:QuickTime hacked, not Apple DRM cracked

[seanadams.com]

What's interesting about this (from a fair use standpoint) is that it only lets you get the AAC data if you have a computer that will play the protected file. This means that you can now play the AAC files with non-Apple hardware/software.

However, it doesn't let you play someone else's DRMed .m4p files. They person who is licensed to play them would need to decripple the files first using this tool.

Therefore, it's questionable whether this is really circumventing a copy-protection mechanism, since this method only allows the "rightful licensee" to extract the AAC. If that's not fair use, then I don't know what is.

Re:QuickTime hacked, not Apple DRM cracked

[neonstz]

So what if Apple updates Quicktime? Unless they change the AAC format to break the current version what's the incentive to update if you have a version which allows removal of DRM from AAC?

Well, they can just "update" iTMS and force all users to upgrade iTunes (and QuickTime at the same time). This will at least make it even more time-consuming to convert the AACs.

(I see QTFairUse just as a proof of concept, but it shouldn't be difficult to write an easy-to-use application which uses QuickTime to convert the files with just a few mouseclicks.)

Not analogue

[eddy]

It's not analogue, it's a DLL that latches on to QT (windows) and intercepts the raw AAC data and writes it to a file.

Re:Not analogue

[Nucleon500]

As I understand that, not only is it not analog, it's also not re-encoding, which is even better. Similar to mplayer -dvd 1 -dumpstream.

Re:Sweet

[jizmonkey]

On a Mac, try this:

#open itunes
#begin playing music
netstat | grep 3689
#look for multiple connections to the same computer, that's his address
#on the right and yours on the left
setenv him HISADDR
setenv me MYADDR
#en1 = wireless, en0 = wired
sudo tcpdump -i en1 -s 0 -w itunes.log src $me and dst $him
#begin playing each of the songs you want (only need to play a second or two)
#don't close itunes!
#hit ctrl-c in terminal with tcpdump running, it should say it captured some number of pkts
strings itunes.log | egrep "(GET.*update)|(GET.*databases)|Validation" > songs

#songs now has a list of magic cookies, each alternating line is the file or the password
grep GET songs > get ; grep DAAP songs > daap ; wc get daap
#the first two lines of first column should be the same (tested under iTunes 4.1.0)
paste get daap | egrep "GET.*items/" | sed "s|.*GET|./get_one|" > get_all
cat > get_one
#then type these next two lines, hit return, and hit ctrl-d
wget --header="Client-DAAP-Access-Index: 1" \
--header="Client-DAAP-Validation: $4" "http://$him:3689$1"
chmod +x get_one get_all
./get_all
#close itunes

#now to rename the songs to have sensible extensions
mkdir tmp
mv *mp3*session* *m4a*session* tmp
cd tmp
ls | grep session > old
tr '?=' '\t\t' < old > new0
cut -f1 new0 > new
cut -f2 new0 | sed "s|session-id|mv|" > new1
paste new1 old new > fix_all
chmod +x fix_all
./fix_all
rm old new new0 new1 fix_all
mv *.mp3 *.m4a ..
cd ..
rmdir tmp

#after loading into itunes, can use one of several applescripts to rename the filenames from 454.mp3
#some of the scripts rename *.m4a to *.mp3 - then the songs don't play. to rename them back
#move the *.mp3 AAC files to their own directory, then
ls *.mp3 | sed 's/\\/\\\\/g' | sed 's/\$/\\\$/g' | sed 's/"/\\"/g' |\
sed 's/`/\\`/g' > files
cat files | sed 's/^/mv "/' | sed 's/\.mp3/.mp3" "/' > old
cat files | sed 's/\.mp3/.m4a"/' > new
paste "-d\0" old new > fix_all
chmod +x fix_all
./fix_all
rm files old new fix_all

Re:Sweet

[facts]

Thanks. I also found a program called MyTunes that works in Windows.

Re:Why do this?

[dasmegabyte]

Yeah. And when duplication of property has the same economic ramifications as theft of property, it should carry the same penalty. A lot of really talented musicians have been fucked by bootleggers...hell, J-live's first record was so heavily bootlegged that his record label wouldn't even release it. Instead, they released him from his contract. And this was just tapes in 1995!

Re:What DRM issue does this really fix, though?

[bobbozzo]

That is likely to aggravate the creation of mpeg-type artifacts.

Re:The next step

[edbarrett]

Don't you mean foobar2000 using the AAC plugin?

Compressor

(posted anyonymously for the usual reasons)

Another way to do this is with the Compressor program (by Apple) included with Final Cut Pro. Just drag the DRM'd AAC file into Compressor, choose AAC from the menu, and watch as it transcodes to unencrypted AAC. You can convert that to MP3 from iTunes if you want, or write up a little AppleScript to automate it. The only downside is that you lose the metadata tags (you could probably decode that format and write an application to convert them to IDv3 tags), but it works pretty well.

Note: I'm posting this not because of any hatred for Apple, but because I like to be able to listen to my music on my SliMP3 and this is the only way to do so besides burning and ripping from a CD.

Re:What DRM issue does this really fix, though?

[Quobobo]

AAC is not lossless, but it does compress better than MP3 does at relatively low bitrates. 128kbps AAC (which is what the Apple Music Store sells) certainly isn't lossless, but it does sound excellent. I know a few people who rip at 128-192kbps AAC though.

so what good is AAC?

And just what the hell do you plan on doing with that AAC, anyways? Unless you're an iPod owner or something, the most likely answer is: "Uh, duh, convert to MP3 so I can use and share it?". AAC is still a very niche codec until it gets more widespread hardware and software support.

Re:Maybe they'll figure this out someday

[LostCauz]

There's tons of good music, they have to stop investing in the bad music.

Re:"If that's not fair use..."

[cpt+kangarooski]

You also don't seem to know what fair use is.

Fair use is anything that, in light of the four factors listed in 17 USC 107 (or via judicial tests that predate that codification) is fair.

The examples given in 107 are NOT blanket allowances. They're illustrative of the sorts of things that might classically be fair use. That's why it says 'for purposes such as' and not 'only for purposes of.'

Reproducing and distributing otherwise infringing copies on street corners may not be infringement if it's fair per the four factor test. And yet there have certainly been educational and news reporting infringements that were not fair uses.

Why Bother To Burn

[edalytical]

Open iMovie drag an m4p file into the time line, select export, chose "To QuickTime", chose "Expert Settings", then click "Export." Save the file. Drag the file into iTunes select "Convert Selection to MP3."

In summary: Download, export, convert it voila no DRM...

works with iMovie

[edalytical]

No need for Final Cut Pro, you can do a similar thing with iMovie. To avoid being redundant, but at the expense of seeming narcissistic, I'll link to my earlier post.

Re:Why do this?

[S.Lemmon]

You're assuming the laws against theft exist to protect one's profitability - that's just not the case. They exist to protect one's property (which in the case of a copy you still have). There's is no "right to be profitable" (or at least their didn't used to be). Of course anymore the solution is just to buy enough lawmakers to legislate your profitability, but I digress.

If you can't make money selling something people can get for free, that's your fault for not having a good business plan. For example, bottled water companies couldn't claim H2O as their intellectual property (and make it illegal to drink tap water), so they had to rely on marketing - this has been successful. What record companies need to realize is they can make money by selling the *image* not the song itself. After all, this is more or less what happens already. Just give the CD some extra fancy packaging and market owning it as a status symbol and you can continue to bilk the masses of of their money for years to come!

Re:I bet...

[some+damn+guy]

They like the propriatary format more than anything.

Steve Jobs even said the other day in the WSJ that Apple hardly makes any money on the actual iTunes service (but sells a lot of high-margin iPods), and that he doesn't understand how anyone (like napster) without a side business could either.

Re:Asking for trouble AND vague description. Wow..

[adrianbaugh]

I think the point was you don't get the (arguably negligible, certainly non-deterministic) analog degradation since a DRMed aac file will always un-DRM to the same digital aac stream.

Re:How?

[hpavc]

the xbconnect package is basically just that ... xbox live emulation

Re:Why do this?

[minus_273]

" paid-for, downloaded music is now DRM-wrapped so it can't be burned to music CDs and played on home stereos or in cars"

This is exaclty what apple prevented. I dont think you even know what you are talking about. How about you go use itunes before you make a generic /.-type statement like that.

A legitimate reason for defeating DRM

[fydfyd]

Sometime in the Windows Media Player 7 or 8 era I decided to start ripping my legally purchased (or licensed?) collection of CDs for listening while at my computer. I did not share these files with any one else nor did I listen to it in two places simultaneously. At the time the default media encoder produced rips with DRM.

I then made the poor choice of upgrading from Win2k to XP with no expectation that it would have any effect on the hours I spent ripping my collection to my computer for my use. Perhaps it is the price of stupidity, but my online collection was rendered immediately useless because WMP decided I was on a new computer and therefore had stolen my rips from myself.

I have been a very satisfied user of iTunes/iTMS and have spent considerable money purchasing from iTMS. Under iTunes Advanced menu there is an item "Deauthorize Computer...". I fear even selecting this item and unwittingly invalidating hundreds of USD in iTMS purchases. I also have no idea what will happen should I decide to upgrade my CPU, add a drive, or even change the IP address of my machine. Or, perish the thought, have to reload XP because I have the poor taste to run Outlook or IE. Suffice to say, all of my iTMS purchases have been burned to CD-R because I'm not quite that stupid.

So here is one legitimate user who wants to not run afoul of the RIAA who may end up with direct losses because I don't have control over my purchased product.

Re:A legitimate reason for defeating DRM

[illumin8]

De-authorizing your computer will do nothing except render it unable to play your iTMS purchased music until you re-authorize it. The files won't be erased or damaged in any way. You will be able to play them on any computer once you authorize it with iTMS. The authorization procedure downloads your private keys from the iTMS and allows the computer you just authorized to play any files that were encrypted with these private keys. This feature is simply there in case you decide to sell your computer and don't want it counting as one of your three authorized machines.

Also, iTunes doesn't encrypt any music that you bought on CD and ripped with it. They may have some limited DRM, but it's nowhere near as draconian as Microsoft's own DRM.

Re:A legitimate reason for defeating DRM

[Basehart]

I notice when running iSync to and from my iDisk (for .Mac members only I think) there's a panel showing the authorized computers, which is currently my home machine and one at my office.

I'm not sure how closely this relates to how the iTunes DRM'd files see the world but I'd imagine it's fairly close.

Only two things to remember to do regarding managing your music, both of which covered here and elsewhere:

1. Make a backup, or two, frequently, often and regularily and store it offsite. If your HD crashes before you back-up all those tunes you purchased last night, you just wasted some money.
2. De-authorize before performing any kind of upgrade, ESPECIALLY a clean install.

Re:Maybe they'll figure this out someday

[dr.badass]

The recordings on etree are of bands that condone or encourage taping and trading of live shows. People have been freely trading tapes of some of these bands' shows since before there even was an internet.

That said, it's pretty cool to be able to download a high-quality recording of a show you went to a few days earlier.

(ot) a winning slashdot formula for audio article:

[Ayanami+Rei]

Mention Hydrogen Audio, Mod up +3 not-total-idiot!

Good call, sir.

Re:TCPA loophole?

[Alsee]

Or do you claim that communication with the Internet of the future will require the TPM to be turned on?

Cisco, Symantec, and Trend Micro have issuded press releases about new routers that will deny you an internet connection if you aren't running Trusted Computing.

Of course they advertize it as an anti-virus measure. Even the slashdot story got it wrong: Cisco Working to Block Viruses at the Router. These routers do not block data. They require you to be running Trusted Computing and then they can be further programmed to check that you are running specific anti-virus software using remote attestation.

Cisco's Network Admission Control program would enable companies to install on every PC and mobile device a client, called the Cisco Trust Agent, which could attest to certain levels of security...

However, the technology won't work unless security software can tell the Trusted Agent application the current state of security on the computer or mobile device.

The technology might also spur sales of PCs and devices that use trusted-computing hardware--controversial technology that uses encryption, special memory and security software to lock away secrets on a PC from prying eyes...

"We need a trust boundary between the network and these devices, and the system needs hardware and software to do that,"

Sure, they are advertizing it for corporate network use, but can anyone really doubt that ISP's will start installing them and requiring you to run Trusted anti-virus software as part of the terms of service?

If you don't submit to Palladium / TCPA / whatever, then you will be denied any internet connection at all.

-

But the profit can be removed from producing

[dubiousmike]

with digital audio editing programs. Long gone are the days that require million dollor studios to be able to create a polished piece of work.

Now, a talented producer/sound guy is still needed and still requires skills. But anyone with a natural sound for music and practice can be damned good.

Reinventing the Wheel

[Zorton]

While it's a good example of "hacking" in the purest sense this app does little that isn't already available via quicktime API already. If I'm understanding the technology correctly (feel free to correct me if I'm wrong) iTunes plays protected AAC files via the quicktime system. Quicktime pro already allows you to export files it plays into a variety of formats. I just duplicated the basic function of this program via qt_tools (http://www.omino.com/~poly/software/qt_tools/). My test file was Nina Simmone's "Sinner Man". I used qt_export --video 0 --audio=aiff Sinner_man.m4p test.aiff. I then used iTunes to re-encode back to AAC. As far as my ears can tell it's as close to the original as a person could want. However I still had to have my copy of quicktime authorized to playback the file and I still am using quite a few cycles to reconvert the thing into a unprotected AAC.

I think this demonstrates a perfect example of fair use and DRM technology. I can now listen to protected AAC's when I'm booted in linux. Does this type of circumventing enable me to pirate protected AAC's? Nope, not unless I can find a way to authorize files without paying for them. Does it allow me to playback files that I already own on other systems not supported by Quicktime? Yes. Am I a criminal? I doubt it, I think this is what apple is aiming for. Fair Use of your digital media without becoming a pirate. However the tools are here that would enable someone with enough motivation to start redistributing iTMS files in a unprotected form. Quite the catch-22 for someone wanting to distribute digital files across the internet. Once it becomes bits it's tough to keep it in the bottle so to speak.

My 2 cents anyway.

Re:TCPA loophole?

[Alsee]

there is an easy crack. Two PCs, one secure, one not. insecure transparently forwards the challenge to the secure and sends back the response.

It doesn't work. You'd capture the entire conversation, but it is pure encrypted garbage. The data is encrypted with a key locked inside the crypto chip on the "secure" PC. The computer transparently forwarding the data doesn't have the decryption key thus it can't understand any of the data passing in either direction.

The only way to beat the system is with an extremely sophisticated hardware hack to the motherboard or by chemically peeling your crypto chip and reading your key out with a microscope.

-

Re:TCPA loophole?

[Alsee]

Clever a troll you are.

No, and I DEFY you to refute anything in this post.

fabled rights breaching technology?

Do you have any idea how Trusted Computing works? I'm a programmer. I have read the design specifications.

It is a very technical issue and there is bad information flying around on both sides, but I have boiled it down to one simple and unbeatable argument. There is absolutely nothing wrong with the "new hardware". The sole problem is that the "new hardware" keeps your master key locked up inside and the owner is forbidden to know his master key. This leads to three points:

(1) Assume two identical computers with identical hardware. The first one is "Trusted Computing" and you are forbidden from knowing your master key. The second one is "new hardware" and you know your master key. There is NO POSSIBLE WAY that the first computer can protect you that the second one can't do just as well. The second computer preseves EVERY claimed benefit.
(2) If you do not know your master key then others can control use your computer against you, such as enforcing DRM. If you know your master key then YOU have control over your computer and it can never be turned against you.
(3) The owner of the computer has every right to rip the chip open and read his key out with a microscope. Yeah, it takes a decent college lab to do so, but you have every right to do it. Once you have dug out your master key then you have total control over the system as I described. If the owner has every right to dig his key anyway then why the hell shouln't the owner simply be GIVEN his key up-front?

So (1) giving the owner his master key presevres every benefit to the owner, (2) it eliminates every abuse, and (3) the owner has every right to get it anyway.

I have no objection to the "new hardware", but there is no POSSIBLE way to justify the design specification forbidding the owner to get his master key. The only possible reason for that requirement is to take control of the computers away from the owners. That requirement can only serve abusive purposes such as enforcing DRM against the owner.

The TCPA design specification specifically reffers to securing the system against "rouge owners". If the system were in fact designed for the owner's benefit then there would be no such thing as a "rouge owner".

These chips will be industry-standard for all motherboards. Microsoft has stated that the TCPA-chip is a component of their Palladium system. This is not a "crock conspiracy theory" - this is corporate press release. It is no conspiracy theory that the Cisco routers deny the end user an internet connection unless they are Trusted Computing compliant, it is corporate press release.

There isn't any press release about ISP's using these routers, but it *is* blatantly obvious. They are being promoted for fighting viruses and worms, what ISP doesn't want to fight viruses and worms? It will be promoted to fight spam, what ISP doesn't want to fight spam? It will be promoted to fight hackers and pirates, what ISP will refuse to fight hackers and pirates?

The only signifigant leap is about the possibility of backbone routers using it. Well, that is up to the handful of corporations that run the backbone routes. Assuming a signifigant number of ISP's have already switched over there is nothing to stop them. There will be all sorts of pressures for them to do so for all of the reasons listed above. The routers can check for far more than just anti-virus software. They can be used to enforce all sorts of contract provisions with ISP's - access rules, billing systems, bandwith limitations, anything. They have countless motivations to do so. They won't use these routers as part of a "conspiracy", they will do it out of self-interest!

But fine, lets say this never reaches the backbone. You still have a situation where all new PC's come with this hardware built in. You have ninty-odd percent of the public running whatever operating sys