Slashdot Mirror
DVD-Jon Breaks iTunes Encryption For Linux Users
McGruff writes "The Register has a story regarding DVD-Jon's new hobby, iTunes DRM. According to the story DRMed iTunes AAC files can now be played under Linux via VidioLAN Client thanks to some handywork by Jon.
'"When you run the VideoLAN Client under Windows it will write the user key to a file. The user key is system independent and can thus be used by the GNU/Linux version of VLC," he explains.' Personally, this just means I will buy even more iTunes." (We mentioned in November Johansen's efforts to negate the iTunes restrictions on Windows.)
No, you need the iTunes client to play any files you buy from the iTunes store. And No, it doesn't (yet) work under Wine or CrossoverOffice.
It could be done with AppleScript under OS X. Simply tell itunes to play a given song, tell any old sound recording app to dump the computer's sound output to a WAV, convert to MP3 using LAME, and then grab the song's info via. AppleScript and put it into an ID3
The downside here is that you're losing quality encoding to MP3 (remember that AAC is also lossy). Unfortunately, there is no way to preserve full-quality without retaining the original file format.
Either way, I frown upon this sort of piracy. $.99 is pretty darn cheap (Note here that I have no objection to using this to play your OWN files under linux if it is the operating system of your choice. Just keep it to yourself)
-- If you try to fail and succeed, which have you done? - Uli's moose
He was 15 when he broke the DVD encryption and now he is still only around 19. He doesn't need to work for a living yet.
unless you really think you are innocent
For the very very long story go here. It's one of the legal declarations from the case.
What?
-insert a witty something-
Uh, Xvid has gotten a lot better than you give it credit for. See Doom9's latest codec comparison.
In Soviet America the banks rob you!
After examining the code, here's basically how the iTunes encryption works:
Every user account for iTunes gets a "user key". This gets sent to the computer at the the time of "Authorization" and gets written to a file on the hard drive. But it's not written out plainly, oh no. Instead, it creates a "system key" using several bits of data from Windows and the hardware and such. This system key is what's stored in the file.
To playback a song, the system key is derived from the machine and used to decrypt the file on the drive. This gives the list of user keys that machine is authorized to play, and these will decrypt songs using the same account (yes, each song is encrypted at the time of download, with the user key for that account).
This crack essentially works out how the system key is derived. Using that, it gets the user key, writes it off to a file, and can then decrypt any of that users songs.
Note that when you transfer a song from iTunes to the iPod, it does the same basic thing. Decrypts the file using the system key and reencrypts it using iPod specific information, then sticks it on the iPod. The iPod then does the same process as iTunes to play the file, more or less, it's just using a different system key.
This crack could be patched by changing the method to derive the system key from the machine, but not once the user key has been derived and written to a file somewhere. Once you have the user key, that can be used to decrypt the songs, and you're essentially done. Since you have the song files, and the key to decrypt them, no patch in the world could possibly fix it. They could fix it for newly purchased songs, but to do that they'd have to change every users key and reauthorize them. And that potentially breaks the authorization for songs that have already been purchased. They could start a new key without removing the old ones, in order to maintain backward compatibility and not piss off everyone who has used iTMS up until now, and then release new songs using only the new encryption, but it's essentially a dead end. The whole concept behind iTunes encryption is that once a machine is authorized, it can play songs without any outside intervention. Meaning that it has everything it needs to decrypt the songs right there on that machine. Meaning that as long as this is true, it can be cracked again.
I knew it was only a matter of time. I give it another 2 weeks before someone takes the code out of the drms.c, drms.h, and drmtables.h files and produces an M4P->M4A converter. Everything really needed to do it is in there. You read in the file, call this code to get the system key, call the code to get the user key, call the code to decrypt the DRMS section, then rewrite the file with a normal AAC data section instead. Not too difficult, although interpreting Jon's code is a PITA to say the least. The guy writes C code that reads more like ASM. Frankly, looking at the code, I think he simply found the relevant part of iTunes/Quicktime with a debugger and converted the relevant machine language straight into C with no major adjustments.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.