"DVD Jon" Reverse Engineers FairPlay

breun writes to bring us up to date on the doings of Jon Lech Johansen, known as "DVD Jon" after he cracked CSS encryption at the age of 15. As reported by GigaOM's Liz Gannes, Johansen has now reverse-engineered Apple's FairPlay DRM — but not to crack it. Instead Johansen's company, DoubleTwist Ventures, wants to license the tech to media companies shut out by Apple from playing their content on the iPod. And, soon, on the iTV. Johansen could end up selling a lot of hardware for Apple.

Real already did this

[daveschroeder]

This has already been done with Real's Harmony.

With each successive iPod update, Apple can keep breaking Harmony. Sure, they can come back and "fix" it again, only for it to be broken again.

Besides which, anyone can sell or deliver content on Apple's iPod now:

- They can deliver it in any number of media formats without DRM (since DRM is so evil, right?)

- If they really want DRM, any music provider not currently affiliated with a major label can distribute on iTunes to iPod via services like this

So, if we're to believe the putative reasons that FairPlay has been "reverse-engineered", it is actually to specifically enable and further the usage of DRM.

Is this what the people who would applaud DVD Jon actually want? More DRM, and DRM that won't be guaranteed to work (in fact, will almost be guaranteed to NOT work) the next time an update comes out from the vendor, at that?

Re:Real already did this

[Creepy+Crawler]

---Sure, they can come back and "fix" it again, only for it to be broken again.

Well, perhaps that's not a bad idea at all. Let them "fix" it. Microsoft just recently "fixed" their DRM, in so that legitimate customers will be locked out of their own music.

I picture soon that the question will be "does my hardware at this unchanging firmware play this amorphous piece of media right now?" Well, the question will arise in the mass public and they will witness media not playing, after they paid, of course.

DRM will die when mass groups of people get screwed.

Re:Real already did this

[daveschroeder]

Close: they know what the restrictions are right now. They don't know what the restrictions will be tomorrow or next year. Apple has, in fact, issued updates to iTunes to tighten the restrictions on music that had already been purchased, and they may very well do so again in the future.

Um, examples, please? Are you talking about things like being able to burn one playlist 7 consecutive times instead of 10? (Even though you can just make one change to the playlist, change it back, and then burn again?) Other than that, I am not aware of any changes that makes Apple's DRM more restrictive, unless you're talking about the waaaaay-old changes to iTunes that disabled the ability to do music sharing via IP (as opposed to only on your local subnet, the way it is now), which had nothing to do with DRM, or the syncing changes in iTunes 2.0, which again had nothing to with with DRM, or disallowing music from easily being downloaded by others (as opposed to streamed) via iTunes, which, again, had nothing to do with DRM.

As I said in another post, Apple has actually been making their DRM more lenient: you can now two-way sync any iPod with any iTunes libraries on computers that are authorized on the same iTunes account (and you can have up to five computers and an unlimited number of iPods, which is how it's always been). Previously, you could have an iPod associated with only one music library; now you can easily keep all libraries in sync across multiple computers and multiple iPods.

While your point stands in general with regard to DRM, Apple has not introduced any new restrictions that fundamentally limit what you can do, and instead has removed limitations that previously existed.

Microsoft has done precisely the opposite, even introducing a new music player that doesn't play its *own* ironically-branded PlaysForSure content. (And to others reading this, no it wasn't just a rumor or misunderstanding...Zune really won't play PlaysForSure content, and vice versa: http://www.engadget.com/2006/09/14/the-engadget-in terview-j-allard-microsoft-corporate-vice-presi/ )

Way to go, kid!

[VicVegas]

DVD Jon is great. His idea of re-creating the scheme as opposed to just breaking it makes good business sense. Hopefully his past luck with the judicial system will stay with him and we'll see more creative uses of his hacking in the future.

Re:Way to go, kid!

[m0rph3us0]

If only 1% of people know how to break it and it generates more than that in sales then we actually save money. Esepcially since the cost of the DRM system is more like a capital cost that is amortized over all product sold.

Re:Way to go, kid!

[xappax]

Here's what I don't understand: why would a record company pay for DRM that's already been broken, when they can release their music without DRM for free?

The idea is that Sony or someone wants to sell their music directly to iPod owners through www.sony.com, instead of having to go through the iTunes store and pay Apple for the privilege.

But there's no way they'll just sell plain MP3s, because they want to keep people from sharing the songs. So they want to wrap their MP3s in DRM, but Sony-brand DRM won't play on iPods, therefore they need some way to wrap their files in an iPod-compatible DRM without having to pay Apple. Enter DVD Jon.

In my opinon, it's a fairly neutral contribution to the fight against unfair DRM. Yes, I guess it harms Apple's monopoly on the iPod, but mostly it just increases the ability of companies to apply DRM-restrictions to your music.

Suuuure

[finkployd]

Johansen could end up selling a lot of hardware for Apple.

I'm sure Apple will see it that way.

This is yet another example of why DRM is nothing more than a snakeoil-based totally flawed concept. You CANNOT turn the concept of public key cryptography upside down like that. All DRM does is have you create a keypair (or create one for you and send you the private key), then it encrypts media using your public key before it gets to you. Great, except they have to (1) keep the private key accessable to their programs/devices that need to decrypt it and (2) keep it completely away from you (the "owner" of the key) and any other programs that could use it to decrypt media without following their silly restrictions.

Keep trying to hide it in software, keep trying to hide it in hardware, as long as debuggers, logic probes, and soldering irons are available to the general public, someone will always get it. And it only takes one to make it completely pointless. After that there will be a software or hardware solution available to anyone to do the same thing. Or more to the point, the un-drmed media will be in the wild.

Close the analog hole? Trying to force everyone to upgrade to monitors, sound cards (and speakers), TVs, etc. just to restrict what they can do will backfire as well. Eventually people will figure out that there is no benefit to upgrading all this stuff. And let's be honest with outselves, most of the really cool features of Vista have been canceled, it is nothing more than XP + DRM with some OSX eye candy thrown in to make it seem different. OSX is not much better, try loading a debugger while the DVD player app is running. Or even taking a screenshot.

Nobody is waking up going "geeze, my PC, Tivo, DVD burner, and VCR can do way too much, I really wish I could pay a lot more for devices that prevent a lot of the use that is available to me now".

Wow, I guess I really needed to go off on a DRM rant. I feel better.

Finkployd

Re:Suuuure

[Chris+Burke]

No, Bob is a piece of hardware. His key lives deep inside a silicon wafer.

Bob is not a piece of hardware. Bob is the recipient of the message, the one who is supposed to be able to view its unencrypted contents. For any case involving DRM -- music, video, software, documents -- the recipient, Bob, is the user.

Just like when the Germans sent an encrypted message using their Enigma engine, "Bob" was not the Enigma machine at the destination, but the human commander who read the de-encrypted message.

The TPM chip may be a hardware device which hides the key from Bob, but the problem -- as in "fundamentally breaks crypto theory" problem -- is that at the end of the day no matter what the TPM chip does it is going to be playing the music, showing the video, or displaying the document for Bob. Who is also Charlie.

Fundamental fact: It is impossible to simultaneously show somebody a message and then prevent them from showing that message to anyone else. DRM tries to get around this, and thus it will always fail.

Re:*sniff*.. *sniff*.

[roseblood]

Indeed. Apple is not going to like the fact that some other company is going to sell their technology. Thats what patents are for right? Wait... there is plenty of prior art for cryptography (thats all DRM is, crypto for media, when you're given the right to play the media you are allowed to decrypt it.)

How will it work here? A court says DVD JON stop it, that's apple technology they worked hard to make. A court says APPLE CHILL OUT, DVD JON is going to let other MP3 players play FAIRPLAY files and non-Ipod owners will spend their money on your iTunes store.

I'm sure apple would love to sell more iPods, but then again, they could end up selling more music.

I predict lawsuits myself, the legal department will feel the need to get them going if only to prove to the bosses that they are doing productive work for the company.

Re:Why do I...

[__aahlyu4518]

So "Why do I have the feeling that somebody is going to turn out like Dmitry Sklyarov?" actually means that in a couple of years he will be married and have 2 kids...

Apple saved from Anti-trust in europe

[RichMan]

I believe this saves Apple from the anti-trust case in France that was considering Apple as monopolizing the market. As other vendors can now sell to the Ipod this technology saves Apple from that lawsuit.

DoubleTwist

[haggie]

Just look at his business name and you'll understand. DoubleTwist. He's backed Apple into a corner where they are screwed no matter what they do. Fighting his app could require them to change their DRM such that it breaks for existing media which would alienate customers, stir up tons of bad press, and further expose the downsides of DRM. OR They can let his application survive, some music companies will license it, build their own alternative distribution online stores probaby in highly specific niche music markets, and slowly chip away Apple's hegemony.

You have it BACKWARDS.

[goombah99]

It's to compete with itunes music store ipod.

As you noted if you try to compete with tht eipod then apple can just change the encoding of the music so it breaks on your harmony player. But the reverse is not true. If I am selling songs I can encode them so they play on apple ipods yet are drm protected. Once I manage to emulate that for any given edition of the DRM format, the apple can't change the protocol because it would mean old songs won't play.

that is you encode the songs such that if old itunes music stroe songs play then your songs must play too.

Re:Now finish the job

[gnasher719]

'' To be fair, your confusion is more than warranted. I think the article is backwards. The author seems to imply that a content provider will purchase FairPlay encryption from DoubleTwist. The only reason for the content provider to do this would be if it were cheaper than purchasing FairPlay encryption from Apple directly. So DoubleTwist's target customer is a content company that wants to DRM its content and also wants to have its DRM'd content work on an iPod. ''

One way to turn this into a money maker: Let's say you have a band without record contract. You want to sell music from your webpage. You want DRM so people don't copy it (I'm not saying it is a good idea but if that's what you want and it is your music, go ahead) and you want people to be able to play it on iTunes and the iPod (to reach a big market). If someone sells you software for $29.99 that adds Fairplay DRM to your music, you might be willing to spend that money.

Re:For those that didn't RTFM

DVD Jon, didn't break the FairPlay

Not recently, no. But while he was living in Norway not only did he break FairPlay, he broke it twice. And broke the iTMS protocol. Twice. Not to mention QtFairUse.

He's written and distributed a fair number of programs which are illegal to use or distribute here in the US. While he may not be in violation of the DMCA at the moment -- he's taken down a lot of the stuff that used to be in the "software" section of his site -- he certainly needs to tread carefully.

iPod vs Zune Myths

[DECS]

Extra Fairplay content won't do the Zune any good, since MS isn't likely to support AAC/.m4p

In fact, it looks like MS isn't supporting much at all:

10 iPod vs Zune Myths

Re:Now finish the job

[burndive]

The express purpose of DRM is to bind media to a particular owner, not to a brand of devices.

Interoperable DRM is exactly what PlaysForSure is: a system where the customer can arbitrarily choose between several services and several players, and switch either one at any time, without loosing any content because of incompatibility. It's just too bad that that isn't the entire market. If it were, then the DRM would only prevent a consumer from distributing the content to others, which is its sole avowed purpose anyway.

This is the situation I was describing as "tolerable," and it most certainly is different from the situation with no DRM as you describe, because in that situation, subscription services (such as Napster) do not exist, and there is no technical barrier to mass redistribution (i.e., copyright infringement).

In the situation with "interoperable DRM" which I described, the DRM did not get in the way of the consumer doing things he normally does, and it does not get in the way of him leaving one music provider for another, or one device manufacturer for another.