Slashdot Mirror


New Tool Cracks Apple's FairPlay DRM

goombah99 writes "PlayFair is an integrated utility that removes the DRM from AAC music files protected by Apple's FairPlay encryption. Information is limited, but the source code is on SourceForge.net and it appears to actually remove the encryption itself and not simply hijack the QuickTime audio stream as earlier methods did. The cracking operation can only be done on songs the user has already has valid licenses for and requires either an iPod or a windows computer for key recovery. If you choose to redistribute these songs you will be violating the contract you bought them under: better hope they aren't watermarked or you might end up paying for releasing one in the wild. To me the authors are vandals not revolutionaries, and may have ensured WMA becomes the standard."

9 of 1,126 comments (clear)

  1. Big surprise by Anonymous Coward · · Score: 4, Interesting

    Anyone who didn't see this coming.. i don't know what you were thinking.

    Apple chose the "cheap bike lock" model. Instead of trying to absolutely lock down their digital music distribution, they put an [i]impairment[/i] to fully free use of the music, but one which they knew would eventually be broken. This is a rational thing; if you KNOW that someone, if they REALLY wanted to, would be able to break your encryption, what's the point of trying to make the encryption really strong?

    The trick is, you wait for the inevitable crack program, then attempt to prevent people from distributing it.

    Of course the interesting thing is, now Apple's going to go after the people who made this tool, and hundreds of Slashdotters will most likely deride it as an unconsiable use of the DMCA, then announce they are boycotting Apple and dumping the iTMS for, say, Napter2... which uses WMA, whose DRM is even worse...

  2. Largely irrelevant. by Llywelyn · · Score: 4, Interesting

    The cracking operation can only be done on songs the user has already has valid licenses for and requires either an iPod or a windows computer for key recovery.

    Let's emphasize this part. You still have to go through the trouble of downloading it, compiling it, and using it on your own songs. I don't see many people doing this just to share them over a P2P network.

    There would be a problem if this was something that could decrypt other's songs. If you do a search there are people sharing m4p files on filesharing networks (mainly because they just share their music library) and so the ability to then download those files and decrypt them would be more serious. As it stands with this program, I have to go through that for my own files, which I wouldn't go through the trouble of doing unless FairPlay got in my way, which it doesn't.

    Even then, however, I suspect it would not be a major concern. Apple expected this kind of thing and has a philosophy that most people will pay for their service regardless of if they can get it free elsewhere--simply because they will pay for quality and service.

    --
    Integrate Keynote and LaTeX
  3. Re:We can only hope WMA will win! by Saeger · · Score: 4, Interesting
    On the one hand we have information being naturally free, and on the other we have attempts by clever control freaks to put the genie back in the bottle so that there is profit from (artificial) scarcity again.

    I'm of the mind that the genie can't be put back - that open hardware will prevail, DRM will fail, and that alternative means of funding digital works will emerge such as variations on the street performer protocol, where it's the SCARCE act of creation that is funded, rather than the zero marginal cost of reproducing abundant old data.

    --

    --
    Power to the Peaceful
  4. Re:Lies by geeber · · Score: 5, Interesting

    Amen brother. The problem is in polite conversation (and slashdot too, for that matter) "I know a guy..." trumps statistics every time.

  5. Fair use... by Rick+Zeman · · Score: 4, Interesting

    ...sure, I'm all for fair use--for me. My definition doesn't include me and a couple million of my closest friends.

    All the Kazaa-using pirate assholes and those cracking Fairplay are doing is making my life harder and as time goes on, interfering more and more with what can be considered fair use.
    You all need to consider what is cause and what is effect here. Was there DRM before Napster? Nope. So this is all a reaction to your sleazoid thievery and it just royally pisses me off.

    As DRM goes, Fairplay is by far the best of a bad lot. Its compromises I can live with. What are you assholes going to make Apple come up with next?

  6. Re:Lies by Alsee · · Score: 5, Interesting

    US CODE TITLE 17 CHAPTER 1 Sec. 106. - Exclusive rights in copyrighted works grants six exclusive rights to copyright holders, but they really only amount to 3 different rights. The right to make copies, the right to distribute copies, and public performance.

    Those are the ONLY rights a copyright holder has available to licence to anyone. If he isn't granting one or more of those rights then he isn't licencing anything.

    US CODE TITLE 17 CHAPTER 1 Sec. 107. - Limitations on exclusive rights: Fair use says it is not infringment to make fair use, thus you don't need any licence at all to make fair use. It gives a non-exhaustive list of examples of fair use. It gives a non-exhaustive list of factors to consider in determining fair use.

    And rather signifigantly, fair use rights are NOT granted by that law. If you check the congressional record they specificly stated that we already had fair use rights and that that law was merely an attempt to write down those existing rights. They specificly said that law was not intended to expand or restrict or alter fair use rights in any way.

    Not only are fair use rights NOT granted or defined or restricted by copyright law, but if you look back at the various supreme court cases mapping out the extent of fair use, the fact is that it's fair use that restricts the extent and reach of copyright. The term "fair use" never even appeared in copyright law before 1976. We had fair use before that, and where fair use treads copyright restrictions are swept away.

    There is no such thing as a "licence to use". Doesn't exist.

    Ordinary "use" rights remain with the public. You don't need any sort of licence to read a book you bought or to play a song you bought.

    As for contracts, I don't know if iTunes even has one, or if it's even valid, or what's in it. But assuming there is, it cannot grant some non-existant "licence to use". The most it could do is attempt to impose a clause against making fair use. And even if it does, and even if it's a valid clause, it would still be strictly a contract issue, not copyright.

    No, I'm not a lawyer, but I HAVE been reading the law and many court cases. You're the one tossing around a "licence to use" with absolutely no basis. I defy you to find it anywhere in US copyright law.

    I will certainly admit the RIAA and MPAA want the law to recognize a "licence to use". I will certainly admit the RIAA and MPAA are putting out a missinformation campaign to convince the public and congress that's what the law already says. If that's what everyone thinks that's what the law says then it becomes very easy to get the law re-written to "fix" the law to actually say that.

    "Licence to use" is a myth, part of a campaign to get copyright law changed.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  7. Re:Lies by Xenographic · · Score: 4, Interesting

    Well, let me see here. I'm no lawyer, but I play one on slashdot (and I read Groklaw) :P

    If you're a real lawyer, or can provide credible evidence that what I say is wrong, by all means, be my guest; I'm just explaining things as best I understand them from all the reading I've done on the subject.

    For one, you don't need a damned license (a license is permission, a contract is a mutual agreement/exchange of value) to play this music. Or at least you weren't supposed to. There's a clause in USC 117 (copyright law) that says that ephemeral copies aren't supposed to be infringing. Of course, case law hasn't exactly made any good use of it, even though it should have... Especially when it comes to EULAs, when one might be led to believe that they're signing a contract to give up rights for permission they're not supposed to need... Sadly, the courts have upheld a number of EULAs :/

    The problem is that they have DRM, and the DMCA has those anti-circumvention restrictions. In other words, they're leaving us with "rights" that we no longer have the power to exercise. The librarian of congress apparently has some power to craft exemptions here (perhaps we should be lobbying there, more?). The only such relevant exemptions I can remember were posted to Slashdot a while ago... I understand it to mean that we can crack DRM for obsolete platforms, but I advise you to read their statements in the original--there are, no doubt, nuances concerning this that may be important if you intend to rely on these exemptions.

    Now then, what's worse is that depending on how you crack the DRM, you could, at least theoretically, run across problems with patents and with trade secrets. At least with trade secrets, you have to be a party to them to begin with in orter to run afoul of them. That is, unless you get the information on the DRM under an NDA, you shouldn't worry too much about this. At least, not that I know of. I do remember it coming into play with DeCSS, but I don't remember specifics. As for patents, they're even worse, in that you don't have to know of the patent's existence to run afoul of it...

    For another, I'm assuming you get some kind of click through EULA. This makes it a contract, not a license, since they've obtained your consent to all those crazy restrictions. SOME EULA restrictions (notably "you can't benchmark our product") have been shot down. SOMETIMES. There are judges split between "freedom to contract" and others who think it better to overturn "unfair" terms. You cannot depend on such things.

    There are other issues, in particular the "first sale doctrine" that tries to limit folks imposing contracts after a sale has been completed. While I wish this were extended a bit more, mostly judges seem to be remiss to invoke this unless they don't let you SEE the terms you're agreeing to until it's too late to RETURN the product (making your disagreement futile). MS has some rather clever lawyering that, in effect, has long force us to pay the "windows tax" ... There are plenty of others who have described rather well how this works, so I will not dwell on it.

    Lastly, "fair use" is an "affirmative defense" to copyright infringement. What that means is that by asserting it, you say that "Yes, I DID infringe on their copyrights, BUT ..." Specifically, there are something like four factors the judge takes into consideration, such as whether it was for NON-profit educational use (profit is VERY broad here, even ads on your webpage might count), whether you use a large portion of the work in relation to the whole, and how it affects them financially. I think I left out a factor, so Google it by all means.

    Mind you, some of the more common mythical provisions do NOT exist. The "delete this in 24 hours" bit is BS, as are pretty much every single one of the disclaimers you may see in "warez" sites. The "10%" myth might be a semi-sensible restriction under th

  8. Re:Vandals?? by jmorris42 · · Score: 4, Interesting

    > If Apple doesn't want WMA to become the standard, let Apple get its act
    > together with a demonstrably good implementation of the DRM idea, one
    > which can't be cracked.

    Apple happens to be run by a geek who understands the fundamental reality of the situation. So long as we still have trusted computers, uncrackable DRM isn't possible. If the iTunes player can read the data out it can be reverse engineered to discover the method and the keys. Only if we, the purchasers of hardware, allow the trust relationship to be inverted will that change. When you hear someone speak of "trusted computing" you must always ask the question of WHO is going to be the one trusting the machine. Right now it is the owner, but certain forces would like to change that.

    --
    Democrat delenda est
  9. I've given up on music downloads by jocknerd · · Score: 4, Interesting

    I've downloaded about 275 songs from iTunes Music store. But I've come to the decision that I will no longer download music for one reason. And its not because of DRM. I can actually live with Apple's DRM. I don't notice it.

    I will stop downloading because I no longer want to own music that is in a format other than its original format. Let me be the one to decide what to encode my music to make the files smaller. Not Apple or Microsoft. If you let me purchase my music in WAV or even FLAC, I'll continue to support your store, but if you insist on keeping all downloads in AAC or WMA formats, I will no longer be a customer.

    And if CD's go away, I guess I just won't buy music anymore.