Jon Johansen, the Norwegian programmer who created DeCSS, the first widely used tool for decrypting the copy protection in commercial DVD movies, announced a similar hack this week for the Digital Rights Management (DRM) technology that protects songs purchased from Apple Computer's iTunes Music Store. The hack, which Johansen calls QTFairUse, casts doubts on Apple's ability to protect the intellectual property rights of artists who sell music on iTunes Music Store and comes just a month after the company opened the service to Windows users. Johansen posted QTFairUse to his "So sue me" Web site this past weekend. QTFairUse is a small command-line utility for Windows that shows developers how to bypass the security features in Apple's protected Advanced Audio Coding (AAC) format, which the iTunes Music Store uses. The utility doesn't create a workable, playable, protection-free music file, but its source code will help other hackers bypass Apple's DRM security in their own applications, eventually leading to a complete breakdown of Apple's licensed DRM system, FairPlay. Critics have long alleged that in the past much of Apple's software-development advantage came from its small, tightly controlled market. Now that Apple is pushing DRM-enabled products such as the iTunes Music Store and the iPod into the wider Windows world, the company is finding out how difficult it is to control the teeming masses. This week's iTunes Music Store hack is actually the second time programmers have hacked the service in the past month and the third time this year. A tool called MyTunes, released last week, lets Windows users steal music that other Windows and Macintosh iTunes application users share for streaming, although it doesn't decode songs purchased from the iTunes Music Store; Apple patched a similar problem in its Mac version of the iTunes application earlier this spring. Apple's primary competitor, Microsoft, created its own DRM scheme for its popular Windows Media Audio (WMA) and Windows Media Video (WMV) formats but built renewing capabilities into the technology, which helps Microsoft survive security exploits. Whether Apple's FairPlay technology supports this renewing functionality is unclear at this point, and Apple has been characteristically quiet about its DRM use, preferring instead to foster the impression that the company is more customer-centric than Microsoft and less beholden to content creators. But the reality of the situation is that Apple has worked hard to strike deals with the recording industry and did a fantastic job of jump-starting the concept of inexpensive, downloadable, legitimate music. Let's hope that this DRM breach won't cause record companies to reverse their decisions to work with online music services.
End of Article
I know that putting the words 'hacker", "iTunes" and "DRM" is an instant magnet for new readers but . . . put a little perspective on this, it's not news: a) there are hacks for every DRM and one of the frequent hacks, for all systems, exploits the fact that a decrypted data flow must reach the sound card b) these hacks have been around for a while c) Jon Lech Johansen's QTFairUse is just another in a series of this type of hack d) it doesn't matter which music application, OS or current hardware you use, they are all subject to this type of hack e) until sound cards or chip sets come out that decrypt the data on board, we'll have these hacks f) even once e) happens, people will still be able to take the analog sound output and recorded in another form g) DRM will always be hacked and NOBODY can completely "protect the intellectual property rights of artists who sell music"
Grant Klassen November 25, 2003
This is a non issue. There is freeware available for the Mac (and I assume for Windows too) to enable the user to copy any sound his Machine makes or plays. So I can quite easily copy the music I download, and then save it as a MP3 file, bypassing the DRM. This guy has spend numerous hours of complicated programming for naught.
meat is murder November 25, 2003
you have to be a complete moron to think you need new software to by pass any DRM strategy....
Itunes music has about a DOZEN ways that can be used to make an MP3 file....
Johansen, just doesn't have a clue as to how easy it is.... apparently....
iTunes is not there to keep people from using illegal means,
it is there for people who respect music..... DRM is there to satisfy the labels, not iTunes appeal or customers technical abilities......
and saying MSFT can survive security exploits is like asking a horse to fly, i can at Will copy any WMA file i wish using not only a dozen ways to do it, but johansen's way too.... and there is NO copy protection that will ever be water proof.... EVER..... if you can hear the music, you can copy it....
that is how stupid your argument is....
iTunes is there for people who respect music and musicians, not for how hard it is to copy music...
i prefer iTunes way though because the compression is much better for the bit rate than MSFT's.....
striking deals is not dependend on DRM strategies, because illegal file sharing shows how little DRM is needed... all the music is already available for illegal downloads...
if people want to steal music, they will
the labels however were stupid enough to not provide an alternative....
Apple provided people with an alternative..... not MSFT, not the labels... APPLE....
if i want to download music, i'll see if an artist and label is smart enough to provide me an opportunity to do it legally...
if an artist is stupid enough to preclude this form, like the BEATLES and metalica.... then i will download their music illegally, even though i do not even like their music, and everyone should, to make the point, that the DRM is not why we buy music,.... and stupidity that the beatles show will get you no where fast...
we buy it, because we respect the artists smart enough to make the music available
jon.
jon November 25, 2003
Poor Jon must have a lot of time on his hands during those long Norwegian nights. But his socialist act of self-aggrandisement is just a waste of time. People who are using Apple's iTunes Music Store are good people who are trying to be honest. If they were thieves like Johansen they wouldn't need to crack any code to steal music, they could steal it in a thousand places. The iTunes Music Store and other outlets are about people CHOOSING to get their music honestly. These are people who choose not to be thieves. As for the people who choose to steal, they really didn't need another method for taking something that doesn't belong to them.
Jeff Deuser November 25, 2003
It would have been fair to add that Apple has had a recent history of quickly releasing software updates to address issues. You may recall the streaming of music over the internet from iTunes 4.0, now has been limited to the intranet. While I trust Jon is capable, no one has yet verified his claim and whether what is produced can be made to create playable tracks. Software techniques to block replacing portions of a programs code as Jon did here is well known. Microsoft started doing it in 1996 by adding signatures to dll's thus crippling Novell's single sign-on technology for for Windows. The real issue is will Apple's solution to Jon's hack be elegant enough not to limit legitimate third party updates to Quicktime. And, is this form of updating Quicktime by third parties really what Apple should allow. I'd be apprehensive to replace part of my App with a hackers code, what else does that open my system to?
It's my opinion that the real issue is how can a software company protect the quality and trustworthiness of its App while not limiting third party innovations and enhancements. Microsoft chose to use digital signing to cripple a competitor's (Novell's) ability to compete, will Apple's solution lock competitors out of Quicktime or will it elegantly protect the IP of the content flowing through Quicktime while maintaining Quicktime's usefulness as a powerful cross-platform multi-media framework?
Jack November 25, 2003
FUD. I can't believe I wasted my time reading this.
Editor's note: I know the feeling. I can't believe I wasted my time replying to this. --Paul
Darlana November 25, 2003
Paul,
Another thing, you can already circumvent the DRM from Apple by burning the tracks to an audio CD and then re-ripping in mp3 or unprotected AAC. In fact, it's very easy to create a smart playlist in iTunes of all your protected AAC files, then burn that whole playlist to an audio CD (iTunes will even prompt you to put in more than one CD if necessary, isn't Apple thoughtful?) Then you can take these CDs and re-rip. All the track info even comes over from what I understand.
The record companies are well aware of this. So I'm not sure how much they will care about this hack. As it is, they see Apple and iTunes as their savior. That may be wrong, but I'm sure they will give Apple the benefit of the doubt and some time to patch this.
Editor's note: the reason creating an unprotected CD from Protected AAC files and then burning them to MP3 is unacceptable is that 128 Kbps AAC isn't CD quality, so the resulting songs won't be as high quality as, say, the originals, or the CD rips you could make from the 192 Kbps WMA files you might get from MusicMatch, which are of higher quality to start with. --Paul
Cliff November 25, 2003
Paul, here's a funny article from over at Fortune today:
"The evil scientist Lex Luthor used his duplicator ray to try to clone Superman, but something went terribly wrong. The result was Bizarro, a good-natured but ugly and backward version of the Man of Steel. Bizarro was the antithesis of cool; his home planet, Htrae, was square," Peter Lewis writes for Fortune.
"Which leads us into a discussion of Dell's new Bizarro version of Apple's iPod, called the Dell Digital Jukebox Music Player, or Dell DJ for short. Coming from the square world of Dell instead of the hip world of Apple, it's bigger, heavier, and clunkier than Apple's sleek, suave, elegant iPod, which arrived on the scene two years ago and quickly became the most popular portable digital music player on our home planet, Earth. Even worse, the Musicmatch-backed Dell Music Store is the clumsy, Bizarro counterpart to Apple's brilliant iTunes Music Store," Lewis writes.
"Bizarro, the pathetic wretch, was driven mad by constant comparisons with the handsome, smart, and sexy Superman he was meant to emulate. So too must the DJ suffer from inevitable comparisons with the iPod, with its two-year headstart. If the iPod did not exist, the DJ might even lay claim to the title of Best Portable Music Player Since the Sony Walkman," Lewis writes. "But the iPod does exist, and so do Apple iTunes and the Apple iTunes Music Store, and thus the Dell DJ is doomed to be merely the second-best player on the market."
Boy, that IS funny, don't you think? The WinJunk solutions are really taking a beating from Apple this time. What will you guys do, Paul?
Editor's note: "You guys"? You mean "me and Microsoft?" LOL. MS does what they do. I write about it. You seem to think there is some bizarre Wintel conspiracy but the truth is so much less exciting I won't even try to burst your bubble. Suffice to say the X-Files has been off the air for several years. --Paul
Cliff November 25, 2003
Your information on this exploit is hardly worth reading. The "hack" that you are describing exists in any and all DRM formats, yes even your favorite MS windoze media player Paul. On the contrary to your praise how MS has left a way to upgrade their DRM, it would not help in this case. Please go back and do more reading on the subject before you open your mouth, it would help you look not quite as stupid. This is about as bad as your last statement on how MS Longhorn is better than mac OS X in every way, yet you manage to name only one instance, and even that is hardly credible.
christopher November 25, 2003
The particular chink in the armor, as I understand it basically catches the decoded digital stream as it is sent to the audio system. This is unprotectable, save for hardware changes in soundcards and computers and I for one would find that solution unacceptable. More to the point. using this method would be equally effective agains Microsoft's DRM system. Renewing doesn't matter if the stream is now converted to a vanilla MP3 file.
I hope my understanding is correct, but welcome the comments of others. Also, doesn't it seem like this article is one the one side cacklingly pointing the finger at Apple, but on the other hoping for success and wishing for a system that does at least a little of what they've done: attempt to make a customer centric DRM system that at least makes the recording industry happy? Does the author want Apple to fail and enjoys hearing each example thereof, or does he think they did a fantastic job jump-starting legitimate downloadable music? Maybe it's just me.
Free Online Event! Virtualization:Get the Facts! Register now and attend this free, live in-depth online conference on November 13 and 20, 2008, produced by Windows IT Pro. All registrants are eligible to receive a complimentary one-year digital subscription to Windows IT Pro (a $49.95 value)!
Ease Your Scripting Pains with the Flexibility of PowerShell! Join MVP Paul Robichaux on December 11, 2008 at 11:00 AM EDT as he equips you with PowerShell basics in 3 introductory lessons, each followed by a live Q&A session—all on your own computer!
Latest Advancements in SSL Technology There are a variety of different kinds of SSL to explore to ensure customer data is kept confidential and secure. In this paper, we will discuss some of these SSL advances to help you decide which would be best for your organization.
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
Maximize Your SharePoint Investment: Get Your Data Moving Watch this web seminar now to learn how to maximize your SharePoint investment! Join us as we take a look at the complex business of securing, accessing and managing vast amounts of information in a global network and various ways to get your data moving.
Register
a) there are hacks for every DRM and one of the frequent hacks, for all systems, exploits the fact that a decrypted data flow must reach the sound card
b) these hacks have been around for a while
c) Jon Lech Johansen's QTFairUse is just another in a series of this type of hack
d) it doesn't matter which music application, OS or current hardware you use, they are all subject to this type of hack
e) until sound cards or chip sets come out that decrypt the data on board, we'll have these hacks
f) even once e) happens, people will still be able to take the analog sound output and recorded in another form
g) DRM will always be hacked and NOBODY can completely "protect the intellectual property rights of artists who sell music"
Grant Klassen November 25, 2003