PDA

View Full Version : QTFairUse?


MacRumors
Nov 21, 2003, 11:15 PM
A Register.co.uk article reports that the author of DeCSS has written a small command line Windows utility (QTFairUse) which "will dump the output of a QuickTime stream to a file". The Quicktime stream in question are AAC files and The Register article implies that it is able to circumvent Apple's DRM.

According to the QTFairUse README:


Usage:

Open and play a MPEG4 AAC file in QuickTime Player. The raw AAC data will be written to Desktop/QTFairUse.aac


The application clearly piggybacks off of Apple's Quicktime player and patches the "quicktimempeg4.qtx" file of Windows' Quicktime. It then outputs this "raw AAC data" to a file while the original AAC file plays under Quicktime. The proposed theory is that the application intercepts the Decrypted AAC files from Quicktime after authorization has taken place, and saves out the resultant decrypted (de-DRM'd) AAC data. (Note: the user of this software must be authorized to play the protected song).

Based on limited testing from one user with Quicktime 6.4 under Windows... the application does create ".aac" files when Protected AAC and Unprotected AAC files are played through Quicktime. These output files, however, are unplayable in their raw form. The reason for this is that these files represents the true "raw" AAC data that is passed through to Quicktime to play. All header information has been removed. To create playable files, a further packaging of the files is required to add the appropriate MPEG headers. As a result, testing of the files is limited, but we suspect the application likely does work as suggested -- stripping DRM from your protected AAC files (though is of limited use in its current form).



In any case, this is the first public attempt at breaking Apple's Digital Rights Management format. The potential for abuse and concern for an application such as this is greater than simple "stream rippers" in that this would introduce lossless ("perfect") copies of protected files

Freg3000
Nov 21, 2003, 11:23 PM
Just to clarify, is this "hack" only available on Windows machines? Or can I try it on my Mac? If it is, then I might test it out.

arn
Nov 21, 2003, 11:25 PM
Originally posted by Freg3000
Just to clarify, is this "hack" only available on Windows machines? Or can I try it on my Mac? If it is, then I might test it out.

It's for Windows.

arn

LimeLite
Nov 21, 2003, 11:37 PM
I really think people should not try to hack the DRM, because if they do, the record companies will be pissed and Apple will have to make a more strict DRM to appease them, thus ruining it for the rest of us.

trog
Nov 21, 2003, 11:37 PM
I'm sorry, I'm not testing out the utility, I don't own anything that runs windows.

Just to stick my nose in though (delete my post if its worthless, Arn), I don't see the point. There are a ton of ways to strip the DRM already that don't requre stream ripping. Virtually any application that can convert audio formats and has access to the Quicktime engine can strip the DRM by converting it to AIFF, WAV, mp3, etc.

The important thing is that in every case you are required to have permission (from iTunes) to PLAY the song to convert it, rip it, etc. This utility would be no different because, as it states, it would "dump the output of a Quicktime stream".

So. If this works, why is it important, it isn't doing anything novel?

And if it doesn't work, what does that prove, that Apple's DRM is tough to crack?

What am I missing here that is interesting?

arn
Nov 21, 2003, 11:40 PM
Originally posted by trog
Virtually any application that can convert audio formats and has access to the Quicktime engine can strip the DRM by converting it to AIFF, WAV, mp3, etc.
.......
What am I missing here that is interesting?

DRM AAC -> AIFF -> ACC is lossy and uninteresting. You can burn your CD and rerip it. There. no more DRM, but you lose some quality.

DRM AAC -> AAC - if it simply decrypts then it is NOT lossy. And is interesting.

arn

trog
Nov 22, 2003, 12:07 AM
Ahh I see, thanks. So the question then is whether the utility has to "re-compress" the file to AAC or not. All stream-rippers would essentially go AAC»AIFF»AAC and lose quality. Yup, I see why this would be interesting.

My guess is it wouldn't (yes, I'm jumping to conclusions, sorry), because from reading about Apple's DRM there isn't anything encoded into the song per se, there is only a lock on whether the song will play...

Hope someone can try this and see. Would there be a way to tell if the song has been re-encoded? Looking at the waveforms perhaps?

baddog
Nov 22, 2003, 12:18 AM
Well i don't run Windows, but looking at the code (barely 200 lines), it's obvious that it's not doing much. It's just a patch that's modifying the binary, and I'm guessing that at some point _after_ QT has decrypted the song, it's making it run some alternate code to make QT spit the song to a file rather than to the sound device (just guessing, but I'm probably right). This new code is definitely not complex enough (100 bytes!!) to do anything intricate like encode AAC or decrypt M4P.

This would only work on one specific version of QT and Apple can easily release a new version with slightly more obfuscated code to make it much harder to repeat the exploit.

Still, it's great to know that when Apple stops supporting .m4p in 10 years (no seriously), leaving us with no where to play them, that I can go back an buy a 10-year old winpc for 5$ and decrypt my iTMS music:)

zaphon
Nov 22, 2003, 12:19 AM
Based on the source code, it appears it's two items.

1. QTFairUse.exe
2. November.DLL

QTFairUse.exe patches up QuickTimeMPEG4.qtx to call November.DLL, and November.DLL just purely dumps a blob of memory to disk (to the file Desktop\QTFairUse.aac to be exact)

So my guess is the following.

Quicktime opens an encrypted (DRM'd) aac file and un-encrypts it into ram. This patch causes it to than call November.DLL to write this un-encrypted version out to disk. Than it plays as normal.

That's my $0.02 review of it.

Now if I had a windows box, I'd try it out. But the best I could do is Virtual PC, and well screw that.

arn
Nov 22, 2003, 12:27 AM
yep... sounds likely that it just dumps post-decrypted, pre-decoded AAC.

someone's testing it... we'll see how it works.

arn

Nermal
Nov 22, 2003, 12:33 AM
I don't have any protected AACs to try it with, but I find the "build" file interesting. The first line is "#!/bin/sh" which tells a Unix system to use the "sh" shell. But if it's a Windows app, why does it have this Unix command?

Edit: I just looked at MinGW, and see that it's a small GNU implementation on Windows. That explains the line.

Exponent
Nov 22, 2003, 12:47 AM
Trog:

Just to stick my nose in though (delete my post if its worthless, Arn), I don't see the point. There are a ton of ways to strip the DRM already that don't requre stream ripping. Virtually any application that can convert audio formats and has access to the Quicktime engine can strip the DRM by converting it to AIFF, WAV, mp3, etc.

Sorry Trog, this isn't true. I'm writing code that uses QuickTime translation RIGHT NOW (as in I have had Project Builder and now XCode open and running 24/7 the past 3 months), and I can attest that the QuickTime engine available to developers can NOT read the music data of DRM files.

You can go use WireTap if you want a post-decoded & decompressed stream. But you can't read the file and get the individual samples, nor call a translator that does this.

(Of course, I could be wrong. I wish I was wrong, as I'm currently locked out of DRM-AAC files. If it wasn't for the legal headaches, I'd be inclined to snag this source - I have a legit use for decoding these files.)

arn
Nov 22, 2003, 12:51 AM
Originally posted by Exponent
Sorry Trog, this isn't true. I'm writing code that uses QuickTime translation RIGHT NOW (as in I have had Project Builder and now XCode open and running 24/7 the past 3 months), and I can attest that the QuickTime engine available to developers can NOT read the music data of DRM files.

Toast 5.0 could do it.

It could load protected AACs and save them out as AIFF

arn

iMeowbot
Nov 22, 2003, 12:54 AM
Originally posted by zaphon
Quicktime opens an encrypted (DRM'd) aac file and un-encrypts it into ram.

Yep, that's the flaw that's being exploited. That hole might have been usefully avoided if the decryption and decoding were more tightly integrated, but that would complicate code maintenance and introduce performance headaches (extra buffering could instead have been added after the AAC->PCM step, but that could add latency and would take lots more memory).

I'm sure that this development was anticipated, as suggested by the earlier ConfirMedia/Verance mumblings (http://www.macrumors.com/pages/2003/07/20030714002228.shtml).

[Edit: should probably explain the implications of that. The watermarking would enable Apple or the labels to identify the source of cracked iTMS files. If the watermarking is done on Apple's servers, this might work out for them. If it's instead implemented on the client side in QT or iTunes in the playback or burning engines, chances are good that yet another small patch could be used to remove it.]

Exponent
Nov 22, 2003, 12:58 AM
Toast 5.0 could do it.

It could load protected AACs and save them out as AIFF

I suspect it could do it by internally making the OS think there's a CD drive, as writing out to a CD is something within the allowances of FairPlay.

Or they could be pulling a "WireTap" like-trick and creating a virtual sound output device and capturing the post-decode, post decompress stream.

Or as large and important developers, they have access to APIs that small fries like me don't have. Or they just know the right people in Apple to talk to.

All I know is that when code written for the QuickTime Sound Converter engine reports back an error when handed a DRM file. If anyone knows the way to read these, please let me know!

mj_1903
Nov 22, 2003, 01:02 AM
Apple could quite easily do a simple encryption in RAM using XOR and a unique key which would make it 20x harder to simple do a dump, but I suspect they already are doing something like that.

XOR by the way uses almost no CPU to decrypt.

Good news on the dud file arn.

mj_1903
Nov 22, 2003, 01:05 AM
Originally posted by Exponent
Trog:

Sorry Trog, this isn't true. I'm writing code that uses QuickTime translation RIGHT NOW (as in I have had Project Builder and now XCode open and running 24/7 the past 3 months), and I can attest that the QuickTime engine available to developers can NOT read the music data of DRM files.


NSMovieView can happily play DRM files and subclassing it could provide a means of recording the data into AIFF or even back into AAC.

Edit: Well, if you really wanted to get complicated you could use the obj-c runtime to get the data out before and after encryption, although I never would want to.

arn
Nov 22, 2003, 01:26 AM
Ok, based on limited testing from one user (one configuration)

Protected AAC -> aac (unplayable)
Unprotected AAC -> aac (unplayable)

HOWEVER... this actually makes sense.

The app presumably pulls data as a stream while Quicktime plays it. Quicktime never "plays" the MPEG Header... so these files are headerless. It's truly the raw AAC data.

If someone packaged these files up, I suspect they will work.

arn

dangil
Nov 22, 2003, 01:28 AM
this program outputs raw AAC data..

this means it's not wraped in a mp4 container

m4a files are aac data wrapped on mpeg-4 files.. like divx is wrapped in .avi files, or Vorbis files are wrapped in Ogg files...

to use this aac dump, use programs like MPEG4UI to mux the aac into a mp4 container

you should copy a m4a file's track ID so itunes and quicktime can understand and decode it properly...

do some research on mp4 and you will find out ...

arn
Nov 22, 2003, 01:32 AM
Originally posted by dangil
this program outputs raw AAC data..

this means it's not wraped in a mp4 container


Yep, this is correct...

Unprotected AAC => aac, plus headers works.

Can't test it on an Protected AAC => aac w/ headers because we don't know how to actually generate the proper headers. (The person in the working example above simply copied the headers from the previous unprotected AAC)

arn

Sol
Nov 22, 2003, 01:33 AM
Some people go so far out of their way to steal music. Apple should use a watermark technique to be able to track down the people who purchased the original protected AAC files that will go floating around the Net because of applications like this.

sparkleytone
Nov 22, 2003, 01:34 AM
As much as this could potentially be a blow to the iTMS, there are a few things that may make it meaningless.

I have a hard time believing that people are going to be anywhere near as willing to pirate songs that they have already bought legally thru the iTMS. Music downloaded by people from the online store is a much more personal purchase than a CD at Best Buy that someone may have bought for one or two songs. I don't think people will be as willing to share freely the music that they picked out and bought online.

I also believe that a big part of the mp3 piracy problem stems from people on the inside. People in the industry are ripping and sharing CDs they never had to pay for, such as promotional prerelease albums. This is a HUGE problem for the record industry. This is a nonfactor with the iTMS.

The bottom line here is that someone has to buy the song before it can be cracked. This is not the case in the CD-ripping scene.

Thoughts?

SeaFox
Nov 22, 2003, 01:40 AM
Okay, I was gonna download the gnu parts and try it. But I just relaized I downloaded the release candidate version of MSYS instead of the current stable release, and I noticed that Mingw is fourteen megs. So I don't care anymore.

But anyway, anyone who did download the DRM cracker, did you notice this in the list of software?

FreeMe - decrypt MS DRM restricted content

Why the heck are we making such a big deal about the iTunes crack if there's a M$ DRM crack, all the other services use WMA so it would be a lot more damning to develop a crack for it.

greenstork
Nov 22, 2003, 01:52 AM
Well this was bound to happen sooner or later. I'm sure the RIAA is keeping a close eye on this one. Currently, it seems difficult enough to not worry the record industry but as soon as someone automates this process, watch out.

The good news is that Apple seems to have established sufficient clout in the industry. You just don't cripple the Time Magazine invention of the year.

As long as the process of stripping the DRM remains this tricky, I don't think Windows users will see many changes. I would imagine though, if things get easier, that Apple will circle the wagons (i.e. rewrite QT code, watermark songs, etc.)

ZildjianKX
Nov 22, 2003, 01:56 AM
I hate digital rights management... now that this hack is out, I might actually buy some music so I won't have to deal with the hassle. Now if they would up the bit rate, I'd be a happy customer.

The moral of the story... any human made protection can be broken...

MacSlut
Nov 22, 2003, 02:08 AM
I don't think this is really that big of a deal. You can't crack an AAC that you don't have the rights to. If you already have the right, there's not much need to crack it.

Also while going AAC -> AIFF -> AAC creates a copy that is not bit-perfect, it's pretty damn close.

The real degradation comes from encoding the original AAC. That's where the quality loss takes place. Once it's squeezed down, converting it to AIFF makes it pretty indistinguishable from the original AAC. Re-compressing back to AAC doesn't introduce hardly any degradation relative to the first time it was encoded into AAC because the audio has already been "simplified".

Try it for yourself. Take a CD and rip a track. Then encode it in AAC at 128K and compare it to the original. If you know what to listen for, have good equipment, and decent ears, you should easily be able to hear the difference. Now convert the file to AIFF. You should have a very hard time comparing the AAC to this AIFF. Encode back to AAC and compare it to the original AAC...*very* little difference.

Bottom line is that if a 128K AAC is ok quality for you, then a 128K AAC that has gone through the AIFF wash would also be ok.

BTW: With Toast, you don't have to burn a CD-R to do this.

reedm007
Nov 22, 2003, 02:12 AM
Originally posted by ZildjianKX
I hate digital rights management... now that this hack is out, I might actually buy some music so I won't have to deal with the hassle.

I found that statement very funny and ironic. You might use iTMS to buy music now so you "won't have to deal with the hassle".

I hate to break it to you, but it sounds like it *is* quite the hassle to remove the DRM, if this app even works.

In fact, the whole idea of fairplay is that it *isn't* a hassle at all. I've had no problems! I've burned CDs, I've used the songs in iMovies, on my iDVD creations, play them iTunes, iPod, what more do I need to be doing with these songs, and what hassles am I faced with? I could go through a huge hassle and remove DRM on every single song... but, frankly, that sounds like a LOT more work for virtually only one benefit I can think of: the ability to put them up on Limewire.

And I'm not sure that's really a benefit at all.... :)

JW Pepper
Nov 22, 2003, 02:16 AM
Well if this works we could easily see the iTMS close.

applefan
Nov 22, 2003, 02:24 AM
can this be done efficiently in large quantities? if not, isn't like counterfeiting one dollar bills? does anyone counterfeit one dollar bills?

sparkleytone
Nov 22, 2003, 02:25 AM
Originally posted by JW Pepper
Well if this works we could easily see the iTMS close.

are you insane? this kind of stuff has already been made for WMA. iTMS won't be closing for something as stupid as this. Did the movie industry stop selling DVDs when CSS was cracked? No.

arn
Nov 22, 2003, 02:29 AM
Originally posted by applefan
can this be done efficiently in large quantities? if not, isn't like counterfeiting one dollar bills? does anyone counterfeit one dollar bills?

In current form this application is next to useless.

But it's just part of the constant battle between copy protection and "hackers".

arn

trog
Nov 22, 2003, 02:33 AM
Originally posted by Exponent
Trog:


Sorry Trog, this isn't true. I'm writing code that uses QuickTime translation [B]RIGHT NOW (as in I have had Project Builder and now XCode open and running 24/7 the past 3 months), and I can attest that the QuickTime engine available to developers can NOT read the music data of DRM files.

Perhaps saying any application can do it is just asking for it. I tried a couple (Toast and Sound Studio) and they both worked just fine.

Originally posted by Sol
Some people go so far out of their way to steal music. Apple should use a watermark technique to be able to track down the people who purchased the original protected AAC files that will go floating around the Net because of applications like this.
This has nothing to do with stealing music; it doesn't make things any easier to share files. Even if this had worked, it would still require you to input the correct password to open it in Quicktime in the first place. You couldn't just take anybody's protected file and rip the DRM off it. So you can put down the phone and let Ashcroft sleep through the night. ;)

As long as you can burn CDs with it, you can convert it, share it or whatever. I always re-rip mine to get rid of the DRM just because I have more than three computers and I don't want to deal with it. Like 99% of people I can't tell the difference as long as I re-encode with AAC compression.

The important thing is, if/when they remove that feature I won't be buying anymore and I believe others would feel the same way. DRM is just a fun puzzle for hackers and pirates and they will always solve it, instead the only people really hurt or inconvenienced by DRM are those who payed for the product. Apple and Steve Jobs seem to know this, but unfortunately they couldn't convince the old shrivs.

iMeowbot
Nov 22, 2003, 02:38 AM
Originally posted by JW Pepper
Well if this works we could easily see the iTMS close.

The crack as released isn't going to do much to anything. With the dependency on QT Player it's a lot slower than ripping a CD (1X capture). I fully expect someone to whip up a little wrapper to add headers and do automagic renaming, but even after all that you're still going to be missing the things that make ripping from a CD so tempting (ability to choose bit rates, use any old MP3 player, and so on). The simple fact that MP3 and not AAC is already the de facto standard for file traders will limit the appeal.

SiliconAddict
Nov 22, 2003, 02:43 AM
The RIAA has a few options when it comes to dealing with this. It all depends on how the handle it. The question is have they learned anything from the heavy handed approach? If they go after this like rabid dogs they are going to get people who are curiously optimistic of online music purchases to pull a full blow retreat back into the relatively safe haven of Shareaza for their music.
If they try and request that Apple work on solving this hole via suggested methods like watermarking while realizing that there will be no such thing as a sure proof method. (I'd expect watermarkings to be circumvented in the long run as well.
They NEED to realize that they have an opportunity to fix the massive blunder ****s they have made over the last few years. It all depends on what there reaction is to this. All I know is that from what I understand of this even if AAC had been locked to just one computer this crack would have still worked. So tightening down rights is NOT the answer. I just pray that the RIAA realizes this. I don't have much faith in their collective intelligence. Sue first. Ask questions later.
I want to continue to use iTMS for a LONG time. Don't make me regret I've already spent 120 bucks on this service. Burning me an everyone else at this point would spell certain death for online music. You don't pull the table out from under someone when they are starting to really enjoy their meal.

ZildjianKX
Nov 22, 2003, 02:52 AM
Originally posted by reedm007
I found that statement very funny and ironic. You might use iTMS to buy music now so you "won't have to deal with the hassle".

I hate to break it to you, but it sounds like it *is* quite the hassle to remove the DRM, if this app even works.

In fact, the whole idea of fairplay is that it *isn't* a hassle at all. I've had no problems! I've burned CDs, I've used the songs in iMovies, on my iDVD creations, play them iTunes, iPod, what more do I need to be doing with these songs, and what hassles am I faced with? I could go through a huge hassle and remove DRM on every single song... but, frankly, that sounds like a LOT more work for virtually only one benefit I can think of: the ability to put them up on Limewire.

And I'm not sure that's really a benefit at all.... :)

LoL, ya got a point. But its fun to play and tinker with stuff. I just don't like have limitations on something I legitimately buy.

iwantanewmac
Nov 22, 2003, 03:14 AM
Originally posted by trog
Ahh I see, thanks. So the question then is whether the utility has to "re-compress" the file to AAC or not. All stream-rippers would essentially go AAC»AIFF»AAC and lose quality. Yup, I see why this would be interesting.

My guess is it wouldn't (yes, I'm jumping to conclusions, sorry), because from reading about Apple's DRM there isn't anything encoded into the song per se, there is only a lock on whether the song will play...

Hope someone can try this and see. Would there be a way to tell if the song has been re-encoded? Looking at the waveforms perhaps?

Well..some/most people don't even hear the difference between 128 mp3 and 320 mp3 on a good stereoset so I dont think they hear the difference between drm aac ->aiff -> aac or drm aac -> aac
but ok....

arn
Nov 22, 2003, 03:24 AM
TheRegister's article has been updated... but I think they are way off.

They compare this to a standard stream-ripper - such as MyTunes. I questioned myself when I read their updated article... but it's clear that this is not a simple analog stream ripper.

When you compare the data from an Unprotected AAC file and the output this program gives... aside from the header, the data is exactly the same. This means that the data has been copied directly... not reencoded.

On the other hand... the data from a Protected AAC and the resultant file are NOT the same. This means that the Protected AAC file has been processed... which we assume is the decryption to remove the DRM.

arn

iMeowbot
Nov 22, 2003, 04:58 AM
Originally posted by SiliconAddict
If they try and request that Apple work on solving this hole via suggested methods like watermarking while realizing that there will be no such thing as a sure proof method. (I'd expect watermarkings to be circumvented in the long run as well.

For compressed audio, watermarking should be Good Enough. Watermarks can be (and have been) successfully removed already, but the catch is that you do have to decode, alter and re-encode the file to get there. The resulting audio may or may not be acceptable; the scrubbing process leaves behind plenty of signal when the source is CD or DVD audio, but the streams found on iTunes have already been pared down. In any event, it's going to be roughly comparable to a decent D->A->D transfer, and not the bit-for-bit duplication that scares the industry so much.

dstorey
Nov 22, 2003, 07:14 AM
Originally posted by ZildjianKX

The moral of the story... any human made protection can be broken...

How about 100 monkey on typewriter created protection?

gbm
Nov 22, 2003, 07:32 AM
Sounds like audio hijack for osx. Intercepts audio from any application before it is played and saves in aiff.

stingerman
Nov 22, 2003, 07:49 AM
It just means Apple will need to build in signatures throughout Quicktime and catch any patches to the Quicktime code. If it senses an unauthorized patch, it will either self-repair or shut down.

Analog Kid
Nov 22, 2003, 08:12 AM
Wonder what this means for iTMS Europe... Probably won't shut down the US store, but might cause some headaches in licensing new ones...

sanford
Nov 22, 2003, 08:12 AM
Doing it for the sake of proving you can do it is one thing, but distributing it is just promoting theft, plain and simple. Sure Big Labels don't cut fair deals with artists; sure CDs cost too much money; but the artist don't make a *dime* when you download music for free from Internet file-swapping services. Also, please note that independent labels are now contributing to the iTunes Music Service. Labels that make equitable deals with their artist roster are being shortchanged.

To put it in perspective, why don't the entrenched free music downloaders among you try working for a year without your salary or benefits. Is that an attractive prospect? And the fruits of your labor, the profits, will all go to your employers, gratis.

visor
Nov 22, 2003, 09:06 AM
Originally posted by sanford
To put it in perspective, why don't the entrenched free music downloaders among you try working for a year without your salary or benefits. Is that an attractive prospect? And the fruits of your labor, the profits, will all go to your employers, gratis.

Well, sounds like the typical student salery. Actually having to pay that you may work (and eventually learn) something.

Since the typical song ripper is located somewhere in the education environment, and doesn't get any salery, your argument is rather counter productive - it shows just WHERE the MI rips it's money from.

As Steve Jobs put it in his initial ITMS Keynote
"... there are also BAD things in the Music Industry"
It's worth investigating what the '...' in the quote stand for.

Sol
Nov 22, 2003, 09:15 AM
Originally posted by visor
Since the typical song ripper is located somewhere in the education environment, and doesn't get any salery, your argument is rather counter productive - it shows just WHERE the MI rips it's money from.

His argument was not counter productive because you came up with the student example. Just because students pay bills does not mean that they have a right to download copyrighted music.

The Music Industry may not be perfect but by not buying what you listen to hurts the artist and the publisher.

sanford
Nov 22, 2003, 09:16 AM
Music labels aren't as a rule fair in their contracts. But artists are suffering from unauthorized downloading, too. And they often take such a miniscule portion of the cut as it is.

And many students *do* work and earn a salary, perhaps to pay for their education. How would they like it if they worked for free and therefore couldn't make their tuition payments?

It's safe to say that "free music for everybody who wants it" is not what Jobs would put in those quotes; otherwise he would be handing out free Macs. Likely, he meant that overly restrictive rights management is an obtrusive burden to the consumer.

autrefois
Nov 22, 2003, 09:46 AM
Originally posted by sanford
It's safe to say that "free music for everybody who wants it" is not what Jobs would put in those quotes; otherwise he would be handing out free Macs.

Free Macs--sounds like a good idea to me! :)

Even if I had Windows (well, I have Virtual PC, but Windows 98 and thus no iTunes in Windows) I wouldn't try out the program because, even if we're just testing to see what this program does, isn't it still technically illegal? Or would it just be illegal if we shared the files we obtained through it?

coumerelli
Nov 22, 2003, 09:49 AM
Originally posted by trog
...I always re-rip mine to get rid of the DRM just because I have more than three computers and I don't want to deal with it....

I just want to know why Apple had to concede to limiting us to three computers? Why put a limit on it at all? Geez, I'm not about to give my ID/password out to everyone so they can use my credit card on a whim! And since the 'authorized computer' information is held in cuportino, they could just flag ID's that have more than, say, ten authorized computers. If one has thousands, then they just shut it down. Can someone tell me why THAT wouldn't work? Now all of the sudden, your only limitation is apple branded peices - smart marketing.

Dippo
Nov 22, 2003, 10:09 AM
I don't think this is really much of a hack of the Fairplay protection.

Apple will probably release a new version of iTunes and Quicktime that will prevent program from working. So be sure to hold on to the old versions :)

This reminds me of the internet streaming that was allowed with iTunes, it was fixed and so will this.

ITR 81
Nov 22, 2003, 10:09 AM
Apple will probably just update or upgrade Quicktime to stop this and I doubt it will be a feature they will advertise for the simple reason if people don't know they just accept it as is and use it anyway.

Apple could also start encoding a watermark with that persons account serial when said person downloads song or albums or audio books.

Also Apple could always change code that protects the AAC's and all they would have to do is put out update for iTunes and firmware update for iPod. This time only having one portable player plays right into Apples hands.

Nutzoids
Nov 22, 2003, 10:12 AM
So far all I read is one person tested this. Has anyone else tested this? Plus it sounds like there is more then one way to take care of those DRMs anyway...So someone tell me what’s the point? There is nothing THEY (Companies) can do to stop people from hacking...Anyone remember Cassette Tapes? A small piece of Scotch Tape over the little cut out would let you tape over it. Same for VHS...Millions of people did it then...Millions do it now! IT WILL NEVER STOP! Best they can hope for what they have now...Rules and Laws that are only enforced for those who take advantage of the system.

Dippo
Nov 22, 2003, 10:13 AM
Originally posted by autrefois
Free Macs--sounds like a good idea to me! :)

Even if I had Windows (well, I have Virtual PC, but Windows 98 and thus no iTunes in Windows) I wouldn't try out the program because, even if we're just testing to see what this program does, isn't it still technically illegal? Or would it just be illegal if we shared the files we obtained through it?

Since this program isn't breaking any decryption but just copying what is in RAM, there should be no DMCA implications.

Also, if you are the one who owns the music, I think you can do whatever you want with it! (except give it to others)

humangod
Nov 22, 2003, 10:32 AM
WELCOME TO THE WONDERFUL WORLD OF WINDOWS!!!

in the windows world, EVERYTHING is hacked.

i thought these hacks would have come a lot sooner. i didn't expect to wait a full month for the first hack.

one reason why i still like the windows platform: anything you want to hack has already been done, and you can find it anywhere on the web.

this just put a smile on my face when i came into work today. what did apple expect from the pc world?

-Mike

visor
Nov 22, 2003, 10:33 AM
Originally posted by Sol
His argument was not counter productive because you came up with the student example. Just because students pay bills does not mean that they have a right to download copyrighted music.

The Music Industry may not be perfect but by not buying what you listen to hurts the artist and the publisher.

haha, I don't care a **** about the Music industry. I do not care if they all die right now. I do care about music, and I love to sit with live music in a pub, and pay the band for their performance and the booze for the bong.
I dont care if I get the Music from my local store on cd, or, just because it's sunday get it from limewire because they don't get the iTMS running where i live.

The point is - as long as it is easier to steal music, than actually buy it, one needs not wonder that people 'steal' aka get the stuff on the internet.

Now about the students - many have to pay for their studies, and surely would not mind getting those for free, as proposed in the stupid wannabe analogy I oppose.
And it's not a stupid example to point out students - because they fince the Music Industry. You can see it now, students start not buying stuff anymore, and see how the MI bleeds.

Now, there is no money for nothing, as the dire straits put it, singing about the music industry. (check it out if you want)
It's just very simple. As long as the MI don't get their fingers out to protect their music adequately, it will be 'stolen' because Music is an essential part of society, and is traditionally free - make that minus the last 50 Years.

Think about it - someone sits down to crack a protection - using his resources, using all his knowledge and time - for what? saving $10 ripping songs he bought anyway?

All in all - it may legally be theft, but it's not plain simple.

humangod
Nov 22, 2003, 10:46 AM
to everyone that has been asking if anyone on this list has tried it:

i'll try it when i get home from work.

-Mike

Ysean
Nov 22, 2003, 11:01 AM
PEOPLE ALWAYS HAVE TO RUIN A GOOD THING

Why is it moronic people in this world think they should get everything for free? This is a capitalist society.

That said... Why is it there are always plenty of morons out there that have this strange overbearing need to ruin a good thing? Itunes and Napster are the best things we've seen when it comes to online music. Yes you still have to pay, but you should have to. It costs money to host these things and get the rights to sell or stream them. Nothing in life is free, when we begin to believe otherwise the 'fit hits the shan'. Don't support this hack. Remember, Apple's RTU were pioneering. You couldn't get the leniency anywhere else. For people that want Apple to grow & dominate you sure do help undermine it.

As for the technical aspects of the hack... It most likely is not writing the stream back out in a playable format in an attempt to avoid legal action. We'll see how that works out. heh.

TheNickster
Nov 22, 2003, 11:10 AM
As far as I can tell, the DRM is only there at the request of the music industry. In fact, I would suspect that the DRM probably hurts Apple more than it helps them, since, as far as I know, a lot of people won't buy from the iTunes store simply because of the DRM.

So anyways, what if Apple went along with the record labels because they had to, but made the DRM easy to crack so as to make it less of an issue to people who dislike DRM? Apple has a contract with the Recording Industry, and it's not like the Labels can just change their minds say that the deal's off because people are cracking the DRM.

visor
Nov 22, 2003, 11:21 AM
Originally posted by Ysean


Why is it moronic people in this world think they should get everything for free? This is a capitalist society.


Quite right. It's a capitalist society. i'm one of those real good capitalists that lets people work for him for very very little.
I love beeing a Capitalist, very inexpensive. Imagine I'd be socialist and acually pay those music slaves for the music... naw, I'd rather not.


That said... Why is it there are always plenty of morons out there that have this strange overbearing need to ruin a good thing? Itunes and Napster are the best things we've seen when it comes to online music.

Well, they are not so bad are they? A bit like those jerky labor unions, but reasonable in their demandings. if I had to deal with those kind of people, I'd probably chosse them.


As for the technical aspects of the hack... It most likely is not writing the stream back out in a playable format in an attempt to avoid legal action. We'll see how that works out. heh.

It's always the technically advanced who earn most in capitalist societies..

Fukui
Nov 22, 2003, 11:39 AM
Originally posted by Dippo
Since this program isn't breaking any decryption but just copying what is in RAM, there should be no DMCA implications.

No, its not about breaking the encryption. DMCA is about CIRCUMVENTION of any type of digital protection.


Also, if you are the one who owns the music, I think you can do whatever you want with it! (except give it to others)
No, not with the DMCA enacted. You can only do what the licenser lets you do.
Thats one of the controversies of the DMCA, it can override fair use. (DVD copiers for example are supposed to be illegal, at least ones that use DeCSS). If the copied file is still encrypted, it might be OK.

Daschund
Nov 22, 2003, 11:49 AM
I think you people are giving too much credit for people that steal music... They will not go through all this harrassment just to get a better sound to share on the internet. They will just burn the CD and re-rip it from there. Has any of you seen the quality of the mp3 files on the Napster days? Cracks, hisses, 96Kbps and less. People that steal don't care about quality, so I really don't see this as a threat at all...

Daschund

TomSmithMacEd
Nov 22, 2003, 12:19 PM
My question is why? Why would someone go through all of this trouble when if they wanted to pirate they could just download from a p2p. I don't see why someone would make it hard on themselfs to do the same thing.

humangod
Nov 22, 2003, 12:25 PM
Originally posted by TomSmithMacEd
My question is why? Why would someone go through all of this trouble when if they wanted to pirate they could just download from a p2p. I don't see why someone would make it hard on themselfs to do the same thing.

because.... this is the windows world!!! hacking is game. if you can do it, you win!

MorganX
Nov 22, 2003, 12:29 PM
Originally posted by Dippo
I don't think this is really much of a hack of the Fairplay protection.

Apple will probably release a new version of iTunes and Quicktime that will prevent program from working. So be sure to hold on to the old versions :)

This reminds me of the internet streaming that was allowed with iTunes, it was fixed and so will this.

It defeats the protection Fairplay is intended to provide, then it basically is a hack. It is not a revers engineering or anything.

Welcome to the PC World. Whatever they make, will be broken if it is made by humans. However, eventually there will be a lack of interest.

For the RIAA, it's percentages. How many people actually use DeCSS? It's easier to catch the release of your favorite DVD at BestBuy and pay $15.

Same here. What this will do is probably ensure iTMS will remain capped at 128k.

Dippo
Nov 22, 2003, 01:04 PM
Originally posted by MorganX
It defeats the protection Fairplay is intended to provide, then it basically is a hack. It is not a revers engineering or anything.

Welcome to the PC World. Whatever they make, will be broken if it is made by humans. However, eventually there will be a lack of interest.

For the RIAA, it's percentages. How many people actually use DeCSS? It's easier to catch the release of your favorite DVD at BestBuy and pay $15.

Same here. What this will do is probably ensure iTMS will remain capped at 128k.

This isn't a hack by any means. You have to be the own in the first place to even get this to work. A real hack would be able to extract an unprotected AAC file from ANY protected AAC.

A quick change of Quicktime will render this program useless.

Of course there will come a day when these AAC will be hacked, but hopefully for Apple's sake it will be awhile.

Dippo
Nov 22, 2003, 01:07 PM
Originally posted by MorganX
For the RIAA, it's percentages. How many people actually use DeCSS? It's easier to catch the release of your favorite DVD at BestBuy and pay $15.

I use DeCSS all the time, it's incorporated into programs like DVD Shrink and DVD X Copy.

ryanw
Nov 22, 2003, 01:07 PM
Well, if this is the best they can do to hack it so far, that's a pretty strong DRM. You have to have an authorized computer. So it's not like you can steal someone else's protected file and just 'deauth them'. You have to authorized your computer to play the music. Which inherantly if you have an authorized computer you can just burn them to CD or use any other number of ways to get the music.

This shouldn't have any implications to future iTunes Music Stores opening up (ie. Europe). If someone starts putting their protected music on some P2P network, they can't just use this hack to decode the dude's music. So who cares.

The DVD hack was a serious one. You could take any purchased DVD and rip the encryption clean out of it. This was because it was based on the players having the key to decrypt it. The key for decrypting purchased AAC songs is completed when you register a computer. So until they can hack the auth scheme and key generation, we're going to be fine.

Dippo
Nov 22, 2003, 01:12 PM
Originally posted by ryanw
If someone starts putting their protected music on some P2P network, they can't just use this hack to decode the dude's music. So who cares.

People already take protected music burn it to a CD and rip it off. Then they upload it to these P2P sites. Just look at all the "iTunes exclusive" music that is on Kazaa!

Putting your protected music online would be a VERY BAD IDEA because they would be able to tell which iTunes account it came from and thus be able to sue you :)

SiliconAddict
Nov 22, 2003, 01:21 PM
Originally posted by Dippo

Putting your protected music online would be a VERY BAD IDEA because they would be able to tell which iTunes account it came from and thus be able to sue you :)

How could they tell?
:confused: Is your account name embedded in the file?

Dippo
Nov 22, 2003, 01:25 PM
Originally posted by SiliconAddict
How could they tell?
:confused: Is your account name embedded in the file?

Since your account is the only one that can listen to it, I assume it has some type of identifier in it that would point to you.

3.1416
Nov 22, 2003, 01:57 PM
Originally posted by Dippo
Since your account is the only one that can listen to it, I assume it has some type of identifier in it that would point to you.

Not after you rip to AIFF and re-encode to a non-crippled format.

humangod
Nov 22, 2003, 02:29 PM
Originally posted by 3.1416
Not after you rip to AIFF and re-encode to a non-crippled format.


when you burn to aiff, and then re-encode to another format such as mp3, you better be using the full 320 kbps or your quality degrades again. the 128 kbps aac file is not perfect quality coming from the original source. so if you burn that half quality file to a cd, then reimport it as an mp3, you better use 320 kbps as the encoding bitrate. if you don't, you just downgrade that original 128 kbps again.

edit: changed 160 kbps to 128 kbps

humangod
Nov 22, 2003, 02:37 PM
Originally posted by SiliconAddict
How could they tell?
:confused: Is your account name embedded in the file?


the DRM uses the mac address of your authorized computers.

GeeYouEye
Nov 22, 2003, 03:08 PM
It's not surprising that this guy used QT indirectely to do this, and then stripped the entire header. In the standard m4a header, there's two huge chunks of free space. the DRM takes up one of them, and moves the ID3 tag (or whatever the AAC equivalent is called) relative to the main data. However, a C tool could probably be written to remove the DRM and restore the ID3 tag.

arn
Nov 22, 2003, 03:28 PM
Originally posted by GeeYouEye
It's not surprising that this guy used QT indirectely to do this, and then stripped the entire header. In the standard m4a header, there's two huge chunks of free space. the DRM takes up one of them, and moves the ID3 tag (or whatever the AAC equivalent is called) relative to the main data. However, a C tool could probably be written to remove the DRM and restore the ID3 tag.

Um...

It's not like DRM AAC files are just regular AAC files with a "DRM" flag set.

The entire AAC file is encrypted - probably based on your .Mac ID as a key.

arn

arn
Nov 22, 2003, 03:31 PM
Originally posted by SiliconAddict
How could they tell?
:confused: Is your account name embedded in the file?

Yes. Your account name is embedded into protected AACs.

arn

Flowbee
Nov 22, 2003, 03:55 PM
Um, has anybody here confirmed this hack actually works?

arn
Nov 22, 2003, 03:58 PM
Originally posted by Flowbee
Um, has anybody here confirmed this hack actually works?

Just found an app that will take raw mp4 audio and convert to a WAV file.

So....

Protected AAC -> QTFairUse -> Raw AAC (Authorization Req in QT)
Raw AAC -> faad.exe -> Song.WAV (no authorization req)

... so yes, it works. Again, not very useful at this point... but it does strip DRM from the AAC file, and keeps it in AAC form.

(This is distinctly different from an app which simply saves the raw audio output from a protected AAC)

arn

iMeowbot
Nov 22, 2003, 04:23 PM
Nutzoids wrote
So far all I read is one person tested this. Has anyone else tested this?

Yes, more people have tested it. You probably won't see too many first-hand accounts from WIPO countries (EUCD, DMCA etc.)

stingerman wroteIt just means Apple will need to build in signatures throughout Quicktime and catch any patches to the Quicktime code. If it senses an unauthorized patch, it will either self-repair or shut down.

All software can be patched, and it doesn't much matter if the checks are being performed on the AAC files or the program itself. This is exactly the situation that hardware DRM initiatives like Palladium are hoped by their proponents to address.

DRM for sound files doesn't need to be perfect, it just has to be good enough to make the process inconvenient -- and in that espect it appears that Apple have already succeeded. The patch under discussion is indeed inconvenient because it takes an hour to capture an hour of music, and it still restricts you to using the limited selection of players that understand AAC.

In contrast, ripping from CD provides nearly instant gratification and the ability to obtain an essentially universal format (MP3). Even exporting a stream and re-ripping is more flexible than using this patch.

Doctor Q
Nov 22, 2003, 04:45 PM
Two questions about watermarks...

1. Would a watermark in a DRM AAC be preserved when you burn a CD and/or rip it back?

2. Do audio perfectionists ever claim that a watermarked audio file loses any perceptible quality?

...and another thought: Aren't people who say "removing the DRM is pointless because you've already paid for the file" themselves missing the point that the resulting file will likely be used for purposes outside those permitted under the DRM?

That's why watermarks might be more viable for the music companies in the long run. If they can't stop the flow of digital audio files, tracking the owner of each copy might be their next best defense.

j763
Nov 22, 2003, 04:52 PM
Originally posted by arn
Just found an app that will take raw mp4 audio and convert to a WAV file.
Obviously taking this WAV file and reenoding to Unprotected AAC would result in loss of sound quality. We need some way of being able to add in the appropriate Unprotected AAC headers or whatnot.

While far from being totally successful, this app is certainly a major breakthough in cracking the Apple DRM.

arn
Nov 22, 2003, 04:57 PM
Originally posted by Doctor Q
1. Would a watermark in a DRM AAC be preserved when you burn a CD and/or rip it back?

2. Do audio perfectionists ever claim that a watermarked audio file loses any perceptible quality?


1) Supposedly yes.

2) I'm sure they do. :)

arn

iMeowbot
Nov 22, 2003, 05:01 PM
Originally posted by Doctor Q
1. Would a watermark in a DRM AAC be preserved when you burn a CD and/or rip it back?

Yes, that's exactly the kind of persistence that watermarking is intended to have.

For a real world example, advertisers are already using watermarked commercials to verify that they are getting the amount of airplay that they have purchased. This detection is being performed on analog broadcast signals.

2. Do audio perfectionists ever claim that a watermarked audio file loses any perceptible quality?

Some claim they can hear it, others cannot. Those are the same people who would turn up their noses at iTMS audio anyway, so the point is essentally moot.

Dippo
Nov 22, 2003, 05:02 PM
Originally posted by j763
While far from being totally successful, this app is certainly a major breakthough in cracking the Apple DRM.

I for one am still not impressed with this program.

I am sure I could crack the DRM if given enough time, but I just have better things to do :)

j763
Nov 22, 2003, 05:11 PM
Originally posted by Dippo
I for one am still not impressed with this program.

Yes, well, as I say, it's a step forward, but not a complete solution.

We need to find a way of taking raw aac and wrapping it in the appropriate m4a headers.

Converting raw aac into WAV is just as useful (from an end-point perspective) as getting an AIFF out of Toast.

If there is a way of putting it into the m4a wrapper (which i'm sure there is), then once we have that, we'll be able to get great quality non-DRM AAC files. That's when this program will be useful.

arn
Nov 22, 2003, 05:20 PM
Originally posted by j763
Yes, well, as I say, it's a step forward, but not a complete solution.


Well, it's a proof of concept.

Without getting into details.... I can say based on feedback...

- There are players that will play the raw (de-DRM'd) output files
- There are existing methods to convert the output files to a proper M4A which will play in iTunes.

The point of this thread/news item is not to teach people how to circumvent DRM, but simply to report that someone has created a method to.

arn

Edot
Nov 22, 2003, 05:34 PM
The problem still seems to be in the law enforcement of internet(p2p) sharing. It is legal to create protection and encryption of files. It is legal to create software to break the codes. It is legal(if it is not, it should be) to actually break the encryption of music you have purchased. It is NOT legal to disribute files with or without the encryption. This is not a big issue for iTMS or anything else. The issue is enforcing laws that prohibit distribution of files. Using Kazaa or similar programs are illegal, and if services like iTMS are going to be succesful then punishment of offenders is crucial. There is not widespread looting of storefronts in stripmalls because enforcement of laws prohibiting it are in place. We all can agree that enforcement should be put into place because having services like iTMS are more benefitial than not having them. I don't think anyone would be support the idea of there being no enforcement of laws against storefront looting. The exsistance of the stores are more valuable than the looting. I think governments should step in an do the job they are paid to do, which is enforce the laws that we as people have set up.

StoneRoses
Nov 22, 2003, 05:47 PM
foobar2000 (very advanced audio player for Windows) can play raw aac file and can wrap raw aac stream into mp4 (iTunes m4a is audio only mp4 file, so just rename it if you want m4a file ) container.

Links: http://www.foobar2000.org

sanford
Nov 22, 2003, 05:52 PM
I'd just like to remind everyone that Apple didn't consider iTunes 4 playlist sharing over the Internet to be a "hole" until some gumby developed software that allowed you not only to listen but to download tracks. Internet sharing of iTunes playlists was a great way of introducing people to new music and new artists, potentially driving sales up for those artists; until, of course, somebody turned it into a Kazaa-like downloading device.

Corpus_Callosum
Nov 22, 2003, 06:02 PM
Removed - old, incorrect information -

Dippo
Nov 22, 2003, 06:21 PM
Originally posted by Corpus_Callosum
A friend of mine that works at Apple told me that every song that is sold through iTMS contains a unique watermarked serial-number.

Sorry, but I don't believe you.

Isn't there a way to detect if there is a watermark.
If they were watermarked, I am sure that it would have been detected by now, and people have been sharing burn/ripped music from iTunes since day one.

Maybe "your friend" was talking about the encrypted version, which does contain that data, but it's not a watermark.

j763
Nov 22, 2003, 06:36 PM
Originally posted by Corpus_Callosum
A friend of mine that works at Apple told me that every song that is sold through iTMS contains a unique watermarked serial-number. Everytime you buy music from iTMS, the unique serial-number associated with that downloaded song is tied to your user account in some database.

An easy way of disproving this would be if two users were to buy the same song, use QTFairPlay and compare the resulting .acc's. If they are different, it doesn't necessarily mean that the above is true, just that it can't easily be disproven.

iMeowbot
Nov 22, 2003, 06:46 PM
Originally posted by Dippo
Isn't there a way to detect if there is a watermark.
If they were watermarked, I am sure that it would have been detected by now, and people have been sharing burn/ripped music from iTunes since day one.

In one sense, yes, there are ways to detect watermarks, that is after all the whole point of them. Detecting a watermark is pretty much trivial for the party who put it there, since the encoding method and the pattern applied are known.

For an outside party, it becomes more difficult. How easily a previously unknown watermark scheme can be detected depends a lot on how good the party who applied it was at finding a compromise between survivability and subtlety.

Watermarking and steganography are still evolving fields, so there really aren't absolute answers as to what can and can't be done.

jusvistin
Nov 22, 2003, 07:02 PM
I'm not sure it will be so easy to find the watermark.

Remember - the iTMS songs were encoded from a source that is not available to Joe average user. Sure, you can encode a CD from the Local WalMart, but it certainly won't be the same source Apple used.

Doctor Q
Nov 22, 2003, 07:10 PM
Originally posted by Corpus_Callosum
A friend of mine that works at Apple told me that every song that is sold through iTMS contains a unique watermarked serial-number... My friend told me that this is a pretty well kept secret, even inside of Apple, because Apple does not want anyone to figure out how to remove the watermarks (it keeps the RIAA happy).To make sure of the watermark to enforce their rights (say in a court case against an infringer), they would have to use the watermark as evidence, hence revealing its existence. So it can't stay a secret if it is to serve its purpose.

coolsoldier
Nov 22, 2003, 07:45 PM
Not all uses of a DRM-stripping app involve piracy. I've stripped DRM from all of my iTMS songs on my iBook (I cannot tell any difference between the original and AAC-p to AIFF to 128k AAC) and have never pirated any of them. I do this because:
--I want to play the songs on my win98 box
--My Mp3 Player is not an iPod (although I wish it was)
--I still use OS 9 on occasion and like to still be able to play my songs
--I am paranoid that one day Apple will stop supporting these files.

Nothing I want to do with these files is illegal, except for the fact that I have to (illegally) unprotect the files to do all of them. I'm sure windows users have at least some of the same issues. And those of you who use windows must have noticed that Apple's DRM is not as transparent on windows, since, unlike the mac, not every program uses quicktime to play media files. (Try using your protected files in a movie sound track on each platform to see what I am talking about)

j763
Nov 22, 2003, 07:46 PM
Originally posted by StoneRoses
foobar2000 (very advanced audio player for Windows) can play raw aac file and can wrap raw aac stream into mp4 (iTunes m4a is audio only mp4 file, so just rename it if you want m4a file ) container.

Links: http://www.foobar2000.org

Unfortunately FooBar chokes on conversion into MP4. However, playback is perfect.

Any thoughts anyone?

the_pharcyde
Nov 22, 2003, 08:20 PM
Originally posted by SeaFox
But anyway, anyone who did download the DRM cracker, did you notice this in the list of software?

FreeMe - decrypt MS DRM restricted content

Why the heck are we making such a big deal about the iTunes crack if there's a M$ DRM crack, all the other services use WMA so it would be a lot more damning to develop a crack for it.

FreeMe is a couple of years old and only works on an old version of WMA (version 2). All of the current services that use WMA - BuyMusic, MusicMatch, MusicNow, et al - use a more recent version of WM DRM. The current version of WM DRM has not been cracked as of yet, so at least at the moment, FairPlay is "more compromised" than the current version of WM DRM.

jywv8
Nov 22, 2003, 08:30 PM
Originally posted by Dippo
I use DeCSS all the time, it's incorporated into programs like DVD Shrink and DVD X Copy.

Me, too.

EatingPie
Nov 22, 2003, 09:50 PM
Technical question regarding quality.

From what I understand AAC is lossy compressed, while AIFF and redbook CD are lossless.

So how is there a degredation in quality when going AAC --> AIFF --> CD?

The only answer I can come up with is that AAC is a 24bit format (is this true?), while redbook CD is 16bit (I believe). I guess in this regard, you upconvert to a higher bitrate, but you lose out on the smaller word size.

-Pie

myndlinksw
Nov 22, 2003, 10:57 PM
Originally posted by Sol
Some people go so far out of their way to steal music. Apple should use a watermark technique to be able to track down the people who purchased the original protected AAC files that will go floating around the Net because of applications like this.

Some people go so far out of their way to reclaim the rights set forth in the constitution and unfairly revoked by the DMCA.

The iTunes 'DRM' is pointless. DRM protects nothing. Some of you just-don't-get-it. It's a waste of time, money and other resources to implement any of these DRM techniques because they will -always- be beaten.

This has nothing to do with stealing. It has everything to do with programs like DeCSS. As others have stated higher in the thread, you lose quality by converting your music from aac - > cd -> mp3. How much quality is lost? Why shouldn't people have the ability to convert their 'protected' aac files to some other format to use in a digital music/media player other than the iPod without wasting a bunch of cd-r's to do so? For use with their mp3 player of choice on their platform of choice?

What did you buy when you sent Apple your 99 cents? Did you buy the music? The rights to distribute the music? A license to listen to the music? Pick one.

I pick a license to listen to the music. I'll listen to it where I want with whatever program or piece of hardware I want.

You're probably from the USA (like me). I think 90%+ of the citizens have the same problem as you. It has something to do with the entertainment culture we've surrounded ourselves with or something. We constantly want to fix the effects of our problems. The effects are more flashy so we concentrate our attention there. This is no different. The effect of the problem is, people overcome DRM protection, and thereby violate the DMCA. They haven't even done anything 'wrong' yet. It's like watching DVD's on Linux. Sure, they have a potential to do something 'wrong'. But when don't we have that potential? And why are we so prepared to call them thieves? What happened to innocent until proven guilty? This program is a tool. Just like any other tool, it can be used for good, it can be used for evil, and it can be used for any combination in between.

Now you and someother people are concerned with 'catching those bandits'. The real problem is much much deeper... I'm not sure what it is to be honest. It's not even the DMCA, the DMCA is an effect as well. If I had to guess I'd say that the problem is loopholes in the law which allow monopolies to be created by allowing every business in a given sector band together to control that sector. This problem is compounded by the ability of these legal monopolies to fund their special interests in our government and (soon?) governments abroad.

I'm glad people are working on stripping the DRM out of these files. Everytime one of these mechanisms fails, we prove DRM wrong, and we're that much closer to freedom.

Don't buy into the false illusion that DRM actually protects any of this music. You can burn it and re-rip it. You can plug into core audio and record it. I can plug a cord into my sound out and record it to whatever medium I want; and I'm sure others can come up with 101 other brilliant ways to make a copy of the music they downloaded off the iTMS.

[Side note, to the person who posted about the .aac having your information. This makes sense because when you try and play a protected .aac file, iTunes asks you to authorize the computer. So yea, if you share out your protected .aac, it's not far fetched that someone could figure out what account that .aac came from. People have been talking about the .aac file headers. I would think that this information would be stored there, and not in the actually .aac sound data, so once you burn/re-rip or get the data out some other way...it probably wouldn't be preserved... anyone else know more about .aac than I do? It could be watermarked, only Mr. Jobs and the iTunes team knows for sure ;)]

myndlinksw
Nov 22, 2003, 11:08 PM
Originally posted by Dippo
Since this program isn't breaking any decryption but just copying what is in RAM, there should be no DMCA implications.

Are you sure? The DMCA 'protects' against the circumvention of technological measures used by copyright owners to protect their works.

Circumvent != crack. It means you found a way around those measures. A good legal team could definitely argue that reading the data out of RAM after it was decrypted was 'circumvention of their technological measures'...

http://www.loc.gov/copyright/legislation/dmca.pdf

read page 3 and 4 for a summary..

mikedman
Nov 22, 2003, 11:12 PM
Originally posted by jusvistin
I'm not sure it will be so easy to find the watermark.

Remember - the iTMS songs were encoded from a source that is not available to Joe average user. Sure, you can encode a CD from the Local WalMart, but it certainly won't be the same source Apple used.

I am not sure on the details, but couldn't two itunes customers who purchased the same track from the online store compare hash tables of de-protected files or something? If a there were a difference it would indicate the presence of a watermark that got past the conversion process.


---sorry this seems to have been mentioned already--

myndlinksw
Nov 22, 2003, 11:25 PM
Here's a good post off apple.slashdot.org.. I didn't think about this ;)

What's interesting about this (from a fair use standpoint) is that it only lets you get the AAC data if you have a computer that will play the protected file. This means that you can now play the AAC files with non-Apple hardware/software.

However, it doesn't let you play someone else's DRMed .m4p files. They person who is licensed to play them would need to decripple the files first using this tool.

Therefore, it's questionable whether this is really circumventing a copy-protection mechanism, since this method only allows the "rightful licensee" to extract the AAC. If that's not fair use, then I don't know what is.

http://apple.slashdot.org/comments.pl?sid=86778&cid=7539136

coumerelli
Nov 22, 2003, 11:53 PM
Originally posted by myndlinksw
Some people go so far out of their way to reclaim the rights set forth in the constitution and unfairly revoked by the DMCA.

The iTunes 'DRM' is pointless.

snip...snip..snipsnipsnip...snipsnip

snip...snip...

I'm glad people are working on stripping the DRM out of these files. Everytime one of these mechanisms fails, we prove DRM wrong, and we're that much closer to freedom.

snip snip....


Freedom?!? Constitutional rights?

If I choose to trade with someone, I've made a deal. And in THIS deal, I give apple $.99 for a song that can be played on any # of iPods, 3 comps, etc, etc... That's the deal I made.

Furthermore, my (and your) freedoms granted by the US Constitution are to say ANYTHING I want about and to anyone I want. But I can't DO anything I want. That would be anarchy, no?

The choice is not 'what to do with the .m4a,' take one step back (the one you missed). Your choice is: to make or skip the deal. Once you make the deal, you are bound by the terms of the agreement.

That's your choice. That is wherein your choice lies (lays, lain?:confused: ) ;)

Please don't ever forget that we DO have choices, but with those choices are various consequenses, some are positive, and others not.

Anywho....hey, thanks for listening.

jonahan
Nov 23, 2003, 12:02 AM
In any case, this is the first public attempt at breaking Apple's Digital Rights Management format.

What a line of ************. Maybe first windows attempt but I can do it in LAME on my MAC. Found the nice little app on versiontracker.. Damn windows people are always 2 weeks behind. People really need to do more reasearch when posting crap like this .. http://forums.2guysamacandawebsite.com/viewtopic.php?t=164 Quick search on google and page 4 right in the middle. Ahhh the wonders of the internet.

arn
Nov 23, 2003, 12:12 AM
Originally posted by jonahan
What a line of ************. Maybe first windows attempt but I can do it in LAME on my MAC. Found the nice little app on versiontracker.. Damn windows people are always 2 weeks behind. People really need to do more reasearch when posting crap like this .. http://forums.2guysamacandawebsite.com/viewtopic.php?t=164 Quick search on google and page 4 right in the middle. Ahhh the wonders of the internet.

Um.... I believe you are mistaken.

I invite you to find me any other method to convert from Protected AAC to Unprotected AAC without transcoding.

Transcoding = Converting Protected AAC to AIFF/CD/WAV and then converting it back to AAC.


People really need to do more reasearch when posting crap like this ..

What I think you fail to realize is the quality of the unprotected AAC is identical to the Protected AAC that you are downloading from iTunes. The other methods you hint at do not do this.

I'd be happy to be proven wrong... but I'm confident this is the first true "breaking" of iTunes' DRM -> doing something it wasn't intended to do. (iTunes DRM allows you to burn to CD or be used in supported applications.)

arn

j763
Nov 23, 2003, 12:41 AM
arn's right.

Along with some other utilities, you can break the DRM. It's a very convoluted process, but it does work.

I really don't see this as being a big problem for Apple, simply given the number of steps involved in breaking the DRM. This is NOT something for the average user.

j

Sol
Nov 23, 2003, 01:04 AM
Originally posted by j763
I really don't see this as being a big problem for Apple, simply given the number of steps involved in breaking the DRM. This is NOT something for the average user.

Maybe the average user would not bother using this application or ripping a DVD but the people who do make it easy for anyone to access the resultant media files through P2P. Having said that, I believe that the iTunes Music Store is a success because it offers a legitimate alternative to the unpredictable and unreliable world of P2P.

myndlinksw
Nov 23, 2003, 01:30 AM
Originally posted by coumerelli
Freedom?!? Constitutional rights?

If I choose to trade with someone, I've made a deal. And in THIS deal, I give apple $.99 for a song that can be played on any # of iPods, 3 comps, etc, etc... That's the deal I made.

Furthermore, my (and your) freedoms granted by the US Constitution are to say ANYTHING I want about and to anyone I want. But I can't DO anything I want. That would be anarchy, no?

The choice is not 'what to do with the .m4a,' take one step back (the one you missed). Your choice is: to make or skip the deal. Once you make the deal, you are bound by the terms of the agreement.

That's your choice. That is wherein your choice lies (lays, lain? )

Please don't ever forget that we DO have choices, but with those choices are various consequenses, some are positive, and others not.

Anywho....hey, thanks for listening.

Yes, freedom, constitutional rights. Fair use, it's a freedom, it's a constitutional right. Yes, you can do anything you want, but not all possible actions will be protected under the constitution; but certain fair uses are.

http://www4.law.cornell.edu/uscode/17/107.html

You talk about limiting choice. These limits are not physical constructs. They are limits you put on yourself. While your choice may be limited to 'making a deal' or 'not making a deal', my choices and the choices of everyone else are not limited by the same factors. Free will, the ability for everyone (theoretically) to think for themselves.

In your 'deal', Apple allowed you to burn CD's with your music. These CD's do not contain the DRM which the AAC is infected with. Please explain why you think bypassing the AAC DRM using this program is wrong, and why you think it should be wrong? They both achieve the same goal, and neither one has an inherent negative impact. The negative effects are optional, and as always, left up to the person making the choice.

The people who want to trade their mp3 files are going to trade their mp3 files. Again, they, like you and me, have free will; this freedom allows them to make whatever choices they want to.

If person X wants to send person Y XYZABC.mp3, that person is going to find a way do that. If you force them to burn a CD, chances are they will burn more music to that CD instead of wasting it on one song.

The only effect I see is that we put less CD-R's in a land fill by removing the need for burning and re-ripping.

The only people that DRM affects is the people who want to use their music legitimately, but are not advanced enough to get around the protection. Everyone else will either defeat the DRM, won't need to defeat it, or will ask someone to help them. So what's the point?

--------------------------------------------------

The iTunes Music Store is a success because people aren't inherently bad. They wanted a simple, fast, cheap way to find music. Various p2p programs offered them this ability. iTunes offers them a way to do this, and the opportunity to compensate the groups they listen to.

SiliconAddict
Nov 23, 2003, 01:55 AM
Originally posted by arn
Just found an app that will take raw mp4 audio and convert to a WAV file.

So....

Protected AAC -> QTFairUse -> Raw AAC (Authorization Req in QT)
Raw AAC -> faad.exe -> Song.WAV (no authorization req)

... so yes, it works. Again, not very useful at this point... but it does strip DRM from the AAC file, and keeps it in AAC form.

(This is distinctly different from an app which simply saves the raw audio output from a protected AAC)

arn

Its not going to take long for someone to combine this into a single app that does this automatically. Maybe 2 months?
Ripping a DVD use to be a pretty painful process. Now its been cut down to a few steps.

j763
Nov 23, 2003, 02:00 AM
Watermark rumor is false... Just did some testing. Checksums are identical.

arn
Nov 23, 2003, 02:03 AM
Claim:

Originally posted by Corpus_Callosum
A friend of mine that works at Apple told me that every song that is sold through iTMS contains a unique watermarked serial-number. Everytime you buy music from iTMS, the unique serial-number associated with that downloaded song is tied to your user account in some database.
.......
And I don't think it matters much if you burn it to CD and re-rip to MP3 or use a program like this to tear off the decryption. Either way, the watermark will still be there. Either way, the RIAA can find the original purchaser of the song.

Conclusion:

False. While Apple does tag each protected AAC file (in its header) with your iTunes ID, there is no watermark embedded into the actual music.

The Proof? It has been shown that two copies of the same song, purchased by two different people, result in the exact same files and md5 hashes when their QTFairUse output is compared.

arn

visor
Nov 23, 2003, 07:33 AM
Originally posted by Dippo
Sorry, but I don't believe you.

Isn't there a way to detect if there is a watermark.


Well, there definately is a way to detect watermarks. wouldn't make much sense of using watermarks if there wasnt, right?

If I'd create watermarks in audio files, I would modulate them right onto the actual audio data. this way they will stay largely intact even after it was burned, ripped, encoded egain etc.
Since it is the aim of any good encoder to keep the audio signal largely intact, it would probable work until choosing a rather low bitrate, thus not really beeing a copy but rather a poor soundalike.

But then, modulating it onto the Audiosignal would take some time, esp. if you wanted to mark each file with a unique customer identifier. I don't think that can be done in real time while downloading yet. esp. not with Millions of requests per week.

visor
Nov 23, 2003, 07:48 AM
Originally posted by coumerelli
Freedom?!? Constitutional rights?

If I choose to trade with someone, I've made a deal. And in THIS deal, I give apple $.99 for a song that can be played on any # of iPods, 3 comps, etc, etc... That's the deal I made.


Actually you think of a wrong kind of deal. You think you buy a product. This is not the case.
What you do is: You license the use of a product. When you do your deal, you admit to obey the contractual limitations, namedly beeing copyright issues, allowing you to use, but not to redistribute, broadcast... you know...

Therefore it is juristically incorrect to claim that someone 'steals' music. One cannot steal music, at most, one can steal the media that it comes on.
However, one can copy music, and redestribute it, breaking the copyright limitations and thus be held responsible for that.
While it's not theft, it may be treated likewise depending on the country you live it.
There is, in most civilised countries a very significant difference between theft and contract offenses.

Theft is treated by criminal law, thus sending you the police on your heels, and have the state attorney impeach you, while contranct offenses are treated by civil law and a 'person' has to impeach you.

Civil offenses are mostly solved with monetary outcomes, while criminal law usually sends you to jail.

visor
Nov 23, 2003, 08:12 AM
Originally posted by Doctor Q


That's why watermarks might be more viable for the music companies in the long run. If they can't stop the flow of digital audio files, tracking the owner of each copy might be their next best defense.
May be, but I'd be real careful about using this as a mucis company. it may well destroy all trust and be the end of the Online music stores. Why? Well, imagine you loose your iPod, your PB is stolen - whatever. Now someone distributes the Music you bought, and the RIAA accuses you of distributing their music, sueing you for half a billion dollars...
Would that be a risk anyone was willing to take?

iMeowbot
Nov 23, 2003, 10:30 AM
Originally posted by j763
Watermark rumor is false... Just did some testing. Checksums are identical.

That would confirm that there are no customer-identifying marks, but it wouldn't rule out their presence.

Watermarks are interesting to the industry as a way to identify the original distributor, not the end user. That's the level of detail that SDMI sought for portable devices.

You'll find that Apple are paying attention to SDMI and are already implementing some of those recommendations into iPod. See, for example, this part of the spec (http://www.sdmi.org/download/port_device_spec_amend2.pdf) and compare it with iPod's analog recording capabilities.

An eventual goal of SDMI compliance would pretty much require that Apple be, at the very least, be in the process of testing Verance and other watermarking schemes. That's outlined in amendment 3 (http://www.sdmi.org/download/port_device_spec_amend3.pdf).

(Incidentally, SDMI isn't actually dead, as some assume. Content providers like Apple are still participating through the Digital Media Association (http://www.digmedia.org). In a nutshell, DiMA are okay with using DRM and various royalty schemes, but want control to stay in the hands of industry rather than governments.)

StoneRoses
Nov 23, 2003, 11:43 AM
Originally posted by EatingPie
Technical question regarding quality.

From what I understand AAC is lossy compressed, while AIFF and redbook CD are lossless.

So how is there a degredation in quality when going AAC --> AIFF --> CD?

The only answer I can come up with is that AAC is a 24bit format (is this true?), while redbook CD is 16bit (I believe). I guess in this regard, you upconvert to a higher bitrate, but you lose out on the smaller word size.

-Pie

Conversion from 44.1kHz/16bit stereo AAC --> PCM --> Redbook is no loss (compare to original AAC file not original master). But if you convert the PCM back to AAC it is lossy.

And Yes, iTMS AAC file is 44.1kHz 16 bit.

StoneRoses
Nov 23, 2003, 12:24 PM
Originally posted by j763
Unfortunately FooBar chokes on conversion into MP4. However, playback is perfect.

Any thoughts anyone?

Sorry for my mistake, I'm not in the USA so I don't have any iTMS song to test the concept. Foobar aac -> mp4 conversion is only work with ADTS AAC file.

According to menno (Nero Digital [MPEG4 solution from Nero] developer) @ Hydrogenaudio forum, the file from QTFairUse is RAW AAC, you must convert it to ADTS AAC and then convert it to MP4 (m4a).

The instruction and softwares to do this is on HA thread:
http://www.hydrogenaudio.org/index.php?showtopic=15598

I think it fairly easy to write the frontend to automate all the processes since all softwares involved are command line apps.

coumerelli
Nov 23, 2003, 05:56 PM
Originally posted by myndlinksw
Yes, freedom, constitutional rights. Fair use, it's a freedom, it's a constitutional right. Yes, you can do anything you want, but not all possible actions will be protected under the constitution; but certain fair uses are.

http://www4.law.cornell.edu/uscode/17/107.html

I read that link (and thank you for posting a short link instead of some rediculously long article ;)). My comments came because you originally said that our constitutional rights were revoked by the DMCA. 'Constitution' and 'Rights' are too easily thrown around these day, and I didn't see how your point was accurate. I do, however, see now what your original point was - and it's well taken, thank you. :)

But, you in your excitement, read my post too quickly and began ranting...

You talk about limiting choice. These limits are not physical constructs. They are limits you put on yourself. While your choice may be limited to 'making a deal' or 'not making a deal', my choices and the choices of everyone else are not limited by the same factors. Free will, the ability for everyone (theoretically) to think for themselves.

[and...]

The people who want to trade their mp3 files are going to trade their mp3 files. Again, they, like you and me, have free will; this freedom allows them to make whatever choices they want to.

'Free will' is not covered in our constitution. For that, you will have to refer to the Bible. There is a grand difference between 'freedom' and 'free will'

In your 'deal', Apple allowed you to burn CD's with your music. These CD's do not contain the DRM which the AAC is infected with. Please explain why you think bypassing the AAC DRM using this program is wrong, and why you think it should be wrong? They both achieve the same goal, and neither one has an inherent negative impact. The negative effects are optional, and as always, left up to the person making the choice.

Yup, I agree that when you say our 'fair use' covers us using a song on more than 3 computers if we should own more than 3. And the 'optional negative effects' that you are talking about is a lot of what this thread is dealing with. Many people want to strip the DRM for the express purpose of freely distributing the songs they buy (why, I'll never know. Why pay for something to give it away? THIS isn't charity). I posted on like page 3 of this thread and asked why Apple conceded to the RIAA or whoever to limit us to just three computers? Read it, and you might better understand MY position.

Thank you

qwerpafw
Nov 23, 2003, 07:46 PM
I don't find this particularly interesting from a technical standpoint. When the iTMS and protected apple "fairplay" DRM'd AAC first came out, I tested the limits of the system.

Basically, I found that

a) if you screw the headers so it appears you own a song you actually don't, even if you change the hash, it will go call up the apple server to "make sure." I hypothesized that there might be a way to get around this by telling iTunes that you own the file, but I was too lazy to figure out how iTunes stores the data on what it is authorized (songs and users) to play. It's also likely that apple encrypts this somehow, since it would be a Bad Thing™ if I could authorize my computer to play your songs by messing with a simple unencrypted text file. I did search for this setting, but I didn't perform the at length in depth checks necessary to verify it either way.

b) if you pull the RAM cache as iTunes plays the song, you can get what appears to be AAC data. Yet no application I knew of could decrypt this data--whether the app be QT or any of a host of audio programs. Even programs that purported to be able to pull audio data out of composite files (check VT, there are a few of these) were unable to read it. I assumed it was hashed somehow, or that there was some necessary bit required.

c) if you strip the headers off a song and switch them with the file I derived from (b). iTunes hangs and QT burps on it.

d) DRM'd files are not just marked "do not play this," they are also really and truly encrypted with data-wise. For a real world explanation of this, try switching the headers of a DRM'd file you don't own with one you do, or a DRM'd file with one that is unprotected. This is also, to the best of my understanding, why you can't play .m4p files as you download them--the computer adds protection as the file is being downloaded, and thus, unlike mp3, you can't play-as-it-downloads, since the process cannot complete until the whole file is available to the DRM engine (from what I understood, and take this with a grain of salt, there's a hash which must match the DRM. hashes require a finished file. The DRM process also likely requires a finished file, though it probably gets started before the file finished--look at CPU usage while download a song from iTMS).

I don't know what I ****ed up so that this guy's approach didn't work for me. :shrug:

The only interesting thing I was able to do was write a program that made it impossible to read the DRM'd files. The app invented an imaginary iTMS user, edited the m4p file so that the fictional user owned the song, fed iTunes data saying the user owned the file, but then rendered the file useless since iTunes checks with Apple "just in case."

[mod. edit - Don't circumvent the profanity filter.]

Doctor Q
Nov 24, 2003, 12:20 AM
Originally posted by visor
But then, modulating it onto the Audiosignal would take some time, esp. if you wanted to mark each file with a unique customer identifier. I don't think that can be done in real time while downloading yet. esp. not with Millions of requests per week. Here's a compromise they could use: they change the hidden information as fast as they can. Let's say they can re-encode every song every 24 hours, giving it a new unique ID that often. (The actual time doesn't matter for me to make my point.) That speed is not fast enough to make each file unique for each download, but it limits the number of copies to those purchased in that 24 period. Even if the music files are not individually unique, if someone was purchasing and then distributing large number of songs (making him/her the most likely target of an enforcement action), it could be shown that the entire collection had watermarks matching the time periods when they were purchased by the target person. The shorter the encoding cycle, the more persuasive this evidence becomes, simply based on statistics.

However, this is all theory. I haven't heard anyone propose such an idea, and I especially don't think Apple is going to bend over backwards to aid the enforcement process. They want to be a middleman, providing music with "reasonable" restrictions and "not-easy-to-break" security, i.e., a suitable compromise for the main body of customers.

VoyagerRadio
Nov 24, 2003, 12:22 AM
Originally posted by sparkleytone
As much as this could potentially be a blow to the iTMS, there are a few things that may make it meaningless.

I have a hard time believing that people are going to be anywhere near as willing to pirate songs that they have already bought legally thru the iTMS. Music downloaded by people from the online store is a much more personal purchase than a CD at Best Buy that someone may have bought for one or two songs. I don't think people will be as willing to share freely the music that they picked out and bought online.

I also believe that a big part of the mp3 piracy problem stems from people on the inside. People in the industry are ripping and sharing CDs they never had to pay for, such as promotional prerelease albums. This is a HUGE problem for the record industry. This is a nonfactor with the iTMS.

The bottom line here is that someone has to buy the song before it can be cracked. This is not the case in the CD-ripping scene.

Thoughts?

Those are wonderfully interesting observations. Even if people don't agree that their iTunes purchase is all that personal, the fact that they're spending money on the iTunes tracks may prevent many people from sharing them. Most people don't seem all that willing to share, though they're certainly ready to partake of the bounty.

myndlinksw
Nov 24, 2003, 01:08 AM
Originally posted by coumerelli
I read that link (and thank you for posting a short link instead of some rediculously long article ;)). My comments came because you originally said that our constitutional rights were revoked by the DMCA. 'Constitution' and 'Rights' are too easily thrown around these day, and I didn't see how your point was accurate. I do, however, see now what your original point was - and it's well taken, thank you. :)

But, you in your excitement, read my post too quickly and began ranting...
oops



'Free will' is not covered in our constitution. For that, you will have to refer to the Bible. There is a grand difference between 'freedom' and 'free will'
I didn't mean that we are granted free will by the Constitution; the Constitution is there to set standards for the choices we make, and more importantly to set standards and guidelines for how the government treats us. In my opinion, freedom and freewill are closely related, but obviously very different. My points about free will were pertaining to the choices people have available to them at any given time. And the points about freedom pertained to the consequences assigned to various actions.

Yup, I agree that when you say our 'fair use' covers us using a song on more than 3 computers if we should own more than 3. And the 'optional negative effects' that you are talking about is a lot of what this thread is dealing with. Many people want to strip the DRM for the express purpose of freely distributing the songs they buy (why, I'll never know. Why pay for something to give it away? THIS isn't charity). I posted on like page 3 of this thread and asked why Apple conceded to the RIAA or whoever to limit us to just three computers? Read it, and you might better understand MY position.
[/B]

Yes, my point was just that those consequences have always been there and that they will always be there. There are no new consequences introduced by this new method. It was always possible to remove the DRM. There will always be a method. That's what makes it a waste of time.

Apple made it three computers because they had to make a deal. The RIAA loves DRM, 1)because they are Greedy and 2)because it makes them feel safe.

So Apple knew there would be DRM. After that, they probably used some sales/marketing data to show that the average household has like 2-3 computers, and obviously they want the iPod to have access. You can write the music to a CD unprotected because CD players don't read a protected format for the data, and since the RIAA worked so hard to get CD's accepted and have everyone re-purchase their favorite music on CD, they will have a hard time forcing everyone to buy a new media and new hardware to play that media. Not even Sony could do it ( MiniDisk ). CD's are entrenched. They don't need to be any bigger and they are being used so widely that there will just have to be a reason to switch formats. ;) That is why I think the iTMS DRM is the way it is.

La

Sol
Nov 24, 2003, 02:03 AM
Originally posted by myndlinksw
The RIAA loves DRM, 1)because they are Greedy and 2)because it makes them feel safe.[/B]

I would say that the music publishers see a problem and want to do something, even anything to keep their jobs.

With iTunes they got it right. Five major publishers came on the table to sell under one roof, Apple. Similar models have since been used by the relaunched Napster and... some other guys.

With copy-protected discs, they got it wrong. Compared to Audio CD, the copy protected format offers less for the same price. No MP3 or any other codecs, no copies on CD-R and completely useless for devices like the iPod.

manu chao
Nov 24, 2003, 05:18 AM
Therefore, it's questionable whether this is really circumventing a copy-protection mechanism, since this method only allows the "rightful licensee" to extract the AAC. If that's not fair use, then I don't know what is.

Where were all these MP3s on Napster and Kazaa originally coming from? From a "rightfull licensee" who bought a CD and ripped the tracks.

As long as removing the DRM is not easier than ripping a CD, the record industry is not losing anything. They did not revert back to vinyl or tape to prevent the ripping of CDs, they won't kill iTMS because there is a (cumbersome) way to circumvent the DRM.

(O.k., they try to prevent the ripping of CDs, but when I buy a CD, I want to be able to rip it and listen to it on my iPod. And I am certainly not the only one, looking at the iPod sales figures. When I can't rip a CD I give it back, and others will also. This kind of technology (CD-copy protection) will never be accepted by the customer.)

myndlinksw
Nov 24, 2003, 12:28 PM
Originally posted by Sol
I would say that the music publishers see a problem and want to do something, even anything to keep their jobs.

With iTunes they got it right. Five major publishers came on the table to sell under one roof, Apple. Similar models have since been used by the relaunched Napster and... some other guys.

With copy-protected discs, they got it wrong. Compared to Audio CD, the copy protected format offers less for the same price. No MP3 or any other codecs, no copies on CD-R and completely useless for devices like the iPod.

I don't agree. People have been participating in p2p in small decentralized communities for a long time.

DRM does not work. How can you argue that it does, or that it is a viable solution? It only takes one person to seed a file. Just one person has to defeat the DRM. Once that is done, no one else has to, they can download it free of DRM. How can you honestly say that they can stop everyone?

DRM does nothing to put p2p in check. It simply makes it more difficult to use your music in a way that is covered under fair use.

So what good is it? People keep responding and defending the DRM and saying it will help the RIAA stop p2p. How? Where's your proof?


(I find it interesting that you said they would 'do anything to keep their jobs'. Are they in danger of losing them? Every report I've seen compiled by someone other than the RIAA says they are doing just fine. The RIAA and it's profit margins and p2p is not an isolated system. You can't look at an effect on the profits and immediately blame p2p. What about a slow economy? What about being fed up with how the industry treats its artists? How about being bombarded with the latest song 24/7? Pop stands for popular. Most people don't need to buy CD's to listen to their favorite music!)

the_dalex
Nov 24, 2003, 01:15 PM
It would be ridiculous to think that DRM will "stop" P2P music sharing. I don't think anyone is making that claim. DRM was instituted to make casual piracy more difficult and to satisfy the music companies that wouldn't allow the sale of unprotected digital music.

Of course all digital rights systems are going to eventually be cracked, that is accepted as inevitable. That's really not the point. Most consumers will buy their music and keep it legal, and DRM keeps people from "accidentally" sharing files without knowing that they aren't licensed. The recording industry realizes that the people who are into file sharing are going to keep stealing music anyways (makes them feel like a rebel or something) so they focus on the rest... people who just want to buy and play music. There's enough money there to support the industry, the key is to make sure that the pirates remain pirates (meaning they are explicitly aware that they are breaking the law, no more accidental piracy).

As far as I can tell, this program doesn't really change the face of music piracy. There are not many advantages to this:

1) Now people can put iTunes-specific music on P2P services that wasn't available previously

2) People can create high quality copies of ITMS tracks for file sharing, but those tracks are likely on all P2P services already

People can already do the latter with an original CD, so the advantages are minimal. This really isn't a big deal. The program that allowed people to download other people's shared tracks is, on the other hand, since it turns iTunes into a P2P service.

I've seen headlines that say this guy hacked the ITMS and that the program allows you to download songs without paying 99 cents, which is just way off. The media needs to get the story straight or Apple's reputation is going to be damaged.

coolsoldier
Nov 24, 2003, 01:25 PM
Originally posted by the_dalex
There are not many advantages to this:

1) Now people can put iTunes-specific music on P2P services that wasn't available previously

2) People can create high quality copies of ITMS tracks for file sharing, but those tracks are likely on all P2P services already


There are many more advantages to compromising the protection than just the ability to pirate music. Additional advantages:

3) Music can be played on older computers (OS 9, Win 98/ME -- people do still use these, even if not as their primary computers)

4) Music can be played on non-iPod music players.

5) Music can be converted to mp3 to play in cheap players or burn to mp3 cd's

6) Windows users can now (like mac users have been able to all along) use their music files in movies, etc. -- iMovie supports AAC-p, but there is no windows movie software that does.

7) If, for some reason, people want to switch music software at some point in the future. Even if iTunes is the best jukebox software out there now (this has been disputed), odds are that it won't stay the best forever. This gives them the option to switch software in the future.


So,there are many advantages to this, not all of which are piracy-related.

the_dalex
Nov 24, 2003, 02:20 PM
That's what I meant, but I wasn't clear. There aren't many pirate applications for this that should bother the RIAA.

yakirz
Nov 24, 2003, 02:23 PM
Go ahead and do it now, and save yourself the trouble (as the RIAA gestapo will be removing the hack soon enough). :rolleyes:

Still, it's great to know that when Apple stops supporting .m4p in 10 years (no seriously), leaving us with no where to play them, that I can go back an buy a 10-year old winpc for 5$ and decrypt my iTMS music:) [/B]

VoyagerRadio
Nov 24, 2003, 03:43 PM
Originally posted by coolsoldier
There are many more advantages to compromising the protection than just the ability to pirate music. Additional advantages:

3) Music can be played on older computers (OS 9, Win 98/ME -- people do still use these, even if not as their primary computers)

4) Music can be played on non-iPod music players.

5) Music can be converted to mp3 to play in cheap players or burn to mp3 cd's

6) Windows users can now (like mac users have been able to all along) use their music files in movies, etc. -- iMovie supports AAC-p, but there is no windows movie software that does.

7) If, for some reason, people want to switch music software at some point in the future. Even if iTunes is the best jukebox software out there now (this has been disputed), odds are that it won't stay the best forever. This gives them the option to switch software in the future.


So,there are many advantages to this, not all of which are piracy-related.

Excellent post. Here's my addition:

8) If you're running an Internet radio station, you'll be able to convert the music to mp3PRO to ensure good sound quality at a lower bitrate for streaming.

VoyagerRadio
Nov 24, 2003, 03:54 PM
"Looks like meat is back on the menu boys!"--that's a great quote, and it sounds familiar. What's that from?

the_dalex
Nov 24, 2003, 04:49 PM
The Two Towers... I just picked up the extended DVD and saw that last night. Extended scene as well, btw.

the_dalex
Nov 24, 2003, 04:53 PM
Why didn't the RIAA come up with a DRM standard that could be used in a variety of music formats? Don't get me wrong, I'm glad that they didn't because of their history, but leaving it up to the distributors is causing the issues we see now. If we had one format that every program could use, there would be little need to strip the DRM.


Quote: "8) If you're running an Internet radio station, you'll be able to convert the music to mp3PRO to ensure good sound quality at a lower bitrate for streaming."

I know almost nothing about radio licensing, but would that be a legal use of the song you purchased?

VoyagerRadio
Nov 24, 2003, 06:01 PM
Originally posted by the_dalex
Why didn't the RIAA come up with a DRM standard that could be used in a variety of music formats? Don't get me wrong, I'm glad that they didn't because of their history, but leaving it up to the distributors is causing the issues we see now. If we had one format that every program could use, there would be little need to strip the DRM.


Quote: "8) If you're running an Internet radio station, you'll be able to convert the music to mp3PRO to ensure good sound quality at a lower bitrate for streaming."

I know almost nothing about radio licensing, but would that be a legal use of the song you purchased?

Absolutely, as long as you pay the royalty fees. I pay through a service called Live365, which also provides the bandwidth for my webcast.

pianojoe
Nov 24, 2003, 07:56 PM
Originally posted by visor
haha, I don't care a **** about the Music industry. I do not care if they all die right now.

[...]

I dont care if I get the Music from my local store on cd, or, just because it's sunday get it from limewire because they don't get the iTMS running where i live.

The point is - as long as it is easier to steal music, than actually buy it, one needs not wonder that people 'steal' aka get the stuff on the internet.
[...]

Now, there is no money for nothing, as the dire straits put it, singing about the music industry. (check it out if you want)
It's just very simple. As long as the MI don't get their fingers out to protect their music adequately, it will be 'stolen' because Music is an essential part of society, and is traditionally free - make that minus the last 50 Years.



You should be denied the right to listen to recorded music!

BTW, when Johann Sebastian Bach died, he left this wife and his children nothing (more or less).

For some people, Intellectual Property might be the only property they have.

j763
Nov 24, 2003, 11:12 PM
Originally posted by iMeowbot
That would confirm that there are no customer-identifying marks, but it wouldn't rule out their presence.
Rule out the presense of something that is confirmed not to exist?

Originally posted by iMeowbot
Watermarks are interesting to the industry as a way to identify the original distributor, not the end user. That's the level of detail that SDMI sought for portable devices.

If by distributor you mean Apple, that's one thing. If by distributor, you mean the user who downloads the file then cracks it then distributes it, there is no way of tracking this. From our testing, we used two songs purchased through two different accounts on iTMS and did an md5 checksum on both.

In other words, if you were to share the cracked files, there would be no way of identifying who bought them originally.

coolsoldier
Nov 24, 2003, 11:28 PM
Watermarks to identify the distributor would be pointless, since any and all protected AAC files are originally distributed by Apple.

Sol
Nov 24, 2003, 11:42 PM
Originally posted by j763
if you were to share the cracked files, there would be no way of identifying who bought them originally.

And if you were to be caught sharing cracked files, fined, sent to jail, etc. Would you keep doing it after all that?

I do not care about sharing my personal music library with the net and I also do not care about making all my possesions available to my neighbours.

File sharing may become an everyday part of our lives but modern file sharing seems like a fad in decline. It may take both iTunes and lawsuits to drive it underground where it belongs.

iMeowbot
Nov 24, 2003, 11:51 PM
Originally posted by coolsoldier
Watermarks to identify the distributor would be pointless, since any and all protected AAC files are originally distributed by Apple.

That's not how watermarks work. IT has nothing at all to do with the original format, and in fact they primarily exist to detect files that have been re-encoded to analog, CDDA, MP3, unencrypted AAC, or whatever.

iMeowbot
Nov 25, 2003, 12:20 AM
Originally posted by j763
Rule out the presense of something that is confirmed not to exist?

No such confirmation has been made, because watermarking isn't intended to be a per-user identifier.

If by distributor you mean Apple, that's one thing.

And that's exactly what the RIAA (owners of SDMI) want. I thought that the why of it would be obvious, but maybe not. RIAA isn't going to want to continue a long term campaign of sending subpoenas to file traders; that's obviously a witch hunt to get attention, no way could they hope to even keep up with a tiny fraction of traders.

Watermarks are a big part of the labels' hope to retain control over distributors as they begin to move more product by electronic rather than physical means, so they can have metrics when setting rates, track availability etc.

The second intended purpose of watermarks is to act as a form of copy protection, much like Macrovision and the broadcast flag. This characteristic is unused at present, as it requires modifications to playback equipment and software.

[Edit: in case it's not crystal clear, the idea is to arrange things so that the distributors and manufacturers are forced into the role of twisting customers' arms, and then the labels only have to deal with them instead of the public at large.]

1macker1
Nov 25, 2003, 11:06 AM
Hello apple, welcome to the wonderful world of Windows. With enough time, hackers will be crackin into OS X just as they are doing with XP. See what happens when you become popular, people **bad people** start paying attention to you.

udannlin
Nov 25, 2003, 11:47 AM
cant seem to find the code anywhere... can someone email it to me at carcassrus@yahoo.com?

the_dalex
Nov 25, 2003, 12:48 PM
1macker1,

If you think people haven't tried to hack into Unix or OS X, you are wrong. An absence of security problems doesn't signify an absence of attacks, it shows that those attacks aren't fruitful.

Sure, there are going to be workaround hacks for some things, but nothing like you see running rampant on Windows.

1macker1
Nov 25, 2003, 01:17 PM
the_dalex
I'm sure plenty of people have been hackin away at UNIX and OS X, but no where near the volume that Windows sees.

the_dalex
Nov 25, 2003, 03:57 PM
People were hacking Unix code before Windows was a gleam in Bill's eye.

I guarantee Unix has gotten more attention from hackers, considering it's been around for over 30 years. If you think that the Windows world is full of genius hackers that could tear apart OS X if they could be bothered to try, you're dead wrong. Hackers go for fame, and hacking OS X would make headlines. Trust me, they've tried.

Doctor Q
Nov 25, 2003, 04:46 PM
The worm concept was invented about 25 years ago at Xerox PARC (Palo Alto Research Center), as a tool in the style of what we now call distributed or grid computing.

The 15th annivesary of the release of the first harmful and widespread worm (by Robert Morris, the son of a computer security expert) was earlier this month. It reportedly shut down up to 10% of the computers on the Internet.

Here (http://www.msnbc.com/news/209745.asp?cp1=1) is one story about it.

VoyagerRadio
Nov 25, 2003, 05:04 PM
Originally posted by Doctor Q
The worm concept was invented about 25 years ago at Xerox PARC (Palo Alto Research Center), as a tool in the style of what we now call distributed or grid computing.

The 15th annivesary of the release of the first harmful and widespread worm (by Robert Morris, the son of a computer security expert) was earlier this month. It reportedly shut down up to 10% of the computers on the Internet.

Here (http://www.msnbc.com/news/209745.asp?cp1=1) is one story about it.

There were 10 computers on the Internet then. So that means it shut down, let's see...1 computer? ;)

Doctor Q
Nov 25, 2003, 05:32 PM
Originally posted by VoyagerRadio
There were 10 computers on the Internet then. So that means it shut down, let's see...1 computer? ;) Good point! But you shouldn't exaggerate. I'm sure it was at least 2 or 3 computers!

Actually, you inspired me to look it up. There were about 60,000 computers on the Internet in 1988. Since the Morris worm was released late in the year, it was probably a bit more.

dov
Nov 25, 2003, 05:49 PM
What is the point of this effort? To save $.99? It costs more in my time to go thru the hassle than I could possible save trying to pirate a cheap song. Seems to me the author is doing it "just because" he can. Thanks but no thanks - I will spend my extra time with my kids teaching them how to use their computers!!

rog
Nov 25, 2003, 05:53 PM
How stupid, one can already do this by converting to aiff then reimporting in any way one chooses. There, I'm a big hacker! Put my name all over the internet and give me tons of press! What a joke.

coumerelli
Nov 25, 2003, 07:38 PM
Originally posted by rog
How stupid, one can already do this by converting to aiff then reimporting in any way one chooses. There, I'm a big hacker! Put my name all over the internet and give me tons of press! What a joke.

no way! I thought of it first. I just didn't say it.

ha ha!

VoyagerRadio
Nov 25, 2003, 09:25 PM
Originally posted by dov
What is the point of this effort? To save $.99? It costs more in my time to go thru the hassle than I could possible save trying to pirate a cheap song.

I agree wholeheartedly. And who really wants to spend all the time digging around a peer-to-peer network for a lousy mp3? (And I mean lousy, as the quality of many mp3s is often much lower than those you can find on the iTunes Music Service.) The only real benefit of using Drumbeat (http://drumbeat.info/) and other P2P services is the wider collection of music--but forget about finding consistently great sounding (or even complete) songs on Drumbeat or Kazaa (http://www.kazaa.com).

Take it from me--I've spent more time than you want to know trying to find consistently high-quality songs on P2P networks. It's a waste of time, IMHO.

--
H. J.
VoyagerRadio
Transmitting Downtempo Electronica to Earth
Site: http://www.VoyagerRadio.com Blog: http://voyagerradio.blogspot.com

arn
Nov 25, 2003, 10:06 PM
Originally posted by rog
How stupid, one can already do this by converting to aiff then reimporting in any way one chooses. There, I'm a big hacker! Put my name all over the internet and give me tons of press! What a joke.

if you had read the thread, you would realize this is not the same thing.

arn

arn
Nov 25, 2003, 10:07 PM
Originally posted by dov
What is the point of this effort? To save $.99? It costs more in my time to go thru the hassle than I could possible save trying to pirate a cheap song. Seems to me the author is doing it "just because" he can. Thanks but no thanks - I will spend my extra time with my kids teaching them how to use their computers!!

I think the reason cited by the author is to play his iTunes songs in Linux... which can not be done with protected files.

arn

FZappa
Nov 27, 2003, 10:51 AM
I'm glad to see the system is being challenged, not being a user of ITunes I didn't realize there were copying limitations on the files. For the life of me I can't figure out why on earth ANYONE would be willing to spend $1.00 per song and get nothing more than a file. This seems to me that the consumer is being screwed royally by the RIAA. It works like this: I end up paying $15-20 dollars for a CD and get no physical product. The record company gets to sell it for the same price but pays nothing for manufacturing and distribution. No middle men to speak of, the public gets hosed. But that's what they've been doing for years anyway. Just curious, does the artists cut increase with online ditribution? Support the artists but boycott the RIAA and overpriced online music.

bitfactory
Nov 27, 2003, 11:55 AM
Originally posted by FZappa
I'm glad to see the system is being challenged, not being a user of ITunes I didn't realize there were copying limitations on the files.
It works like this: I end up paying $15-20 dollars for a CD and get no physical product. The record company gets to sell it for the same price but pays nothing for manufacturing and distribution.

yeah - its obvious you aren't a user of iTunes. thanks for posting, though. :p

Ysean
Nov 27, 2003, 12:05 PM
Originally posted by arn
I think the reason cited by the author is to play his iTunes songs in Linux... which can not be done with protected files.

arn

That's what this guy claimed with DeCSS too. Does anyone honestly believe he actually uses anything other than linux? He wants to break protection, that's it. If he truly just wanted everyone to be able to view dvd's on linux or listen to itunes songs on linux then he would have provided binary executables as apposed to source code. Or maybe some people just think they are above the law because they think their reasoning is just.

Ysean
Nov 27, 2003, 12:13 PM
Originally posted by coolsoldier
There are many more advantages to compromising the protection than just the ability to pirate music. Additional advantages:

3) Music can be played on older computers (OS 9, Win 98/ME -- people do still use these, even if not as their primary computers)

4) Music can be played on non-iPod music players.

5) Music can be converted to mp3 to play in cheap players or burn to mp3 cd's

6) Windows users can now (like mac users have been able to all along) use their music files in movies, etc. -- iMovie supports AAC-p, but there is no windows movie software that does.

7) If, for some reason, people want to switch music software at some point in the future. Even if iTunes is the best jukebox software out there now (this has been disputed), odds are that it won't stay the best forever. This gives them the option to switch software in the future.


So,there are many advantages to this, not all of which are piracy-related.

And guess what?! You can do all of these things once you've burned the tracks to CD (which iTMS allows without question)

So much for that argument :D

Ysean
Nov 27, 2003, 12:21 PM
Originally posted by 1macker1
the_dalex
I'm sure plenty of people have been hackin away at UNIX and OS X, but no where near the volume that Windows sees.

As a unix & windows administrator I can honestly say that outright hack attempts are more prevelant on unix systems than windows. (Largely due to the fact they are more common when it comes to real servers on the net and being text based so everything can be done via the command line once you do break in.) You hear more about windows because of it's horrible coding and the ease at which worms propogate.

Doctor Q
Nov 27, 2003, 02:14 PM
Originally posted by Ysean
As a unix & windows administrator I can honestly say that outright hack attempts are more prevelant on unix systems than windows. (Largely due to the fact they are more common when it comes to real servers on the net and being text based so everything can be done via the command line once you do break in.) You hear more about windows because of it's horrible coding and the ease at which worms propogate. And hackers can look for vulnerabilities in the source code of many Unix systems, not just experiment with the object code. Open source projects don't hide their flaws. Instead, they depend on the community for help in finding and fixing the bugs and security holes that show up.

Ysean
Nov 27, 2003, 02:30 PM
Originally posted by Doctor Q
And hackers can look for vulnerabilities in the source code of many Unix systems, not just experiment with the object code. Open source projects don't hide their flaws. Instead, they depend on the community for help in finding and fixing the bugs and security holes that show up.

You do know no UNIX (tm) system provides access to it's source code. Remember, linux & bsd are NOT unix. They are "unix alikes". They mostly function the same as unix, but there are differences. But, that's semantics.

When it comes to "Open Source" I see both it's positives and it negatives. Some things are well suited for an open source atmosphere, some are not. Of my mind, security mechanisms & OS'es do not fit well.

The more important question here: What does open source have to do with circumventing a copy protection method? Using "open source" & "copy protection circumvention" in the same sentance does not sound good for "open source."

NOTICE: These are my thoughts & do not necessarily relfect those of any others. Do not flame someone for their personal thoughts on a matter.

---EDIT---

I just thought I'd like to mention that the most secure operating systems on the planet are indeed closed source UNIX systems. Let's stop being an "open source" bandwagon jumper.

Doctor Q
Nov 27, 2003, 03:32 PM
Originally posted by Ysean
[B]The more important question here: What does open source have to do with circumventing a copy protection method? Using "open source" & "copy protection circumvention" in the same sentance does not sound good for "open source."I think the thread got into the hacker discussion because of the idea that more people would be trying to break Apple's music protection scheme now that iTunes runs on Windows.

However, I was thinking of another connection. I think that protection schemes are better when they depend on a secure algorithm, as opposed to a secret algorithm. For example, you might beat DES or Blowfish encryption or public key cryptography with brute computing force, but I think such methods hold up better over time because they don't rely on keeping the method from "falling into the wrong hands". (Although, at the risk of mentioning a side issue while discussing a side issue, I think there's a major exception: I haven't heard yet that anyone has fully reverse engineered the VCR Plus system.)

However, unlike secure transmission of sensitive information, music distribution has the problem that the music has to eventually reach our ears. If it's encrypted, it eventually has to be unencrypted, and a copy can be made at that point. Which brings us to watermarking and the idea that you can harmlessly "tag" music even if you can't control its distribution. I still wonder if these are the only two choices, short of declaring all music free or trusting uses to pay for it whether enforced or not.

Ysean
Nov 27, 2003, 03:56 PM
Originally posted by Doctor Q
I think the thread got into the hacker discussion because of the idea that more people would be trying to break Apple's music protection scheme now that iTunes runs on Windows.

However, I was thinking of another connection. I think that protection schemes are better when they depend on a secure algorithm, as opposed to a secret algorithm. For example, you might beat DES or Blowfish encryption or public key cryptography with brute computing force, but I think such methods hold up better over time because they don't rely on keeping the method from "falling into the wrong hands". (Although, at the risk of mentioning a side issue while discussing a side issue, I think there's a major exception: I haven't heard yet that anyone has fully reverse engineered the VCR Plus system.)

However, unlike secure transmission of sensitive information, music distribution has the problem that the music has to eventually reach our ears. If it's encrypted, it eventually has to be unencrypted, and a copy can be made at that point. Which brings us to watermarking and the idea that you can harmlessly "tag" music even if you can't control its distribution. I still wonder if these are the only two choices, short of declaring all music free or trusting uses to pay for it whether enforced or not.

Ah ok... What RIAA and apparently others don't realize is that eventually EVERYTHING is circumvented. It's more a matter of how widely the circumvention can be used. The easier it is to do, the more widespread it will be. RIAA also seems to think it can prevent any type of copying (something MPAA thinks). This is a very foolish thought. There will always be people that will accept lessor quality products if they don't have to pay for them. To steal an earlier poster's statement.... It will just go underground. That is the best possible thing. If you can't erradicate it, minimize it.

Doctor Q
Nov 27, 2003, 04:35 PM
Originally posted by Ysean
What RIAA and apparently others don't realize is that eventually EVERYTHING is circumvented.Except, it seems, for VCR Plus! As far as I can tell, Gemstar has kept the wraps on it for over 10 years. There are programs available to generate and interpret VCR Plus codes for TV shows that start and end on the half hour, but none to handle the longer VCR Plus codes for arbitrary start/top times minute by minute. I gave up looking for one. My use was legitimate: I wanted to program my VCR to start a couple of minutes early and end a couple of minutes late in case my clock was off. Since my intended use of their encoding has been prevented, I don't use their product at all.

Similarly, it seems that if you left it up to the RIAA, they'd choose methods that would cause a reasonable customer to want to circumvent the inconveniences that interfere with normal and legal use. Or to avoid buying their "products" at all.

Ysean
Nov 27, 2003, 04:55 PM
Originally posted by Doctor Q
Similarly, it seems that if you left it up to the RIAA, they'd choose methods that would cause a reasonable customer to want to circumvent the inconveniences that interfere with normal and legal use. Or to avoid buying their "products" at all.

Agreed. But I do think the Apple DRM method is a good middle of the road solution. After all, you could still burn the tracks to CD and play in another computer and your car. I honestly was expecting the limitations to be a lot worse due to the 2 services which were available at the time were absolutely horrid.

Doctor Q
Nov 27, 2003, 05:27 PM
Gee, I wonder where the rest of the Earth's population went? It's just you and me left, Ysean! Oh yeah, the Thanksgiving holiday.

I know what the RIAA would like. Music reception & decryption devices implanted in your inner ear! With a RFID chip that identifies you. When an authorized listener passes close to an authorized computer storing an authorized tune, the encrypted sound can be transmitted into your head, still encrypted, then decrypted so your auditory system can be stimulated. This would minimize the danger of music being intercepted by those few unreasonable people who didn't want to submit to the music surgery!

Now we have to get to work inventing the imPod (implanted iPod), a storage device, also installed in your body, to store encrypted tunes for when you aren't near your computer.

Ysean
Nov 27, 2003, 05:34 PM
Originally posted by Doctor Q
I know what the RIAA would like. Music reception & decryption devices implanted in your inner ear! With a RFID chip that identifies you. When an authorized listener passes close to an authorized computer storing an authorized tune, the encrypted sound can be transmitted into your head, still encrypted, then decrypted so your auditory system can be stimulated. This would minimize the danger of music being intercepted by those few unreasonable people who didn't want to submit to the music surgery!

Haha yeah... I guess everyone else actually enjoys spending holidays with their families!

As for implants..... hahahaha! I'm all for technological advancements. But some things are just too much. But hey, you do what ya gotta do to "protect your property" :p

savar
Nov 27, 2003, 08:52 PM
Originally posted by trog
So. If this works, why is it important, it isn't doing anything novel?

And if it doesn't work, what does that prove, that Apple's DRM is tough to crack?

What am I missing here that is interesting?

The only concern that I can see here is that hacked AAC files can be redistributed on a large scale. That is, because AAC files can be stripped of DRM in one step, in software (as opposed to burning a CD, or ripping a lossy stream), it can now be an automated process. Say a ring of file sharers each set this up to happen automatically with any songs they download.

It's farfetched, however, and I personally don't think it should be a big problem, but lord knows the press will run with this and act as though Apple will surely go out of business after this "blunder".

Note that the guy who wrote this is the same guy who wrote DeCSS, the much maligned-by-the-industry utility which was actually pretty innocent. I doubt he intends to do anything malicious. Certainly if I had developed an extensive encryption system and it got hacked 2 months after I released into the wild [Window's world], I would be upset.

=2 cents

StoneRoses
Nov 28, 2003, 05:07 AM
Originally posted by Ysean
And guess what?! You can do all of these things once you've burned the tracks to CD (which iTMS allows without question)

So much for that argument :D

A lot of people still don't know the diffence between DRM strip-off (QTFair use) and reencoding (burn CD -> Aiff -> AAC).

For 128kbps range, the degradation when you decode - reencode is significant.

hmari99
Nov 28, 2003, 11:12 AM
Originally posted by FZappa
I'm glad to see the system is being challenged, not being a user of ITunes I didn't realize there were copying limitations on the files. For the life of me I can't figure out why on earth ANYONE would be willing to spend $1.00 per song and get nothing more than a file. This seems to me that the consumer is being screwed royally by the RIAA. It works like this: I end up paying $15-20 dollars for a CD and get no physical product. The record company gets to sell it for the same price but pays nothing for manufacturing and distribution. No middle men to speak of, the public gets hosed. But that's what they've been doing for years anyway. Just curious, does the artists cut increase with online ditribution? Support the artists but boycott the RIAA and overpriced online music.

WOW. I didn't read the whole thread (but most of it) and this one opinion makes the most sense. It's about fair use. It's about using what you bought in any way you want (within the bounds of the law, which is much broader than what iTunes lets you do)

Applied to a physical media (aka a stipid CD) the idea of the DRM is this: You can play the CD on three designated CD players that support the DRM. Like, it will play ONLY on xyz brand cd player and only three of those that you pick. Yes, you have to stick to that brand of cd player (the iTunes player, the supported OS of iTunes, no unix support in sight) and too bad if you have a fourth one in the bedroom. It's not gonna play in your second car's player either. Nor in the kitchen. Nor on your neighbor's player. Nor can you trade it on the used market when you're tired of listening to it.

Yes consumer would be outraged. QTFairuse is definitely a good thing for fair use and might be a bad one for piracy (not too sure it'll make a difference though)

Good argument about no manufacturing costs, no distribution cost, no cut for the middle man, no best buy, no tower records no Borders to pay a cut.

They finally found a way to sell you some wind. Even better, they will restrict the direction and force in wich the wind will blow, how often and where it will happen. And people are buying it!

hmari99
Nov 28, 2003, 11:37 AM
Originally posted by savar
The only concern that I can see here is that hacked AAC files can be redistributed on a large scale. That is, because AAC files can be stripped of DRM in one step, in software (as opposed to burning a CD, or ripping a lossy stream), it can now be an automated process. Say a ring of file sharers each set this up to happen automatically with any songs they download.

It's farfetched, however, and I personally don't think it should be a big problem, but lord knows the press will run with this and act as though Apple will surely go out of business after this "blunder".

Note that the guy who wrote this is the same guy who wrote DeCSS, the much maligned-by-the-industry utility which was actually pretty innocent. I doubt he intends to do anything malicious. Certainly if I had developed an extensive encryption system and it got hacked 2 months after I released into the wild [Window's world], I would be upset.

=2 cents


The fact that *ANY* software based copy crippling system can be circumvented is not widely spread knowledge. Probably because the makers of such systems don't like bad publicity, and the one using them want the good sheep-like consumers to stick to the path and not wonder if there could be a way around it. It's called marketing.

Think about it. However strong your encryption, however elaborate your system, it still needs to be decrypted, and unless you force upon consumers tamper-proof secure hardware, you still have to decrypt/decode/descramble the content before it is played on your computer. That happens with software, data lies in memory. Software can be tweaked, hacked, modified, changed, converted, emulated etc. And everything in memory can be read, written, overwritten. That's what computers do.

The QTFairUse exploit must not have taken more than 1 man day of work to develop. You need a good system level debugger and someone determined to find the point where the crippled stream ends and the good data begins. I'm not saying Jon Lech Johansen's work is not valuable, but it is not such a great accomplishment. However, it demonstrates that it can be done. Probably easily. It takes a lot of guts to make it public though, because this is plain fat illegal under DMCA (not only circumventing copy protection is illegal, but distributing means of circumventing copy protection is illegal, no matter how it's done or why) Kinda like outlawing hammers because they can be used to break windows for burglaries.

The solution to the software drm 'problem' of course is tamper proof hardware, or at least with deep roots in the OS. Microsoft version, the trusted computing innitiative, aka Palladium is supposed to deliver that and will apparently support hardware enforcing device. For those who think they won't buy the hardware, they might not have a choice. It'll come built in the motherboards, maybe cacked up by laws and regulations. We will have to wait, however to see how effective the system is. Microsoft does not have the cleanest track record regarding security and reliability.

VoyagerRadio
Nov 28, 2003, 07:09 PM
The way I see it is, you either agree to buy something at a certain price, or you don't buy it. If you do buy it, what you do with it is your own business--within reason. By reason, I think most of you know what I mean--most of us know the difference between right and wrong, and though everyone draws their own boundary line to determine that distinction, most of us make the demarcation close to the same place. You know when you're crossing most folk's boundaries and when it's hurting other's livelihoods--it's become clear that "sharing" MP3s is one of the reasons people in the music industry are losing their jobs--and though most of us have shared MP3s and/or other files at one point in time or another, and it's probably not hurting anyone to share a few songs with a friend or family member who isn't likely to buy the CD anyway, the mass distribution of MP3s via P2P apps is clearly harmful to the incomes of a certain group of people. I want free music, too--but unless an artist is willing to freely distribute their work, I'm going to wait until I can afford to buy their songs, or listen to the music that is already free. By subscribing to this policy, I've found that I have much more time on my hands to enjoy listening to the music I haven't yet heard, rather than monitoring a P2P network for countless silent and irrecoverable hours.