DVD-Jon Breaks iTunes Encryption For Linux Users 584
McGruff writes "The Register has a story regarding DVD-Jon's new hobby, iTunes DRM. According to the story DRMed iTunes AAC files can now be played under Linux via VidioLAN Client thanks to some handywork by Jon.
'"When you run the VideoLAN Client under Windows it will write the user key to a file. The user key is system independent and can thus be used by the GNU/Linux version of VLC," he explains.' Personally, this just means I will buy even more iTunes." (We mentioned in November Johansen's efforts to negate the iTunes restrictions on Windows.)
Key exchange ? (Score:5, Interesting)
Re:Key exchange ? (Score:2, Interesting)
Re:Key exchange ? (Score:3, Insightful)
Re:Key exchange ? (Score:2)
Re:Key exchange ? (Score:3, Interesting)
Re:Key exchange ? (Score:5, Insightful)
This hack is, OTOH, useful for 'fair use' - for people who dual-boot Windows and Linux. As well as dedicated music pirates who would re-share the unlocked files as plain AAC.
Slightly Off Topic... (Score:5, Funny)
Re:Key exchange ? (Score:3, Interesting)
If he's using the key to decrypt the file, presumably the raw AAC stream can be extracted.
I.e. you could do lossless conversion of m4p -> m4a. You'll have the same exact data minus the DRM, free to use with any AAC-compatible device or software you want.
Re:Key exchange ? (Score:4, Insightful)
I think you should consider that there are MANY practical reasons why a legitimate owner (licensee?) of iTMS music might want to strip the DRM from their files.
Re:Key exchange ? (Score:3, Insightful)
Getting your Windows Product ID blacklisted is probably enough of a hassle. Clearly Apple has this information as well - otherwise how do they lock the files you purchase in the first place?
And anyway, pirates would rather share the non-protected files. Once you could unlock the AAC stream for playback it should not be hard to then
Re:Key exchange ? (Score:2)
But I still think it will happen on a small scale, though for the immense majority of the iTMS customers it will be useless (not using VLC, having less than three computers to play the files on, too much tec
Re:Key exchange ? (Score:5, Insightful)
How long... (Score:5, Interesting)
How long until someone writes a command-line AAC2mp3 converter?
Or maybe... (Score:3, Informative)
Re:How long... (Score:3, Informative)
Re:How long... (Score:4, Insightful)
So I can put it on my mp3 player that doesn't and never will know how to decode AAC. As of right now, I have to burn the music to cd, then rip it to mp3. It would be nice to skip a step.
Re:How long... (Score:5, Informative)
The downside here is that you're losing quality encoding to MP3 (remember that AAC is also lossy). Unfortunately, there is no way to preserve full-quality without retaining the original file format.
Either way, I frown upon this sort of piracy. $.99 is pretty darn cheap (Note here that I have no objection to using this to play your OWN files under linux if it is the operating system of your choice. Just keep it to yourself)
Re:How long... (Score:5, Interesting)
Re:How long... (Score:5, Insightful)
Re:How long... (Score:3, Interesting)
This is on medium to low quality speakers.
If we're talking about headphones, I can tell every time between the CD and any lossy encoding method.
You obviously don't listen to music for detail, which is ok, that's fine, but stop sounding stupid saying that noticing fine detail i
Re:How long... (Score:4, Insightful)
You might hear a single 100% silent frame between songs as a "click" (maybe, if you listen carefully) but in reality there would never be a 100% silent frame inserted, and most decoders are pretty good at covering up inter-frame glitches.
Piracy? (Score:3, Insightful)
It's not piracy until you sell/give the re-encoded file away to somebody else. Until then it's fair-use (hint: think of devices that play Mp3 but not AAC).
Re:How long... (Score:5, Informative)
This is a wonderful breakthrough (Score:5, Interesting)
While booting to Windows is a slight disappointment, I am sure DVD-Jon will remove that step ASAP.
Windows Only??? (Score:3, Insightful)
Re:Windows Only??? (Score:5, Insightful)
Does anybody else see something wrong with Apple having a program that only works on Windows and Macs? You would think they would be a little bit more understanding of those of us running "alternative" OSes.
Yeah, it's not like Apple has a vested interest in one operating system over another!
Oh wait...
Guys, Apple is no more altruistic than Microsoft. Apple is only cool because they are the underdog. Don't be expecting Apple to be something they aren't. That's where Linux and Open Source comes in.
I just might ruffle some feathere here.... (Score:5, Insightful)
That would be the way for apple to go if they were in it to make everyone feel good. But actually, they are in it to make money. And as you may have noticed, a lot of linux users don't like to pay for stuff. This is smart for Linux users, not so good for people trying to make money off of Linux users.
And of course, it could never be enough. port itunes to linux? Where is the Ogg Vorbis support? Got Ogg? Why doesn't it work with *insert random peice of sourceforge developed software here*
I know, nobody wants to hear that they are the prima donnas of the IT world. But I've got Karma to burn.
Re:I just might ruffle some feathere here.... (Score:3)
SIGH. I think that you will find that Linux users are more than happy to pay for good products. Consider the loki games; I do not know of anybody who stole one of them. I, like many others, bought a number of them. In fact, had Loki managed their money better or simply started about a year later, they
Re:I just might ruffle some feathere here.... (Score:3, Insightful)
Linux users are not cheap, it's just that nothing is sold for them. Your karma deserves to burn for that nasty insult.
I am employed writing $5000/copy software that is used on Linux, btw. Why are we able to sell that, when Linux users are "cheap"?
Re:I just might ruffle some feathere here.... (Score:5, Insightful)
Re:I just might ruffle some feathere here.... (Score:3, Insightful)
Do you really think apple would open the source for QT and iTunes?
Re:Windows Only??? (Score:3, Interesting)
Not all those hits could have been from personal Linux machines, as opposed to those at universities or workplaces, so the real figure of personal Linux machines is probably less.
Or maybe you were talking about Amiga support, which I'm sure made up most of the "Other" category. :)
Re:Windows Only??? (Score:5, Informative)
What?
Re:Windows Only??? (Score:3)
The motivation to port to Windows comes so that the enormous market share Windows has can be tapped. I don't know figures, but I wouldn't be at all surprised if Apple has a larger market share on desktops than Linux, so there's actually not much motivation there at all.
From the article... (Score:3, Interesting)
It was my understanding that DVD-Jon (as we're calling him now) did *not* actually break the DVD encryption scheme, but collaborated with some anonymous hackers who did. I think his involvement was more on the order of making it more accessible to the tyro. Could someone clear this up once and for all?
Re:From the article... (Score:3, Informative)
For the very very long story go here [harvard.edu]. It's one of the legal declarations from the case.
Wasn't me (Score:5, Funny)
I had nothing to do with it... I wasn't there... you can't prove anything.
Macworld Keynote (Score:2, Interesting)
What does this guy do for a living? (Score:5, Interesting)
Re:What does this guy do for a living? (Score:2, Insightful)
Re:What does this guy do for a living? (Score:2, Funny)
Re:What does this guy do for a living? (Score:5, Funny)
Re:What does this guy do for a living? (Score:5, Informative)
Re:What does this guy do for a living? (Score:5, Funny)
iTunes on Linux (Score:5, Interesting)
Programmers will code the security so that the app only works one way, and some user will break it s it works elsewhere as well.
We need to have more thought put into coding so that apps will work more platforms, and also be aware that it is envitable (sp?) that somebody will crack it.
I broke a lot of digital clocks as a kid because I wanted to know what made them tick! I still got new ones, and broke them as well.
Re:iTunes on Linux (Score:3, Funny)
I'm sorry it never dawned on you that the ticking must've been coming from something else.
Re:iTunes on Linux (Score:3, Insightful)
Of course depending on your point of view it might not seem like it. The reco
The Code (Score:2, Informative)
Does iTunes music store work under Linux anyway? (Score:2, Interesting)
But I'm in Australia, and we don't have iTunes music store yet.
It it possible to use iTunes music store under Linux? Is it just a web site, with files you need iTunes to play, in which case I can use VideoLAN instead? Or otherwise?
In a worse case scenario, does iTunes work under Winex or Codeweavers Wine?
Re:Does iTunes music store work under Linux anyway (Score:5, Informative)
But (Score:5, Insightful)
Seems like this crack can be patched.
I doubt Apple will call DVDJohn but I bet the RIAA will.
Re:But (Score:5, Insightful)
It's Jon, and he'll tell them that their American threats don't mean jack in Norway.
By the way, I sure hope that he has no plans to visit the U.S. [wired.com].
Re:But (Score:5, Interesting)
His new crack actually writes the decryption key out to a file. This key is written out using Windows and is apparently derived from hardware serial numbers, such as that on the hard drive. This key can then apparently be used to decrypt the protected files on any OS. I haven't given this a shot yet, but it should be interesting to find out.
Personally, I don't care all that much, as I use iTunes on OS X and an iPod to listen to most of my music. However, I would like to serve up my protected AAC to my squeezebox, and this just might allow for on the fly transcoding to a PCM stream from SlimServer.
It would be pretty tough for Apple to go and make another DRM scheme that avoided this without breaking backwards compatibility.
Relevant Information (Score:5, Informative)
Every user account for iTunes gets a "user key". This gets sent to the computer at the the time of "Authorization" and gets written to a file on the hard drive. But it's not written out plainly, oh no. Instead, it creates a "system key" using several bits of data from Windows and the hardware and such. This system key is what's stored in the file.
To playback a song, the system key is derived from the machine and used to decrypt the file on the drive. This gives the list of user keys that machine is authorized to play, and these will decrypt songs using the same account (yes, each song is encrypted at the time of download, with the user key for that account).
This crack essentially works out how the system key is derived. Using that, it gets the user key, writes it off to a file, and can then decrypt any of that users songs.
Note that when you transfer a song from iTunes to the iPod, it does the same basic thing. Decrypts the file using the system key and reencrypts it using iPod specific information, then sticks it on the iPod. The iPod then does the same process as iTunes to play the file, more or less, it's just using a different system key.
This crack could be patched by changing the method to derive the system key from the machine, but not once the user key has been derived and written to a file somewhere. Once you have the user key, that can be used to decrypt the songs, and you're essentially done. Since you have the song files, and the key to decrypt them, no patch in the world could possibly fix it. They could fix it for newly purchased songs, but to do that they'd have to change every users key and reauthorize them. And that potentially breaks the authorization for songs that have already been purchased. They could start a new key without removing the old ones, in order to maintain backward compatibility and not piss off everyone who has used iTMS up until now, and then release new songs using only the new encryption, but it's essentially a dead end. The whole concept behind iTunes encryption is that once a machine is authorized, it can play songs without any outside intervention. Meaning that it has everything it needs to decrypt the songs right there on that machine. Meaning that as long as this is true, it can be cracked again.
I knew it was only a matter of time. I give it another 2 weeks before someone takes the code out of the drms.c, drms.h, and drmtables.h files and produces an M4P->M4A converter. Everything really needed to do it is in there. You read in the file, call this code to get the system key, call the code to get the user key, call the code to decrypt the DRMS section, then rewrite the file with a normal AAC data section instead. Not too difficult, although interpreting Jon's code is a PITA to say the least. The guy writes C code that reads more like ASM. Frankly, looking at the code, I think he simply found the relevant part of iTunes/Quicktime with a debugger and converted the relevant machine language straight into C with no major adjustments.
Re:Relevant Information (Score:3, Insightful)
Ah. This explains two aspects of ipods that I've found odd up til now: the fact that only itunes can be used to move files to them, and the fact that files can't easily be moved from
DVD-Jon is a terrorist! (Score:5, Funny)
THERE IS ONLY ONE SOLUTION (Score:3, Funny)
- Dubya
Is this guy an idiot? (Score:2, Insightful)
Then, he decides to go and pull this shit AND be vocal about it. Kid, seriously, grow up. Yes, it's very nice that you're demonstrating your "freedom". How about learning some common sense with that, Jones? You just got out of major litigation, now you want to swim back into it? Even a guy who ja
Re:Is this guy an idiot? (Score:3, Informative)
Re:Is this guy an idiot? (Score:5, Insightful)
What is wrong with him doing this and staying like this forever?
I mean, he should stop doing something just because "other people who know better" say that he should stop?
Should he stop becuase he could get into civil legal problems? That doesn't stop lots of "adults".
Should he stop because its "wrong"? Maybe some one could tell me where this is ethically wrong becuase I don't see it.
I say that he should keep doing what he likes to do and accept the consequences until he feels he shoudn't anymore and not what other people say.
Because in the end its his life.
Re:Is this guy an idiot? (Score:3, Insightful)
It's wrong if it negatively impacts those of us who are waiting for iTMS to become available in countries where we can't get it yet. That's my worry. Apple has to make new licensing agreements for each country they want to offer the service in. How will this impact future negotiations? We don't know yet. But it sure as hell isn't going to have a positive effect. If because of this ki
Re:Is this guy an idiot? (Score:3, Insightful)
Rights only exist because they are fought for and then defended -- it's like trademarks and patents, you've got to be aggressive about defining the legal boundaries. Jon Johanssen has helped to make it clear that it is not a crime to have ported DeCSS to GNU/Linux.
Re:Is this guy an idiot? (Score:5, Insightful)
Consumers, at least in Norway, do have more rights. They have the right to use DeCSS to decrypt DVD video to video on the player of their choice. They also, presumably, have the right to publish and obtain the DeCSS program.
Now, back in the land of the free, we have no such rights...why? Because we pussed out. We decided not to pursue our DeCSS case and let stand a lower court ruling that banned it. Oh yeah, this was much better than what Jon did, namely stand up for himself in court.
I'm not so naive to believe that Jon was selfless in his act (he was part of or closely associated with warez groups who were keen on cracking DVD encryption to allow for perfect all-digital rips rather than having to use analog loopback to capture card). But even if DeCSS has a seedy or sordid history no one wants to talk about, the point stands that DeCSS does have legitamate uses and that is where Jon's defense was founded.
When you have precedent set, you don't hide it in your desk and call it a day. You use that precedent to try and set new precedent that is even broader in scope. Jon has stood up to the might of Norway's MPAA/Attorney General equivalents, who now have major egg on their face. How likely do you think they will be to pursue another half-baked case against Jon? Jon is probably bulletproof against anything but real criminal behavior. As soon as the words "fair use" are uttered, I can't imagine there would be a government attorney crazy enough to get struck by lightning twice.
Releasing it anonymously would have only started a witchhunt that could have harmed a lot of other people, people who shouldn't have to be lightning rods for this same kind of treatment. But putting his name on it, yes, he is risked another trial but as I said, it is rather unlikely.
In this world full of people who puss out and settle for lesser charges (cough)Mitnick(cough) I think it's incredible that someone has the guts to put himself at risk to stand up for something. I only wish someone were that brave here in US courts.
-JoeShmoe
.
Re:Is this guy an idiot? (Score:5, Insightful)
Jon is a noble-hearted man who is standing up to tremedous odds and tremendous risk to fight for somthing that is good.
'round here, we call people like that heros
Re:Is this guy an idiot? (Score:5, Insightful)
On the other hand, a frail man deliberately picked up a handful of salt, which was at the time a monopoly product of the British Empire. He was arrested for it, but this and other actions that fly in the face of "common sense" eventually freed India from British colonization.
How about that woman who was arrested for sitting in the front of the bus, when everybody knows that black people need to sit in the back?
I'm not saying DVD-Jon is anybody resembling Gandhi or Parks, or that his cause is nearly as important. What I'm saying is that many changes come from a small number of people noisily breaking unjust laws, rather than a thousand people quietly breaking it.
Re:Is this guy an idiot? (Score:3, Interesting)
I use Linux as my primary desktop. DeCSS allows me to do the same things Windows users do, play DVDs on the platform of my choice. Every time I watch a movie on my monthly flight from Atlanta to Washington DC and back, I owe that to DeCSS.
iTMS is cool. There is no reason that only Windows and MacOS users should get invited to the party.
Re:Is this guy an idiot? (Score:3, Insightful)
This does the same, you don't have to convert the file now thanks to Jon. You don't have to use a sound recorder and then convert the file it records to
This is the perfect time. (Score:5, Interesting)
In Norway, that is... Americans are still screwed.
Re:Is this guy an idiot? (Score:3, Interesting)
Sure, the litigation may have not accomplished much, but it did resolve that under current Norwegian law, it's perfectly fine for him to do w
What's The Point? (Score:2, Interesting)
So where would a Linux user get purchased music from iTunes from? From his Windows or Mac computer. This is a what passes for win for Linux users??
It seems to be a cute exercise, but not a very useful thing, unless you hate Apple's horrific, evil DRM oh so much.
Leave it alone (Score:2, Interesting)
Re:Leave it alone (Score:5, Insightful)
Re:Leave it alone (Score:5, Insightful)
Maybe I'm behind the times. I thought iTunes was still a U.S.-only service?
So how is Jon trying to play media on Linux that he's legally purchased when it can't be purchased in Norway? I'm just wondering.
Re:Leave it alone (Score:3, Insightful)
If all he did was point his browser at itunes.com and buy the song using his own credit card, then the norwegian courts would not give a rat's ass about Apple really not wanting to sell it to him.
Same thing goes if he bought it while actually beeing in USA (vacation or something).
Re:Leave it alone (Score:4, Insightful)
He is? The iTunes Music Store is available only in the United States, and I believe he's in Norway.
(Apple uses the credit card mailing address to ensure you are in the US, but don't confuse your ability to get a US credit card with Apple having a legal right to sell you that song if you really aren't a US resident.)
What's the point? (Score:3, Interesting)
Ok, so you can play iTunes AAC files on *Nix PCs, provided you have the key. Wouldn't it just be easier to download it off of Kazaa? You can find cover art with google, and you can use SoulSeek to find high quality rips. That gets rid of two arguements right there.
iTunes DRM is WEAK, man. Burn it to CDRW and rip the sucker again, it's as easy as jumping over a subway turnstile. Why are we wasting time with a pointless thing like this, why not crack WMP or something harder with a better payoff?
Now calling Apple legal (Score:3, Insightful)
Apple's DRM is more user friendly (Score:3, Insightful)
WMP (Score:3, Interesting)
Wait (Score:5, Funny)
Itunes. (Score:2, Informative)
Why? It isn't like I bought a digital object, I just bought a string of bits.
Re:Itunes. (Score:3, Interesting)
If this turns out to be straightforward... (Score:2, Interesting)
I just hope Apple gets the message and removes all DRM from their music. At that point, I'd encourage others who do not have technical knowledge to buy music using the service as well.
I take it that it is the RIAA that mandat
Sounds cumbersome for swapping (Score:5, Interesting)
The thing is that AFAIK VLC isn't set up to manage multiple key+file pairs. So it is useful for *your* library, but not various files downloaded off the net. For that reason, I doubt they will go after him.
My question is, how does the iPod decrypt the file without a key? Or is it simply using the parent boxes key? It seems to me that if that's the case it should be trivial to recover the key from an iPod directly, no PC required (Just a Mac
This is dangerous ground we tread on (Score:5, Insightful)
On the flipside, when some music industry execs look at this and wonder why they can't control their content, there are a number fingers going to be point at the OSS community because of it.
Where do we draw the line at control? The **AA industries wants to control their content, and we (I use "we" very loosely) want to have control over that which we've purchased. But who truly owns the bits? A series of 1s and 0s? Who's allowed to make the rules?
I know who I WANT to make the rules, me, of course. But I also know who legally gets to make the rules at this point. Them. I don't want the music industry to get pissed off and take my iTunes away. I've found a legal, beneficial means to aquire my music. I want MORE options, not less because of wary industry execs who don't want to have their content cracked.
And let's not even bring the DMCA into the picture here...
balls (Score:3, Funny)
mp3 players (Score:3, Interesting)
So apple wants me do buy iPod. But it is too expensive for my daughter (I got her now $140 player with 256Mb RAM).
So I hope, some day there will be program to unlock
my purchased AAC files to be able to listed then on my mp3 player. I think this is fair use and should be permitted!
Native client for Linux (Score:3, Insightful)
Re:Native client for Linux (Score:3, Insightful)
I agree for the most part, breaking the encryption doesn't help. However, how is someone supposed to develop a free source version if no oth
People say this won't hurt Apple, but it will (Score:4, Insightful)
Steve Jobs clearly stated on more than one occasion that iTunes has done wonders for moving iPods (a big business, and growing).
iTunes got the Music industries backing because it was secure... if that trust is lost, after the contracts end, iTunes has no more content.
That means no more iTunes, and that lowers the sale of iPods.
All that can be good, can be used for evil.
Radiation can kill, and it can save lives. Without water we die. With to much, we drown.
iTunes is the same way.
You know you can choke to death on an Apple? If that NT computer that controls the Machines in the hospital goes down... you could die too.
It's all subject to success, and failure. Perhaps that's life.
My only beef is that DVDJohn is intentionally ruining the first digital success of legal Music, what could have been quite an industry. Apple already went to Windows... I would have bet, Linux was in the works. Apple needs the Open Source community, and knows that.
Re:People say this won't hurt Apple, but it will (Score:3, Insightful)
You know, I think Jobs said in some recent interview that Apple told the execs it was going to get cracked. He said that Apples best and brightest had researched the problem and that any DRM would get cracked eventually. He told them the solution was to offer a compelling product. Which they've done.
The fact is that Apple is competing with free P2P directly and st
Re:People say this won't hurt Apple, but it will (Score:3, Informative)
Quote [infoworld.com] from Phil Schiller, VP worldwide product marketing Apple
There's also an article somewhere where Steve Jobs says more or less the same (and says he told the labels so), but I can't find it currently.
Jon is not ruining anything at all (Score:3, Insightful)
They want to destroy Fair Use. Apple struck a deal to get things moving. If Apple suffers over this, it won't be because of Jon, it will be because of the MPAA.
Personally, I applaud the guy. He is doing the right thing at the right time. This whole action is going to get a lot of people thinking. I believe in Fair Use, as do a lot of people --even if they do not know what it is legally. Morally they do and that is what
Re:Thanks for pissing in the bath water, Jon (Score:2, Insightful)
Re:linux users pay for things? (Score:3, Insightful)
Re:I hope it has DMA restrictions... (Score:3, Informative)
I sympathize, but... (Score:4, Insightful)
I do sympathize, but I have to disagree with your logic.
It's a Slashdot axiom, but I'll repeat it here: If your business plan relies upon unbreakable encryption, it's a bad business plan.
That being said, I don't see how this is going to destroy iTunes. Yes, copyright violations are possible using these ideas. But I think you'll find that anyone who is using iTunes in the first place (rather than just nabbing whatever they want from P2P) is going to be the kind of person who wouldn't commit a copyright violation through iTunes, either.
Weaselmancer
Re:AAC != ENCRYPTION (Score:3, Informative)
Well close but not quite. The article is dealing with playing encrypted AAC files, not removing the wrapper. The article is about getting the key and the wrapped file both to a Linuz box so it can play it. It is not about unwrapping the file to an un-encrypted file for playback anywhere.
Re:Jon wrote 1000 lines of code with no comments (Score:4, Interesting)
Yeah, I think this almost certainly is. Huge amounts of bit manipulation, lots of magic numbers, meaningless variable names. No type safety? No comments?
I've seen code like this before, when people have disassembled Windows DLLs back into C then tried to submit it to Wine.
I'd say Jon is treading on very slippery slopes indeed with this code. It might be possible to show that it's been simply generated from the original code which is almost certainly copyright violation - laws against that certainly exist in Norway.
Re:When is this guy going to learn!? (Score:3, Insightful)