DVD-Jon Breaks iTunes Encryption For Linux Users

McGruff writes "The Register has a story regarding DVD-Jon's new hobby, iTunes DRM. According to the story DRMed iTunes AAC files can now be played under Linux via VidioLAN Client thanks to some handywork by Jon. '"When you run the VideoLAN Client under Windows it will write the user key to a file. The user key is system independent and can thus be used by the GNU/Linux version of VLC," he explains.' Personally, this just means I will buy even more iTunes." (We mentioned in November Johansen's efforts to negate the iTunes restrictions on Windows.)

Key exchange ?

[Jesrad]

How long before people start exchanging their keys ? Now that the key can be had and used under virtually any platform, in an easily copied or transmitted file format, the copy-protection is effectively cracked.

How long...

[3Suns]

Awesome, I was waiting for this. Definitely a reason to consider iTunes now.

How long until someone writes a command-line AAC2mp3 converter?

This is a wonderful breakthrough

[lynxuser]

I am quite excited about this. VLC has always been my media player of choice, now the ability to play AAC DRM files in it just ups its ante.

While booting to Windows is a slight disappointment, I am sure DVD-Jon will remove that step ASAP.

Re:Key exchange ?

[Anonymous Coward]

fuck exchanging keys. just exchange the damn mp3s using kazaa or emule.

From the article...

[Anonymous Coward]

Norwegian programmer Jon Lech Johansen, who broke the DVD encryption scheme...

It was my understanding that DVD-Jon (as we're calling him now) did *not* actually break the DVD encryption scheme, but collaborated with some anonymous hackers who did. I think his involvement was more on the order of making it more accessible to the tyro. Could someone clear this up once and for all?

Macworld Keynote

[gss]

I wonder if Jobs will say anything about this in tomorrows Macworld Keynote. I kind of doubt it.

What does this guy do for a living?

[cacheMan]

What do any of these people do with free time to break encryption schemes, contribute to oss, and build robotic girlfriends? I'm serious, how do you earn a living and still have time to do things like this?

iTunes on Linux

[ZWarrior]

Somehow I think that this is an example of the way software restrictions will continue.

Programmers will code the security so that the app only works one way, and some user will break it s it works elsewhere as well.

We need to have more thought put into coding so that apps will work more platforms, and also be aware that it is envitable (sp?) that somebody will crack it.

I broke a lot of digital clocks as a kid because I wanted to know what made them tick! I still got new ones, and broke them as well.

Does iTunes music store work under Linux anyway?

[Nailer]

I have an ipod, and use it together with the nifty GTKPod, Grip and beep to get my music onto the Pod and play tunes off it.

But I'm in Australia, and we don't have iTunes music store yet.

It it possible to use iTunes music store under Linux? Is it just a web site, with files you need iTunes to play, in which case I can use VideoLAN instead? Or otherwise?

In a worse case scenario, does iTunes work under Winex or Codeweavers Wine?

Re:Key exchange ?

[lynxuser]

While exchanging keys sounds good, in theory, I believe the keys are limited to 3 PCs through the DRM. As well, they would need to be sent with the AAC DRM files that you want others to use, this sounds like a security risk to me. Finally, I suspect that Apple enabled some sort of hash, linked perhaps to your MAC address (or some other hardware) that would keep the key different for every single PC.

What's The Point?

[Pave Low]

iTunes isn't available for Linux, and it probably never will ever be.

So where would a Linux user get purchased music from iTunes from? From his Windows or Mac computer. This is a what passes for win for Linux users??

It seems to be a cute exercise, but not a very useful thing, unless you hate Apple's horrific, evil DRM oh so much.

Leave it alone

[Anonymous Coward]

Christ, he just barely got away with the DeCSS thing. He should keep a low profile. They know where he lives. He's advertising to be arrested again.

What's the point?

[mr100percent]

What is the point here?
Ok, so you can play iTunes AAC files on *Nix PCs, provided you have the key. Wouldn't it just be easier to download it off of Kazaa? You can find cover art with google, and you can use SoulSeek to find high quality rips. That gets rid of two arguements right there.

iTunes DRM is WEAK, man. Burn it to CDRW and rip the sucker again, it's as easy as jumping over a subway turnstile. Why are we wasting time with a pointless thing like this, why not crack WMP or something harder with a better payoff?

WMP

[SJ]

So if this guy is so great, has he broken Windows Media yet?

If this turns out to be straightforward...

[ChangeOnInstall]

...I'll be opening an iTunes account very soon, where previously I would not have considered it. The two primary computers where I listen to music are Linux PCs at work and at home. I'm unwilling to burn AACs to a CD and then re-encode them (with additional loss) into MP3s or Oggs.

I just hope Apple gets the message and removes all DRM from their music. At that point, I'd encourage others who do not have technical knowledge to buy music using the service as well.

I take it that it is the RIAA that mandates the DRM though and not Apple?

Sounds cumbersome for swapping

[Bakafish]

Not that I would advocate such use. But this requires the key to be distributed with each file. Keep in mind that said key is *known* by apple, and directly tied to your account, it isn't something I would recommend sending out into the wild. On the other hand, using it on your own equipment to get around that creepy three machine registration limit seems like a good thing. If anything ever happened to Apple and your registered machine bit the dust, being able to back up a valid copy of your key seems like a good thing.

The thing is that AFAIK VLC isn't set up to manage multiple key+file pairs. So it is useful for *your* library, but not various files downloaded off the net. For that reason, I doubt they will go after him.

My question is, how does the iPod decrypt the file without a key? Or is it simply using the parent boxes key? It seems to me that if that's the case it should be trivial to recover the key from an iPod directly, no PC required (Just a Mac :-)

Re:Itunes.

[Have Blue]

You *did* buy a digital object. That was the original difference between Apple's store and the other DRM implementations: You have complete freedom to do anything you want with the file with the Finder. You just need authorization to use (play, burn) it in iTunes. You are free to, and Apple recommends that you, copy the file for backup purposes.

Re:How long...

[Nasarius]

Exactly. That's why if you want me to buy music online, you had better be distributing it in a lossless format (FLAC, SHN, APE, whatever...I don't care as long as I can get the original WAV).

Re:But

[jared_hanson]

According to my understanding, his first "crack" would be possible to patch as it exploited the functionality of QuickTime that made an unencrypted AAC stream (or PCM stream?) out of the protected one. It then dumped this to a file absent of DRM.

His new crack actually writes the decryption key out to a file. This key is written out using Windows and is apparently derived from hardware serial numbers, such as that on the hard drive. This key can then apparently be used to decrypt the protected files on any OS. I haven't given this a shot yet, but it should be interesting to find out.

Personally, I don't care all that much, as I use iTunes on OS X and an iPod to listen to most of my music. However, I would like to serve up my protected AAC to my squeezebox, and this just might allow for on the fly transcoding to a PCM stream from SlimServer.

It would be pretty tough for Apple to go and make another DRM scheme that avoided this without breaking backwards compatibility.

Re:Windows Only???

[JazFresh]

Check out the Google Zeitgeist. [google.com] Only 1% of all hits were from Linux machines. Given that, do you really think it's worth Apple's time to cater for 1% of the Internet population?

Not all those hits could have been from personal Linux machines, as opposed to those at universities or workplaces, so the real figure of personal Linux machines is probably less.

Or maybe you were talking about Amiga support, which I'm sure made up most of the "Other" category. :)

This is the perfect time.

[stuartkahler]

I'd bet he started working on the iTMS project a long while ago. He's just been acquitted twice for doing the same thing with DVD encryption. Now that he has rock solid precedent, he can practically walk into court without a lawyer if the recording industry sues him. He's got a great big whoop-ass stick, and it's time to use it.

In Norway, that is... Americans are still screwed.

Re:Is this guy an idiot?

[iabervon]

Actually, he's really smart. He's publicly claiming responsibility for doing something right after practically the same thing was found not to be illegal in his country. So Apple (or the RIAA) goes to Norway, and tells them to stop him, and Okokrim tells them that not only do they not want to prosecute, but they have legal precedent that what he's doing isn't a crime.

Sure, the litigation may have not accomplished much, but it did resolve that under current Norwegian law, it's perfectly fine for him to do what he's just done again. It would have been a bad idea for him to wait at all before bringing this to the attention of the public, because then he might be found out after laws are changed.

I bet he's glad now that he got an appeals court descision in his favor, instead of get the original court...

mp3 players

[krokodil]

I bought portable mp3 player (not iPod) just to discover that I could not send to it melodies I've purchased via iTunes.

So apple wants me do buy iPod. But it is too expensive for my daughter (I got her now $140 player with 256Mb RAM).

So I hope, some day there will be program to unlock
my purchased AAC files to be able to listed then on my mp3 player. I think this is fair use and should be permitted!

Re:Is this guy an idiot?

[be-fan]

Huh? The whole point is to allow Linux users to use the music that they legally purchased on the platform of their choice. Its exactly the same as the DeCSS stuff.

I use Linux as my primary desktop. DeCSS allows me to do the same things Windows users do, play DVDs on the platform of my choice. Every time I watch a movie on my monthly flight from Atlanta to Washington DC and back, I owe that to DeCSS.

iTMS is cool. There is no reason that only Windows and MacOS users should get invited to the party.

Re:Key exchange ?

[seanadams.com]

That doesn't make any sense.

If he's using the key to decrypt the file, presumably the raw AAC stream can be extracted.

I.e. you could do lossless conversion of m4p -> m4a. You'll have the same exact data minus the DRM, free to use with any AAC-compatible device or software you want.

Re:iTunes.

[Abjifyicious]

If you get in touch with Apple tech support, inform them of your plight, and politely ask them to let you redownload the songs, they will authorize your account to download new copies of the song files.

Re:How long...

[jtcm]

Can anyone really hear any loss during regular use?

Frankly, yes.

I can most certainly hear the difference between mp3s and non-lossy formats, but only on high-end speakers.

--
this is my real sig.

Re:How long...

[nemesisj]

I can consistently determine the difference between a CD and 192kbps in a double blind test environment. If it's a genre of music that I really like, and a band I know well, I can even do pretty well between a 256kbps MP3 and a CD.

This is on medium to low quality speakers.

If we're talking about headphones, I can tell every time between the CD and any lossy encoding method.

You obviously don't listen to music for detail, which is ok, that's fine, but stop sounding stupid saying that noticing fine detail in music is impossible.

Re:Jon wrote 1000 lines of code with no comments

[IamTheRealMike]

Is it the output of a disassembler cobbled back together into C?

Yeah, I think this almost certainly is. Huge amounts of bit manipulation, lots of magic numbers, meaningless variable names. No type safety? No comments?

I've seen code like this before, when people have disassembled Windows DLLs back into C then tried to submit it to Wine.

I'd say Jon is treading on very slippery slopes indeed with this code. It might be possible to show that it's been simply generated from the original code which is almost certainly copyright violation - laws against that certainly exist in Norway.