DVD Jon hacks iTunes, creates program that allows you to buy...

[dudemac]

Does anyone know how to use the app? The readme file is empty

to use make sure you have installed the GTK 2.3 from the site that you got the program.
Restart windows... I love that part
Open the program under the accounts window select login
put your login and password from itms wait until the status bar at the bottom says balance -0. Then just type the artist song etc intot he search
Select the song. to preview it select preview under the song menu or to purchase select purchase under the same menu. Once you select purchase you will get a confirmation window that has a cancel and purchase button once you click the purchase button it will down load to a folder located in C:/Documents and Settings/User/Music this can be changed in the preferences located in the edit menu.

Once downloaded just add the song to you itunes music library and away you go.

enjoy

 

[Dippo]

Apple and the music industry in general will continue to rake in the $$$ regardless of this development - the real threat to the industry was always P2P, not sales.

And if the industry would sell cheaper music without DRM then P2P wouldn't be as big of a problem.

 

[Swift]

This is not hacking the kernel

DRM is a big, fat target for every hacker in the world. I doubt very much it will ever be perfect. It can't be. It would be easy to encrypt music so badly that you couldn't play it. To allow legit users to listen to it means the key is already there. The hacker just finds it.

 

[bentmywookie]

here here!

I can't see anything really wrong with this program.
You still have to buy the music!

The labels need to get over trying to shove this DRM crap down our throats.
It will never work! This has been demostrated time and time again.

Of course Apple will shut it down soon.

Well put - I can't believe some people actually wrote "hopefully Apple will fix/shut this down soon" - do you enjoy having usage of your music crippled? I certainly don't.

 

[d.perel]

Wish he'd do something useful like cracking WMA.

Right on! As a side note, I bet this will change the music encryption slightly speeding up the release of iTunes 4.8 ( ! ) to stop any piracy.

 

[shamino]

DMCA musing

The interesting thing here is that this hack doesn't violate the DMCA. It violates the iTunes shrink-wrap license, but that's only enforceable in VA and MD.

The DMCA doesn't allow breaking encryption. So saving a data stream that is sent unencrypted from a legal distributor doesn't violate this law.

Apple's "fix" for this is fairly simple. Send the files in an ecrypted form. In order to maximize caching, use a common key that all iTunes clients have built-in, sort of like DVDs and CES. The client can then decrypt with the common key and re-encrypt with the DRM key.

This doesn't make it any more difficult for a creating programmer to capture the stream and remove the common encryption without applying DRM, but it does mean that he has to decrypt something in the process. Which makes it into a DMCA violation.

Of course, a new iTunes update will be required to make this happen, but this wouldn't be the first time Apple made a change to ITMS requiring an iTunes upgrade.

 

[stcanard]

Suggesting that Apple isn't concerned about DRM any further than needed to appease the record labels is ridiculous. Apple doesn't care about the integrity of its business model unless the RIAA is on on its back?

The DRM has nothing to do with ITMS's business model.

You've been able to strip the DRM out of these for ages (without the burn/rip cycle). All of these songs exist on the various P2P networks. People are still buying from the store.

If you build your business model on the assumption that everybody is a thief, you just become as hated as the RIAA.

Apple understands this. Its worked very well with the software sales (after all there is no copy protection on their consumer apps). It's working with song sales. All you have to do is hit the right price / feature point.

 

[Doctor Q]

I'm not pleased with this development, because Apple's DRM is necessary to maintain the compromise they made with the record labels and allow the iTunes Music Store to exist in the first place. If the labels gets the jitters about how well Apple is controlling distribution, that threatens a good part of our "supply" of music, even though I wouldn't expect a large percentage of mainstream customers to actually use a program like PyMusique.

Will Apple be able to teach the iTunes Music Store to distinguish the real iTunes client from PyMusique with software changes only on the server side? If not, I imagine that only an iTunes update (which people would have to install) could stop the program from working.

Suppose iTunes is updated to use a new "secret handshake" with the iTunes Music Store in order to stop other clients from spoofing iTunes. Will iTunes have any way to distinguish tunes previously purchased through PyMusique from tunes acquired from other sources, i.e., ripped from CDs? Perhaps the tags identify them as coming from iTMS and iTunes could apply DRM after the fact. Then again, tags can be removed.

 

[DavidLeblond]

The DRM has nothing to do with ITMS's business model.

The main purpose of iTMS is to sell iPods. iPods are the only players at this time that can play iTMS purchased music, due to the DRM. Tell me how the DRM has nothing to do with iTMS's business model.

 

[dudemac]

To all but a few of the replies so far that seem totally out raged by this,
\
First there is no support for itms on linux as it currently stands and this just allows user of linux to purchase songs from the itms and play them on that platform. It also allows someone like me who has a high speed connection at work to purchase music and take it home with me. Yes I have a couple of mac's and an ipod, so my loyalty hasn't changed.

Secoundly this doesn't hack the DRM that apple supplies, however it does violate the EULA, which I don't know anyone that doesn't violate a EULA at least once a day. But that is really a different argument.

Finally why is there no outrage that DRM is not optional or that there hasn't been a standardized format for music. There are reasons why the mini disc failed and it had nothing to do with quality. But it was a propriotary format that needed to be liscencsed. So when looking at the delima of DRM it should be more of a how do we get everything to play everywhere kind of question then just limiting how the user can play/share the music at home. I really hate being limited for "my own good". or more appropriately for the good of a corporation. If WMA beats apple it will only be because they failed to standardize and work within the industry.

 

[d.perel]

Echoing a comment I saw elsewhere, why doesn't someone just hire this guy. It probably costs more for Apple to sue each person than it would be to hire them and keep them busy fixing these problems internally.

This is one of those nuts who thinks he is for the common good, and has already won lawsuits against movie companies challenging his dvd-decryption software (software doesn't decrpyt and distribute movies illegally, people do) I bet he is VERY careful not to cross the line, and he probably has a great lawyer

 

[jared_kipe]

More like the wrath-of-Jobs!

Same thing.

 

[Doctor Q]

Apple's "fix" for this is fairly simple. Send the files in an ecrypted form. In order to maximize caching, use a common key that all iTunes clients have built-in, sort of like DVDs and CES. The client can then decrypt with the common key and re-encrypt with the DRM key.

Don't iTMS and iTunes already do this?

 

[nagromme]

I have no problem with people using this, as long as people don't use it for piracy. Easier methods exist for pirating music.

The record labels will have SOME problem with this, but--like CDs--you have to BUY the music first. That's not like people signing up for one month of Napster and stealing non-stop.

Apple will have a bigger problem with this--it was tough enough for them to convince the record industry to allow downloading at all, and they'll be extra sure to defend their system now that it's successful.

And it sounds easy for Apple to fix with a future iTunes update:

1) First, force iTunes to identify itself more strictly when connecting to the store.

2) Assuming that crackers keep finding ways to spoof the iTunes app anyway... send the songs to Akamai and to the iTunes app already encrypted. NOT with the account-specific DRM, just with standard 128-bit encryption, the SAME encryption for everyone. Only iTunes, not 3rd-party apps, would have the key to decrypt those files (and add the individual DRM).

3) If the crackers manage to extract the universal key from the iTunes app, Apple need only change the key every so often to interfere. Either as part of iTunes updates, and/or by obtaining a new key online so there's one more process crackers would have to spoof.

Thinking out loud. Anyway, one way or another, I imagine this is short-lived.

The existing, easy, legal method for stripping DRM--burning to CD--is here to stay. And you lose no quality. When you re-import, you ALSO lose no quality, as long as you can spare the HD space and use Apple Lossless etc. Looking at the long-term, HD space is getting cheap.

 

[ACED]

Like, where's my credit for providing Macrumors with the link/story, about 8 hours ago???

Guess that 'DRM' has been stripped....hmmm...the irony

 

[Dippo]

RIAA Okay, so you want to actually pay for your music, huh?

Customer Yep! Here's my money $$$

RIAA All right, slap the cuffs on him Officer. He's obviously trying to our steal music, even though he's paying us for it.

Putting DRM on music seems to me as though the RIAA was actively and publicly declaring every customer they have a Thief and a Criminal.

So why does the RIAA treat its customers like Criminals anyway? If you're willing to pay for your music instead of download it for free, the RIAA should be bending over backwards to give you what you want. They should be kissing your feet!!

What if Wal-Mart started accusing each and every customer they had of stealing AFTER they had already purchased their goods and had a receipt. They would go out of business pretty damn fast, is what would happen.

The RIAA needs to learn that a good business is supposed to cater to their customers ... not treat them like criminals.

--from Slashdot

 

[jragosta]

Obviously, Apple will freak (what else is new...), but all this does is provide a shortcut around the burn-to-CD-and-rerip shortcut that's built into iTunes. You still need to buy the music. So, at best, this makes it easier to share music, but it doesn't provide a new capability.

I think it's a great convenience. I'm just saying that the inevitable wrath-of-God response from Apple is somewhat unwarranted.

I disagree. What he's doing is illegal and unethical.

If you burn a CD and rip it back, you're losing quality. The owners of the music (mostly RIAA, but anyone who licenses it to Apple) apparently decided that they can live with that. They did NOT agree to what this guy is doing.

It's theft, pure and simple.

More like the wrath-of-Jobs!

Anyway, I've never been one to agree with the Windows people that argue the security-by-obscurity for why Mac OS X is not hacked to bits like Windows, but it would seem that this adds aome serious fire to their arguement. Here in music where Apple is the most popular and widely used, they are getting hacked (semi-successfully) more often than their WMA counterpart.

There's a big difference. This is not a system security flaw. It's simply a matter of someone reverse engineering a file format. AFAIK, there isn't a single file format which has not been reverse engineered. That's actually a trivial task.

iTMS just used web service interfaces and XML over HTTP... It will be interesting to see just how they could stop an app from accessing.

What is more likely is that the iTMS servers would add in the DRM and buyer metadata before it gets downloaded. Its actually a little shocking that it wasn't designed to do that in the first place!

Yes, they could do that.

They will also easily obtain a court injunction to stop this. What he's doing is illegal from two perspectives. First, it's a violation of the iTMS terms of service (which allows only iTunes access). Second, it's a violation of DCMA.

Personally I think this is great! Any sort of DRM sucks, even if it is rather "liberal". That's like giving all your customers in your shop a pair of handcuffs to prevent theft, and saying "but these cuffs are really comfortable".

I happen to disagree - but that's because my company depends on the ability to protect our intellectual property in order to stay in business.

The music owners have the right to do whatever they want with the music. You can legally (and morally) do what they request or live without their music.

Your position is the same as a person who steals a BMW because he doesn't like the purchase terms.

This is great news - by removing the DRM I can play my music on any device I like. It is my music after all. .

No, it's not your music. The music belongs to whoever the artist sold it to (usually a member of the RIAA). They sell you a license to use the music under a given set of terms. If you violate the terms that you paid for, you're stealing.

And if the industry would sell cheaper music without DRM then P2P wouldn't be as big of a problem.

If BMW would sell cheaper 5 series cars, no one would steal them.

The music industry owns the music - and they're free to price it however they want. If you think the price is too high, your only legal and moral response is to not buy it. Not liking the price is not justification for theft.

 

[Nermal]

Second, it's a violation of DCMA.

Why? He's not breaking copy protection, because the protection wasn't there in the first place.

I can't believe that people think this is a bad thing. Don't you like freedom?

 

[desdomg]

The music industry owns the music - and they're free to price it however they want. If you think the price is too high, your only legal and moral response is to not buy it. Not liking the price is not justification for theft.

Ah, but isn't that the heart of the matter - shouldn't you have the choice to be to go to another cheaper provider? At the moment we have expensive and free - no wonder P2P is such a success.

 

[tveric]

I would just like to point out that, sort of, this thread and topic are a repeat of this thread:

https://forums.macrumors.com/threads/116009/

started this morning.

It's not often I notice some Mac news before this site does, so hey, the one time it happens...

 

[fpnc]

There are two reason why this doesn't mean much. First, Apple may just cancel the accounts of anyone who tries to use PyMusique (that's covered by the iTunes Music Store Terms Of Service agreement). Second, it would be very easy to make this a violation of the DMCA (if it already isn't), all Apple would have to do is implement a "weak" encryption, like adding a zero to the start of the music stream and more zeros thereafter at 256 byte intervals. The DMCA doesn't say anything about how "good" the protection needs to be, so if anyone used a tool to strip those values they would be in violation of the DMCA.

I suspect, in any case, that the iTunes Music Store doesn't broadcast the unprotected AAC file completely in the clear or as an uninterrupted stream of AAC data, so PyMusique may already violate the DMCA.

The most important thing to note, however, is if you use PyMusique you may have your account cancelled (and Apple knows who you are and where you "live" based upon your credit card). So, if you really want to take that risk go ahead. And remember, you could also be found guilty of violating the DMCA even if you just try to use this tool. It's almost like you were planning of going online to one of the illegal music sharing sites, documenting your activities, and then sending that information directly to the RIAA with your name and address with a note asking them to prosecute. Basically, you're stupid to even try to use PyMusique.

This is just a headline grabber or a means to raise the "fair use" banner.

Edit: replaced reference to EULA with iTunes Music Store Terms Of Service.

 

[therevolution]

There's a big difference. This is not a system security flaw. It's simply a matter of someone reverse engineering a file format. AFAIK, there isn't a single file format which has not been reverse engineered. That's actually a trivial task.

Um, wrong. Did you read the story?

Currently, when you buy a song from iTunes, it sends the song to you with no DRM. Your copy of iTunes then adds the DRM using your personal key. So, if you make a copy of the song before iTunes adds the DRM, you've got a DRM-free music file. That's it.

I say go DVD Jon. DRM like this is doomed to fail. If you can hear it, you can copy it. Simple as that. Maybe one day the RIAA will figure that out... probably not, though.

 

[tveric]

The most important thing to note, however, is if you use PyMusique you may have your account cancelled (and Apple knows who you are and where you "live" based upon your credit card). So, if you really want to take that risk go ahead. And remember, you could also be found guilty of violating the DMCA even if you just try to use this tool. It's almost like you were planning of going online to one of the illegal music sharing sites, documenting your activities, and then sending that information directly to the RIAA with your name and address with a note asking them to prosecute. Basically, you're stupid to even try to use PyMusique.

So, if I use PyMusique, and Apple cancels my account, thereby forcing me to use some other music store, or P2P service, Apple comes out ahead how, exactly?

No one's account is getting cancelled. Apple will quickly negate the effects of this work-around just like they did the other ones. And I find it funny that every time someone finds a hole in the iTMS DRM and thereby forces Apple to make the iTMS more secure, a bunch of gloom-and-doom types weigh in on how bad, bad, bad it is to write/use such exploits. Just read some of the posts in this thread, it's friggin' hilarious.

Everybody relax.

 

[jeffgarden]

Sorry, i didn't read every post so this may be repeatative but...


If you're going to PAY for music to break drm, just buy it at a store or use Kazaa

OR get napster to go trial, get virtuosa 5.0 to make them mp3's and you're done

why would you pay for something you don't want

 

[dubbz]

I disagree. What he's doing is illegal and unethical.

If you burn a CD and rip it back, you're losing quality. The owners of the music (mostly RIAA, but anyone who licenses it to Apple) apparently decided that they can live with that. They did NOT agree to what this guy is doing.

It's theft, pure and simple.

Theft? That's really stretching it! If it allowed you to download music without paying, then I'd agree, but it doesn't.

Also, It might be illegal, but I certainly don't agree that it's unethical.