Slashdot Mirror
QTFairUse6 Updated Hours After iTunes7 Release
Nrbelex writes "Mere hours after iTunes 7's release, QTFairUse6 has received an update which enables it to continue stripping iTunes songs of their 'FairPlay' DRM. Some features are experimental but at least it's proof that the concept still works."
So an update to the iTunes software just means an update to the memory address offset to read the data from. Piece of cake.
In a DRM system, the consumer's machine needs to get both the encrypted content, and the key to decrypt this content. Otherwise, the consumer cannot listen to the audio he just purchased. As long as we listen to music with our analog ears, and watch video with our analog eyes, this will be the case.
As any cryptographer will tell you: if you have the cyphertext and the correct key, you can decrypt the content. Therefore, DRM systems are, by their very definition, nothing more than security by obscurity. It is a cryptographical pipe dream.
Support a Europe-related section on Slashdot!
I don't think "the iTunes people" really care. But they don't have a choice if they want to sell music. It's all about what the record labels want, not Apple.
Only a matter of time till both Apple and MS initiate lawsuits on those that cracked their DRM. No doubt aided and abetted by the **AA. The silver lining is that if this gets to the SC, the DMCA *might* get struck down as unconstitutional.
Cracked DRM? where? What this program does is something similar to dump some part of the memory in your machine into a file. It does not cracks anything, it does not modify any program, it is not any key generator, it just dumps a section of your computer memory into the disk.
Guess what, Microsoft Office does exactly that when you click the "save document" function. =o)
Ubuntu is an African word meaning 'I can't configure Debian'
I beleive the dignified response a consumer should give to Apple and other makers of DRM is:
"Neener neener naw naw," coupled with happy-dancing around the computer desk.
Oh You POS
They're capturing the unencrypted and unencoded audio stream? That means that they're transcoding if they store it as an AAC file, right?
I really do fear that the future will be riddled with incompatibilities from DRM.
I'm an "Apple Fanboy" but have limited my iTunes purchases to a few albums. CDs are still considerably more flexible regarding how and where I can use the music. Sure I own an iPod, but I also own a phone and PSP that can both play music. I also have a device that will play MP3s through my TV. None of those last three will play my FairPlay music. While I accept the limitations of the player, it's simply frustrating at times.
Regarding the new Apple Movie Store, let me get this right... we pay $9.99 (to $14.99) for a movie... that's of a lower quality than DVD and can't really be moved outside of your local network (it's not like you can take it over to a friends house without unauthorizing their computer and authorizing their computer under your username). Just trying to explain this to my fiance made her eyes glaze over. Her exact words: "sounds compleicated... why not just go to the movie store."
no, because people who don't have legitimate uses find easy ways around them.
The people who stick to legitimate uses are more likely to give up and say "forget it, I guess I won't use it for my legitimiate use because I can't", and not bother looking for a crack.
The only people that DRM hurts is the honest people who are not technically inclined.
34486853790
Connection too slow for X forwarding? Try "ssh -CX user@host"
So, I could download something from iTunes, and without hassle, put it on my non-apple MP3 player, have a copy on my work (windows) PC, my home (Windows) PC, my notebook (BSD), and use it on my Audiotron player (MP3 and WMA compatable) that pipes it through my sterio?
Somehow I doubt it, yet those are all legitimate uses.
34486853790
Connection too slow for X forwarding? Try "ssh -CX user@host"
Is that by stripping the DRM, they're actually supporting the iTunes model and therefore the record labels because people will continue to buy from them instead of switching to the non DRM competition.
It's the same reason MS don't come down too hard on piracy of their OS and office suites. It actually supports their business.
Deleted
ummm, 1 billion+ songs sold with DRM, and that's just from itunes. perhaps you have misinterpreted what the free market has said... [i am not advocating DRM, just commenting on the previous post]
iTunes works not because you can't copy the song or because of DRM. It works because of two simple reasons:
1. price
2. easy to use
Fairly simple. 99 cents is a sum that convinces people it's more convenient to click and pay than to fire up a filesharing system or phone 'round with their friends. It downloads quickly and it's guaranteed to work with your iPod, no need to wonder what format or how to transfer it, the software is built to fit.
That's what makes it popular and that's why people pay for it. I bet a sizable sum that most of them didn't even notice yet that it contains DRM. Simply because nobody bothered to try to copy it instead of simply clicking and paying the buck.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
It's called slashdot. It's a self-regulated forum of intellectuals who espouse fairness, rational discourse, wit and good fellowship above all else.
Intron: the portion of DNA which expresses nothing useful.
Actually, I can think of a couple perfectly legit reasons involving things that I want to do.
1. I have been unable to listen to my music on my XP x64 installation. I've been using this as my primary PC for a while now, and I've been unable to play any of my M4Ps since iTunes won't even install (until today). I spent a long time looking for an older iTunes 6 installation, but to no avail. I'll see if I can get things working again tonight. If I could strip the DRM, I'd just open up any number of other players and listen in Media Player or Winamp.
2. I have a car MP3-CD player. I cannot convert my M4Ps to MP3 without wasting a bunch of CDs. iTunes doesn't let you create an MP3 CD with your protected songs. If iTunes allowed me to burn an MP3 CD with those protected songs, or if I stripped the DRM, I could make that MP3 CD and have my music with me in the car.
Yes, I know that if the DRM was easily removed the *AA would be all over them... I understand that this isn't all on Apple, and they have to at least try to keep their music locked down. And no, I'm not going to go spend $400+ just to listen to music I already bought.
There is also no legitimate reason to inconvenience your paying customer and lock him into protection schemes at all. Whether it's some arbitrary number of copies he may hold or other limitations imposed on him. What happens to my music when I went through 5 computers (you know the MTBF is shrinking quickly in the current hardware, yes?), not every song is fast food like current pop music. I might still want to be able to listen to it in 10 years.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The DMCA is pretty clear on what it means by circumvention:
If you think you can convince a judge that this isn't textbook circumvention, hey, go for it. But saying it'd be an uphill battle is putting it lightly. Especially if you go in there claiming that it's somehow impossible for a "mere memory dump" to constitute circumvention, when it is clearly one of many types of transform wherein you put a protected work in one end, and get an unprotected work out the other.
(Do not confuse this post with DMCA advocacy. I strongly disagree with outlawing technologies and actions; I think the law in this area should merely concern itself with results. But I also think you can't fight against something you don't understand; you just make yourself sound like an idiot. You need to understand there is a distinction between what the laws says and what you wish it said. Understanding the DMCA better is a necessary step in fighting it.)
Yeah sure. Wanting to listen to purchased music on Linux systems is wrong.
"It ain't a war against drugs.it's a war against personal freedom" --Bill Hicks
Slightly off topic, but I wonder how you feel about downloding content that was on broadcast TV. Take the show "Lost" for example. Lets say you missed it when it was broadcast. Now, you could have recorded it for free and stripped out the commercials. But you didn't for whatever reason. You could wait a year for the DVD to come out, but you don't want to wait. You could pay some "legit" online service for the convenience of downloading, but why should pay for something that was broadcast for free just yesterday? Is there anything wrong with downloading it or getting it from a friend?
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
I think Apple has procedures for deauthorizing a computer and adding a new one in its place. Unless you're going through computers like the Flash, it shouldn't be much of a hassle.
There are a lot of arguments about how bad DRM is and why it is stupid and how it restricts one's fair use.
The arguments lack one perspective, that the purchase of music from iTunes, et. al., comes with certain conditions. There is no fundamental right to purchase anything free of conditions, so when music companies and online retailers decide that they will offer music that is ensconced in DRM, that is a business and marketing decision that they make, assuming that people will forgo some freedoms in order to have the convienience.
The sort of "active" protest over DRM that is represented by tools to strip the DRM merely confirms that the market for the music exists and offers no reason for the music companies to move away from DRM. A better protest would be to boycott the entire DRM scheme altogether and only seek music from outlets that provide it free of DRM.
Will you still be able to get all of the CCR and Radiohead from other, non-DRM outlets? No, but if you want to make a point with a corporation, you need to do it by removing yourself from the market. The problem that I see is that many people want to have it both ways; they want all of the convience of an iTunes or Rhapsody, or similar, none of the DRM and want all of this without any real sacrifice.
A major problem today is the erroneous sense of entitlement that pervades so much. Too many people think that they are entitled to market for products that suits their needs and are willing to resort to unethical, if not blatantly criminal, activity to create that market. The truth is that the online music market will only change when providers are losing money because their markets have shrunk and they must retool the offering. AS long as people buy the DRM'ed music, that won't happen.
> Probably after they start using encryption well enough that programs like QTFairUse6 become impossible to create.
It's a truism I find myself having to repeat: you cannot encrypt something to keep it from its intended recipient. You can't embed it in hardware (CSS tried that, look how trivial that is), you can't do it with online activation. At some point, you the intended recipient of the "plaintext" are going to receive that content, and barring complete end-to-end encryption through the hardware with no leakage whatsoever, some process will always be able to get at those bits.
They're trying to lock down the hardware, but that's also a pretty doomed effort, since it just doesn't work out economically for the hardware manufacturers.
That procedure requires the computer still be running. Suffer a crash that requires an OS reinstall or replacement and you're down one machine, forever. Better to preemptively strip the DRM from what you buy and not have to worry about it. It's a symptom of our corporate whore government that doing so is technically a criminal act in the United States.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
Apple does not care one way or another about how the RIAA/MPAA view DRM as long as they can get content. Apple wants to keep DRM so you have to buy iPods. If you could easily strip iTunes DRM and put it on any player then Apple's bread and butter high margin hardware business has to deal with much more competition (their margins on media sales are garbage). Right now if you like iTunes - you either only listen/view on your Mac/PC or iPod. Apple owns the DAP market and has a small though not completely insignificant workstation and laptop market percentage.
Sorry, but QTFairUse6 does NOT break DRM in the same way that Hymn, et. al. do it. Hymn breaks DRM by getting the keys and decrypting the files itself. What QTFairUse does is... use iTunes to break it (relying on the fact that you have ciphertext, a key, and a black box (iTunes) that can take those two inputs and produce unencrypted audio).
If you examine the source code, you'll see why it hasn't been ported to Mac - it isn't portable. It relies on the fact that for a brief period of time, there will be a frame of decrypted AAC data. It first attaches to the iTunes process, then it attaches a breakpoint inside of iTunes. You play your audio, and when iTunes finishes decrypting a frame of m4p, it hits the breakpoint. Then QTFairUse, acting as a debugger, grabs a copy of the AAC memory buffer, and writes it to a file, which is (surprise) unencrypted. (This was how the first iTunes hack was done, too).
What QTFairUse6/MyFairTunes does is make it entirely automated by faking out a debugger. If you knew where to set the breakpoint, and where in memory to find the unencrypted data, you could basically do the same thing with your bog-standard VisualStudio debugger (albeit more slowly).
The iTMS 6 format wasn't broken, just an alternate attack vector was found. And it might be more difficult in OS X, since a process can prevent itself from being debugged by setting permissions to do so.
That's why QTFairUse is version specific - it needs to know where to find the memory buffer, and where to set the breakpoint.
The fun thing about that is that only one person really needs to go through the hassle. After that, the rest of humanity has it easy.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
I was recently in this predicament--I downloaded an episode of HBO's Entourage and I forgot to have PeerGuardian on. HBO contacted my ISP, Cox, and had my internet access disabled. I called Cox up and they had no clue why my internet was out, and after jumping through hoops with an idiot tech who kept wanting me to change router settings, a tech was scheduled to come out a week later, until a day before he was supposed to come they called me up and said they disabled my acccess. Idiots. I had a legit subscription to HBO, but I was penalized. I don't blame HBO because they had my IP address, not my full contact information, so I doubt they could know that I was indeed paying them, but it was still very annoying nonetheless.
Scorta futuere amo!
I don't have a problem with downloading and viewing sans commercials (do it myself with DVR and fast-forward, which is legal), I'm just letting you know what I think they would retort with. I happen to think that corporate-owned media is in violation of the spirit of my nation (USA). I believe the airwaves should belong to the public, and that the corporate/advertising model is fundamentally flawed. So even if such activities were illegal, I wouldn't look negatively upon them. Who needs more protection: the broadcaster or the consumer? I think the latter.
(%i1) factor(777353);
(%o1) 777353
When you play the law game, the argument of the form "Look, there's a definition of X in the dictionary, under which X didn't happen. Therefore, I didn't do X. Ha-ha! Got you!" works about as well as I've made it sound.
Oh yeah, as if lawyers never exploit technicalities. The technicality here, of course, is that you are gaining access to the copyrighted work with permission of the copyright owner and through the approved method. It's being decoded into memory in the correct and legal means, and you then have a legally decoded copy in memory. The user is then copying that copy in accordance with fair use. There's no circumvention of the controlled access to the work, because it's an issue of what the user who has controlled access does with that access.
I'm not saying it's an iron-clad argument or anything, but it certainly could be argued on very technical grounds, and that's a large part of what lawyers do-- argue about the wording and meaning of laws in a very technical way. The point is, the transformation from a protected copy to an unprotected copy is done explicitly how the copyright holder has given permission for it to be done. Every time you play a song in iTunes, the program is making an unprotected copy in memory, and this program is simply a means to KEEP that copy.
Two things here:
1) Descramble? No. Decrypt? Nada. Avoid? Nyet. Bypass? Nien. Remove? Iie. Deactivate? Nay. Impair? FALSE. It's not doing anything to "circumvent a technological measure." It is, in fact, accepting the output of authorized decryption, then doing "unapproved" things with that output. Thus the DMCA does not apply.
2) This hack most certainly is handled "in the ordinary course of its operation", in that even if you don't have QTFairUse6 installed, iTunes still decrypts and stores to a memory address, thus removing the DMCA-covered "technological measure".
So it's quite possible to argue that a "mere memory dump" does not violate the DMCA. The decryption is authorized, the "technological measure" is removed, and the DMCA is no longer an issue before QTFairUse6 ever touches the data. These facts will hold up in court if you can get them there, and it'll be all the more convincing when you get the record industry "experts" and Apple's engineers to say it.
Nah. Just register that this time, they knew what the appropriate code looked like, and found it relatively easy to find in the new binaries:
Find the AAC stream decoding function using a subset of the old one as the 'signature bytes'. Do this many times with different sig sets until you find something that more or less consistently matches up.
Look for references to it in other functions that also appear to be stream-decoding. There shouldn't be too many, and one of them must be the FairPlay decryptor.
Hook into the new address you've found, and start dumping.
QED. And, no, I'm not saying "I wish I'd done that". I havent (though, I was in the process of...). Even if I had, I live in the states, so redistribution is a no-no.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
They do gain a benefit in that it makes it hard to use iTunes-purchased music on non-iPod MP3 players, true. However, it's also pretty well known (though I don't have a source, it's pretty well accepted as fact) that Jobs has fought with the record companies over the DRM. Jobs wanted cheap music, DRM free, at a flat fee, that could be transfered back-and-forth between the iPod and your computer. The labels wanted music with expensive variable pricing and extremely restrictive DRM. The current system, with mostly flat pricing (more expensive than what Apple wanted but cheaper than the label's intended), somewhat loose DRM, and one-way syncing from iTunes->iPod was the compromise.
Really, when you think of it in a certain way, why would Apple care terribly about the DRM? They don't make much off of these sales, and a lot of their cost probably comes from bandwidth, which isn't used except when someone actually buys something. On their end, it's largely promotional.