Slashdot Mirror
FairPlay v2 Reversed, Playfair Back Online
An anonymous reader writes "Two weeks ago Apple released iTunes 4.5. The minor changes Apple made to their Music Sharing Protocol (daap) were reverse engineered after just one day. According to a post in the Doom9 forums FairPlay version 2 has also been reverse engineered. playfair has
already been patched with the new code and is back online with FSF India providing legal support. How will Apple respond?"
"How will Apple respond?"
With FairPlay v3.
...Apple should hire the guys, as they are obviously at least as good as the guys they have now.
I do not want to get flamed, but honestly, when I read this stuff I wonder how everyone can get so pissed off when someone breaks the GPL yet be so supportive of someone doing this kind of work?
For all of the lofty talk in the community, is it at it's root support for whatever it takes to get "what I want, free"?
I just would like to know the difference between these things which to me seem similar.
Looking for a better understanding.
a man, a plan, a canal, panama
I would much prefer WMA and WMV to be hacked! I find that much worse than Apples iTunes!
Can playfair be protected under the GNU GPL and be illegal in the US (under the DMCA) at the same time?
Evolution or ID?
I've read on several other Mac news sites (Macintouch, MacMinute, MacSlash) that FiarPLay is now called hymn (for hear your music anywhere). Why didn't Slashdot note this, or has there been a fork in the project?
BLING BLING. Meet the architecture that's changing everything.
...somewhere out there, someone will always have a pre-FairPlay vX copy. So for each time they fix it, they at best secure what is released between last time and now. Today that might not matter.
But if it comes down to "Sure, the last 30 years of music is bust, but we have protected the last 3 months worth" the DRM is essentially useless...
Kjella
Live today, because you never know what tomorrow brings
This is probably the excuse the music industry is waiting for to force Apple to raise their rates in the future. It is the old "Gotta make up for revenue lost to piracy" excuse. You have to admit, that while this does provide an avenue for fair use, a large percentage of its use is going to be for piracy.
Will I use the new Hymn/Playfair program? Oh, probably - my .Mac account runs out and I'm not going to renew, and it's how I bought my iTunes songs in the past.
So, now I'm kind of boned (maybe - probably not, but maybe) in the future. Yes, I can "rip to audio-CD-and-then-to-MP3", but Hymn will make it all a "one stop shopping trip" for my fairly large iTunes store collection (hey, they had a special on classical music and BB King - give me a break).
Apple really doesn't have much to worry about, since people have to buy the music first before they can remove the Fairplay protections. And even if a bunch of butt-munches start "sharing" their music with others, that means more AAC files out there, which means a better chance we'll see more MP3 players that include AAC support in the future.
So while Apple doesn't have to worry about Fairplay, the fact is that the folks they get their music from - IE, the RIAA and even independant musicians - might like to hear that Apple's not letting just anybody give away their music without paying for it. Apple might not care, but since the place where they get music does, Apple's obligated to at least "fight the good fight" to show "due process" or some such.
Yeah, I'll use it, I know Apple will work to shut it down, but it should all be good in the long run.
52 Weeks, 52 Religions with John Hummel
I don't think so. Apple did counter the reverse-engineering with a second version, but at this point I think they realize that it is not cost effective to spend money on a problem that cannot be fixed. It takes Apple too much time and money to develop a new system. They will have to choose to 1. ignore it 2. change their philosophy
Personally, I think Apple should hire the person(s) that keeps reverse engineering it. Then they get a knowledgeable staff member, and don't have to worry about a new version being cracked... At least for a little while. :)
from Macworld
DRM, copy protection.. it's all the same stuff, and it's never worked. I don't know what makes people think it can work now, when it has failed for the last 25 years.
The only successful DRM has been to have a completely proprietary platform like Apple or SGI. You also get the side bonus of locking your customers into only buying your proprietary hardware upgrades.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
I do not want to get flamed, but honestly, when I read this stuff I wonder how everyone can get so pissed off when someone breaks the GPL yet be so supportive of someone doing this kind of work?
.m4p files into plain .m4a/AAC files. The reason people use PlayFair is to allow the use of iTunes-purchased files to be played back without having to use an iPod or iTunes. Sure this could lead to increased piracy, but so does buying a CD at Walmart.
For all of the lofty talk in the community, is it at it's root support for whatever it takes to get "what I want, free"?
There's a big difference here...
PlayFair decrypts
PlayFair still requires the music to be purchased in the first place. Apple's files (at the RIAA and record labels' demands) are still encrypted, even after "purchase".
PlayFair users are generally working with their own, purchased files. They are not dipping into some secret Apple server full of encrypted, unsold songs.
iTunes buyers simply want more freedom. They're using PlayFair to achieve this.
We have DRM'd music, what about Public-Private Key Encrypt'd music? Won't it ultimately come down to that, where the key's are owned by a company and you have to be connected online to listen to your music? It must be depressing to sell any type of software online... wait till nanotech does the same thing to the "real world" that dd and cp have done to the electronic world. My guess is either capitalism will fall, or liberty... at that point where you can replicate matter with ease, I doubt they can coexist.
Matt Fahrenbacher
James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."
Someone violating the GPL is using other people's work without giving them credit or compensation. It's copyright infringement.
Someone decrypting FairPlay'd songs has a whole host of reasons to do so, including using those songs in a fair use manner. You have to *buy* the songs before you can decrypt them.
Example: Say you want to convert the M4P's into MP3's for compatibility with your portable player. iTunes won't let you do that, without the tired hack of burning and reripping an audio CD. But if you FairPlay, you can decrypt the songs into M4A's and then iTunes will convert them to MP3's for you just fine. No (sane) laws have been broken, and it's perfectly ethical to do this. You're not giving away the music, you're just converting it to another format for compatibility with other devices. That's fair use, as I see it.
And frankly, getting iTunes store music, decrypting it, and sharing it isn't going to happen. Nearly everything you can get at the iTunes Music Store is *already* out there on the P2P networks. It's not like this creates more copyright infringement.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
I think so also. As the couple of Slashdot articles in the past have stated, the more media coverage, the more your profits go up. Interestingly enough isn't it. Personally, I still think that iTunes was one of the better deals out there versus all those stupid excuses for companies tryin to imitate them. All we ask for is music that we'll buy that actually is worth what we pay for. Heck, what's the last "album" that you can remember worthwhile to pay for? Not many are out there when it comes to Top 40s.
-- Friends don't let friends buy Nokia.
Don't use them. Buy your music from other providers. The music is owned by its creators and its distributors. If you want free music, buy from artists who choose to give their music out freely. Respect the property rights of others.
-Master Switch, one more element in the machine
Is there a way to emulate an iPod so those of us who don't have one can decrypt our songs?
Next to none of its use will be for piracy. Why? Because the music is already out there. It's not like iTMS has anything special that isn't already shared. Okay, they do have the iTunes "Exclusives" that show up every once in a while, but beyond that I seriously doubt most people will be buying music and sharing it with the world. Hymn (as I see it's now called) will be mainly use for compatibility reasons. You should see the Apple forums, where the majority of questions are about how to play back iTunes Music Store songs on this or that MP3 player..
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Are YOU in India?
Sticks and Stones may break my bones, but copyright will always protect me.
And even if a bunch of butt-munches start "sharing" their music with others, that means more AAC files out there, which means a better chance we'll see more MP3 players that include AAC support in the future.
.m4a's up on Kazaa, tracing them back to the owner for major bustitude is trivial. Every file retains its signature. This should limit the appeal to pirates, at least the ones who don't put the files through a second process to remove it. And those guys will pirate things anyway no matter what format they're in.
And don't forget that FairPlay purposely leaves in the Apple ID used to purchase the song. So if people DO start putting their
I just wish I had either an iPod or a windows machine capable of running iTunes so I could use it. My G4s and linux boxen can't do it. And iPods are still way too expensive for me, so I guess I'm stuck with the CD -> mp3 method for now.
-- http://frobnosticate.com
According to MacWorld...
(Not really karma whoring, just adding the info that was in my submission... bah.)
$ echo "ceci n'est pas une pipe" | sed -Ee 's/(eci n|pas )//g'
What they really want is for the music they buy to be playable on the music playing devices that they own.
If someone is sharing music on P2P, I can virtually guarantee you that they ain't buying it from iTunes, and furthermore, this program will be of no use to them. You have to buy music to decrypt it. You can't decrypt other people's music.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
I think it should be noted that: The software is now called HYMN for Hear Your Music aNywhere. The software has now made it so that while the DRM is stripped it KEEPS the AppleID inside of the song so that the original song can be traced back to its original owner if it were to show up on a p2p network. I think this is totally important and a GREAT stance for HYMN to take. While it allows fairuse of the songs to let us play them on Linux, 3rd party players, and Xbox Media Center, it still keeps copyright protection in mind. I'm really impressed with the developers for doing this.
Oh, I thought most people wanted cheap or free music. I wouldn't say everyone, because that is clearly not true.
It's free on the radio, why shouldn't it be free on the net.
with FSF India providing legal support. How will Apple respond?
The registered address of the hymn-project.org domain is in India, but for its "A" record I currently get the following:
OrgName: United Layer, Inc.
OrgID: LAER
Address: 1019 Mission Street
City: San Francisco
StateProv: CA
PostalCode: 94103
Country: US
So perhaps there remains a danger that Apple will simply DMCA this place as per usual.
- Brian.
Well, there are several opinions to that, so here's mine:
Fry this guy! Apple was the first to market with an online music store and is currently market leader. The Apple DRM system is probably the best out there when it comes to quality (AAC, much better than those crappy 128/192 KBps MP3s) and restrictions: Basically you can use the files on every computer in your household and iPod.
If you really want to hack a DRM system: Windows Media 9 is waiting for you and it will be the HD-DVD scheme both in coding and as DRM. Remember: If you break it now, make it to the press, the DVD Forum will not like using WM9. Clips are available here
What will Apple's reaction be? Well, the iPod has a lot of processing power (ARM core? Does anyone know the exact specs?) and it will survive the next generations of DRM change.
Playfair actually decrypted the music directly, it didn't intercept it in Quicktime.
The key to decrypting iTMS files lies in its keyring. See, when you get "authorized" by Apple to play your purchased music, a key gets downloaded to your machine. This key is used to decrypt your music. The key is stored inside a keyring, and the keyring is encrypted using other information specific to your machine (Windows key, chunks off the BIOS, etc, etc).
The method to decrypt the keyring was reverse engineered, giving you the key, giving you the ability to decrypt the songs directly.
Simple.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
If we don't let our representatives know we are watching how they vote on this, Big Media will crush this legislation. If the /. community would spend a fraction of the time lobbying against laws like the DMCA as we do bitching about the companies that sue using it, PlayFair (and any other DRM cracker) would already be legal.
Breaking the DRM doesn't allow people to pirate the music. It's CD's and MP3's that make up the bulk of pirating. DRM or no, legitimately purchased AAC files don't make up any substantial portion of pirating anyways.
I would guess that approximately ZERO pirates have been twarted by DRM and LOTS of legitimate users have been annoyed by the restrictions.
Why are they (Apple|RIAA) so intent on DRM anyways?
Cheers.
You forgot the most important word in that sentence... "legally".
There goes that theory.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Fair use does not gurantee you to the right to a perfect copy.
Jesus was a compassionate social conservative who called individuals to sin no more.
This argument needs to go to sleep and fast.
;)
Burn protected AAC to CD Media.
Rip with VBR --r3mix -b112 with lame or your favorite encoder.
Play on whatever you want.
And the 'compression' argument doesn't hold water unless you have a $10k set of speakers to listen to it on powered by a McIntosh analog amp. And if you have that you're just a cheap a$$ bastard for not buying the music.
I burn all sorts of CDs and listen to them in my cars, my stereo, etc. I can't tell the difference between it and my lossless compressed burns when they are side by side. Granted I've not paid for a song I have and tried it but if you decompress a 128k AAC and a flac compressed one and play them on the same stereo they sound no different
As a rock-in-roll Physicist once said, No matter where you go, there you are.
Everyone here saying "but it only removes the copy protection, you still had to buy it" Same is true for CDs. Someone had to buy it somehwere. Didn't stop them from sharing them all over God's green earth. Expect the same with AAC files if this continues
You want to show some support for Hymn? One way is to buy some iTunes songs, to show that increasing freedom of music only leads to more sales! If everyone from /. went and bought a song or two, that would show a nice jump.
I plan to buy a CD or two this week to show that just because I can free up my music doesn't mean I'm going to stop buying or shipping my music out to everyone on the planet.
You can also fill out a form to let Apple know you'd like Hymn to stay around and it will increase you purchases there.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
One change mentioned on the page (if anyone actually read it) is that the new version strips the DRM, but leaves intact the Apple User ID who originally purchased the song. That is pretty cool - as it give them some legal justification. If people share stuff they can be ID'd. This is perfect for me, as I just wanted to be able to play my songs on whichever computer I use but wouldn't share them with anyone other than my wife. (Which for all I know, might be illegal, but WTF is with that?)
Cool
I doubt Apple is seriously concerned about PlayFair. The purpose of a lock really is to keep honest people honest. It's just a minor inconvenience for someone determined to get at the contents. Apple just wants to make it trivial+1 effort to keep most people from breaking it because it's too much of a chore. That's why they let you burn it to a CD and re-import as MP3 or whatever, but not convert directly to MP3--to make it too much of a hassle for most users to massively violate the agreement.
Illegal fair use?
Fair use includes making a backup copy. I don't believe making a backup includes downloading one from the Internet (but that is open to interpretation).
Illegal copy I make for my wife?
Doesn't fall into the downloading category.
Illegal copy of music I already bought so I can take it in my car without worrying about car thieves stealing my only copy?
Illegal copy on my hard drive so when the less than immortal physical CD craps out I don't have to pay for a new copy at full price?
Again, doesn't fall into the downloading category.
Illegal monopoly on region codes (violates WTO)?
I don't see how this has anything to do w/this topic. We are talking about music not region coded DVDs/games.
Illegal price fixing (RIAA)?
They were found guilty and supposedly paid the price they deserved. The open debate about the severity of the fine is irrelevant.
How come all it seems to take is the mention of Apple, and all the things slashdotters normally hate, such as DRM, and restrictive click-through agreements that prohibit reverse engineering, suddenly become the best thing since sliced bread?
Just raise the taxes on crack.
The site is becoming slow. I have a fast Internet2-enabled University connection, so anyone can download quickly from these. This has enough bandwidth for all of you. :)
It's probably a DMCA-banned circumvention device, but these are my last days on ResNet. *sniff*
Here's a mirror:
UNIX-style source: http://128.220.38.69:8071/hymn-0.6.0.tar.gz
Windows binaries: http://128.220.38.69:8071/hymn-0.6.0.zip
Mac binaries (with GUI): http://128.220.38.69:8071/hymn-0.6.0.dmg
You can check my MD5SUMs against the official ones, http://hymn-project.org/download/MD5SUM .
Last I heard, you had to actually purchase the music and have a iTMS account for Fairplay to work. It won't work on that AAC file you grabbed off of Kazaa, because you don't have a valid key to begin with. This is clearly a fair use issue, not one of copyright infringement.
I just burned my ability to mod this discussion, but that had to be said.
Right now, under the laws of the United States, we have the right to make music compilations and give them to friends and family. There are no limits to how many times we can do this or how many people we give them to. DRM takes away that right away.
If you feel like turning over your rights to corporate America, then so be it. Fortunately, not everyone shares your view.
If someone says he and his monkey have nothing to hide, they almost certainly do.
And I for one welcome our new anti-corporate open-source hippy weed-smokin' bastards.
If Jesus wants me it knows where to find me.
because i'm pretty savvy at getting rid of my 9-18 month old macs on eBay, i'm often turning over my computers.
twice now, i've had a machine leave me without deauthorizing it. once because i forgot to, and once because it died on me totally (iBook repair program).
So i have yet 1 machine that is authorized - and rather than do an XP-like "mother may I" call to Apple to pay for music i've paid for - i'd rather just run this app, move my music to whatever machine i've got - and keep buying more music.
there are lots of good reasons for this - few are bad - and since my ID is still attached - its not like i could easily get away with using it on a P2P anyhow.
I use iTunes because it works better than p2p, and will keep on doing so so long as Apple doesn't stop me from using what i've bought.
guns kill people like spoons make Rosie O'Donnell fat.
Due to the nature of emulation, PearPC is quite slow (the client will run about 500 times slower than the host).
So PearPC is written in Java, then?
Ba-ZING!
Keep in mind that I am not trying to defend Microsoft's DRM, my position is that BOTH DRMs are bad. Anyway, my real question is, what makes Apple so perfect and Microsoft so wrong?
It's a simple matter of history. For the past 10 years, Microsoft has behaved atrociously in any market where they have had a stake. They have run roughshod over consumer interests, antimonopoly laws, and have singlehandedly destroyed free market competition.
While no one can be sure, many of those who mod pro-MS DRM (or pro MS anything) negatively are relying on their historical knowledge of MSs behavior. Apple generally have not abused the markets in which they compete (though they have been known to do so: e.g. Final Cut Pro, though that is debatable given Adobe's letting Premeire languish).
So, long story short, people mod pro-MS posts negatively and pro-Apple posts positively because they recognize that the two companies are DIFFERENT. It's not only what you say, but of whom you say it, and let's be realistic. Given the chance, MS would almost certainly use any DRM scheme it controlled in a way that abused its monopoly position. Apple doesn't have a monopoly it can abuse. Its lead in digtial music sales is independent of its horrifyingly low desktop market share.
In context-sensitive debates involving IT, it does matter if you are talking about IBM, SCO, Apple or, Microsoft. Funny that you can't seem to understand that people use what they know when deciding whether to moderate up or down.
blog
There's really nothing else that Apple can do. If they ignore PlayFair, the RIAA will surly pull the plug on iTunes.
Except for one thing - iTunes is making a LOT of money for the RIAA and associated companies! As iTunes grows in use and popularity, Apple has much more of a stick to brandish and show music companies that even with tools like Hymn, sales can continue to grow. I think that was Apple's plan all along, to start with the least restrictive DRM possible and then relax it further as time went on and the music companies became more comfortable with the whole thing (witness the recent relaxation of number of computers to five instead of two) - they only dislike Hymn because it accellerates the time table faster than they would like.
The RIAA could possibly pull the plug (not sure what the contracts are like) but will they do it if they throw away a ready cash flow in the process? You can argue other things they have done have hurt sales, but only from a theoretical standpoint - iTunes represents a very concrete flow of money that I'm not sure the RIAA would have the gumption to shut the valve on.
So now the question is - is Apple willing to undergo the expense of a legal battle they are pretty sure they will lose and not even agree with, or are they strong enough to tell the music companies they cannot fight it from the start?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I really like this. Even more now that they leave the ID info intact.
This program is made to circumvent DRM, but not to pirate. As such it allows fair use as stipulated under copyright law
IANAL but I don't like this trend of locking in the user more and more. There was never any real action against people taping their LP's in the time when my back didn't hurt that much after sex.
I'm actually from the other side (involved with a label) I and don't think pirating stuff is in some weird way noble and nice, but like almost everybody on that side of the fence, I do like music - a lot more than most Britney Spear copying idiots I'm sure - and I do buy the stuff, and I can't foretell on what equipment I'll be wanting to play it on in a couple of years time. So the more options I have, the happier I am.
That doesn't mean I want Apple to support every music format possible, I like their focus on ease of use... When I was a kid I also had to find out how my cassette player and mixing desk had to be hooked up in order to copy. But nobody was actively trying to make my life difficult either.
On that: Apple needs to show it's "concerned" and needs to be seen to try and do something about this - it's a lawyer thing, else they don't uphold their part of the bargain - but really, do you think deep down they really care? There isn't a company that's more into music than Apple. They know very well what reality looks like and how consumers think.
I think, therefore I am...I think.
Congratulations, someone cracked the iTunes DRM. Honestly, good job. I wouldn't have been able to do it. But what would really be nice is if someone cracked the DRM on WMA files. Then, of the few songs that you can't purchase from iTunes, you could buy them from a WMA based music store and play those songs on any computer/music player too.
See, WMA is even more restricted. WMA-only music players using Windows operating systems.
The cracked iTunes DRM now allows for purchased music on ANY device capable of playing a music file. Complete compatability
But your iTMS account name still remains coded in the hymn-altered file.