Slashdot Mirror

← Back to Stories (view on slashdot.org)

FairPlay v2 Reversed, Playfair Back Online

Posted by CmdrTaco on from the tag-you're-it dept.

An anonymous reader writes "Two weeks ago Apple released iTunes 4.5. The minor changes Apple made to their Music Sharing Protocol (daap) were reverse engineered after just one day. According to a post in the Doom9 forums FairPlay version 2 has also been reverse engineered. playfair has already been patched with the new code and is back online with FSF India providing legal support. How will Apple respond?"

9 of 621 comments (clear)

  1. big difference by green+pizza · · Score: 5, Informative

    I do not want to get flamed, but honestly, when I read this stuff I wonder how everyone can get so pissed off when someone breaks the GPL yet be so supportive of someone doing this kind of work?

    For all of the lofty talk in the community, is it at it's root support for whatever it takes to get "what I want, free"?

    There's a big difference here...

    PlayFair decrypts .m4p files into plain .m4a/AAC files. The reason people use PlayFair is to allow the use of iTunes-purchased files to be played back without having to use an iPod or iTunes. Sure this could lead to increased piracy, but so does buying a CD at Walmart.

    PlayFair still requires the music to be purchased in the first place. Apple's files (at the RIAA and record labels' demands) are still encrypted, even after "purchase".

    PlayFair users are generally working with their own, purchased files. They are not dipping into some secret Apple server full of encrypted, unsold songs.

    iTunes buyers simply want more freedom. They're using PlayFair to achieve this.

  2. Re:Apple's rock and hard place by clichekiller · · Score: 4, Informative

    Will I use the new Hymn/Playfair program? Oh, probably - my .Mac account runs out and I'm not going to renew, and it's how I bought my iTunes songs in the past.

    AFAIK you don't have to have a .MAC account in order to purchase from their music store. Is there some other reason that you will stop buying/playing your music when your .MAC account runs out?

    --
    Sir, there is a dragon outside with an armful of armor. He's inquiring if we offer free refills.
  3. Nonsense by Otto · · Score: 4, Informative

    Next to none of its use will be for piracy. Why? Because the music is already out there. It's not like iTMS has anything special that isn't already shared. Okay, they do have the iTunes "Exclusives" that show up every once in a while, but beyond that I seriously doubt most people will be buying music and sharing it with the world. Hymn (as I see it's now called) will be mainly use for compatibility reasons. You should see the Apple forums, where the majority of questions are about how to play back iTunes Music Store songs on this or that MP3 player..

    --
    - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
  4. more info by xandroid · · Score: 5, Informative

    According to MacWorld...

    • new version, and they're calling it a complete re-write (now fully GPL compliant, too)
    • new web host (in the US, surprisingly, and ballsy too: Babu (creator) says "This [host] is well aware of the DMCA and DRM issues and is very much willing to defend us in case Apple threatens to bring down the site")
    • now preserves the iTMS header files, including the user's Apple ID ("This proves that our purpose is for fair use and not for piracy and should help us in our legal battles")
    • "hymn" stands for "hear your music anywhere"
    • and the new site's not even slashdotted yet!



    (Not really karma whoring, just adding the info that was in my submission... bah.)

    --
    $ echo "ceci n'est pas une pipe" | sed -Ee 's/(eci n|pas )//g'
  5. Nope by Otto · · Score: 5, Informative

    Playfair actually decrypted the music directly, it didn't intercept it in Quicktime.

    The key to decrypting iTMS files lies in its keyring. See, when you get "authorized" by Apple to play your purchased music, a key gets downloaded to your machine. This key is used to decrypt your music. The key is stored inside a keyring, and the keyring is encrypted using other information specific to your machine (Windows key, chunks off the BIOS, etc, etc).

    The method to decrypt the keyring was reverse engineered, giving you the key, giving you the ability to decrypt the songs directly.

    Simple.

    --
    - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
  6. Re:How is this different? by karmatic · · Score: 4, Informative

    One, EULAs have never shown to be legally binding.

    For example, take a video game. Do you need to agree to the EULA to run it? Of course not:
    1- Minors can't enter into contracts. Can only people 18+ buy games?
    2- They are amending the terms of sale, after the sale has taken place. This is not legal.
    3- Contract laws require that you actually receive something in exchange for what you are offering. Now, the theory behind the EULA is that your computer (and through extension, you) makes a copy when you run it, as such, you need a license to copy. However, Copyright law specifically allows fair use, which allows you to do more than the EULA anyway, and copyright law lets you make copies anyway. As such, you are literally getting nothing in return.
    4- Click-through agreements have never been shown to count as a legal agreement
    5- What if you just skip it altogether?

    The reality is, the companies who use EULAs are abusing the system, and trying to treat a license like a contract. It is not. A license doesn't have any of the above issues (the GPL is, for example, a license).

    For example, copyright law says that you may not distribute copies. However, a license can say "you can go ahead and distribute copies, but only if you do X, Y, and Z". A license giveth, a license does not take. As such, minors can use licenses, too.

    For example, suppose I were to were to write some sheet music, and give it to you. Copyright law is fairly specific about what you can do with it. For the most part, it just means you can't distribute copies. Now, suppose I placed the text "You may make and distribute copies, provided this copyright notice is present on all copies". This is a license. It gives you rights you do not normally had. You do not need to "enter" into any agreement at all. If you don't want to use it, you don't have to.

  7. Interesting Change by localman · · Score: 4, Informative

    One change mentioned on the page (if anyone actually read it) is that the new version strips the DRM, but leaves intact the Apple User ID who originally purchased the song. That is pretty cool - as it give them some legal justification. If people share stuff they can be ID'd. This is perfect for me, as I just wanted to be able to play my songs on whichever computer I use but wouldn't share them with anyone other than my wife. (Which for all I know, might be illegal, but WTF is with that?)

    Cool

  8. Mirror in US, on University connection by Anonymous Coward · · Score: 4, Informative

    The site is becoming slow. I have a fast Internet2-enabled University connection, so anyone can download quickly from these. This has enough bandwidth for all of you. :)

    It's probably a DMCA-banned circumvention device, but these are my last days on ResNet. *sniff*

    Here's a mirror:

    UNIX-style source: http://128.220.38.69:8071/hymn-0.6.0.tar.gz

    Windows binaries: http://128.220.38.69:8071/hymn-0.6.0.zip

    Mac binaries (with GUI): http://128.220.38.69:8071/hymn-0.6.0.dmg

    You can check my MD5SUMs against the official ones, http://hymn-project.org/download/MD5SUM .

  9. Not buying the music? by MacDork · · Score: 4, Informative
    • And if you have that you're just a cheap a$$ bastard for not buying the music. ;)

    Last I heard, you had to actually purchase the music and have a iTMS account for Fairplay to work. It won't work on that AAC file you grabbed off of Kazaa, because you don't have a valid key to begin with. This is clearly a fair use issue, not one of copyright infringement.

    I just burned my ability to mod this discussion, but that had to be said.