DVD Jon hacks iTunes, creates program that allows you to buy...


mkaake

macrumors 65816
Apr 10, 2003
1,153
0
mi
holy crap.

that's no good. no good at all.

i'm wondering how long before apple finds a way to shut this down - both with legal action, and changing the way that their servers serve up the files...
 

jsw

Moderator emeritus
Mar 16, 2004
22,819
41
Andover, MA
Obviously, Apple will freak (what else is new...), but all this does is provide a shortcut around the burn-to-CD-and-rerip shortcut that's built into iTunes. You still need to buy the music. So, at best, this makes it easier to share music, but it doesn't provide a new capability.

I think it's a great convenience. I'm just saying that the inevitable wrath-of-God response from Apple is somewhat unwarranted.
 

stoid

macrumors 601
jsw said:
I'm just saying that the inevitable wrath-of-God response from Apple is somewhat unwarranted.
More like the wrath-of-Jobs! :rolleyes:

Anyway, I've never been one to agree with the Windows people that argue the security-by-obscurity for why Mac OS X is not hacked to bits like Windows, but it would seem that this adds aome serious fire to their arguement. Here in music where Apple is the most popular and widely used, they are getting hacked (semi-successfully) more often than their WMA counterpart.
 

DavidLeblond

macrumors 68020
Jan 6, 2004
2,198
286
Raleigh, NC
jsw said:
I think it's a great convenience. I'm just saying that the inevitable wrath-of-God response from Apple is somewhat unwarranted.
It's a great convenience until the RIAA gets pissed and either changes their mind about downloadable music or tells Apple to hike their prices.

We shouldn't worry though, Apple will defeat this in no time.
 

emw

macrumors G4
Aug 2, 2004
11,177
0
Pipian said:
I wonder how long it'll be until Apple comes up with a fix for this?
Probably before the the end of the day, I would imagine.

But is this really a surprise to anybody? I mean, really, how much can the RIAA bitch about this? They sell CDs that anyone can burn and share - they should be happy that Apple is trying to improve upon this model in the first place. Of course, I know they will still bitch...
 

stcanard

macrumors 65816
Oct 19, 2003
1,490
0
Vancouver
stoid said:
Anyway, I've never been one to agree with the Windows people that argue the security-by-obscurity for why Mac OS X is not hacked to bits like Windows, but it would seem that this adds aome serious fire to their arguement. Here in music where Apple is the most popular and widely used, they are getting hacked (semi-successfully) more often than their WMA counterpart.
Yes and no. True iTunes is getting hacked more than WMA because of its popularity, but this has no bearing on the relative security of the software or operating systems.

The problem is that DRM like this is flawed by definition. In order for me to be able to listen to the track, my computer has to have the capability to decode and play it. Therefore there has to be a hole that can be exploited to get that information. Jon is very good at finding that hole that has to exist.

The system is guaranteed to be breakable as long as you look hard enough.

The same is not true for operating systems. The system does not have to be breakable, so now you can make an assessment based on the architecture.
 

narco

macrumors 65816
Dec 9, 2003
1,155
0
California.
How long before the CEO of Napster writes a letter to the RIAA about this? Talk about karma.

But it's still not as bad as Napster's dilemma. With iTunes, you still have to actually BUY the song for this to work. Not everyone who purchases songs from iTunes will take out the DRM, most people don't even mind or know it's there to begin with.

Fishes,
narco.
 

the_mole1314

macrumors 6502a
Sep 16, 2003
774
0
Akron, OH
narco said:
How long before the CEO of Napster writes a letter to the RIAA about this? Talk about karma.

But it's still not as bad as Napster's dilemma. With iTunes, you still have to actually BUY the song for this to work. Not everyone who purchases songs from iTunes will take out the DRM, most people don't even mind or know it's there to begin with.

Fishes,
narco.
And that rental services are based on per play, not per download, so without DRM, the music companies don't get paid. With iTunes, they still get paid the full amount as if it was a DRM file. I don't think this will hurt Apple at all, mainly because the companies are still getting paid in full for each download. Also, Apple can then inforce their Terms of Serive about how you have to use iTunes to download the songs, or they can cancell your account.
 

mattroberts

macrumors regular
Oct 25, 2003
175
0
Canada
This sucks.... its interesting but still sucks.

But it can be fixed by possibly: Encrypting (or Changing the way it is encrypted) the AAC file on the transfer from itms to the player.
or force the player to send the authorize code to apple to wrap on <i> their</i> servers before send it back to the player.

If they do the server fix it'll take more than a day.

Does anybody have more of an idea on how the DRM wrapping is done and how the undrmed file is transfered?
 

pourhadi

macrumors member
Jan 27, 2003
67
0
This is just going to hurt Apple in the eyes of the music industry.

The argument that, "It's gonna happen anyway, so they shouldn't complain" is rhetorical nonsense-- this is the RIAA we're talking about, people.
 

IanC

macrumors regular
Jan 29, 2005
204
0
Essex
I appreciate what DVD Jon did to help Linux owners watch dvds, but this is going to far. I hope Apple come up with a fix for this, and soon.
 

wordmunger

macrumors 603
Sep 3, 2003
5,125
2
North Carolina
So what if Apple stops this -- will this be the pirates' reaction?

Curses! Foiled again! I had been planning to use ITMS to base my international pirating operation. What oh what will I do? Buying a CD and copying that couldn't possibly work, so I'll have to think of something else. Damn you, Apple!
 

stcanard

macrumors 65816
Oct 19, 2003
1,490
0
Vancouver
mattroberts said:
But it can be fixed by possibly: Encrypting (or Changing the way it is encrypted) the AAC file on the transfer from itms to the player.
or force the player to send the authorize code to apple to wrap on <i> their</i> servers before send it back to the player.

If they do the server fix it'll take more than a day.
And it will take Jon a day to figure out how the iTunes client generates that key and spoof it. Again by definition DRM has to be insecure, because the client must have all the information necessary to break it.

In interviews Steve Jobs has gone on record saying that unbreakable DRM is impossible. What you're seeing from Apple is a "good enough" strategy. After all, they don't really care, it's only there to appease the RIAA.

Does anybody have more of an idea on how the DRM wrapping is done and how the undrmed file is transfered?
There's a good overview of what's happening at Ars.

Basically the issue (and I hadn't thought about this) is that the song has to be individually encrypted for each client; that's how its made playable on your system not other people's. Because they're using Akamai to cache and distribute the files they can't distribute pre-encrypted ones! (The analogy is it would be like libraries carrying a copy of the book for everyone who might borrow it). Apple can't link everything back to their servers as you'd bottleneck it.

Instead its your copy of iTunes that's actually adding the DRM (and that's probably why the new Motorola phone won't let you buy directly from the store, it can't add the DRM).

It's an interesting problem. I would bet you will find this hole in WMA stores for the same reason. Of course Jon prefers to target the source that will get him headlines.

Apple will make another "good enough" fix to block it for another 6 months. But they really don't care. Although externally they "care", I bet internally it doesn't particularly bother them because ITMS is so big that the record companies can't afford to pull out of it.
 

DavidLeblond

macrumors 68020
Jan 6, 2004
2,198
286
Raleigh, NC
stcanard said:
It's an interesting problem. I would bet you will find this hole in WMA stores for the same reason. Of course Jon prefers to target the source that will get him headlines.
Agreed, Jon probably wants headlines.

stcanard said:
Apple will make another "good enough" fix to block it for another 6 months. But they really don't care. Although externally they "care", I bet internally it doesn't particularly bother them because ITMS is so big that the record companies can't afford to pull out of it.
The problem is, this may not hurt Apple all that much but it will hurt the Music Download industry. With every DRM that is cracked it gives the RIAA more fuel against their "downloading is bad" campaign. Also less labels would be willing to allow iTMS to sell their music.
 

nagromme

macrumors G5
May 2, 2002
12,551
1,186
stoid said:
Anyway, I've never been one to agree with the Windows people that argue the security-by-obscurity for why Mac OS X is not hacked to bits like Windows, but it would seem that this adds aome serious fire to their arguement.
Obscurity IS a factor that helps Mac users. The point is that good, secure design is ALSO a factor. But DRM file distribution doesn't relate to OS security/privacy anyway.

Anyway... you still have to BUY the song to use this hack.
 

stcanard

macrumors 65816
Oct 19, 2003
1,490
0
Vancouver
DavidLeblond said:
The problem is, this may not hurt Apple all that much but it will hurt the Music Download industry.
I think at this point you could argut that Apple is the Music Download industry.

With every DRM that is cracked it gives the RIAA more fuel against their "downloading is bad" campaign. Also less labels would be willing to allow iTMS to sell their music.
A year ago I would have agreed with this, but I think the landscape has changed.

Apple has already signed all the major labels, and realistically they don't dare back out. This will come up in contract negotiations only.

The indies don't care nearly as much about DRM, they don't make money through moving huge numbers of tracks, but through raising awareness of the artists leading to concert and merchandising sales.

Overall the cat's out of the bad, its turned into a (dare I say it?) Tiger, and nobody's putting it back in.
 

winmacguy

macrumors 68020
Nov 8, 2003
2,237
0
New Zealand
DavidLeblond said:
It's a great convenience until the RIAA gets pissed and either changes their mind about downloadable music or tells Apple to hike their prices.

We shouldn't worry though, Apple will defeat this in no time.
Maybe some big company should tell the greedy money grubbing RIAA to "go jump in the Lake" and just leave things how they are instead of trying to change Apples DRM and create even more restrictions to what you can do with legally purchased music. Maybe if the greedy money grubbing RIAA looked at changeing its business model to bring it inline with the newer digital age it might find some better way of doing things. After all there is NO evidence that file sharing kills music and CD sales.

What the evidence actually tells us is file sharers are downloading singles which the music industry doesnt cater for so they get the impression that they are losing sales.

Hmmmm methinks that maybe the RIAA needs to adjust its buiness model to meet the changing music environment rather than change the business environment to keep with its outdated business model.

Cheers Winmacguy

PS I was aware as mentioned in the article that in Apple's case you still have to purchase the music before you can strip the DRM from it unlike Napsters music which you onliy have to pay $15 for as much as you can eat!
 

MacRumors

macrumors bot
Apr 12, 2001
7,446
8,513
PyMusique - Fair iTunes Interface?

According to Corante.com, from the same authors of QTFairUse, comes what is described as "the fair interface to the iTunes Music Store". The application called PyMusique acts as a front end for the iTunes Music Store and allows users to preview iTunes songs, signup for an account, buy songs and redownload songs that were bought with PyMusique.

The most notable twist is this quote from Jon Johansen ("DVD Jon"), one of the authors of the application:

It is somewhat interesting from a DMCA/EUCD perspective. The iTunes Music Store actually sells songs without DRM. While iTunes adds DRM to your purchases, PyMusique does not.
Note: This application has been untested by this site, and Apple will likely take steps to prevent future usage.