Slashdot Mirror
DVD-Jon Breaks iTunes Encryption For Linux Users
McGruff writes "The Register has a story regarding DVD-Jon's new hobby, iTunes DRM. According to the story DRMed iTunes AAC files can now be played under Linux via VidioLAN Client thanks to some handywork by Jon.
'"When you run the VideoLAN Client under Windows it will write the user key to a file. The user key is system independent and can thus be used by the GNU/Linux version of VLC," he explains.' Personally, this just means I will buy even more iTunes." (We mentioned in November Johansen's efforts to negate the iTunes restrictions on Windows.)
How long before people start exchanging their keys ? Now that the key can be had and used under virtually any platform, in an easily copied or transmitted file format, the copy-protection is effectively cracked.
Maybe we deserve this world ?
Awesome, I was waiting for this. Definitely a reason to consider iTunes now.
How long until someone writes a command-line AAC2mp3 converter?
-3Suns
~~~~
The Revolution will be Slashdotted
I am quite excited about this. VLC has always been my media player of choice, now the ability to play AAC DRM files in it just ups its ante.
While booting to Windows is a slight disappointment, I am sure DVD-Jon will remove that step ASAP.
I read Slashdot in Lynx, I am a real geek.
What do any of these people do with free time to break encryption schemes, contribute to oss, and build robotic girlfriends? I'm serious, how do you earn a living and still have time to do things like this?
Somehow I think that this is an example of the way software restrictions will continue.
Programmers will code the security so that the app only works one way, and some user will break it s it works elsewhere as well.
We need to have more thought put into coding so that apps will work more platforms, and also be aware that it is envitable (sp?) that somebody will crack it.
I broke a lot of digital clocks as a kid because I wanted to know what made them tick! I still got new ones, and broke them as well.
Here I come to save the da... *thud*
I gotta get me a shorter cape.
Does anybody else see something wrong with Apple having a program that only works on Windows and Macs? You would think they would be a little bit more understanding of those of us running "alternative" OSes.
Yeah, it's not like Apple has a vested interest in one operating system over another!
Oh wait...
Guys, Apple is no more altruistic than Microsoft. Apple is only cool because they are the underdog. Don't be expecting Apple to be something they aren't. That's where Linux and Open Source comes in.
Seems like this crack can be patched.
I doubt Apple will call DVDJohn but I bet the RIAA will.
When will the this commie bastard be stopped from stealing money from corporations?????
No, you need the iTunes client to play any files you buy from the iTunes store. And No, it doesn't (yet) work under Wine or CrossoverOffice.
That would be the way for apple to go if they were in it to make everyone feel good. But actually, they are in it to make money. And as you may have noticed, a lot of linux users don't like to pay for stuff. This is smart for Linux users, not so good for people trying to make money off of Linux users.
And of course, it could never be enough. port itunes to linux? Where is the Ogg Vorbis support? Got Ogg? Why doesn't it work with *insert random peice of sourceforge developed software here*
I know, nobody wants to hear that they are the prima donnas of the IT world. But I've got Karma to burn.
So can we change his name to iTunes-Jon. Or better yet how about iDVD-Jon. Kinda catchy, actually.
Not that I would advocate such use. But this requires the key to be distributed with each file. Keep in mind that said key is *known* by apple, and directly tied to your account, it isn't something I would recommend sending out into the wild. On the other hand, using it on your own equipment to get around that creepy three machine registration limit seems like a good thing. If anything ever happened to Apple and your registered machine bit the dust, being able to back up a valid copy of your key seems like a good thing.
:-)
The thing is that AFAIK VLC isn't set up to manage multiple key+file pairs. So it is useful for *your* library, but not various files downloaded off the net. For that reason, I doubt they will go after him.
My question is, how does the iPod decrypt the file without a key? Or is it simply using the parent boxes key? It seems to me that if that's the case it should be trivial to recover the key from an iPod directly, no PC required (Just a Mac
On one side of the coin, this is definately great news for everyone not running Windows or OS X who still want to listen to their DRM'd AAC files. Now, there is some portability to these files, and the ability to cue them up in VLC.
On the flipside, when some music industry execs look at this and wonder why they can't control their content, there are a number fingers going to be point at the OSS community because of it.
Where do we draw the line at control? The **AA industries wants to control their content, and we (I use "we" very loosely) want to have control over that which we've purchased. But who truly owns the bits? A series of 1s and 0s? Who's allowed to make the rules?
I know who I WANT to make the rules, me, of course. But I also know who legally gets to make the rules at this point. Them. I don't want the music industry to get pissed off and take my iTunes away. I've found a legal, beneficial means to aquire my music. I want MORE options, not less because of wary industry execs who don't want to have their content cracked.
And let's not even bring the DMCA into the picture here...
Can you ping me now? Gooood! | Manhappenin.Net - Things to do
He's trying to play media that he legally purchased on Linux. This is exactly the argument that he used in his DeCSS defense. Until Norway passes a law making that illegal, he's perfectly safe.
I can't wait until all Slashdot comments are nothing but long strings of esoteric acronyms.
>Kid, seriously, grow up.
What is wrong with him doing this and staying like this forever?
I mean, he should stop doing something just because "other people who know better" say that he should stop?
Should he stop becuase he could get into civil legal problems? That doesn't stop lots of "adults".
Should he stop because its "wrong"? Maybe some one could tell me where this is ethically wrong becuase I don't see it.
I say that he should keep doing what he likes to do and accept the consequences until he feels he shoudn't anymore and not what other people say.
Because in the end its his life.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Troll or clueless, I can't tell because as AC there's no post history.
Consumers, at least in Norway, do have more rights. They have the right to use DeCSS to decrypt DVD video to video on the player of their choice. They also, presumably, have the right to publish and obtain the DeCSS program.
Now, back in the land of the free, we have no such rights...why? Because we pussed out. We decided not to pursue our DeCSS case and let stand a lower court ruling that banned it. Oh yeah, this was much better than what Jon did, namely stand up for himself in court.
I'm not so naive to believe that Jon was selfless in his act (he was part of or closely associated with warez groups who were keen on cracking DVD encryption to allow for perfect all-digital rips rather than having to use analog loopback to capture card). But even if DeCSS has a seedy or sordid history no one wants to talk about, the point stands that DeCSS does have legitamate uses and that is where Jon's defense was founded.
When you have precedent set, you don't hide it in your desk and call it a day. You use that precedent to try and set new precedent that is even broader in scope. Jon has stood up to the might of Norway's MPAA/Attorney General equivalents, who now have major egg on their face. How likely do you think they will be to pursue another half-baked case against Jon? Jon is probably bulletproof against anything but real criminal behavior. As soon as the words "fair use" are uttered, I can't imagine there would be a government attorney crazy enough to get struck by lightning twice.
Releasing it anonymously would have only started a witchhunt that could have harmed a lot of other people, people who shouldn't have to be lightning rods for this same kind of treatment. But putting his name on it, yes, he is risked another trial but as I said, it is rather unlikely.
In this world full of people who puss out and settle for lesser charges (cough)Mitnick(cough) I think it's incredible that someone has the guts to put himself at risk to stand up for something. I only wish someone were that brave here in US courts.
-JoeShmoe
.
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
Is this guy an idiot?
Jon is a noble-hearted man who is standing up to tremedous odds and tremendous risk to fight for somthing that is good.
'round here, we call people like that heros
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
On the other hand, a frail man deliberately picked up a handful of salt, which was at the time a monopoly product of the British Empire. He was arrested for it, but this and other actions that fly in the face of "common sense" eventually freed India from British colonization.
How about that woman who was arrested for sitting in the front of the bus, when everybody knows that black people need to sit in the back?
I'm not saying DVD-Jon is anybody resembling Gandhi or Parks, or that his cause is nearly as important. What I'm saying is that many changes come from a small number of people noisily breaking unjust laws, rather than a thousand people quietly breaking it.
What?
-insert a witty something-
I'd bet he started working on the iTMS project a long while ago. He's just been acquitted twice for doing the same thing with DVD encryption. Now that he has rock solid precedent, he can practically walk into court without a lawyer if the recording industry sues him. He's got a great big whoop-ass stick, and it's time to use it.
In Norway, that is... Americans are still screwed.
making it more accessible to the tyro
I had nothing to do with it... I wasn't there... you can't prove anything.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Maybe I'm behind the times. I thought iTunes was still a U.S.-only service?
So how is Jon trying to play media on Linux that he's legally purchased when it can't be purchased in Norway? I'm just wondering.
After examining the code, here's basically how the iTunes encryption works:
Every user account for iTunes gets a "user key". This gets sent to the computer at the the time of "Authorization" and gets written to a file on the hard drive. But it's not written out plainly, oh no. Instead, it creates a "system key" using several bits of data from Windows and the hardware and such. This system key is what's stored in the file.
To playback a song, the system key is derived from the machine and used to decrypt the file on the drive. This gives the list of user keys that machine is authorized to play, and these will decrypt songs using the same account (yes, each song is encrypted at the time of download, with the user key for that account).
This crack essentially works out how the system key is derived. Using that, it gets the user key, writes it off to a file, and can then decrypt any of that users songs.
Note that when you transfer a song from iTunes to the iPod, it does the same basic thing. Decrypts the file using the system key and reencrypts it using iPod specific information, then sticks it on the iPod. The iPod then does the same process as iTunes to play the file, more or less, it's just using a different system key.
This crack could be patched by changing the method to derive the system key from the machine, but not once the user key has been derived and written to a file somewhere. Once you have the user key, that can be used to decrypt the songs, and you're essentially done. Since you have the song files, and the key to decrypt them, no patch in the world could possibly fix it. They could fix it for newly purchased songs, but to do that they'd have to change every users key and reauthorize them. And that potentially breaks the authorization for songs that have already been purchased. They could start a new key without removing the old ones, in order to maintain backward compatibility and not piss off everyone who has used iTMS up until now, and then release new songs using only the new encryption, but it's essentially a dead end. The whole concept behind iTunes encryption is that once a machine is authorized, it can play songs without any outside intervention. Meaning that it has everything it needs to decrypt the songs right there on that machine. Meaning that as long as this is true, it can be cracked again.
I knew it was only a matter of time. I give it another 2 weeks before someone takes the code out of the drms.c, drms.h, and drmtables.h files and produces an M4P->M4A converter. Everything really needed to do it is in there. You read in the file, call this code to get the system key, call the code to get the user key, call the code to decrypt the DRMS section, then rewrite the file with a normal AAC data section instead. Not too difficult, although interpreting Jon's code is a PITA to say the least. The guy writes C code that reads more like ASM. Frankly, looking at the code, I think he simply found the relevant part of iTunes/Quicktime with a debugger and converted the relevant machine language straight into C with no major adjustments.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.