Slashdot Mirror
iTunes 4.5 Authentication Cracked
fooishbar writes "Yesterday, Apple released iTunes 4.5, which deliberately broke the 4.2 authentication scheme, which had been successfully reverse-engineered. However, crazney has been at it again, and within 24 hours of downloading iTunes 4.5, has broken the new scheme, and added more features to this library along the way. If you want to incorporate iTMS support in your program, give libopendaap a go!" Reader ScottGant submits this story about the Pepsi/iTunes promotion: "News.com has this story about Pepsi's iTunes promotion give-away. The promotion,
which is slated to end this Friday, was to have given away 100 million
tracks through Apple's iTunes
music site. But according to Apple on Wednesday, only about 5 million
free songs have been redeemed."
I'm hardly surprised by the results. Personally, I don't drink Pepsi usually (though it's not a religious thing, no matter what people think). But I'll drink a Sierra Mist, which is included in the contest.
So when My Lovely Wife (MLF) would go to the store, she knew to look for Sierra Mist with the label. For about the last 5 months she's looked, and every so often I'd take a peek.
Nothing. Nada. I've talked to other people in the San Diego/Southern California area. Nothing. I was on a business trip to Chicago - didn't see any out there (though maybe someone who lives there might have had more luck).
I don't know if it's that Pepsi had a lot of "warehouse" Pepsi to sell that just never got to the market, or if they only shipped it to certain areas. But whatever the reason, I have not seen one iTunes Pepsi cap - and those friends I have who have seen them in their area mention that it's not 1/3 that one, but typically more like 1/10 (though perhaps they were victims of the "Bottle Tilt Trick" in their area from ambitious music buyers).
I'd like to hear that Pepsi extends the contest for another 6 months in the hopes that the labeled bottles will eventually reach stores, but I'm not holding my breath.
52 Weeks, 52 Religions with John Hummel
I live in NYC and have seen exactly 1 bodega with iTMS Pepsi bottles.
Maybe someone forgot to ship these things to places where people actually would use them?
That's because for a "free" song you had to give them your credit card number.
No, you didn't. I got two free, no credit card required.
This week, there is a different free single each day. From then on, there will be one free single each week.
They must have changed this a while back. You do not need a CC to have an iTunes account. This is how they allow for Prepaid cards and gift certs now.
I know that I did not enter a CC number when creating a login for my 9 y/o daughter to download free itunes.
Post: Sigged, for your pleasure.
I dunno what iTunes *YOU* were using, but I never had to give my credit card # and I'm on free song #9 and counting...
Viva La Revolucion! Buy a Mac!
That's because for a "free" song you had to give them your credit card number
No you don't...at least I didn't have to anyways. When I created my account to redeem my free music the credit card part was optional.
You did not purchase the song. Read the agreement. You purchase the right to listen to the song subject to the conditions outlined in the agreement. If the agreement is not to your liking, do not purchase the song.
This is about authentication with the itunes music store, not removing the playfair drm protection.
.002 and .004
.m4a files which show no protection, and play fine in VLC, and itunes.
Fairplay still works without any changes. A "friend" did the following last night:
1. Using an old version of itunes on a pc, purchased a new song from the music store.
2. Launched VLC on the PC, and found it had no problem playing it. Checked c:\documents and settings\[username]\application data\drms and there was a new file: XXXXXXXX.005, in addition to the other two files that were already there. They had extensions
3. Upgraded itunes on the PC to 4.5. Bought another song. It shows fairplay v2 when you look at it's info.
4. VLC can also play this one. No new file in the drms directory was created.
5. Copied both songs.m4p and the key files from drms to the mac running the latest itunes. Put the keys in ~/.drms
6. Ran playfair (v 0.5.0) against the two songs. They decoded into
7. Just to double check, bought a third song using itunes on the mac. Ran playfair against it (still using the keys from the PC) and it decoded and plays fine.
My conclusion is that as long as you have the keys, you can still use playfair. My friend gets the keys from the PC running VLC. I don't know if other techniques may have been broken by the new itunes.
I don't have any problem with the ethics of removing the protection. I don't-- I mean, *wouldn't* use it to illegally share the music. It's just nice to have clean files in case Apple quits developing itunes for the PC, or some other unlikely scenario.
Here in beautiful Glendale CA I only bough 2 losing Pepsi bottles, and I drink a lot of diet Pepsi. The bottles didn't show up until recently and i think they were playing catch up. I waited over a month after the promo started before I finally saw a bottle for sale. This could be a factor in the lower than expected numbers.
I found a link to this on Ben&Jerry's site after reading the news.com article. Pledge to vote in the next election and you get a free iTunes download with 24-48 hours.
Get 'em while they're hot--er, or before they melt?
That's because for a "free" song you had to give them your credit card number. I complained twice to Pepsi and Apple...never got a response. So, as far as I am concerned, they've fucked themselves on this one.
Actually, when signing up, the option was given to input a credit card number now or later. I opted for later. I have downloaded several songs with the Pepsi promotion but I still have yet to give them my credit card number. :P
I have to admit that I do like iTunes. It has a nice interface, the music store seems well designed, and I haven't run into any issues with the DRM yet. But still wouldn't mind seeing a new version of software like PlayFair that addresses iTunes 4.5.
Except you didn't have to give them a credit card to get the songs. I didn't have to put in any credit card informtaion until i actually bought a track -- after i had downloaded 18 free iTunes songs. So yes, they were actually free. You only needed to give them an email addy to create the account (or at least I did, but i used the account i'd had with apple for 2 years, so they already had my email).
Don't worry - its just stigmata. Pass me a napkin and don't you dare tell my mother.
mirror
oh, and playfair:
mirror
This week's schedule
Actually, you don't. It's not a 'must fill' field, they'll probably ask for one when you buy the first song.
For the promotion, all I needed was an email address.
I redeemed some last night for the first time. They had a spot to enter credit card info, but it was not required.
There is a 10 cap redeem limit per day for those who were waiting to redeem caps.
First of all, The Tokugawa era had many lords - it lasted about 250 years. Second, the Tokugawa era was a technologically stagnant period of feudal classes - when Commodore Perry of the US Navy arrived in 1853, he found warring factions and city-states reminiscent of 12th century Britain. The Tokugawa era was not the beginning of Japan's industrial revolution. That didn't happen until the Meiji Restoration in 1868.
And last but not least: Great Wall? You do realize that Japan and China are different countries, right?
Your metaphor may be correct, but I can't really tell since you have your historical facts so confused.
Crap. This is what happens when you don't use preview. Trying again:
The McDonalds Monopoly game was rigged.
What the planet of Hell do you need a workaround for? Just upgrade the other machines! iTunes is *DUM, DUM, DUMDUM* FREE (as in beer)! Is it really so hard to upgrade a free program?
Boobies never hurt anyone. - Sherry Glaser.
The reason you didn't hear anyone winning at McDonalds had more to do with fraud
I disagree with what you say, but I'll defend your right to say it to the death - Voltaire
I've never even seen one of these Pepsi bottles in stores and I looked for them. No wonder they couldnt get all 100 million redeemed.
I think that it is much better to crack iTunes's file format so I can play the songs I legally purchased than to download songs completely illegally over a P2P network.
I agree with you, but you could do even a little bit better if you spent money on services that don't utilize DRM. Emusic, magnatunes, audio cds, etc.
If/When these DRM-free sites get more market share than the DRM sites, record companies will start to rethink their positions on it.
Mod parent down. There was no requirement to enter a credit card number to redeem free songs. You did have to create an account, but that consisted of picking a user name and password and giving up your already spammed to death email.
You do not need to provide a credit card.
They ask for it if you want set up the ability to purchase music at the time you open the account but you do NOT have to provide it to redeem a free song.
Crazney has broken the pointless encryption on streaming things in the iTunes library to other machines on a LAN.
It has nothing to do with iTMS. Repeat after me: it has nothing to do with iTMS.
The encryption on streaming tunes between clients only serves two purposes: to try and keep people on the Apple upgrade treadmill and to force people to use iTunes on all their machines if they want to stream music between them from the iTunes library. This is your own music we're talking about here, no copyright violations are taking place.
To be frank, Apple is taking the piss with this sort of encryption, and now the piss is being taken out of them. Too bad, but it has nothing to do with FairPlay.
I admit that my Eastern history is not really up to snuff, but I don't remember any point in history where Japan took chunks of China long enough to both worry about defending it to the north *and* worried about improving northern defenses (much less decorating them).
I can't even figure out what major Tokugawa construction project you might be referring to. I can't find anything other than a number of castles that were built.
Apparently, one of the edicts of the Tokugawa era (not sure which Lord Tokugawa you're referring to) was that each province was required to have a castle. This resulted in a lot of castle-building, so it's hard to figure out exactly which one you're thinking of. I can't easily find any reference to a building at the end of a region.
May we never see th
Fat consumption has nothing whatsoever to do with diabetes. You could eat bacon 3 meals a day and not have high glucose levels. (Your blood pressure and cholesterol levels might not be so terrific...)
Type 2 diabetes is one of two things: 1. You are not producing insulin fast enough to process large amounts of glucose in the blood.
Or 2. Your body is not absorbing the insulin fast enough to do so.
In either case, when you eat foods that are quickly turned to sugar in the blood (any foods which are high in starch or sugar, including white bread and potato products, and especially sugary foods like Pepsi) your blood's glucose level goes way up, because your body can't process it. This causes all kinds of problems. Fatty foods do neccesarilly raise your blood sugar levels. You may be confused because obesity (fat tissue, not fat consumption) slows insulin absorbtion, and is a contribuiting factor to Type 2 diabetes.
Information wants to be anthropomorphized.
Places like etree have long lists of bands (over 1k listed on etree) that are cool with trading (mostly live shows). There's some great legally free music downloads out there, start checking them out.
"And a voice was screaming: 'Holy Jesus! What are these goddamn animals?'" - HST
The third option is to realize that because you are choosing to use an operating system that is not supported by iTunes, you are not entitled to break the rules in the licensing (not purchasing) agreement.
You have to install the iTunes software first:
Step 1 - go to iTunes website.
Step 2 - download iTunes software - click on the download now button.
Step 3 - install the iTunes software and then run it.
Step 4 - Access the music store from within the iTunes software by clicking "Music Store" in the top of the righthand pane.
You should now see the big Pepsi logo and the phrase "Redeem your free song here."
Download my free songs!
Oops, Step 4 should say the "Music Store" is accessed from the top of the lefthand pane. Didn't mean to confuse you.
Download my free songs!
I was activly searching my town (east la county), neighboring ones (san bernadino county) and even a few stores in Santa Barbara california. It took about 3-4 weeks before the damn LAKERS caps went away so I could buy iTunes caps. Won about 6 or 7 songs in 10 bottles.
Distribution sucked majorly.
I never got around to install iTunes, nor will I do until Friday, so here are the codes of 3 Pepsi caps I have lying around for the quickest of you:
PPQ4F KKAI(D or less likely O)
HEWGG IHA4C
FPMFN DACVF
All are "One free song" of course, so enjoy !
A lot of people seem to be up in arms over this, so let me clear it up somewhat: when the Pepsi promo was started, there was an option in the account settings to choose "none" for your credit card. However, in the last week, that option was disabled, and new accounts now require a valid credit card to be entered in order to be created. So both sides of the argument are correct.
An interesting side note: my account had the "none" option selected, so even though that's no longer an option, my account has been unaffected! Meaning, unless Apple figures it out, I can keep my account open without entering any credit card information. I intend to do all my future purchases via iTunes Gift Certificates. ^_^
Thanks a million. Push Start to replay.
there was plenty in the Raleigh area, atleast in RTP. i got a couple of friends to do the 'look up the bottle' trick and we all won every time...whoops...maybe that's where all the bottles went :) i even ended up giving a few tracks away to people who hadn't used iTunes yet.
iTunes for Windows 4.2 (see above).
Clicked on Redeem Song. Asked me to log on. Clicked Create Account. Page did not load. Navigated back, repeated several times. Popup comes up asking for information. Get submission errors if I try to submit without valid / complete CC info. Finally enter the info and await an email verification. Log on. Click redeem song, asks me to log on again. Log on with username and password. This time I'm allowed to enter codes. Once I find the song I want, it takes me 5 minutes to figure out that "Buy Song" is scrolled off the right side of my screen. Do a Help search to figure out how to buy the music in my cart. Realize I can't because nothing is in my cart, I'm "not logged in." Log in. Re-add song to cart. Click on Shopping Cart in left pane, click Buy Music. Enter username and password AGAIN. Confirm purchase (free).
I love iTunes, it's the best player/net radio/music file organizer/burner I have ever used, but the learning curve on the store's UI was ridiculous. Since then, I have had no problems redeeming 12 more codes.
There is almost always a solution. In virtually all the other cases, there is at least a workaround.
I guess the bottle availablity has more to do with your local distributor than Pepsi.
I live up in the North Country in New York. I'd consider my city to be pretty darn far from a major population center, yet strangely enough we had iTunes Pepsi's available by the second week of the promotion.
Fearing diabetes in my late 20s, I have long-since switched to Diet Pepsi, so collecting caps wasn't a problem -- I've amassed 47 winning songs thus far...
Up, Up, Down, Down, Left, Right, Left, Right, B, A, START
copyright tutorial
Certainly you can't sell the copies, but it is also against the current interpretation of the spirit of the law to copy material in its entirety.
Saccharine *is* still used in fountain sodas. The stuff you get at 7-11 from the machine, or at the local burrito joint DOES have saccharin in it. Only the bottles and cans use NutraSweet.
This is because NutraSweet has a relatively short shelf life. It's something like 3-6 months (very vague recollection here), and then it loses its sweetness, completely.
The fountain soda is in containers or "bags" and can be in the channel for months or (gasp!) a year or more before it's hooked up and served -- really the distributors have little control over when restaurants or convenience stores hook it up. As such, it's still saccharine based to ensure they don't start serving out big "crap batches."
From Coca Cola:
Aspartame by itself is heat and pH sensitive (meaning it loses its sweetness over time), the concentrated fountain syrup causes aspartame to lose its sweetness faster than it would in a finished beverage. Fountain diet drinks, therefore, are sweetened with a blend of and saccharin to assure maximum product quality.
Except that it allows people to use Linux (or whatever) to access your legitimately-bought DRM-protected songs without having to break the encryption.
No, it doesn't. The streaming protocol doesn't decrypt the music first. If you're not authorized (and would thus have the decryption key), you still can't listen to the music.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
...just so y'all will shut up.
iTMS tries to figure out where you are located. If you are connected to the internet via a computer in the United States, and it is fairly certain of this, it doesn't require a credit card to make an account.
If it is not sure, it requires a credit card to verify that your address is in the US.
It's a licensing issue: since they can't sell to people overseas, they can't give songs away to them either.
Now, having heard this, some people overseas might get ideas about bypassing such protections. They may well work, and they are Not My Problem.
Geez, guys. With 30 seconds of thought, any of you could have figured this out. Why are there so many 'but *I* needed a credit card!' 'but *I* didn't!' posts all over the place?
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.