Slashdot Mirror
New Tool Cracks Apple's FairPlay DRM
goombah99 writes "PlayFair is an integrated utility that removes the DRM from AAC music files protected by Apple's FairPlay encryption. Information is limited, but the source code is on SourceForge.net and it appears to actually remove the encryption itself and not simply hijack the QuickTime audio stream as earlier methods did. The cracking operation can only be done on songs the user has already has valid licenses for and requires either an iPod or a windows computer for key recovery. If you choose to redistribute these songs you will be violating the contract you bought them under: better hope they aren't watermarked or you might end up paying for releasing one in the wild. To me the authors are vandals not revolutionaries, and may have ensured WMA becomes the standard."
SourceForge has already deleted it off of all mirrors.
Apple bought VeriDisc. They didn't license FairPlay; they own it.
The breif descriptions says the following:
Most of the heavy lifting for this program is done by the mp4v2 and mp4ff libraries.
Does this thing reencode the files? If so, how is this any sort of breakthrough? We could already do that.
At the moment, it's illegal in the US under the DMCA. You might not like it, but that's a different question.
The most rabid believers in American Exceptionalism are the exact same people whose policies are destroying it.
by ExtremeTech. Sorry.
-- I'd give my right arm to be ambidextrous
Although Sourceforge have pulled the .tar.gz mirror, you can still login into the CVS and get it:
/ playfair login
/ playfair checkout playfair
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot
Your existing songs won't become useless, you just won't be able to buy any new ones.
You can't buy any new ones because your new billing address will be in Canada. But this won't prevent you from playing your existing protected AAC files, or even from authorizing/deauthorizing your existing computers.
You can still get the previous version, which was released a scant 5 days ago. It's nothing special, just a clever way to get at the private keys that breaks the PKE scheme.
I mean, all "hacks" on DRM of this nature (single authority source, encrypted carrier, hardware or firmware enforcement) will be exactly the same technique. The question is how do you get at the unencrypted scheme or your session keys... this is an example of how to do that under Fairplay w/iPods.
Point being, at some stage you have to store a decryption key somewhere, and all you need to is intercept it or extract it. It checks your iTunes for it's user key, or generates the one the iPod would (eventually) use. Apparently using this and MD5 hashing of information from each protected song, you get a session key which can decrypted the DRMS atom (AES if you were wondering... figures). And that's it.
I wouldn't really call it hacking... it's reverse engineering and re-implementation of Veridisc's algorithm.
Point is, I was waiting for someone to finally hunker down and pick it apart. Now I know... so if I ever run into a situation where I need the unprotected stream, I can get it, but you're not going to see me giving these unprotected streams to my friends... I paid for them! I just need to increase my value.
Now I can use the AAC streams in my car (got a laptop rigged up... OGGs, MP3s, and now iTunes... heee heee!)
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
If an iTunes DRM'ed protected AAC file found it's way legally to your hard drive, I'm going to guess that happened using iTunes, the terms of which you agreed to. So, if you agreed to to their terms before using their service, I believe you are going to be legally bound to those tunes, no?
What things are you legally entitled to do as specifically written in copyright law that Apple iTunes prevents you from doing? I would highly advise you read section IV of the ruling in the MPAA v. 2600 case for more information on "fair use". The term is so heavily misused on Slashdot that it has become meaningless.
Forget the whales - save the babies.
> If Apple had any sense, then they will have watermarked the AAC files in some way to identify the owner of the file
/. what the result is.
Some sort of watermark based on a hash of the DRM key perhaps?
Fine:
Joe has "Invisible Touch" and runs fairplay on it. he takes the resulting DRM-free AAC file and runs md5sum. He then posts on
Bill also has "Invisible Touch", and follows the same process that Joe did. He discovers one of two things:
The file hashes are identical, thus removing fear of retribution by fanatical enforcement agency personel.
The file hashes are different: So Bill posts his, in the odd chance that maybe it's just a fluke, and waits for other people to do the same.
Well, I don't have iTunes, so I can't join in the fun. Anybody want to try this out?
Support FSF: Stop thinking with your wallet, and think with your imagination. (cc/non-commercial)
Google finds links, but doesn't do your research for you. Windows Media Player for Mac currently only supports up to WM8 codecs. WM9 is not yet playable on Macs. Microsoft will get around to it eventually, but WM9 codecs have been out for a while.
I've been circumventing the security since the iTunes music store came out. All you need is a CD burner. Burn your purchased music to audio CD then rip that CD back into itunes as MP3s without any security. This news changes nothing.
Quit yer trolling...who said anything about violating copyright laws? If I'm working on my car and want to refer to some pages out of the shop manual, I'll make a copy of the relevant pages and work from those so the manual doesn't get dirtied up. That is fair use. Another example of fair use is dubbing a CD to tape so I can play it in my car (which doesn't have a CD player). That's also fair use. How, then, is stripping the DRM off an .m4p so I can convert it to Ogg Vorbis for playback on my Palm (an example of format-shifting analogous to the aforementioned CD-to-tape dub) not fair use? It's only copyright infringement if I turn around and put the resulting .m4a files up on $P2P_NETWORK or otherwise distribute them to others.
20 January 2017: the End of an Error.
Songs bought and downloaded from iTMS are watermarked with your account information. Checking out the source for the song with a simple text editor I was able to clearly see my name and email address used for purchasing from the store. I don't know yet if these are stripped when playfair strips DRM, but it's worth verifying before you start playing pirate again.
Besides, CD quality is still better audio.
==========
support the arts!
www.smadness.com
I haven't done this or even tried, just that sometimes to get things unencrypted all you really need to do is read the memory location where the piece is stored after decryption. Just write it out to a file adn viola, you have the unencrypted file.
ALL of my songs are free from pepsi caps and no one knows ANYTHING about me other than the internet cafe IP address.
All other account info is fake. no credit card.
free itunes music, no DRM, thanks pepsi
The answer is yes, as long as you know how to login to cvs, checkout the playfair module, configure, make, and make install.
Here you go.......
Fellowship 9/11
Not to further fuel the flames, but it's not quite that straightforward.
I think part of the problem is that folks are looking at AAC as 'Apple's format.' It's not. AAC -- Advanced Audio Coding -- is an open standard; there's an ISO number for it, and it was come up with by the MPEG standards group. AAC is to MPEG4 what MP3 (MPEG1 Audio Layer 3) was to the original MPEG. AAC itself is quite widely played by software players -- more than just iTunes -- and is more or less the intended successor to MP3. (NOTE: Intended. I make no predictions about whether or not it will actually happen.)
Where you can point the finger at Apple is on their DRM implementation on top of AAC; that's not part of the AAC specification, and so means that while an un-protected AAC file can play on iTunes, WinAmp, etc., a protected iTunes Music Store one cannot. THIS is a little unfortunate; I'd love to be able to load protected AAC onto my NetMD minidisc player without having to burn it to CD first.
WMA makes me more nervous as a format, because as far as I know it's controlled by a single entity (Microsoft) instead of an open group (MPEG standards group). However, it can't be discounted that WMA's integration of DRM has made it the more attractive commercial option for folks, since it's possible to make differing players handle the same DRM-protected files.
Whether or not AAC with some form of DRM will catch on remains to be seen, I guess.
--Rachel
It is just as illegal. Actually, more so. Downloading copyrighted music is simple a copyright infringment. (at the moment) This means it falls under civil law.
However, creating a tool like this circumvents a copyright protection scheme. This is a criminal act punishable by up to 5 years in prison or $500,000, under the DMCA of 1998. (section 1201)
As an aside you mention if Apple had it's way...Even at the risk of appearing as an Apple apologist...Apple didn't want DRM at all. They struck a deal with the RIAA. Essentially the RIAA said, NO DRM, NO MUSIC. Apple said, okay...we'll put in a little DRM. I wish I could find the quote from Steve Jobs but he essentially said, "DRM is stupid, users want control of their files and rightly so, DRM will kill the market."
Fair use is not a constitutional right; it's granted by a specific piece of legislation.
...
Actually Fair Use is common law, not positive law
The Easynews mirror (what I normally use) didn't have it. It might not have synced over yet. UNC had it. I just wrote a Gentoo ebuild (cribbed it from another ebuild, really) for it, and it grabbed it from the Belnet mirror.
Speaking of the ebuild, here it is:
# Copyright 1999-2004 Gentoo Technologies, Inc.
z "
# Distributed under the terms of the GNU General Public License v2
# $Header: $
# Short one-line description of this package.
DESCRIPTION="Playfair enables fair use of iTunes Music Store downloads."
HOMEPAGE="http://playfair.sourceforge.net/"
SRC_URI="mirror://sourceforge/playfair/${P}.tar.g
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="x86"
IUSE=""
DEPEND=""
S=${WORKDIR}/${P}
src_compile() {
econf || die
emake || die "emake failed"
}
src_install() {
einstall || die
}
Dump it in /usr/local/portage/media-sound/playfair, make sure PORTDIR_OVERLAY is set in /etc/make.conf, and issue emerge --fetchonly playfair && (cd /usr/local/portage/media-sound/playfair; ebuild playfair-0.2.ebuild digest) && emerge playfair to install.
20 January 2017: the End of an Error.
As an addendum, everything I've ever read -- including the PlayFair website linked to in this article -- says that FairPlay was licensed from Veridisc. So before anyone points fingers to tell me that Apple didn't write FairPlay, yes, I'm aware of that; they took an open standard and a publicly licensed DRM technology which can wrap digital files, and put the two together.
:)
In theory, anyone who wanted could use the FairPlay DRM and thus play Apple iTunes Music Store music. However, AAC not having an inherent DRM seems to have discouraged everyone but Apple from using it commercially, whereas WMA has the DRM right there so if you're using WMA you don't have to go shopping for separate DRM solutions.
That was the point I attempted to make in the earlier post.
--Rachel
Name some of those "most countries". Your statement is wrong in all Common Law countries, almost all of Europe, and pretty much everywhere else that I'm aware of.
Well, technically, you are correct that contracts can't take away rights. However, you can give up rights as part of your consideration to form a contract, and that is legally enforceable. There are certain rights that you cannot give up this way, but none that are applicable here.
Tried it on a single purchased track from iTunes. Compiled playfair on my linux box, transferred the .m4p file over, put its drm key into ~/.drms, and playfair converted it in seconds.
.m4a) perfectly thru Winamp5.
I then moved the file over to my laptop which has never seen iTunes or an iPod, and was able to play the file (renamed to
So far, one good data point!
Score:4 Informative?
How many WMA9 drm file have you played on WMP for Mac then? None, since it doesn't actually play them.
Why do you think none of the WMA online stores support Mac (or anything apart from Windows).
>Dont talk trash unless you really know what you are talking about....
Quite...
Must read for all of us libertarians and others:
. html
is part 4 (with links to the other 3 parts)
William Stone III explodes the Myth of Intellectual Property in a series of articles entitled
Law Versus Reality
http://www.webleyweb.com/tle/tle265-20040404-09
Part 1
quote from the article:
I've argued that information shares none of property's unique characteristics, therefore information cannot be treated as identical to property.
Help achieve Liberty in your lifetime - join the Free State Project - http://www.freestateproject.org
For the n^th time, WMP for OS X does not support WMA's DRM scheme. Or, to be a bit more specific, it only supports it's first version, which never became generally used and is now practically obsolete.
Every online music store out there uses version 2 of WMA's DRM.
“Wait for Hurd if you want something real” –Linus
Uh, kinda odd for them to be using AAC then, isn't it?
And why exactly would Apple be charging royalties for AAC use? It's one of those open standards you seem to champion (despite your lack of familiarity with them), and Apple not a creation of Apple's.
And WMP has SHITTY support for DRM WMA on Mac. It doesn't work half the time. Please try your DRM solution later. Thank you.
FTR, last couple of albums I bought were also through a site referred to in a Slashdot story: Magnatune.com. I love music and I'm happy to pay for it.
Quack, quack.
Thing is, that part of the contract is not valid in many countries. As one example, in Sweden it is expressly allowable to break encryption or other mechanisms whose primary purpose is to limit the use of the media by its owner. So there, at least, this tool would _not_ break that contract.
Trust the Computer. The Computer is your friend.
My problem with Apple's DRM is that it counts individual users on a computer as "separate" computers in the licensing scheme, meaning that a song I purchase from their store, won't work on all my machines.
There's my work machine, my home machine (two users, my wife and I), her 20GB iPod, my iPod Mini, and my laptop. Oh, whoops, can't do that, just ran out of licenses, and that's not even counting the old Pentium II that keep around as a print server/backup machine.
Or, are my wife and I not allowed to share one download? We can own a house together, but not an audio file?
Fortunately, via m4p2mp4.exe you can strip the DRM out of them as necessary, or do the old m4p->CD audio->mp4 conversion, though recreating metadata is a bit of a pain in the arse.
When in danger or in doubt, run in circles, scream and shout. --Robert A. Heinlein
Stealing = taking something with the intention of permenantly depriving its owner of possession
Copyright violation = making an unauthorised COPY of something
YOU CANNOT STEAL SOMETHING BY MAKING A COPY.
Read Pynchon.
That's an oversimplification, of course. To give just one example, I believe that photocopying one chapter from a book to distribute to students in a class for educational reasons, charging them no more than the cost of the coyping itself, has generally been held to be fair use.
Here's a reference with some further details on copying for educational purposes. (Not that educational justifies any copying, or that it is the only such justification. But it's one good source of examples.)
--Bruce Fields
Apart from the Mac WMP's inability to play WMA files (mentioned by six replies already), iTunes always allows you to burn on CDs. (Up to 10 copies per playlist. If you need more, change the playlist. But if you do, you are probably pirating the music.)
Dont talk trash unless you really know what you are talking about....
Instructions (If you need anything besides the link to the patch, so help you god):
download and extract playfair-0.2.tar.gz
Download the patch file at: playfair.0.2.rename.patch
Extract playfair-0.2.tar.gz and put file playfair.0.2.rename.patch into the directory playfair-0.2/src
Apply the patch by doing the following:
# gzip -d -c playfair-0.2.tar.gz | tar xvf - .. ./configure && make install
# cd playfair-0.2/src/
# patch -p1 < playfair.0.2.rename.patch
# cd
#
NOTE: You need to be root to do the "make install"
The GPL _is not a contract_. You don't need to sign it, or even to agree to it. They specifically say that you do not have to agree to it. The GPL is a _license_.
So, to compare the two: (X refers to the freedoms allowed under fair use)
DVDs - You bought the hardware. The law (and judicial precident) say you can do X. They try to stop you from doing X. The DMCA prevents you from circumventing some protection measures, but the actual copies and derivitive works (that you dont distribute) are legal.
Regardless, the GPL is a _license_. This is a different beast. Once you get a piece of GPL code, the law says you can do X. Like a DVD, copyright laws say you may _not_ distribute copies, modified or otherwise. However, as a _license_, the GPL says you _may_ distribute, provided you follow certain conditions. It's not a contract in any way, shape, or form.
It's similar to if I were to compose a piece of sheet music or write a book. If I give it to you, you can do a lot of things with it, but you cannot distribute copies permission. Now suppose I add the license "You may make and distribute unlimited copies, provided you do not remove this copyright notice". Do you have to sign a contract for that? Of course not, because it is a right you being given, not a freedom being taken.
If the law says that I can drive my car on any public road I choose, I do NOT want my car company placing artificial restrictions on where I can drive it. If it's their car, fine. Once it's in my posession, it's fair game.
Contact Me (got tired of viruses emailing me).
Bullshit. iTMS has some exclusive tracks and a large selection of classical music. p2p is great for popular stuff, but once you drop off the top 100 the critical mass isn't there.
Do you even lift?
These aren't the 'roids you're looking for.
I keep US copyright law bookmarked :)
TITLE 17 - COPYRIGHTS
There's a clause in USC 117 (copyright law) that says that ephemeral copies aren't supposed to be infringing.
The ephemeral clause is Sec. 112. It is extremely narrowly drawn and effectively worthless. Ephemeral uses obviously fall within fair use, so the fact that the exemptions listed in the text are absurdly narrow is irrelevant.
The librarian of congress apparently has some power to craft exemptions here (perhaps we should be lobbying there, more?)
There are two possible kinds of exemptions to the DMCA. There are absolutely useless exemptions, and there are exemptions that will effectively and totally gut the DMCA. Thus far the library of congress has been good little librarians and very careful not to allow any exemptions that might irritate anyone. Lobbying there has been a waste of time.
fair use... something like four factors
The for factors are listed in Section 107.
(1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
(4) the effect of the use upon the potential market
An important point to note is that it says "factors to be considered shall include ". The four factors are merely examples that shall be considered. The courts routinely consider other factors. For example "transformative" use weighs in favor of fair use. Things like collages and parody are transformative.
you guys should Google for USC 117
Link to 117
The mess with 117 is that it reffers to an "owner of a copy of a computer program". They are trying to play word games by claiming that you never actually own a copy, they try to claim that copies are always "licenced" under EULA's. However an EULA is really just a contract. If you buy a box of software and don't willingly bind yourself to that contract then you get no benefits from that contract, but you are not restricted by it either. You can then simply install and run the software you now own on the disk you now own. If there's a click-through licence agreement you could always make the effort to tweak your machine to bypass it. This is why they are lobbying to get a law passed to make EULAs binding.
The few very rare cases upholding EULAs have been based purely on arguments that the buyer somehow willingly agreed to be bound by it.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
ahem, NONE of those 500+ devices will play WMA files that HAVE ENCRYPTION...
big difference bucko.
I know, I have 3 of those 500+ devices... and the DAMNED things wont play the protected ones.
Do not look at laser with remaining good eye.
The fourmilab page is a truly important essay (The Digital Imprimatur by AutoDesk founder John Walker), but be warned, it is 193kB.
If you get tired, skip down to the *But, but* part.
gewg_
But i for one dont like media player 9 for this reason
.... you eat it wether you like it or not
... to bad they cant get there OS's working right first before moving on to other things... but they are able to wash there hands like all the other software companys if it craps out you cant ask for compensation or losses... imagine if the auto indistry had the same agreements if you drove off in your car... it blows up ... oh well to bad so sad :P
this is from there EULA and its not very nice
for no on should have root access besides me on my hard disks
"* Digital Rights Management (Security). You agree that in order to protect the integrity of content and software protected by digital rights management ("Secure Content"), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update. "
" intresting that if you agree you give up your admin rights to them..... and they tell you on a web site and not let you have a chance to agree or disagree with it
M$ wants control simple as that
Wrong. You can use your purchased songs on any number of iPods and three computers (Mac or Windows) at any given time. You can de-authorize any computer in order to get back a license. In your scenario, you can easily play those tunes, legally, on all of your gear.
Learn a bit more before you go bitching...
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
If your install is like mine, iTunes put it in:
C:\Documents and Settings\YOUR_USERNAME\Application Data\drms
Copy the contents of that directory into ~/.drms and you should be good to go.
VideoLan can already decode/play back M4P iTunes-purchased files. It stores the system's key in the \Documents and Settings\\Application Data\drms\ folder -- you can copy that folder to other computers that aren't authorized via iTunes, and still play the M4P's with VideoLan. And since VideoLan supports streaming, you can set it to output the raw AAC into a new MP4 container. The only downside is that it's realtime, and that you have to do each file one at a time. But I wrote a Visual Basic app to loop through a directory recursively and call VideoLAN to convert each M4P file.
Hopefully someone takes this new code and makes a windows version, that can do process large amounts of files at a time...
Not All Who Wander Are Lost
No, Apple has 31 percent of the portable player market by number of units sold. They have 51% of the market by revenue because their units cost more. 31% of the market was willing to buy an iPod while 69% of the market did not want an iPod for whatever reason.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison