DVD-Jon Breaks iTunes Encryption For Linux Users 584
McGruff writes "The Register has a story regarding DVD-Jon's new hobby, iTunes DRM. According to the story DRMed iTunes AAC files can now be played under Linux via VidioLAN Client thanks to some handywork by Jon.
'"When you run the VideoLAN Client under Windows it will write the user key to a file. The user key is system independent and can thus be used by the GNU/Linux version of VLC," he explains.' Personally, this just means I will buy even more iTunes." (We mentioned in November Johansen's efforts to negate the iTunes restrictions on Windows.)
The Code (Score:2, Informative)
Or maybe... (Score:3, Informative)
Re:How long... (Score:3, Informative)
Re:Does iTunes music store work under Linux anyway (Score:5, Informative)
Re:How long... (Score:5, Informative)
The downside here is that you're losing quality encoding to MP3 (remember that AAC is also lossy). Unfortunately, there is no way to preserve full-quality without retaining the original file format.
Either way, I frown upon this sort of piracy. $.99 is pretty darn cheap (Note here that I have no objection to using this to play your OWN files under linux if it is the operating system of your choice. Just keep it to yourself)
Itunes. (Score:2, Informative)
Why? It isn't like I bought a digital object, I just bought a string of bits.
Re:What does this guy do for a living? (Score:5, Informative)
Re:Is this guy an idiot? (Score:3, Informative)
Re:From the article... (Score:3, Informative)
For the very very long story go here [harvard.edu]. It's one of the legal declarations from the case.
Re:From the article... (Score:2, Informative)
But we let it be kept secret, infact the real secret is that the Xing Player KEys/code was used, buy had to be faked to look like it was reverse engineered.
In any case, TOO LATE NOW, its out of the bag, and no traces left, the way it was meant.
Re:If this turns out to be straightforward... (Score:2, Informative)
It's in Apple's interest that DRM be as unrestrictive as possible, since it means more music for people to play on their iPods, which indirectly helps market their iPods. It wouldn't surprise me if they go after people who break their DRM, to maintain good faith with their music industry partners, but not because it's any skin off their nose.
Re:How long... (Score:2, Informative)
What sort of piracy? I didn't see anything in your comment that described piracy.
Neither piracy nor copyright infringement for that matter.
Re:Key exchange ? (Score:2, Informative)
No, it's not. Albums on iTunes are (with a few rare exceptions) $10. 95% of in-store albums cost quite a bit more than that.
Re:Windows Only??? (Score:5, Informative)
What?
Re:How long... (Score:5, Informative)
Re:I hope it has DMA restrictions... (Score:3, Informative)
Now other mp3 player can support Apple's AAC.... (Score:2, Informative)
Re:How long... (Score:2, Informative)
Re:AAC != ENCRYPTION (Score:3, Informative)
Well close but not quite. The article is dealing with playing encrypted AAC files, not removing the wrapper. The article is about getting the key and the wrapped file both to a Linuz box so it can play it. It is not about unwrapping the file to an un-encrypted file for playback anywhere.
Relevant Information (Score:5, Informative)
Every user account for iTunes gets a "user key". This gets sent to the computer at the the time of "Authorization" and gets written to a file on the hard drive. But it's not written out plainly, oh no. Instead, it creates a "system key" using several bits of data from Windows and the hardware and such. This system key is what's stored in the file.
To playback a song, the system key is derived from the machine and used to decrypt the file on the drive. This gives the list of user keys that machine is authorized to play, and these will decrypt songs using the same account (yes, each song is encrypted at the time of download, with the user key for that account).
This crack essentially works out how the system key is derived. Using that, it gets the user key, writes it off to a file, and can then decrypt any of that users songs.
Note that when you transfer a song from iTunes to the iPod, it does the same basic thing. Decrypts the file using the system key and reencrypts it using iPod specific information, then sticks it on the iPod. The iPod then does the same process as iTunes to play the file, more or less, it's just using a different system key.
This crack could be patched by changing the method to derive the system key from the machine, but not once the user key has been derived and written to a file somewhere. Once you have the user key, that can be used to decrypt the songs, and you're essentially done. Since you have the song files, and the key to decrypt them, no patch in the world could possibly fix it. They could fix it for newly purchased songs, but to do that they'd have to change every users key and reauthorize them. And that potentially breaks the authorization for songs that have already been purchased. They could start a new key without removing the old ones, in order to maintain backward compatibility and not piss off everyone who has used iTMS up until now, and then release new songs using only the new encryption, but it's essentially a dead end. The whole concept behind iTunes encryption is that once a machine is authorized, it can play songs without any outside intervention. Meaning that it has everything it needs to decrypt the songs right there on that machine. Meaning that as long as this is true, it can be cracked again.
I knew it was only a matter of time. I give it another 2 weeks before someone takes the code out of the drms.c, drms.h, and drmtables.h files and produces an M4P->M4A converter. Everything really needed to do it is in there. You read in the file, call this code to get the system key, call the code to get the user key, call the code to decrypt the DRMS section, then rewrite the file with a normal AAC data section instead. Not too difficult, although interpreting Jon's code is a PITA to say the least. The guy writes C code that reads more like ASM. Frankly, looking at the code, I think he simply found the relevant part of iTunes/Quicktime with a debugger and converted the relevant machine language straight into C with no major adjustments.
Re:People say this won't hurt Apple, but it will (Score:3, Informative)
Quote [infoworld.com] from Phil Schiller, VP worldwide product marketing Apple
There's also an article somewhere where Steve Jobs says more or less the same (and says he told the labels so), but I can't find it currently.results: (Score:1, Informative)
At 10x it sounds definitley worse, you can easily tell the degraded version from the original on the cheapest equipment.
At 25x ghost-noises increase, some instruments become very faint and vocals develop strange echoes.
At 50x it starts to become painful to listen to the song, noises are sometimes louder than the music, overshadowing it completely.
At 100x noises get so loud you can't understand the vocals, and only the most basic of notes manage to come through. Nevertheless, the song is stillt easily recognizable. It stopped beeing enjoyable somewhere between 10 and 25.
All the best,
rob