Slashdot Mirror
DVD-Jon Breaks iTunes Encryption For Linux Users
McGruff writes "The Register has a story regarding DVD-Jon's new hobby, iTunes DRM. According to the story DRMed iTunes AAC files can now be played under Linux via VidioLAN Client thanks to some handywork by Jon.
'"When you run the VideoLAN Client under Windows it will write the user key to a file. The user key is system independent and can thus be used by the GNU/Linux version of VLC," he explains.' Personally, this just means I will buy even more iTunes." (We mentioned in November Johansen's efforts to negate the iTunes restrictions on Windows.)
How long before people start exchanging their keys ? Now that the key can be had and used under virtually any platform, in an easily copied or transmitted file format, the copy-protection is effectively cracked.
Maybe we deserve this world ?
Awesome, I was waiting for this. Definitely a reason to consider iTunes now.
How long until someone writes a command-line AAC2mp3 converter?
-3Suns
~~~~
The Revolution will be Slashdotted
I am quite excited about this. VLC has always been my media player of choice, now the ability to play AAC DRM files in it just ups its ante.
While booting to Windows is a slight disappointment, I am sure DVD-Jon will remove that step ASAP.
I read Slashdot in Lynx, I am a real geek.
Does anybody else see something wrong with Apple having a program that only works on Windows and Macs? You would think they would be a little bit more understanding of those of us running "alternative" OSes.
Chaos will always win out over order because chaos is more organized
Norwegian programmer Jon Lech Johansen, who broke the DVD encryption scheme...
It was my understanding that DVD-Jon (as we're calling him now) did *not* actually break the DVD encryption scheme, but collaborated with some anonymous hackers who did. I think his involvement was more on the order of making it more accessible to the tyro. Could someone clear this up once and for all?
I wonder if Jobs will say anything about this in tomorrows Macworld Keynote. I kind of doubt it.
What do any of these people do with free time to break encryption schemes, contribute to oss, and build robotic girlfriends? I'm serious, how do you earn a living and still have time to do things like this?
Somehow I think that this is an example of the way software restrictions will continue.
Programmers will code the security so that the app only works one way, and some user will break it s it works elsewhere as well.
We need to have more thought put into coding so that apps will work more platforms, and also be aware that it is envitable (sp?) that somebody will crack it.
I broke a lot of digital clocks as a kid because I wanted to know what made them tick! I still got new ones, and broke them as well.
Here I come to save the da... *thud*
I gotta get me a shorter cape.
Link from the article to directly download the code: http://developers.videolan.org/cgi-bin/viewcvs.cgi /vlc/modules/demux/mp4/?cvsroot=VideoLAN
In Soviet Russia the insensitive clod is YOU!
Seems like this crack can be patched.
I doubt Apple will call DVDJohn but I bet the RIAA will.
When will the this commie bastard be stopped from stealing money from corporations?????
Get in trouble. Long, laborious litigation. What was solved? Nothing. Consumers don't have more rights. It's still a pain in the ass to decode DVDs, and now he's on a bunch of corporate sharks' bad sides.
Then, he decides to go and pull this shit AND be vocal about it. Kid, seriously, grow up. Yes, it's very nice that you're demonstrating your "freedom". How about learning some common sense with that, Jones? You just got out of major litigation, now you want to swim back into it? Even a guy who jaywalks knows to avoid the police immediately after getting fingered.
Let's see, which of the following choices would've had the best effect:
* Immediately releasing a hack just after litigation.
* Releasing it anonymously.
* Waiting until the temperature settled, then quietly sneaking this past Apple and opening a bunch of doors in the process.
I vote the last one.
So where would a Linux user get purchased music from iTunes from? From his Windows or Mac computer. This is a what passes for win for Linux users??
It seems to be a cute exercise, but not a very useful thing, unless you hate Apple's horrific, evil DRM oh so much.
SIG:Slashdot: indymedia for nerds.
Just AAC2AAC? Only without the copy protection. That way we keep our compression loss to one generation.
No, you need the iTunes client to play any files you buy from the iTunes store. And No, it doesn't (yet) work under Wine or CrossoverOffice.
Christ, he just barely got away with the DeCSS thing. He should keep a low profile. They know where he lives. He's advertising to be arrested again.
What is the point here?
Ok, so you can play iTunes AAC files on *Nix PCs, provided you have the key. Wouldn't it just be easier to download it off of Kazaa? You can find cover art with google, and you can use SoulSeek to find high quality rips. That gets rid of two arguements right there.
iTunes DRM is WEAK, man. Burn it to CDRW and rip the sucker again, it's as easy as jumping over a subway turnstile. Why are we wasting time with a pointless thing like this, why not crack WMP or something harder with a better payoff?
You know, ever since Apple has released OS X and their new sexy metallic machines (what's next? Gallium?), their legal department has been surreptitiously quiet. This development might make the "evil" side of Apple show itself again... It will be interesting to see if this development will affect their stance any on Quicktime for Linux...
Slashdot's first reaction to VMware
That would be the way for apple to go if they were in it to make everyone feel good. But actually, they are in it to make money. And as you may have noticed, a lot of linux users don't like to pay for stuff. This is smart for Linux users, not so good for people trying to make money off of Linux users.
And of course, it could never be enough. port itunes to linux? Where is the Ogg Vorbis support? Got Ogg? Why doesn't it work with *insert random peice of sourceforge developed software here*
I know, nobody wants to hear that they are the prima donnas of the IT world. But I've got Karma to burn.
At least Apple's version of DRM would go virtually unnoticed by casual listeners of music. iTunes DRM was designed to deter heavy pirates, but in all fairness, their DRM scheme is the best of the bunch. There are several ways to circumvent iTunes DRM, but at least DVD Jon's implementation just means it's less of a hassle for the said casual user.
So if this guy is so great, has he broken Windows Media yet?
So can we change his name to iTunes-Jon. Or better yet how about iDVD-Jon. Kinda catchy, actually.
That's because any DRM scheme, no matter how permissive, is the camel's nose under the tent for much more intrusive schemes. Love the username, BTW.
Call (206) 338-5780 COLLECT for information about a genuine BA, BS, MA, MS, MBA, or Ph.D.
Yeah damnit! He ruined it! I was really really happy paying the same price for 0s and 1s as I would for a product that I could hold in my hands, had pretty artwork and a case and better overall sound quality. It was sooooo cool that I could only play my 0s and 1s in 3 different places - it made me feel like I was part of an "elite music club" and was much better than CDs that *anyone* can borrow and enjoy - I mean after all, music shouldn't be enjoyed by everyone, just those with money to burn, right?
:(
Now what am I going to do?
Sunday you're Thinking Different, Monday you're a huge tool, paying too much and waiting to think like everyone else.
Not that I would advocate such use. But this requires the key to be distributed with each file. Keep in mind that said key is *known* by apple, and directly tied to your account, it isn't something I would recommend sending out into the wild. On the other hand, using it on your own equipment to get around that creepy three machine registration limit seems like a good thing. If anything ever happened to Apple and your registered machine bit the dust, being able to back up a valid copy of your key seems like a good thing.
:-)
The thing is that AFAIK VLC isn't set up to manage multiple key+file pairs. So it is useful for *your* library, but not various files downloaded off the net. For that reason, I doubt they will go after him.
My question is, how does the iPod decrypt the file without a key? Or is it simply using the parent boxes key? It seems to me that if that's the case it should be trivial to recover the key from an iPod directly, no PC required (Just a Mac
- Dubya
On one side of the coin, this is definately great news for everyone not running Windows or OS X who still want to listen to their DRM'd AAC files. Now, there is some portability to these files, and the ability to cue them up in VLC.
On the flipside, when some music industry execs look at this and wonder why they can't control their content, there are a number fingers going to be point at the OSS community because of it.
Where do we draw the line at control? The **AA industries wants to control their content, and we (I use "we" very loosely) want to have control over that which we've purchased. But who truly owns the bits? A series of 1s and 0s? Who's allowed to make the rules?
I know who I WANT to make the rules, me, of course. But I also know who legally gets to make the rules at this point. Them. I don't want the music industry to get pissed off and take my iTunes away. I've found a legal, beneficial means to aquire my music. I want MORE options, not less because of wary industry execs who don't want to have their content cracked.
And let's not even bring the DMCA into the picture here...
Can you ping me now? Gooood! | Manhappenin.Net - Things to do
You *did* buy a digital object. That was the original difference between Apple's store and the other DRM implementations: You have complete freedom to do anything you want with the file with the Finder. You just need authorization to use (play, burn) it in iTunes. You are free to, and Apple recommends that you, copy the file for backup purposes.
I can't wait until all Slashdot comments are nothing but long strings of esoteric acronyms.
It's in Apple's interest that DRM be as unrestrictive as possible, since it means more music for people to play on their iPods, which indirectly helps market their iPods. It wouldn't surprise me if they go after people who break their DRM, to maintain good faith with their music industry partners, but not because it's any skin off their nose.
Quick, get the files before Apple C&D's VideoLAN!!!! No rush. Thats what p2p is for !!
I'd bet he started working on the iTMS project a long while ago. He's just been acquitted twice for doing the same thing with DVD encryption. Now that he has rock solid precedent, he can practically walk into court without a lawyer if the recording industry sues him. He's got a great big whoop-ass stick, and it's time to use it.
In Norway, that is... Americans are still screwed.
making it more accessible to the tyro
I had nothing to do with it... I wasn't there... you can't prove anything.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
I damn well would have purchases several dozen songs from Itunes if they would have played in Linux. Unfortunately they don't. And I DON'T download music because most of it is a copyright violation, and despite your narrow-minded prejudices I'm afraid you will find that I and many other Linux users are very honest and would gladly buy things legally if we could.
"this guy got balls the size of dorian fruit" - some guy in Freedom Downtime
I bought portable mp3 player (not iPod) just to discover that I could not send to it melodies I've purchased via iTunes.
So apple wants me do buy iPod. But it is too expensive for my daughter (I got her now $140 player with 256Mb RAM).
So I hope, some day there will be program to unlock
my purchased AAC files to be able to listed then on my mp3 player. I think this is fair use and should be permitted!
I can't understand why Apple doesn't port iTunes to Linux. If that where the case, I would use it more then I do now. Its a pain in the ass having to reboot just to do it.
until (succeed) try { again(); }
The claim is because Apple doesn't make money off of iTuness it won't hurt... but it will.
Steve Jobs clearly stated on more than one occasion that iTunes has done wonders for moving iPods (a big business, and growing).
iTunes got the Music industries backing because it was secure... if that trust is lost, after the contracts end, iTunes has no more content.
That means no more iTunes, and that lowers the sale of iPods.
All that can be good, can be used for evil.
Radiation can kill, and it can save lives. Without water we die. With to much, we drown.
iTunes is the same way.
You know you can choke to death on an Apple? If that NT computer that controls the Machines in the hospital goes down... you could die too.
It's all subject to success, and failure. Perhaps that's life.
My only beef is that DVDJohn is intentionally ruining the first digital success of legal Music, what could have been quite an industry. Apple already went to Windows... I would have bet, Linux was in the works. Apple needs the Open Source community, and knows that.
If you get in touch with Apple tech support, inform them of your plight, and politely ask them to let you redownload the songs, they will authorize your account to download new copies of the song files.
I write commercial software. Our software doesn't (yet) work on linux/mac/windows... I would love for someone to find an easy way to get my software to as many different OS's as possible. Seriously if anyone was to port our product to a mac, or windows they would have a thank you letter and a job offer on their way. The difference between us and some of the other software products out there is we don't want lock in on a single system. We get more revenue from customization and support then we get from new sales However most of the profit in the customizations and support comes from new sales. Eventually the customer settles in and become a steady low support stream and thats about it. The more systems we can run on the more chances we have at getting a customer. The only reason we don't run on every OS/hardware configuration possible is the fact that it's non-trivial to port to all of these. It has nothing to do with our desire to support one OS.
So now give other RIO or Samsung MP3 players no excuse that they can't support Apple iTMS.
I do sympathize, but I have to disagree with your logic.
It's a Slashdot axiom, but I'll repeat it here: If your business plan relies upon unbreakable encryption, it's a bad business plan.
That being said, I don't see how this is going to destroy iTunes. Yes, copyright violations are possible using these ideas. But I think you'll find that anyone who is using iTunes in the first place (rather than just nabbing whatever they want from P2P) is going to be the kind of person who wouldn't commit a copyright violation through iTunes, either.
Weaselmancer
Weaselmancer
rediculous.
Have you spent any time with Apple products recently? Some of them are really very good! That's where this 'cool' thing is coming from.
Unlike Microsoft, an illegal monopoly, Apple has pressure on it to produce good products. So do most companies, but they suck at it.
The iPod is not an underdog product, it's a great product. It's expensive as hell, but it's so great that people will buy it anyway. That's cool.
Presumably, what the article is referring to is the ability to decrypt the .m4p file and extract plain AAC from it.
Well close but not quite. The article is dealing with playing encrypted AAC files, not removing the wrapper. The article is about getting the key and the wrapped file both to a Linuz box so it can play it. It is not about unwrapping the file to an un-encrypted file for playback anywhere.
The truth shall set you free!
After examining the code, here's basically how the iTunes encryption works:
Every user account for iTunes gets a "user key". This gets sent to the computer at the the time of "Authorization" and gets written to a file on the hard drive. But it's not written out plainly, oh no. Instead, it creates a "system key" using several bits of data from Windows and the hardware and such. This system key is what's stored in the file.
To playback a song, the system key is derived from the machine and used to decrypt the file on the drive. This gives the list of user keys that machine is authorized to play, and these will decrypt songs using the same account (yes, each song is encrypted at the time of download, with the user key for that account).
This crack essentially works out how the system key is derived. Using that, it gets the user key, writes it off to a file, and can then decrypt any of that users songs.
Note that when you transfer a song from iTunes to the iPod, it does the same basic thing. Decrypts the file using the system key and reencrypts it using iPod specific information, then sticks it on the iPod. The iPod then does the same process as iTunes to play the file, more or less, it's just using a different system key.
This crack could be patched by changing the method to derive the system key from the machine, but not once the user key has been derived and written to a file somewhere. Once you have the user key, that can be used to decrypt the songs, and you're essentially done. Since you have the song files, and the key to decrypt them, no patch in the world could possibly fix it. They could fix it for newly purchased songs, but to do that they'd have to change every users key and reauthorize them. And that potentially breaks the authorization for songs that have already been purchased. They could start a new key without removing the old ones, in order to maintain backward compatibility and not piss off everyone who has used iTMS up until now, and then release new songs using only the new encryption, but it's essentially a dead end. The whole concept behind iTunes encryption is that once a machine is authorized, it can play songs without any outside intervention. Meaning that it has everything it needs to decrypt the songs right there on that machine. Meaning that as long as this is true, it can be cracked again.
I knew it was only a matter of time. I give it another 2 weeks before someone takes the code out of the drms.c, drms.h, and drmtables.h files and produces an M4P->M4A converter. Everything really needed to do it is in there. You read in the file, call this code to get the system key, call the code to get the user key, call the code to decrypt the DRMS section, then rewrite the file with a normal AAC data section instead. Not too difficult, although interpreting Jon's code is a PITA to say the least. The guy writes C code that reads more like ASM. Frankly, looking at the code, I think he simply found the relevant part of iTunes/Quicktime with a debugger and converted the relevant machine language straight into C with no major adjustments.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
The fact still remains, those 1000 lines of code represent his (and others) thoughts and ideas and be they English or C they are free speech. Thats probbaly why there are no comments - the code is the comment.
This time he has used GPL v2 license. DeCSS was NOT originally for Linux but was for Windows and was not GPL'd. Thus from free speech point of view DeCSS was tainted. This time he has at least used the correct license if he expects the code to stay free.
By appreciation, we make excellence in others our own property. - Voltaire
One would think that he would have learned about anonymity by now - that maybe it ISN'T such a good idea to plaster your name all over the place when you start breaking laws (yes, this is technically against the law, at least in the US, at least right now)...
I'm not sure I'd want Apple coming after me when I break their latest big hit...
He is clearly interested in Fair Use. The folks doing the ruining are the MPAA.
They want to destroy Fair Use. Apple struck a deal to get things moving. If Apple suffers over this, it won't be because of Jon, it will be because of the MPAA.
Personally, I applaud the guy. He is doing the right thing at the right time. This whole action is going to get a lot of people thinking. I believe in Fair Use, as do a lot of people --even if they do not know what it is legally. Morally they do and that is what counts in the end. If enough people continue to express their counter view, the law *will* change.
Remember, we all get older. Our chance at the law will come. Should we all just lay down and forget things until that time?
No, because we should not have to --for me that is reason enough.
Blogging because I can...
Yeah, I think this almost certainly is. Huge amounts of bit manipulation, lots of magic numbers, meaningless variable names. No type safety? No comments?
I've seen code like this before, when people have disassembled Windows DLLs back into C then tried to submit it to Wine.
I'd say Jon is treading on very slippery slopes indeed with this code. It might be possible to show that it's been simply generated from the original code which is almost certainly copyright violation - laws against that certainly exist in Norway.
Don't you remove comments for job security?
He's just thinking about his future!
I frown upon this sort of piracy
It's not piracy until you sell/give the re-encoded file away to somebody else. Until then it's fair-use (hint: think of devices that play Mp3 but not AAC).