Slashdot Mirror
DVD-Jon Breaks iTunes Encryption For Linux Users
McGruff writes "The Register has a story regarding DVD-Jon's new hobby, iTunes DRM. According to the story DRMed iTunes AAC files can now be played under Linux via VidioLAN Client thanks to some handywork by Jon.
'"When you run the VideoLAN Client under Windows it will write the user key to a file. The user key is system independent and can thus be used by the GNU/Linux version of VLC," he explains.' Personally, this just means I will buy even more iTunes." (We mentioned in November Johansen's efforts to negate the iTunes restrictions on Windows.)
How long before people start exchanging their keys ? Now that the key can be had and used under virtually any platform, in an easily copied or transmitted file format, the copy-protection is effectively cracked.
Maybe we deserve this world ?
Awesome, I was waiting for this. Definitely a reason to consider iTunes now.
How long until someone writes a command-line AAC2mp3 converter?
-3Suns
~~~~
The Revolution will be Slashdotted
I am quite excited about this. VLC has always been my media player of choice, now the ability to play AAC DRM files in it just ups its ante.
While booting to Windows is a slight disappointment, I am sure DVD-Jon will remove that step ASAP.
I read Slashdot in Lynx, I am a real geek.
Does anybody else see something wrong with Apple having a program that only works on Windows and Macs? You would think they would be a little bit more understanding of those of us running "alternative" OSes.
Chaos will always win out over order because chaos is more organized
Norwegian programmer Jon Lech Johansen, who broke the DVD encryption scheme...
It was my understanding that DVD-Jon (as we're calling him now) did *not* actually break the DVD encryption scheme, but collaborated with some anonymous hackers who did. I think his involvement was more on the order of making it more accessible to the tyro. Could someone clear this up once and for all?
I wonder if Jobs will say anything about this in tomorrows Macworld Keynote. I kind of doubt it.
What do any of these people do with free time to break encryption schemes, contribute to oss, and build robotic girlfriends? I'm serious, how do you earn a living and still have time to do things like this?
Somehow I think that this is an example of the way software restrictions will continue.
Programmers will code the security so that the app only works one way, and some user will break it s it works elsewhere as well.
We need to have more thought put into coding so that apps will work more platforms, and also be aware that it is envitable (sp?) that somebody will crack it.
I broke a lot of digital clocks as a kid because I wanted to know what made them tick! I still got new ones, and broke them as well.
Here I come to save the da... *thud*
I gotta get me a shorter cape.
Link from the article to directly download the code: http://developers.videolan.org/cgi-bin/viewcvs.cgi /vlc/modules/demux/mp4/?cvsroot=VideoLAN
In Soviet Russia the insensitive clod is YOU!
I have an ipod, and use it together with the nifty GTKPod, Grip and beep to get my music onto the Pod and play tunes off it.
But I'm in Australia, and we don't have iTunes music store yet.
It it possible to use iTunes music store under Linux? Is it just a web site, with files you need iTunes to play, in which case I can use VideoLAN instead? Or otherwise?
In a worse case scenario, does iTunes work under Winex or Codeweavers Wine?
Seems like this crack can be patched.
I doubt Apple will call DVDJohn but I bet the RIAA will.
When will the this commie bastard be stopped from stealing money from corporations?????
Get in trouble. Long, laborious litigation. What was solved? Nothing. Consumers don't have more rights. It's still a pain in the ass to decode DVDs, and now he's on a bunch of corporate sharks' bad sides.
Then, he decides to go and pull this shit AND be vocal about it. Kid, seriously, grow up. Yes, it's very nice that you're demonstrating your "freedom". How about learning some common sense with that, Jones? You just got out of major litigation, now you want to swim back into it? Even a guy who jaywalks knows to avoid the police immediately after getting fingered.
Let's see, which of the following choices would've had the best effect:
* Immediately releasing a hack just after litigation.
* Releasing it anonymously.
* Waiting until the temperature settled, then quietly sneaking this past Apple and opening a bunch of doors in the process.
I vote the last one.
So where would a Linux user get purchased music from iTunes from? From his Windows or Mac computer. This is a what passes for win for Linux users??
It seems to be a cute exercise, but not a very useful thing, unless you hate Apple's horrific, evil DRM oh so much.
SIG:Slashdot: indymedia for nerds.
Just AAC2AAC? Only without the copy protection. That way we keep our compression loss to one generation.
No, you need the iTunes client to play any files you buy from the iTunes store. And No, it doesn't (yet) work under Wine or CrossoverOffice.
Christ, he just barely got away with the DeCSS thing. He should keep a low profile. They know where he lives. He's advertising to be arrested again.
What is the point here?
Ok, so you can play iTunes AAC files on *Nix PCs, provided you have the key. Wouldn't it just be easier to download it off of Kazaa? You can find cover art with google, and you can use SoulSeek to find high quality rips. That gets rid of two arguements right there.
iTunes DRM is WEAK, man. Burn it to CDRW and rip the sucker again, it's as easy as jumping over a subway turnstile. Why are we wasting time with a pointless thing like this, why not crack WMP or something harder with a better payoff?
You know, ever since Apple has released OS X and their new sexy metallic machines (what's next? Gallium?), their legal department has been surreptitiously quiet. This development might make the "evil" side of Apple show itself again... It will be interesting to see if this development will affect their stance any on Quicktime for Linux...
Slashdot's first reaction to VMware
That would be the way for apple to go if they were in it to make everyone feel good. But actually, they are in it to make money. And as you may have noticed, a lot of linux users don't like to pay for stuff. This is smart for Linux users, not so good for people trying to make money off of Linux users.
And of course, it could never be enough. port itunes to linux? Where is the Ogg Vorbis support? Got Ogg? Why doesn't it work with *insert random peice of sourceforge developed software here*
I know, nobody wants to hear that they are the prima donnas of the IT world. But I've got Karma to burn.
At least Apple's version of DRM would go virtually unnoticed by casual listeners of music. iTunes DRM was designed to deter heavy pirates, but in all fairness, their DRM scheme is the best of the bunch. There are several ways to circumvent iTunes DRM, but at least DVD Jon's implementation just means it's less of a hassle for the said casual user.
So if this guy is so great, has he broken Windows Media yet?
So can we change his name to iTunes-Jon. Or better yet how about iDVD-Jon. Kinda catchy, actually.
Due to a series of drive crashes I lost what music I bought from iTunes but, due to the way itunes works, I am unable to download the music again.
Why? It isn't like I bought a digital object, I just bought a string of bits.
So, what's the secret to iTunes DRM? What is the encryption algorithm and how are the keys stored and how did DVD-Jon figure it out? We want details! I looked at the code and it was a lot of big tables and bit twiddling code... no way for a mere mortal like me to deduce anything.
That's because any DRM scheme, no matter how permissive, is the camel's nose under the tent for much more intrusive schemes. Love the username, BTW.
Call (206) 338-5780 COLLECT for information about a genuine BA, BS, MA, MS, MBA, or Ph.D.
burn a cd --> rip to mp3
easy, simple.
don't waste your time.
------------------------------ SirPhreak - "It's Thinking..."
This is all well and good, but you can still download mp3's for free, and as far as i know, most linux users that i know of still download mp3's and don't pay a cent. Either that or if they like the music enough, will go ahead and buy the CD. Its a nifty crack, don't get me wrong, but i doubt the majority of linux users will take a stab at it.
...I'll be opening an iTunes account very soon, where previously I would not have considered it. The two primary computers where I listen to music are Linux PCs at work and at home. I'm unwilling to burn AACs to a CD and then re-encode them (with additional loss) into MP3s or Oggs.
I just hope Apple gets the message and removes all DRM from their music. At that point, I'd encourage others who do not have technical knowledge to buy music using the service as well.
I take it that it is the RIAA that mandates the DRM though and not Apple?
What has *science* done?!? -- Dr. Weird (ATHF)
Yeah damnit! He ruined it! I was really really happy paying the same price for 0s and 1s as I would for a product that I could hold in my hands, had pretty artwork and a case and better overall sound quality. It was sooooo cool that I could only play my 0s and 1s in 3 different places - it made me feel like I was part of an "elite music club" and was much better than CDs that *anyone* can borrow and enjoy - I mean after all, music shouldn't be enjoyed by everyone, just those with money to burn, right?
:(
Now what am I going to do?
Sunday you're Thinking Different, Monday you're a huge tool, paying too much and waiting to think like everyone else.
Not that I would advocate such use. But this requires the key to be distributed with each file. Keep in mind that said key is *known* by apple, and directly tied to your account, it isn't something I would recommend sending out into the wild. On the other hand, using it on your own equipment to get around that creepy three machine registration limit seems like a good thing. If anything ever happened to Apple and your registered machine bit the dust, being able to back up a valid copy of your key seems like a good thing.
:-)
The thing is that AFAIK VLC isn't set up to manage multiple key+file pairs. So it is useful for *your* library, but not various files downloaded off the net. For that reason, I doubt they will go after him.
My question is, how does the iPod decrypt the file without a key? Or is it simply using the parent boxes key? It seems to me that if that's the case it should be trivial to recover the key from an iPod directly, no PC required (Just a Mac
- Dubya
Just use a gift certificate... there are plenty of sellers on eBay. It's not such a ripoff, especially for the convenience.
On one side of the coin, this is definately great news for everyone not running Windows or OS X who still want to listen to their DRM'd AAC files. Now, there is some portability to these files, and the ability to cue them up in VLC.
On the flipside, when some music industry execs look at this and wonder why they can't control their content, there are a number fingers going to be point at the OSS community because of it.
Where do we draw the line at control? The **AA industries wants to control their content, and we (I use "we" very loosely) want to have control over that which we've purchased. But who truly owns the bits? A series of 1s and 0s? Who's allowed to make the rules?
I know who I WANT to make the rules, me, of course. But I also know who legally gets to make the rules at this point. Them. I don't want the music industry to get pissed off and take my iTunes away. I've found a legal, beneficial means to aquire my music. I want MORE options, not less because of wary industry execs who don't want to have their content cracked.
And let's not even bring the DMCA into the picture here...
Can you ping me now? Gooood! | Manhappenin.Net - Things to do
Now,
That's what I call sticking it in the entertainments industry's face.
Obviously DVD Jon has just been waiting to stick it to whom-ever he can.
"I've just been acquited, I think I'll yank their chains again".
Caution: Contents under pressure
I can't wait until all Slashdot comments are nothing but long strings of esoteric acronyms.
No, you need the iTunes client to play any files you buy from the iTunes store.
Well, apparently not any more: now I can also use VideoLAN as well as the iTunes client. What I'm asking is, can I download stuff from the iTms using software other than iTunes?
In actual fact they are the very picture of an evil corporation. They are just as bad as MS or IBM in it's day but they got the crap kicked out of them. Rather than learning from this (as IBM and SGI seem to) they've gone the cynical, rationalist way.
Expect Apple to sue or get DVD Jon imprisoned.
Nerd: Derogatory term typically directed at anybody with a lower Slashdot ID than you.
Hasn't anyone told you?
Apple gave them a design award...
Also I noticed Videolan Web Stats Only the 5th day of January
December Hits: 21144279
January Hits: 10434135
Already half of last months traffic!
Workers have ten times the rights as US workers. They have all sorts of odd holidays (like Ascension Day) in addition to the regular ones. I was just there over Christmas for a few weeks, and it seemed many people have about 2 weeks off- not to mention sabbaticals, 6 weeks vacation, STD (short term disablity) for stubbed toes... and taxes... did I mention taxes?
Those that suggest you "dance like no one is watching" really want to see you make a complete fool of yourself.
It is odd to me that with iTunes Apple has made it available to their historic "cross-town rivalvy" and yet have not made iTunes available for use in some other OSes. You'd think they'd even have packages for .deb's and .rpm's.
And how ironic would be it they decided that there wasn't enough linux users to be worth the effort. You'd think they would have hard feelings about that sort of thing.
"What we do in life echoes in eternity." Maximus Decimus Meridius
PCMCIA
OT: I'm not sure why the parent is marked as informative. Though I'm grateful for his answer, he apparently didn't actually read the article, not did he answer my question.
And while taking a hit off your bong, you fumble fingered your CD and scratched it and it wont play no mo'. Oh poor you. Well just call up Universal or subpop and have them send you a new CD.
Just consider it a lesson learned. At least its EASY and legal to back up a digital AAC file.
put down your bong.
Quick, get the files before Apple C&D's VideoLAN!!!! No rush. Thats what p2p is for !!
Do you commonly respect other people's opinions and wishes? Bad habit, that.
Apple's deal with the labels had to include DRM. I'm guessing Jobs doesn't care if it gets cracked, especially when I've read that iTMS only exists to get people to buy iPods (which is on par with Gillette giving away the razors to sell the blades...).
I mean, consider how easy it is to copy MP3s off someone else's iPod: Mount the iPod, open the hidden folder on the iPod drive with terminal (IIRC, it's plain old directory that starts with a period), and hey presto, start draggin' folders. How simple is that?
Apple's Legal team is probably spending more time worrying about Apple Record's law suit. Sosumi indeed...
My father is a blogger.
Exclusive Norwegian programmer
What's this phrase supposed to mean? He eschews C or Python, and only programs in Norwegian? (Heck, I didn't even know there was a compiler for it.) Or maybe they meant he only programs, and never does anything else? Or he refuses to program if he happens to be outside of Norway? (Maybe not a bad idea, considering his legal situation.) Or he just refuses to talk to l4m3rZ?
Did they mean "reclusive"? Or was it supposed to be a superlative, like "excellent" or "bitchin'"?
Maybe DVD John sould just move into a courthouse now
Im dreaming ofa big bndwdth, That can resist the
Your linked stats unfortunately don't tell the same tale you just did.
:P
All that those numbers show is that linux has remained at 1% from the beginning of your links all the way to the end.
This number has remained steady. Steady != Dying.
Because the exact number is not known, and the value presented is ~ rounded to 1%, the data you provided is useless for either side of this argument.
BTW: IE 5.5 & 6 work fine under crossover-office (and most probably under any recent version of wine). This nullifies your other numbers/argument.
Have a nice day troll
No. At least, not as yet.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
Do a search on iTunes for "Jenny" (you know... 867-5309) You'll see the Governator on one album cover. It is an old work out CD. Listen to a few samples. I was cracking up. "Now strech...KEEP YOUR ARMS STRAIGHT! And 1 and 2 and DON'T ARCH YOUR BACK!)
Heh... Even your sig has an acronym in it!
Slashdot's first reaction to VMware
respect... the fact that they dont want their stuff to be played on linux. Is that so hard for some people?
Yes.
"I assumed blithely that there were no elves out there in the darkness"
I'd bet he started working on the iTMS project a long while ago. He's just been acquitted twice for doing the same thing with DVD encryption. Now that he has rock solid precedent, he can practically walk into court without a lawyer if the recording industry sues him. He's got a great big whoop-ass stick, and it's time to use it.
In Norway, that is... Americans are still screwed.
Every song on iTunes Music Store has been available on the Peer to Peer networks within four hours. All the DRM does is frustrate legitimate consumer
I never got this line of logic. I have 3 Macs, a PowerMac at home and work, and a PowerBook for the road, I also have an iPod. Having a laptop makes it easy to mirror my music files to all three.
I've bought 153 songs from iTMS, and not once have a said CURSE YOU DRM, now have have to burn an music CD first. The DRM on iTMS is very non restrictive. I can burn songs for firends, I can burn songs for myself. I can play it on all my Macs.
If the RIAA forces Apple to include commercials, what excuses will the Mac zealots come up with? 'It's a good compromise'?
Nod, I just hate those CDs filled with commericals.
These terms may be tightened at any time, Johansen himself noted recently.
Or they may be expanded at anytime.
making it more accessible to the tyro
I had nothing to do with it... I wasn't there... you can't prove anything.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
um-- what if you kept the wav?
it can be done- it just sucks
every day http://en.wikipedia.org/wiki/Special:Random
It's getting to be a bit blatant that he does this simply for publicity now. It's not like Apple's DRM is that restrictive. Just burn to a cd, and rip. It's the way to back up files anyhow.
He's not doing it for Linux like he said he was for DVD, that's obvious because he tried on Windows first... In fact, I wonder if he was even decoding DVD's for Linux now a days.
He's just trying to prove that he has the right to do this. I may not be a norwegian lawyer, but I suspect that having the supreme court of Norway declare this not a crime is the only way that the legal right to play media that you own.
The answer is not to keep a low profile, that's equivalent to surrender. He did nothing wrong, and he needs to secure the rights of others to do the same thing before it's too later.
You can't judge a book by the way it wears its hair.
If you import mp3s into your library are they no longer mp3s?
Jaysyn
There is a war going on for your mind.
Interviewer: "DVD" Jon, you were just cleared AGAIN. What are you going to do now?
Jon: I'm going to break more proprietary encryption schemes!
I love watching Apple fanatics gnash their teeth and moan about "Ooooooh, this will RUUUUUIN iTunes".
Its like watching a circus under the tent.
I thought I heard that the iTunes Music Service wasn't really making much money for Apple and that it's real value is to sell more iPods. If that is the case, does it affect Apple at all? It seems that for most people, iPods will still be a desirable product, partly because of the associated iTunes Music Service and its ease of use.
In any case, I imagine that Apple will have to do something about it as they will surely be under pressure from the RIAA.
"this guy got balls the size of dorian fruit" - some guy in Freedom Downtime
I bought portable mp3 player (not iPod) just to discover that I could not send to it melodies I've purchased via iTunes.
So apple wants me do buy iPod. But it is too expensive for my daughter (I got her now $140 player with 256Mb RAM).
So I hope, some day there will be program to unlock
my purchased AAC files to be able to listed then on my mp3 player. I think this is fair use and should be permitted!
I can't understand why Apple doesn't port iTunes to Linux. If that where the case, I would use it more then I do now. Its a pain in the ass having to reboot just to do it.
until (succeed) try { again(); }
"iTunes DRM was designed to deter heavy pirates"
EEEEEEYK! WRONG.
iTunes does nothing to deter "heavy" pirates because they go to the store and buy the CD and then make copies.
iTunes is meant to deter casual piracy. Or do you think the Mob lines up with their powerbooks and says "Hey Luigi! Download the latest Matchbox20 album and then we'll use dis norwegian ding to do some heavy pirating!!"
Think it through, junior.
iTunes doesn't change the format of anything unless you tell it to, so they're still MP3s if that's what you imported. If you go to Advanced and click "convert to AAC", then they'll no longer be MP3s (though I don't think it actually deletes the original MP3), but otherwise they stay the same.
I wonder when the Slashdot community will come to its senses on this issue. Apple created an extremely useful, innovative and (for all its flaws) flexible way for us to purchase music we like online. What is our response? To lionize an individual who will doubtless make it more difficult for Apple and others to create similar innovations in the future. When Apple (or some other company) shops the idea of an "iTunes Movie Store" to the studios, they'll point to the broken AAC DRM, say "These systems are inherently insecure." and perhaps walk right out of the room.
The fact is that, if it weren't for @ssholes like Johansen GOING OUT OF THEIR WAY to screw up legitimate business plans, these systems would DEFINITELY be secure enough.
So, thanks DVD-Jon, for making cheap, flexibile digital media sales even more difficult for innovative companies to make a reality.
Jonathan
Oh come on! Is there something wrong with Adobe not having a linux version of Photoshop?
... my God - they all SUCK! The only one that I even kind of like (gThumb) doesn't behave like a "normal" image viewer should behave. (Of course that is totally subjective to what *I* think is normal and I understand that.) But I expect an image viewer to let me somehow (and I don't even care how - whether it's PGUP/PGDOWN, Left/Right mouse, Z/A, Up/Down Arrow, whatever) but somehow let me scroll through my images without loading a "playlist" first.
... Gnome/GTK stuff would be best for me.
Totally off topic here... and my comment doesn't even really relate to yours... but...
Personally I'd like to see Photoshop for Linux. (Well, the lite version anyway. I wouldn't be able to fork out the $500+ (or whatever it is) for the regular version. But I'd happily pay $59 - $99 for a decent quality (and decent looking!) image editing program for Linux... even if it wasn't OS.)
I do use the Gimp - and I'm all about Open Source and all - but sometimes it's just not as good.
And I don't like WINE. In my experience it's difficult to use and extremely unpredictable. (i.e. the same program may or may not run two times in a row under WINE. At least that's my (admittedly limited) experience with WINE.)
I don't like ImageMagick either. I'm not sure what Toolkit it uses (Tcl/Tk?) but it's ugly as sin. But ImageMagick's command line tools are real useful for scripting. convert, import, etc..
I'm sure I've tried other Image Editing programs in Linux but I can't think of any off the top of my head.
I can't even find a basic image viewer that I like. You know, simple to use, ultra light weight, no-frills-just-let-me-simply scroll-through-my-digital-camera-images Image Viewer.
GQview, gThumb, Eye of Gnome, Eletric Eyes, XV, K(anything),
Fortunately for me, my image viewing/scanning/editing needs are small enough that I willingly subject myself to the less than great quality of Linux imaging tools.
So if anyone knows of some "killer" imaging apps, by all means, let me know!! BTW - I prefer Gnome so like
(seriously, where did that 4% come from, cell phones and OS/2?)
This isnt really a breaking of the crypto.. the files are still crypted so far as I can see. It's more akin to figuring out how to play the files when you already have the rights. If it was breaking the encryption that implies a unprotection of content, a la DeCSS.
The claim is because Apple doesn't make money off of iTuness it won't hurt... but it will.
Steve Jobs clearly stated on more than one occasion that iTunes has done wonders for moving iPods (a big business, and growing).
iTunes got the Music industries backing because it was secure... if that trust is lost, after the contracts end, iTunes has no more content.
That means no more iTunes, and that lowers the sale of iPods.
All that can be good, can be used for evil.
Radiation can kill, and it can save lives. Without water we die. With to much, we drown.
iTunes is the same way.
You know you can choke to death on an Apple? If that NT computer that controls the Machines in the hospital goes down... you could die too.
It's all subject to success, and failure. Perhaps that's life.
My only beef is that DVDJohn is intentionally ruining the first digital success of legal Music, what could have been quite an industry. Apple already went to Windows... I would have bet, Linux was in the works. Apple needs the Open Source community, and knows that.
"DVD-Jon Sued By Lawyer-Craig"
Cyde Weys Musings - Scrutinizing the inscrutable
You sir, are clueless. I've purchased MORE music since the ITMS began than I did in the previous 7 years. It is an awesome service in that I don't have to leave the house to buy music that I want. Go buy your damned CD's that contain track after track of crap just so that you can get one good song. You were modded insightful. You should have been modded ungrateful.
Christ, he just barely got away with the DeCSS thing.
...the courts basicly swept the floor with the prosecution. First they took one loss. Then they took another loss which came about a month before it was expected, because the appeals court told them to shove it. They didn't even dare to appeal the case to the Supreme court, even though they could.
Also, note that the Supreme court is the chief authoroty on interpreting the law. Even if they felt that both the previous courts applied the law wrong, it would have been natural to appeal. They didn't even try to make the court interpret the law in such a fashion that DVD-Jon could be found guilty.
So in my opinion, the precedent is rock solid. I doubt they'll even risk yet another embarrasing, total and utter defeat like this.
Kjella
Live today, because you never know what tomorrow brings
I write commercial software. Our software doesn't (yet) work on linux/mac/windows... I would love for someone to find an easy way to get my software to as many different OS's as possible. Seriously if anyone was to port our product to a mac, or windows they would have a thank you letter and a job offer on their way. The difference between us and some of the other software products out there is we don't want lock in on a single system. We get more revenue from customization and support then we get from new sales However most of the profit in the customizations and support comes from new sales. Eventually the customer settles in and become a steady low support stream and thats about it. The more systems we can run on the more chances we have at getting a customer. The only reason we don't run on every OS/hardware configuration possible is the fact that it's non-trivial to port to all of these. It has nothing to do with our desire to support one OS.
So now give other RIO or Samsung MP3 players no excuse that they can't support Apple iTMS.
But this requires the key to be distributed with each file. Keep in mind that said key is *known* by apple, and directly tied to your account, it isn't something I would recommend sending out into the wild.
Yes, because we all know that average residential PCs never ever get hacked, right? I don't anyone has tried to prosecute over leaked serials either. There's simply too many plausible defenses.
Kjella
Live today, because you never know what tomorrow brings
I do sympathize, but I have to disagree with your logic.
It's a Slashdot axiom, but I'll repeat it here: If your business plan relies upon unbreakable encryption, it's a bad business plan.
That being said, I don't see how this is going to destroy iTunes. Yes, copyright violations are possible using these ideas. But I think you'll find that anyone who is using iTunes in the first place (rather than just nabbing whatever they want from P2P) is going to be the kind of person who wouldn't commit a copyright violation through iTunes, either.
Weaselmancer
Weaselmancer
rediculous.
"We're about to find out what Apple really thinks about Fair Use," Johansen told The Register via email.
Apple isn't in the music business. They don't care about the copy protection. That put in the minimal DRM they have in order to satisfy the recording industry, but anyone that wanted to, using only Apple software, can burn a normal audio CD with the track on it. Frankly, this is easier than the "crack" that this gentleman offers...instead of needing to manage a bunch of different keys, you just burn a CD.
iTunes is a way for Apple to sell more iPods, the publicity Jon generates helps Apple's cause!
If your business plan relies upon unbreakable encryption, it's a bad business plan.
There are plenty of solid business plans relying on unbreakable crypto; consider RSA Security or any of the VPN companies. But unbreakable DRM is another matter...
And I DON'T download music because most of it is a copyright violation, and despite your narrow-minded prejudices I'm afraid you will find that I and many other Linux users are very honest and would gladly buy things legally if we could.
Well, it's sending out two conflicting signals. On one side, you didn't pirate Windows instead, which leads to believe you have some ethics and is willing to purchase, not pirate. On the other hand, you didn't want to pay for an OS like Windows or OS X either, which in general indicates low ability or willingness to pay for stuff.
Overall though, it's a tiny market with not *that* many good customers, isolated speaking. Nerds (face it, Linux is nerdish) overall don't make great trendsetters, so it's not an important segment either. iTunes is busy trying to get the "trendy" people to use it, so the mass market will.
Not to mention I don't think they can do the pretense of DRM on Linux. On Mac/Windows they can blame the eeeeeeevil hackers breaking the proprietary system(tm), but you can't really accuse someone of "hacking" the underlying GPL system. So unless they throw proprietary hooks all over to make some "secure" audio path, it won't happen. That it is completely broken and ineffective on other platforms would be irrelevant in this case - they can't not try.
Kjella
Live today, because you never know what tomorrow brings
In order to play the file you have to decrypt the content. Tomorrow there will be another patch that lets you write the decrypted data to an M4A file; you can bet on it.
Look at the guy's posting history, its obviously a troll account. I doubt he gives a shit.
I understand and agree with you., It is kind of funny though if you take a step back from the pragmatic goals of a business especially with the history of Apple. Basically they are treating a computing community with the same "harsh" pragmatism that Microsoft has show them. There choice can be justified from business practice where dollars and cents are the bottom line but some businesses consider moral and ethical concerns occassional and had Apple done the same it sure would have made a story line.
Ah well...
"What we do in life echoes in eternity." Maximus Decimus Meridius
Plain AAC files are not encrypted. They're very like MP3s, really - licensed in a similar fashion (AAC is the audio layer from MPEG-4, just as MP3 was from MPEG-1). Just more advanced, with better quality for a given bitrate. The format isn't owned by Apple or limited to them in any way; there's no need to have a key to play it, or any other restrictions. If you rip songs to AAC yourself, or find .m4a files on the net, then this is what you're getting.
There are also encrypted AACs, which wrap the plain AAC in a FairPlay wrapper. This what you get when you download files from the iTunes Music Store (if it's available in your country, grump, grump), or if you find .m4p files on the net. Presumably, what the article is referring to is the ability to decrypt the .m4p file and extract plain AAC from it.
Anyway, I'll just repeat the point to make it blindingly obvious: you can wrap AACs in an encryption layer, but plain AACs are NOT encrypted. Thank you for your time.
Ceterum censeo subscriptionem esse delendam.
... which does nothing but gradually making IE report itself as Mozilla/Linux. Immediately all the big companies (at least one who check out netcraft regularly) will start producing Linux apps...
Not that I would condone this antisocial behavour, but the next logical step for a worm would be to install Lindows instead of W* (while preserving all user's files and settings, of course!)...
Hmm, sick...
Paul B.
It was my understanding that DVD-Jon (as we're calling him now) did *not* actually break the DVD encryption
That's why a lot of the Norwegian sites have begun to call him GUI-Jon for "graphical user interface".
No, You're wrong. You need and player that supports Quicktime to play the files.
If your business plan relies upon unbreakable encryption, it's a bad business plan.
So what about the business plan of any online store, especially the ones that ship physical goods to my house? They rely on a presumption that a man in the middle cannot decrypt HTTPS traffic and deduce credit card numbers.
Save an image as a jpeg, then open that file again, saving it as bmp or png, then once again open the file, and save it as a jpeg. The new jpeg will look quite bad.
Actually, if you use the same quantizer settings for both JPEG passes, you might not get much loss. I can see two fundamental differences between JPEG and MP3, AAC, Vorbis, and other common lossy audio codecs. First, JPEG uses a static quantizer, meaning that the content of a block does not determine how much detail the quantizer removes, unlike in lossy audio codecs. In addition, JPEG uses a non-overlapped transform; this produces block edge artifacts but ensures that errors in one block do not propagate to other blocks, unlike in lossy audio codecs. These characteristics combine to produce EnJPEG(DeJPEG(jpegfile)) == jpegfile more often than one would immediately think.
If you don't own an iPod, then you are one of the proletariat and therefore you suck. Everyone knows Apple invented the MP3 player, all other players, whether they came before or after just dont have that je ne sais quas.
I mean after all, music shouldn't be enjoyed by everyone, just those with money to burn, right?
If you're poor, just turn on the 'coursing radio.
the RIAA won't let Apple continue distributing in an easily-pirated format. Hello? Files that can be burnt to CD-RW (and subsequently re-encoded) are very easily pirated. The RIAA doesn't like piracy (hence the lawsuits), but it's capitalizing on piracy as an excuse to push DRM to the masses.
Litigious bastards
Now if they had simply said that the DRM had been cracked wide open and released as open source for anyone to use anywhere on any machine, this would be no less accurate, and would be less likely to cause friction between the RIAA and Linux, specifically.
Really, how does anyone ever expect to take us seriously if every time we do something in the name of freedom, we point at how it's "all for the cause of Linux", which does nothing but make us look like nutty hackers with no jobs and no life.
File under 'M' for 'Manic ranting'
You paid $9 for that crappy album that had only one good song? I bought the one track I liked and paid only a buck! And I don't waste shelf space for a whole sucky CD!
Good luck with that used CD, if you're lucky it's not even too scratched.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Keep an eye on Apple's home page tomorrow for a solution to your problem - and keep the receipt for your other player.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Have you spent any time with Apple products recently? Some of them are really very good! That's where this 'cool' thing is coming from.
Unlike Microsoft, an illegal monopoly, Apple has pressure on it to produce good products. So do most companies, but they suck at it.
The iPod is not an underdog product, it's a great product. It's expensive as hell, but it's so great that people will buy it anyway. That's cool.
Job offer? Hmm, sounds delicious- give me more information. What software? I want that job!
anata ha tard de gozaimasu
I've been programming in C since 1976. Either you understand the code or you don't. If you don't comments will not save you.
Need Mercedes parts ?
After examining the code, here's basically how the iTunes encryption works:
Every user account for iTunes gets a "user key". This gets sent to the computer at the the time of "Authorization" and gets written to a file on the hard drive. But it's not written out plainly, oh no. Instead, it creates a "system key" using several bits of data from Windows and the hardware and such. This system key is what's stored in the file.
To playback a song, the system key is derived from the machine and used to decrypt the file on the drive. This gives the list of user keys that machine is authorized to play, and these will decrypt songs using the same account (yes, each song is encrypted at the time of download, with the user key for that account).
This crack essentially works out how the system key is derived. Using that, it gets the user key, writes it off to a file, and can then decrypt any of that users songs.
Note that when you transfer a song from iTunes to the iPod, it does the same basic thing. Decrypts the file using the system key and reencrypts it using iPod specific information, then sticks it on the iPod. The iPod then does the same process as iTunes to play the file, more or less, it's just using a different system key.
This crack could be patched by changing the method to derive the system key from the machine, but not once the user key has been derived and written to a file somewhere. Once you have the user key, that can be used to decrypt the songs, and you're essentially done. Since you have the song files, and the key to decrypt them, no patch in the world could possibly fix it. They could fix it for newly purchased songs, but to do that they'd have to change every users key and reauthorize them. And that potentially breaks the authorization for songs that have already been purchased. They could start a new key without removing the old ones, in order to maintain backward compatibility and not piss off everyone who has used iTMS up until now, and then release new songs using only the new encryption, but it's essentially a dead end. The whole concept behind iTunes encryption is that once a machine is authorized, it can play songs without any outside intervention. Meaning that it has everything it needs to decrypt the songs right there on that machine. Meaning that as long as this is true, it can be cracked again.
I knew it was only a matter of time. I give it another 2 weeks before someone takes the code out of the drms.c, drms.h, and drmtables.h files and produces an M4P->M4A converter. Everything really needed to do it is in there. You read in the file, call this code to get the system key, call the code to get the user key, call the code to decrypt the DRMS section, then rewrite the file with a normal AAC data section instead. Not too difficult, although interpreting Jon's code is a PITA to say the least. The guy writes C code that reads more like ASM. Frankly, looking at the code, I think he simply found the relevant part of iTunes/Quicktime with a debugger and converted the relevant machine language straight into C with no major adjustments.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Comment removed based on user account deletion
wouldn't be so eager to start cracking media files.
:)
I mean, his just been let off on the DVD fiasco, his got some guts now going after the music industry by cracking the AAC format.....oh well
I can't count how many times I've found a song quickly and easily on iTMS that I couldn't find at a local used CD shop. Truthfully, I haven't used eBay for hunting down music, but that's mainly because I want my music NOW. :-)
I'm in Australia too, and I'd be quite willing to pay US99c a track for iTMS access if the local record companies would only get their acts together and make such a thing available to us.
Hopefully, the (expected) forthcoming availability of free AAC files for the download will spur them on a bit. After all, I'm quite happy to pay for AAC DRM files *now*, but I expect that many people will be much less prepared to pay a few months down the track when AAC DRM files are as "free" as MP3 files are now.
The Oz (and other, non-US) record companies have a window of opportunity to provide a good service that would get people signed up and paying, and it's suddenly shrunk by a lot. If they can provide a good enough customer experience, they'll get people paying even after these files are available "for free" - iTMS seems to be that "good enough service", so they'd better get moving or kiss that potential revenue goodbye.
How many lossy re-encodings would it take before you have nothing but gray noise? 10? 100? 1000? Someone should set up a script and find out.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
This also happened to four of the other five Norwegians I was there with.
I love the US.Wonder how it became so that the only part of US that is not free is the people.. Uh, the US..
Oh. Don't try that! We will just eat ERTESUPPE, cross the Atlantic in vikingships, lower our pants and FART YOU DOWN!!
WE WILL WIN, you "infidels"!!
He doesn't break anything, since you require a valid key - it just allows you to use it under another operating system?
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
The fact still remains, those 1000 lines of code represent his (and others) thoughts and ideas and be they English or C they are free speech. Thats probbaly why there are no comments - the code is the comment.
This time he has used GPL v2 license. DeCSS was NOT originally for Linux but was for Windows and was not GPL'd. Thus from free speech point of view DeCSS was tainted. This time he has at least used the correct license if he expects the code to stay free.
By appreciation, we make excellence in others our own property. - Voltaire
Well he was never arrested before. However his computer was taken by Okokrim for the investigation.
MOD PARENT UP
I wish I had mod points to give you a +1 insightful.
One would think that he would have learned about anonymity by now - that maybe it ISN'T such a good idea to plaster your name all over the place when you start breaking laws (yes, this is technically against the law, at least in the US, at least right now)...
I'm not sure I'd want Apple coming after me when I break their latest big hit...
dude, it's only a thousand lines. it's a one-shot program. he had no intention of going back and adding features for the next version, or improving on it in any way - it's for one single purpose! no need for comments here, move along now.
All comments are property of SCO.
Why not write some kind of WaveOut driver that, instead of playing it through your speakers, save whatever is sent to it to some file? You can then reencode it in another format (and even use it in that el cheapo MP3 player)...
:P
This way the DRM would be useless
The day car makers use the DMCA to forbif you fixing your own car you are going to be saying the same nonsense as above again.
Some people just don't deserve freedom...
IANAL but write like a drunk one.
He is clearly interested in Fair Use. The folks doing the ruining are the MPAA.
They want to destroy Fair Use. Apple struck a deal to get things moving. If Apple suffers over this, it won't be because of Jon, it will be because of the MPAA.
Personally, I applaud the guy. He is doing the right thing at the right time. This whole action is going to get a lot of people thinking. I believe in Fair Use, as do a lot of people --even if they do not know what it is legally. Morally they do and that is what counts in the end. If enough people continue to express their counter view, the law *will* change.
Remember, we all get older. Our chance at the law will come. Should we all just lay down and forget things until that time?
No, because we should not have to --for me that is reason enough.
Blogging because I can...
Learning to use OSS taught me a lot about software. Today I am 100 percent legal and intend to stay that way.
You know, the money saved on OSS can easily leave room for a few software purchases each year. I would gladly pay for those if they were offered.
It is *damn* nice not to have to make all sorts of justifications for the software I use. You would think software companies would be just craving enlightned customers that actually understood the value of their work...
go figure.
Blogging because I can...
"I've purchased MORE music since the ITMS began than I did in the previous 7 years"
II wouldn't brag about that... iTunes is a terrible deal for the consumer all around. It isn't even a little tempting.
You just think you're on the cutting edge of something... you're not.
Right. People make a lot of noise about wanting iTunes[MS] on Linux, but the fact is we've had zero people actually trying to make it work on Wine. When it first came out there were a few attempts to run it by end users, but so far nobody has sat down and hacked out the code necessary to make it work.
This tells me that probably the number of people who *really* care about this is reasonably small, they just make a lot of noise. Otherwise out of all those people who wanted iTMS, one or two of them would have sat down and hacked code.
Is anybody going to prove me wrong? I'm happy to give some tips, you know. You might want to start with the installer: it requires an unusual form of COM activation in order to start MSI (service-based). We don't implement this in Wine yet, but it wouldn't be hard to add.
Anybody?
Yeah, I think this almost certainly is. Huge amounts of bit manipulation, lots of magic numbers, meaningless variable names. No type safety? No comments?
I've seen code like this before, when people have disassembled Windows DLLs back into C then tried to submit it to Wine.
I'd say Jon is treading on very slippery slopes indeed with this code. It might be possible to show that it's been simply generated from the original code which is almost certainly copyright violation - laws against that certainly exist in Norway.
Don't you remove comments for job security?
He's just thinking about his future!
As for all the bit manipulation, what do you expect? It's crypto code.
The magic numbers are likely various keys hardcoded into the algorithm, and wouldn't be a problem.
This doesn't mean the code can't be problematic, but I don't think it's in any way obvious that he is treading on a slippery slope here.
Best funny jargon I've seen on /. (saved it to a local file for just such an occasion as this):
============
If I were a CIO or CTO debating the TCO of *nix vs. Win2K to a CEO, would IBM vs. SCO be the TKO that stops the CEO from approving A/P to pay my PO for RH's LGX?
FWIW, even if OSS is FAIB, if the DOJ considers *nix IP with a TM, then it basically becomes SCO's LIC, meaning our OSS becomes a CSS OS, which would RSTBO.
AIBO going w/ an ASP that manages our OS? BTA, we might end up w/ a BOFH giving us ZA, which WWAD PMS.
AFAIK, INMP if SCO wants to be ITM by enforcing its supposed IPR - *nix IP should be PD or GNU, like BSD just on GP, IYKWIM. I keep asking myself in this situation - WWLD?
Oh, BTW - IITYWIMWYBMAD?
============
Lots of petrified grits
Dude, he's a teenager. The code I wrote at that age was similar. Worse, in fact, because it was the mid-80s, I had a C64, and I was hacking in BASIC. At least his code is neatly formatted...
Is there anything cooler then breaking the encryption for publicity?
Shelf space for a cd? Are you joking with me boy? You won't like me when I get pissed off...
I have stored conservatively 1000 cd's into a 2x3 foot space in my closet.
As for reselling CD's, I'll bet I can get more selling a used CD than you can selling a used iTune.
Oh wait... you're not *allowed* to sell a used iTune. Sucker. Did I say $4 worth of music? You paid $1 for a radio quality song and then try to convince yourself you got a good deal.
But you call everybody else a dumbass, but corporations and banks own you. ha ha ha ha
"You have complete freedom to do anything you want with the file with the Finder"
What if I want to sell my iTune music to somebody.
What if I want to give my iTune music to somebody?
What if I want to move it to a new computer in 5 years. A non-apple computer.
You have the same freedom a dog on a leash does... all the freedom you want, as long as you don't go beyond that leash.
"At least its EASY and legal to back up a digital AAC file"
As opposed to the difficulty of backing up a CD?
He only took a hit of bong. You, apparently, are smoking crack.
" It's your loss not theirs."
No, he only lost a few crappy songs he would have disposed of again.
Apple lost a customer.
I noticed in the iTune fanatic world, Apple is doing people a favor selling their songs through iTunes. So that explains that when people criticize it, folks like you go crazy. Its like I'm attacking your entire belief system.
Sit back. Relax. Deep cleansing breath.
The customer is always right. What apple is doing is exactly the same as Wal Mart, Buy.com, or other services. There's nothing "special" about apple. They sure have a great mindshare. They make nice hardware (I bought an iPod!), but there is no difference betwen apple and any other manufacturer.
Now I know that deep down you don't believe that. You think it sets you apart to be part of apple. So do people who drive VW Beetles, or do anything that's out of the mainstream.
But its true. Apple is the same as everybody else. Its okay to think that. Its not an attack on you or apple.
You'll feel better when you know and believe that simple little fact.
for people who dual-boot Windows and Linux. As well as dedicated music pirates
Well, you must have "stopped" reading sometime before the music pirate section and then picked up again. Dual-boot is stated as a legitimate use, and others are more-or-less implied. While it is wrong to think in a "legal" sense that people will use such a thing for piracy, thinkly with "common sense" dictates that at least a few idiots to use this technology for less savory uses. If you look at everything from A-Bomb to Z, many things created in good intention are often abused.
I frown upon this sort of piracy
It's not piracy until you sell/give the re-encoded file away to somebody else. Until then it's fair-use (hint: think of devices that play Mp3 but not AAC).
I was recently looking at some code I wrote my freshman year of college for the senior level computer graphics class I (stupidly) took... It does all those nasty things and more. There isn't a comment to be seen either, just line after line of equations and pointer arithmetic in loops.
His code could just as easily be an example of of inexperience in working with others and in writing reliable code as from a decompiler.... Actually, it's cleaner then most decompiler code I've seen.
The lack of well named variables probably comes from a lack of true understanding of why it does exactly what it does. It's structure *is* probably derived from him looking at the disassembly.
Ahem, COBOL is still alive and kicking quite well these days. There's still more new COBOL (i.e. non-legacy maintenance) code being written than any other language but C. Plus the ANSI/ISO standard for COBOL was updated in 2002 giving COBOL as good (or better) object capabilities than C++.
COBOL isn't sexy. It's not "kewl". It's very misunderstood; most people only know it from code written before 1970. It is, however, still the best language for the task it was designed for.
Programming languages are tools. Each has strengths and each is best suited for specific jobs that require those strengths. I have always hated programming language elitism. Whenever someone says such-and-such language is the greatest or so-and-so language sucks I can instantly tell that this person doesn't have much of a clue about programming or application development. Would you hire a carpenter whose only tool was a hammer to build your house?
--
If I actually could spell I'd have spelled it right in the first place.
Crap. Replying to myself...
I *don't* write code like that anymore! Just wanted to throw that out there...
I tried it, but only 10, 25, 50, 100 reencodings, all at 128KB/s with bladeenc.
At 10x it sounds definitley worse, you can easily tell the degraded version from the original on the cheapest equipment.
At 25x ghost-noises increase, some instruments become very faint and vocals develop strange echoes.
At 50x it starts to become painful to listen to the song, noises are sometimes louder than the music, overshadowing it completely.
At 100x noises get so loud you can't understand the vocals, and only the most basic of notes manage to come through. Nevertheless, the song is stillt easily recognizable. It stopped beeing enjoyable somewhere between 10 and 25.
All the best,
rob
I was up about 22 hours when I wrote that. Big nasty winter storm, here in Portland, mixed with a broken water main and a neighbors leaky basement = a very long night.
(Just got up)
Blogging because I can...
Ahh, if only we could all live in your bug-free fantasy world!
The article was an exclusive. However, I think it would be pretty rare to program in norwegian, or indeed any language except english.
- Kaos games and encryption systems developer
I hate to mention this, but aren't we talking about a encrypted audio format that is also compressed at a lower quality than what can be had at CD-quality.. Not only are you paying for less, you are getting less.. These are probably the same people who buy DVD-RAM Video Camcorders, note these camcorders use MPEG compression which is ten times more lossy than DV-CAM's that use MJPEG (JPEG per frame, no bidirectional compression, etc..). Just like the guys who purchased color palm pilots.. And the advertising/marketing/sales people win yet again pulling more than just wool over your eyes.. Might as well have the bear rug as well..
Just say no to license servers!!