Slashdot Mirror
DVD-Jon Breaks iTunes Encryption For Linux Users
McGruff writes "The Register has a story regarding DVD-Jon's new hobby, iTunes DRM. According to the story DRMed iTunes AAC files can now be played under Linux via VidioLAN Client thanks to some handywork by Jon.
'"When you run the VideoLAN Client under Windows it will write the user key to a file. The user key is system independent and can thus be used by the GNU/Linux version of VLC," he explains.' Personally, this just means I will buy even more iTunes." (We mentioned in November Johansen's efforts to negate the iTunes restrictions on Windows.)
Link from the article to directly download the code: http://developers.videolan.org/cgi-bin/viewcvs.cgi /vlc/modules/demux/mp4/?cvsroot=VideoLAN
In Soviet Russia the insensitive clod is YOU!
Just AAC2AAC? Only without the copy protection. That way we keep our compression loss to one generation.
Why would you want to re-encode an AAC to an MP3? AAC already has superior quality. Just removing the encryption (for personal use) would be nice.
No, you need the iTunes client to play any files you buy from the iTunes store. And No, it doesn't (yet) work under Wine or CrossoverOffice.
It could be done with AppleScript under OS X. Simply tell itunes to play a given song, tell any old sound recording app to dump the computer's sound output to a WAV, convert to MP3 using LAME, and then grab the song's info via. AppleScript and put it into an ID3
The downside here is that you're losing quality encoding to MP3 (remember that AAC is also lossy). Unfortunately, there is no way to preserve full-quality without retaining the original file format.
Either way, I frown upon this sort of piracy. $.99 is pretty darn cheap (Note here that I have no objection to using this to play your OWN files under linux if it is the operating system of your choice. Just keep it to yourself)
-- If you try to fail and succeed, which have you done? - Uli's moose
Due to a series of drive crashes I lost what music I bought from iTunes but, due to the way itunes works, I am unable to download the music again.
Why? It isn't like I bought a digital object, I just bought a string of bits.
He was 15 when he broke the DVD encryption and now he is still only around 19. He doesn't need to work for a living yet.
unless you really think you are innocent
For the very very long story go here. It's one of the legal declarations from the case.
Yes, it was another russian pair I think....
But we let it be kept secret, infact the real secret is that the Xing Player KEys/code was used, buy had to be faked to look like it was reverse engineered.
In any case, TOO LATE NOW, its out of the bag, and no traces left, the way it was meant.
Liberty freedom are no1, not dicks in suits.
It's in Apple's interest that DRM be as unrestrictive as possible, since it means more music for people to play on their iPods, which indirectly helps market their iPods. It wouldn't surprise me if they go after people who break their DRM, to maintain good faith with their music industry partners, but not because it's any skin off their nose.
Either way, I frown upon this sort of piracy
What sort of piracy? I didn't see anything in your comment that described piracy.
Neither piracy nor copyright infringement for that matter.
No, it's not. Albums on iTunes are (with a few rare exceptions) $10. 95% of in-store albums cost quite a bit more than that.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
What?
-insert a witty something-
Uh, Xvid has gotten a lot better than you give it credit for. See Doom9's latest codec comparison.
In Soviet America the banks rob you!
I write commercial software. Our software doesn't (yet) work on linux/mac/windows... I would love for someone to find an easy way to get my software to as many different OS's as possible. Seriously if anyone was to port our product to a mac, or windows they would have a thank you letter and a job offer on their way. The difference between us and some of the other software products out there is we don't want lock in on a single system. We get more revenue from customization and support then we get from new sales However most of the profit in the customizations and support comes from new sales. Eventually the customer settles in and become a steady low support stream and thats about it. The more systems we can run on the more chances we have at getting a customer. The only reason we don't run on every OS/hardware configuration possible is the fact that it's non-trivial to port to all of these. It has nothing to do with our desire to support one OS.
So now give other RIO or Samsung MP3 players no excuse that they can't support Apple iTMS.
ffmpeg.sourceforge.net
Presumably, what the article is referring to is the ability to decrypt the .m4p file and extract plain AAC from it.
Well close but not quite. The article is dealing with playing encrypted AAC files, not removing the wrapper. The article is about getting the key and the wrapped file both to a Linuz box so it can play it. It is not about unwrapping the file to an un-encrypted file for playback anywhere.
The truth shall set you free!
After examining the code, here's basically how the iTunes encryption works:
Every user account for iTunes gets a "user key". This gets sent to the computer at the the time of "Authorization" and gets written to a file on the hard drive. But it's not written out plainly, oh no. Instead, it creates a "system key" using several bits of data from Windows and the hardware and such. This system key is what's stored in the file.
To playback a song, the system key is derived from the machine and used to decrypt the file on the drive. This gives the list of user keys that machine is authorized to play, and these will decrypt songs using the same account (yes, each song is encrypted at the time of download, with the user key for that account).
This crack essentially works out how the system key is derived. Using that, it gets the user key, writes it off to a file, and can then decrypt any of that users songs.
Note that when you transfer a song from iTunes to the iPod, it does the same basic thing. Decrypts the file using the system key and reencrypts it using iPod specific information, then sticks it on the iPod. The iPod then does the same process as iTunes to play the file, more or less, it's just using a different system key.
This crack could be patched by changing the method to derive the system key from the machine, but not once the user key has been derived and written to a file somewhere. Once you have the user key, that can be used to decrypt the songs, and you're essentially done. Since you have the song files, and the key to decrypt them, no patch in the world could possibly fix it. They could fix it for newly purchased songs, but to do that they'd have to change every users key and reauthorize them. And that potentially breaks the authorization for songs that have already been purchased. They could start a new key without removing the old ones, in order to maintain backward compatibility and not piss off everyone who has used iTMS up until now, and then release new songs using only the new encryption, but it's essentially a dead end. The whole concept behind iTunes encryption is that once a machine is authorized, it can play songs without any outside intervention. Meaning that it has everything it needs to decrypt the songs right there on that machine. Meaning that as long as this is true, it can be cracked again.
I knew it was only a matter of time. I give it another 2 weeks before someone takes the code out of the drms.c, drms.h, and drmtables.h files and produces an M4P->M4A converter. Everything really needed to do it is in there. You read in the file, call this code to get the system key, call the code to get the user key, call the code to decrypt the DRMS section, then rewrite the file with a normal AAC data section instead. Not too difficult, although interpreting Jon's code is a PITA to say the least. The guy writes C code that reads more like ASM. Frankly, looking at the code, I think he simply found the relevant part of iTunes/Quicktime with a debugger and converted the relevant machine language straight into C with no major adjustments.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Quote from Phil Schiller, VP worldwide product marketing Apple
There's also an article somewhere where Steve Jobs says more or less the same (and says he told the labels so), but I can't find it currently.Donate free food here
I tried it, but only 10, 25, 50, 100 reencodings, all at 128KB/s with bladeenc.
At 10x it sounds definitley worse, you can easily tell the degraded version from the original on the cheapest equipment.
At 25x ghost-noises increase, some instruments become very faint and vocals develop strange echoes.
At 50x it starts to become painful to listen to the song, noises are sometimes louder than the music, overshadowing it completely.
At 100x noises get so loud you can't understand the vocals, and only the most basic of notes manage to come through. Nevertheless, the song is stillt easily recognizable. It stopped beeing enjoyable somewhere between 10 and 25.
All the best,
rob