Another Fairplay Threat?

[mooncaine]

"Jobs apparently warned that while Apple was not a litigious company..."

"Jobs apparently warned that while Apple was not a litigious company ..." This must be a hoax. We can't seriously be expected to believe that Jobs would say such a thing. Apple is infamous for suing or threatening suits on the most trivial matters ....

 

[demallien]

Finding where the keys are on your HDD is the easy part, accessing and using them is the task that takes months... [Simple way to find the location of the keys. Image your HDD. Purchase file from iTunes. Image your HDD compare the two images. The new key(s) (and the file itself) must be in the bits that changed.]

Sure. Of course, the guys working on DRM at Apple aren't idiots. If you were an engineer charged with defeating this type of attack, what would you do? I can tell you what I would do, I would start changing a whole load of bits on your harddrive, not because it's necessary, but because it makes it that much harder for you to find the stuff that changed.

It's a moot point anyway. Any file that you download from iTunes is going to be at least a few megs in size. The key is going to be somewhere in the order of a couple of hundred bytes. Which bytes amongst the several megs are the key? They aren't necessarily contiguous, they're almost certainly encrypted by another key hidden elsewhere in the system, and they may even be fiddled by a virtual machine after decryption, just to muddle things up a little bit more.

Finding the approximate location on the HD is simple. Fiding the actual key in the right order is an extremely difficult task.

As someone who does this for a living, can you comment on my read of the hacks that have been released in the later post https://forums.macrumors.com/posts/2917258/. It still seems to me that where DRM has been hacked has relied on key retrieval or finding the weak spot in the chain.
B

Um, of course DRM hacks rely on either retrieving the key, or finding the weak link. They are the only two attacks possible - grab the data after the program has decrypted it for use, or find the key/algorithm so that you can do the decryption yourself. At the moment the first attack is nearly trivial to implement, although that will change a bit when the manufacturers start moving on to a "Trusted Computing" style platform. All you need to do is write your own audio driver that sits between the computer and the real driver. It picks of the data and stores it as it's sent to the speakers.

The second solution is much more difficult, but far more elegant. It allows you to keep intact all of the metadata associated with the file (track name, lyrics, album name etc etc). BUT, you have to be clever enough to recover the key.

 

[tveric]

But if iTunes' DRM was annoying to users, it never would have made it to 70%. Users absolutely care about DRM. But they're not aware of it unless it's too restrictive or inconvenient - if you give them *bad* DRM they will totally notice it and hate it.

Again - 70% of the DRM market, not 70% of all music obtained online. And that number doesn't figure in (obviously) any music obtained from a site like allofmp3. The legality of allofmp3 may be dubious, but there's an example of DRM-free music, that people are paying for (at a rate of .10 on the dollar, I'll grant you) - and it's trouncing any other pay service. I would continue to shop there even if they made the prices comparable to the itms, simply because I can be confident that once I purchase an album, I'll be able to play that album on any computer, any mp3 player, anytime, far into the future. Not so with the itms; you need an ipod and itunes, and while those are my current items of choice, who's to say they will continue to be my software and/or player of choice 5, 10, 15 years from now? I still have CDs I bought 15 years ago - I should be able to buy music now with the same confidence, that I can play it forever if I want to.

And by the way, before I hear the same wrongful accusations about how people are breaking the law by going to allofmp3 - guess what, they're not. Distributing copyrighted material is against the law - every single RIAA lawsuit was brought against someone for THAT offense, being that people were running Kazaa, or other p2p software, and naturally everyone is distributing while downloading. They haven't sued anyone for using allofmp3 simply because technically, it's not illegal to download music from them. Are the operators of the site in violation of the law? Yes - US copyright law, and they're not inside the US. I know it's a shock to some of you, but people not living in the US aren't subject to our laws.

Support your artists, not the record companies. Buy from DRM-free sites online and see the bands when they tour - that's where 90% of the bands make 90% of their money anyway.