Apple's iTunes DRM Cracked?

joekra writes "The author of DeCSS is back in the spotlight with a new application called QTFairUse. The new application attempts to convert DRM'd AACs to non-DRM'd AACs on Windows machines. MacRumors has done some limited testing on it and has found it doesn't yet work as advertised... but they do offer a look into how it works."

QuickTime hacked, not Apple DRM cracked

[neonstz]

I read the comments on MacRumours, and basically this program is not an Apple DRM crack but a hack for QuickTime (windows version) which dumps the decrypted AAC stream to disk before it is sent to the AAC. This is done by patching QuickTime and writing the data in memory to disk. It is easy for Apple to change QuickTime to make this app useless, but it is nevertheless an interesting approach.

That said, it is certainly possible to reverse-engineer the decryption routine in QuickTime instead of hacking the application itself. It is just a matter of time.

Re:Sweet

[jizmonkey]

On a Mac, try this:

#open itunes
#begin playing music
netstat | grep 3689
#look for multiple connections to the same computer, that's his address
#on the right and yours on the left
setenv him HISADDR
setenv me MYADDR
#en1 = wireless, en0 = wired
sudo tcpdump -i en1 -s 0 -w itunes.log src $me and dst $him
#begin playing each of the songs you want (only need to play a second or two)
#don't close itunes!
#hit ctrl-c in terminal with tcpdump running, it should say it captured some number of pkts
strings itunes.log | egrep "(GET.*update)|(GET.*databases)|Validation" > songs

#songs now has a list of magic cookies, each alternating line is the file or the password
grep GET songs > get ; grep DAAP songs > daap ; wc get daap
#the first two lines of first column should be the same (tested under iTunes 4.1.0)
paste get daap | egrep "GET.*items/" | sed "s|.*GET|./get_one|" > get_all
cat > get_one
#then type these next two lines, hit return, and hit ctrl-d
wget --header="Client-DAAP-Access-Index: 1" \
--header="Client-DAAP-Validation: $4" "http://$him:3689$1"
chmod +x get_one get_all
./get_all
#close itunes

#now to rename the songs to have sensible extensions
mkdir tmp
mv *mp3*session* *m4a*session* tmp
cd tmp
ls | grep session > old
tr '?=' '\t\t' < old > new0
cut -f1 new0 > new
cut -f2 new0 | sed "s|session-id|mv|" > new1
paste new1 old new > fix_all
chmod +x fix_all
./fix_all
rm old new new0 new1 fix_all
mv *.mp3 *.m4a ..
cd ..
rmdir tmp

#after loading into itunes, can use one of several applescripts to rename the filenames from 454.mp3
#some of the scripts rename *.m4a to *.mp3 - then the songs don't play. to rename them back
#move the *.mp3 AAC files to their own directory, then
ls *.mp3 | sed 's/\\/\\\\/g' | sed 's/\$/\\\$/g' | sed 's/"/\\"/g' |\
sed 's/`/\\`/g' > files
cat files | sed 's/^/mv "/' | sed 's/\.mp3/.mp3" "/' > old
cat files | sed 's/\.mp3/.m4a"/' > new
paste "-d\0" old new > fix_all
chmod +x fix_all
./fix_all
rm files old new fix_all

Compressor

(posted anyonymously for the usual reasons)

Another way to do this is with the Compressor program (by Apple) included with Final Cut Pro. Just drag the DRM'd AAC file into Compressor, choose AAC from the menu, and watch as it transcodes to unencrypted AAC. You can convert that to MP3 from iTunes if you want, or write up a little AppleScript to automate it. The only downside is that you lose the metadata tags (you could probably decode that format and write an application to convert them to IDv3 tags), but it works pretty well.

Note: I'm posting this not because of any hatred for Apple, but because I like to be able to listen to my music on my SliMP3 and this is the only way to do so besides burning and ripping from a CD.