Apple's iTunes DRM Cracked?

joekra writes "The author of DeCSS is back in the spotlight with a new application called QTFairUse. The new application attempts to convert DRM'd AACs to non-DRM'd AACs on Windows machines. MacRumors has done some limited testing on it and has found it doesn't yet work as advertised... but they do offer a look into how it works."

The next step

I am the person who did the original testing for MacRumors. Here are the final steps:

The raw aac file that QTFairUse produces can be played in a windows app called foobar.

To play back in itunes is a little harder. One must run an application called faad.exe to fix the "atoms?" of the aac file. After that is done one must add the MPEG-4 wrappers using the program mp4creator found in MPEG4IPutils. Make sure to use the -optimize tag, or else the file will triple in size. After this is all done you end up with a m4a file with the decrypted aac content in a MPEG-4 wrapper playable in itunes.

Re:The Reg is Wrong

Um... it is a simple stream ripper.

Re:QuickTime hacked, not Apple DRM cracked

[ekephart]

"It is easy for Apple to change QuickTime to make this app useless, but it is nevertheless an interesting approach."

Yes an interesting approach. Effective, yes. Which forces us to consider - while it may be easy for Apple to change Quicktime, it does cost money (not an insignificant amount I imagine).

You can't beat an army with a stronger will and with greater numbers. It's why the US lost in Vietnam and why things will always be cracked. You can't beat an army of pirates (some perhaps academics) willing to crack for free.

Re:Asking for trouble AND vague description. Wow..

[LostCluster]

It's being compared to an analog hole attack because it doesn't actually solve the encryption scheme, but instead lets QuickTime do the decryption, and then captures the plaintext AAC file that is stored in memory.

Truely, it's still digital at that point, so it should be called the "plaintext hole".

Re:I bet...

[a+whoabot]

I bet Apple would like this to some extent. This could mean that content that people buy from Apple is worth even more to the purchaser than before, without any [direct] cost to Apple. I'm sure Apple would have wanted DRM-less content, but that would not have been a reasonable deal with the RIAA/copyright holders.

Maybe I'm wrong though.

wait a second...

[/dev/trash]

I thought that Jon was innocent, that he didn't actually write DeCSS but had help distribute it?

Similar reason as for DeCSS available ?

[Animaether]

I'm curious.. did he do this for a similar reason as the one he claims he created DeCSS for - namely to play back DVDs on Linux ?
I can't seem to find it in any of the articles, nor in his blog.

If there is no similar reason, does that mean that the reason of DeCSS's existence should be reviewed ?
Was 'hollywood' right, and he really just wanted digital dumps of the movies, just as - seemingly - he just wants a non-AAC'd digital dump of the music here ?

Not inciting a discussion on whether people should be allowed to do this in the first place - that's a whole other discussion :)

Re:QuickTime hacked, not Apple DRM cracked

[Magus424]

>>Unless, of course, DRM makes it into all hardware

New from mods-are-us! The no-solder PC mod chip! Simply install in any PCI slot, and enjoy DRM-free computing, for playing all your backup music and movies.

Only $199.99 while supplies last! Order before they're gone!


I can't wait to see the ads when that day comes...

Re:What DRM issue does this really fix, though?

[Quobobo]

Sigh. How many times does it have to be explained? Burning CDs and ripping them will obviously produce a slight loss in quality, as well using up a blank CD. Cracking the DRM on the files has neither side effect.

SOLUTIONS

[dasmegabyte]

Joy: Being able to listen to any of my songs the second it occurs to me
Sorrow: having to "authorize" myself to listen to music that I love

Solution: Burn a fucking CD and listen to that. No DRM.


Joy: sharing my favorite songs with my friends
Sorrow: Having to spend hrs giving friends tech support dealing with work arounds to stupid DRM measures that make them feel lost

Solution: Bring your laptop to their house, join their subnet. They can browse anything in your iTunes library. Of course they can't download and keep it forever, but if they did that then they'd never buy it, and your favorite artists would have to quit the business.


Joy: finding new music that I love
Sorrow: fearing getting busted for checking out someone's recomendation

Solution: There are many. Transworld music is installing listening booths at all of its stores allowing you to pick up and play any song you want to off any of your discs. There's also a 30 second preview on every song on iTunes (4 minutes for eBooks) and several services that let you stream an unlimited amount of any song you like. Then there's the complicated low tech method we've been using since the Jazz days: BORROW YOUR GODDAMN FRIENDS COPIES.


Joy: art, technology, freedom
Sorrow: greedy fuckers; the constant vigilance freedom requires

Solution: Lighten the fuck up. I'd like you to walk up to any artist after a show and explain to them why you feel you deserve to download their music without restrictions or limitations because you promise if you like it you'll pay them. Greed may drive Metallica, but it sure as shit doesn't drive the tens of thousands of independent artists whose music is also being stolen on the internet, who do not have the exposure to make up for lost sales, and who do not have the time, position or energy to fight the people spreading their art without so little as a link to their website. Not everything about controlling music is about money. One of my favorite boston artists, Edan, wrote a song called "Emcees Smoke Crack." It has spread all over KaZaa, and not one track even has Edan listed as the damn artist. So this cat has to work at Home Depot while people wonder when "MC Smoke Crack" is gonna come to their local club. The first thing you learn when you have to live full time as an artist is that if you don't get PAID, you don't LIVE as an artist.


Joy: Cracking the shit out of IP
Sorrow: It's come to this: having to justify it to the stupid Slashdot consumers

Solution: Intellectual Property is only a joke when you have never come up with your own. Try making something useful yourself and see how fucking sanctimonious you are about other people abusing it. Then maybe you'll quit stroking your peter over some utopia where nobody gets paid to create and you can just do whatever you want with it. I used to make kickass sandcastles at the beach, but people kept letting their kids kick them own the second I stepped away. What you're suggesting is a world full of crushed sandcastles.

Way to go

[cubicledrone]

Apple does EXACTLY WHAT EVERYONE SAID THEY WANTED and they still get fucked over.

This isn't about fair use any more. This is about "fuck over any company that uses price tags."

This entire argument has lost every last shred of whatever legitimacy it may have once had.

Re:QuickTime hacked, not Apple DRM cracked

[znu]

With just a handful of exceptions, all of the content being sold through the iTMS is also available on CD, which means it's already available in unprotected formats on the P2P networks. So I really don't see how this changes anything.

Re:QuickTime hacked, not Apple DRM cracked

[good+soldier+svejk]

You can't beat an army with a stronger will and with greater numbers. It's why the US lost in Vietnam...

According to Colonel William E. Le Gro, writing for the U.S. Army Center for Military History, the total strength of Communist forces in South Vietnam at the time of the 1973 cease fire was a mere 235,000. That pales in comparison to the peak American presence of 541,000 in 1969, much less the combined South Vietnamese government forces 1973 strength of 1,075,000.

Military strength was less important than political legitimacy as a cause of the US withdrawal, much less the Communist victory three years later.

Wow

[krashish]

This makes me so happy, man. I mean, what is better than a free music society? DRM is bogus, even the man is aware of this fact, man. So really, this is the sweetest peice of news I have listened to, man.

Re:No excuse.

[Rick+Zeman]

How about to play legitimately purchased songs on linux. Short of Wine, there's no other way to do that. Also, it is impossible to steal music here: you have to buy it before you can crack it.

How did you legitimately buy it on linux? Hint: you didn't. Another hint: You can't.

As for your 2nd clause: the copies can go where? Anywhere.

Re:Negative Impact..

[GigsVT]

I think that's inevitable anyway. There's no way you can have good DRM. It's just not possible. Copy protection always has, and always will be, a myth, designed to trick people in suits.

It's inevitable that they find out, sooner or later.

Re:Why do this?

[cpt+kangarooski]

However, assuming that the song in question is a recently produced song, say, within the last 14 years or so, the original framers of copyright would certainly have wanted the person who created that song to get due compensation.

This is clearly untrue. Copyright didn't encompass musical compositions until 1831; copyrights date back to 1710. Nor just anyone; it took until 1891 for foreigners to be eligible to receive American copyrights.

The purpose of copyright was to allow the creator of a work to have sole control over its sale for a limited time, or something to that effect.

No. To quote from the Constitution, "Congress shall have Power ... To Promote the Progress of Science and useful Arts, by securing, for limited Times, to Authors and Inventors, the exclusive Right to their respective Writings and Discoveries."

Madison, in discussing this with Jefferson during the framing of the Constitution wrote that he believed that while monopolies such as this were wicked, it might yet prove useful, since in a democratic government, their perniciousness could be moderated. "Where the power is in the few it is natural for them to sacrifice the many to their own partialities and corruptions. Where the power, as with us, is in the many and not in the few, the danger can not be very great that the few will be thus favored. It is much more to be dreaded that the few will be unnecessarily sacrificed to the many." Sadly, he didn't foresee RIAA et al.

Even as far back as the Statute of Anne, we see that the Act was intended to promote public learning; not to help authors. Helping authors was merely a means to an end.

By way of analogy, think of public schools. We have public schools purely in order to educate children. They also happen to employ a lot of teachers, but they're not really intended to -- that employment is just a side effect, a means used to achieve the real goal. If we could educate kids without the teachers, we probably would; certainly we don't seem to be in any great hurry to pay teachers more money, or to get more of them.

Thus, the purpose of copyright was, and is still, to promote the progress of knowledge -- a goal that benefits the public. Since authors are members of the public, it benefits them too, but not especially more than others.

When you examine the issues, you quickly find that there are two public interests intertwined with creative works. First, the public wants to spur the creation of new works -- original, derivative, whatever. We want more. Second, to be wholly unrestricted in our enjoyment and use of these works; to use them, copy them, preserve them, distribute them, make new works based upon them, etc.

Authors are particularly benefited by that last, since by relying on the work of others, they reduce the amount of work that they themselves need to do. And since the public is interested in new derivative works, there'll be an audience. See, e.g. most Disney cartoons, which are mere retellings of age-old stories that come as no surprise to anyone who goes to watch them. But we watch them anyway, because we _like_ seeing their take on the familiar classic.

Copyright strives to fulfill all of these benefits by, ironically, denying most of them initially in order to focus effort by authors on new original works. But the restrictions aren't pervasive, and over time they go away and we can fully enjoy the works and base derivatives off of it, which themselves are partially eligible for protection.

If we are within the limited time, then why should the artist not get paid?

Because it might not suit the public interest. That's also the reason for whether we're even in the limited time -- we might reduce or expand it, in either case trying to best serve the public interest. The fortunes of authors will hinge upon it, but even were there no copyright (as was the case for most of history) there's always going to be artists. Nor do we merely want the most arti

Re:Jon was probably more careful this time

[RLaager]

I'm not a lawyer and have limited understanding of international law. But, how would a 1982 treaty affect the claim to Sealand? The claim has been made since 1967. I realize that international law established by treaties can be binding on non-signers of a treaty in cases where it is generally accepted practice and (maybe and/or) when the majority of states are parties to the treaty. Still, in the interest of fairness, how could even a majority of states take away a pre-existing claim? What if the majority of countries in the world decided to gang up against another country and "revoke" their claim to sovereignty? That's absurd. The only way they could do it would be with force.

Re:QuickTime hacked, not Apple DRM cracked

[ShinmaWa]

the DRM on Apple's AAC files may be about to be rendered useless

I'm of the opinion that it was already useless. iTunes allows you to purchase the DRM'ed music, burn it as an Audio CD, then rip it as AAC, MP3, whatever you want without any DRM on it at all. The cost is a blank CD-R that, once done, is perfectly playable in any CD player, so its not even a wasted CD.

All this is possible with iTunes right out of the box without any special tools. All this "FairUse" tool does is save you one step.. and one CD-R.

My half-and-half take.

[Anonymous+Freak]

First, by the terms of service for the iTunes Music Store, you cannot do this. Attempting to circumvent the DRM renders your license to use iTunes null and void, and violates the terms of the Music Store, letting Apple cut you off. (Not that it matters to those who do this sort of thing.) Likewise, attempting to circumvent DRM violates the well-respected and highly loved DMCA, which could land you in jail.

Second, I feel that I have purchased this music, Apple phrases it as me purchasing it (rather than 'renting' it,) so I should be able to do whatever I want with it. The same as I can do whatever I want with a CD. As long as it doesn't break copyright law. For example, what happens if, god forbid, Apple closes its doors five years from now. It's very conceivable that I could still have my current Mac in 5 years, with all my purchased music. What happens when, two months after the doors close, I get myself a nice new G7 system at fire-sale prices? I obviously wouldn't be able to authorize that computer. And the RIAA wouldn't let Apple 'unlock' all music upon closure of Apple. So they only way to get my music to work on this new computer would be to use un-DRMed copies. So I can see a perfectly legitimate use for this.

As a note on my ethics: Once upon a time, I downloaded music off the internet. I downloaded movies off the internet. (And pr0n. LOTS of pr0n...) I downloaded software off the internet. (I also used Windows, which, to me, was the worst of my transgressions. :-) Nowadays, I don't. I don't agree with the RIAA, MPAA, and SPA, but I don't feel right violating copyright laws, either. I couldn't care less about my neighbors/friends/relatives/customers. If they feel like using an illegal copy of Windows, fine. (I'm a computer consultant, so it usually means more money for me fixing their computer.) But, I have ripped all my CDs to my computer, I have backup copies of all my software CDs (with the originals stored in a waterproof box in the basement,) and I often copy DVD-Videos to my hard drive so they are easier to watch later. So I like the ability to do what I want with my data, but I won't use those means to break any copyright laws. (Other than the DMCA, because I see the circumvention of DRM as a basic 'fair use' right, not as something that should be illegal.) One recent example is that I rented "Finding Nemo", but didn't get around to watching it before it was due. So I copied it to my computer, watched it the next day, then deleted it. That is considered fair use. I paid for the right to watch the movie for a limited time. I watched it, then 'returned' it (by both returning the DVD, and deleting the copy.) So I was within my fair use rights.

In closing, I will probably download this utility (or a final, fully functional version,) and just keep it on a disc somewhere, for the 'just in case'. Since everything I want to do with my purchased music falls within the limits of what Apple's DRM lets me do, I have no reason to use it. But, as in my example, if I ever have a need to move my music to a new computer, and the ability to authorize computers has gone away, I would want the ability to get around it. (Look at what happened to those Divx users. Some people purchased the 'unlimited' versions, and they're worthless now that the Divx service has closed. Not very unlimited.)

P.S. Yes, this violates the iTMS terms of service. Period. The terms of service say that doing ANYTHING to circumvent DRM revokes your rights. Even burning to Audio CD, and re-ripping into MP3 (or AIFF, or AAC...) can be considered a 'circumvention', because you did something expressly to rid the music of DRM. So all of you trying to justify it by saying that it isn't technically removing DRM need to re-read the terms of service (and the DMCA, for that matter.) ANYTHING you do that ends up with a non-DRMed file is circumventing DRM.

Re:QuickTime hacked, not Apple DRM cracked

• Non-pirates, but Hackers (us): Won't do it because their morals actually tell them that even if it IS easy, if there is NO chance of getting caught, it's still wrong, and so they don't pirate anything because of morals, but wanting to help the little guy too.

That's bullshit. You can't assume that all 'hackers' have the same set of morals.

For example, I am very talented at disassembling programs and changing them to what I need them to do (I do this as part of my job.) Sometimes I use these talents to crack software that, strictly speaking, I should have paid for.

I justify it using my own personal set of morals, that of course do not coincide with those implied by law. Or to put it another way, I don't really give a shit what the law says, or these supposed superior 'hacker morals' dictate.

On the other hand, I don't label myself a 'hacker' either, though I fit the description very well indeed. Why apply a generic label to yourself? It just dilutes your unique personality. There's no way I'm compromising who I am to fit in with some subgroup.

Perhaps your categories are just too narrow.

Re:kinda

[Bob9113]

I wish I had points and could mod a thread I've commented on. Your post is excellent. A few public points, then I'm off to your blog to try to contact you.

Price isn't necessarily determined by costs, it's determined by what the market will bear.

You're talking demand side, I'm talking supply side. Both are upper limits on the price, and act independently.

On the demand side, I think that the market would bear higher-than-zero prices for copies (as demonstrated by music sales in the pre-MP3 era (PME, haha)). Assuming this is the case, the demand side can't explain current behavior.

On the supply side, if copying has a zero cost, a manufacturer will always step into the profit margin between zero and the current price of copies - new manufacturers keep appearing at a lower price until the profit margin approaches zero. This is exactly what the original Napster was, incarnated at Internet speed. It is also what the Southeast Asian piracy market is all about.

If the market will only bear 0 price music, then the system has broken down, and the opportunity cost of spending most of your time as an artist will become much steeper.

I think you've shifted in this sentence to talking about the natural price of music. I strongly believe that the natural price of music is extremely non-zero. It has both demand side value (I love music, and buy a lot of disks (yes, still - as it stands I don't feel personally justified in pirating)) and supply side value (I play guitar - there is definitely a non-zero cost of producing new music).

But then we have a problem: the master copy costs $X to make and such costs (plus profit, which is really just a future cost) must be covered to create an economic system.

Ahh, here we go, the supply side. Keep going, you're getting close.

a capital-market model where you give the artist money after the fact to keep them making their art (whether software, music, etc.).

Yes. YES. YES. You've hit the nail on the head. The problem is how? Well then, off to your blog.

Re:Why do this?

[AvantLegion]

>> but that you're too lazy to burn the songs to remove the DRM.

He'd have to burn, re-rip, and re-encode.

That's twice through a lossy compression routine. It that makes you wonder if it will sound like ass, that's because it will.

Re:TCPA loophole?

[Andrew+Cady]

Even with the crypto challenge, there is an easy crack. Two PCs, one secure, one not. insecure transparently forwards the challenge to the secure and sends back the response.

Re:But the profit can be removed from producing

[Unknown+Lamer]

I think you are wrong. If you had ever tried to self-release a CD (like I have), you'd soon realize that it is expensive as hell to do so.

Want to record? Well, you need something to record with. A 16-track hard disk record will run you about a thousand. About the same to get an RME Hammerfall Lite used and a pair of eight channel Analog to Digital Converters (still around $800 just to do eight tracks at a time, which is more than enough). Then you need software which is expensive as hell. Or you can go down the Free Software route and use Ardour (which is entirely reasonable for a demo, EP, or first album). So then you need equipment to record with. Mics run about $90 a piece for SM58s ($85 if you know the pro-audio guy at the local shop) and $80 for SM57s ($75...). Then you need cables, stands, monitor speakers, etc.

So now you've just spent about $4000 (assuming $0 for software costs) on a rig that can be used to record at most a five piece drum kit. Of course, you can rent this system...and if you have a live sound PA the equipment you need overlaps very nicely (out of the $4500 in live sound stuff I have about $3700 worth of it [basically everything except for my PA cabs and monitors] can be used in a recording rig). Or you can just go and get a pro to do your recording at around $30 an hour (and that is on the low side). You'll probably end up spending a good fifty or sixty hours in the studio to lay down the tracks for a four or five song EP (assuming four minute song length).

Going down the paying-something-else-to-do-it route is cheaper in the short term (but having all of that equipment is more fun). Recording turns out to expensive, but getting cds pressed costs about the same. If you want a run of 1000 discs with one color printing on the disc and a two color single page booklet with two color inserts in the jewel case you are looking at around $1300. Anything less and the per-disc price becomes a bit...obscene. And I left out the money you have to spend on getting the artwork ready for press (even if you do the artwork yourself you still need to pay a print shop to pre-press it, and they charge an arm and a leg for their services).

Then comes the promo for the album...in the end, it costs a lot of money and only established bands that play fairly often to decently sized audiences can afford to do it without killing the members financially (because, quite honestly, if you are in a band that is self-publishing an album you more than likely still have a day job and that job is going to be low paying but allow you flexible hours so you can tour and whatnot).

Or you can go the cheapass route and record stuff in your friend's basement on his computer (in all the glory of two-tracks-at-a-time) and then get someone to burn you a few hundred discs, print a sheet of labels, photocopy said label sheet onto more label sheets at Kinkos, and then do the same for the booklet pages. Then you have your friends stay up all night in someone's room cutting out the booklets and stapling them together and building your jewel cases...ahh, good memories. Personally, I'd do that with a four or five track EP-length album to get the money up to press a short run of seven inch records and then use the money from the seven inches to get a real album recorded.

Then again, I'm used to being a part of the Hardcore Punk scene where one normally releases a split 7" record with another band (usually with the first run on some colored vinyl to make people want to buy it) before going on to record your own 7" and then an album or demo depending on how well the 7" did. I'll probably be looking at doing the same thing again in a month or so...