Forgot your password?
typodupeerror

QTFairUse6 Updated Hours After iTunes7 Release 292

Posted by CmdrTaco
from the escalating-arms-race dept.
Nrbelex writes "Mere hours after iTunes 7's release, QTFairUse6 has received an update which enables it to continue stripping iTunes songs of their 'FairPlay' DRM. Some features are experimental but at least it's proof that the concept still works."
This discussion has been archived. No new comments can be posted.

QTFairUse6 Updated Hours After iTunes7 Release

Comments Filter:
  • When third-party vendors start adding essential features like this, and on a timely basis, I start thinking about subscribing/installing/whatever you have to do to iTunes
    • iTunes is just a media player that grew out of a jukebox application for the old Mac OS (I think it was introduced around 8.0). The only songs to which it applies DRM are those bought from the iTunes Store. For the MP3 files already on your hard drive, it'll just load them into its database and play them just like any other media player.

      The iTunes Store is a fee-per-download service--if you want to buy something on iTunes, you drop down your money and you download the song.

      Essentially, iTunes != iTunes St
  • by BadAnalogyGuy (945258) <BadAnalogyGuy@gmail.com> on Wednesday September 13, 2006 @10:27AM (#16095993)
    From the linked site:

    the program attaches itself to the running itunes process and intercepts the decrypted stream as the song plays. It needs to know where in memory to grab the stream from and this is different depending on which itunes you have. It cannot just decrypt a file on its own.


    So an update to the iTunes software just means an update to the memory address offset to read the data from. Piece of cake.
    • by bsharitt (580506)
      Removing DRM from Music is nice, but I wonder if they could adapt this to work with video as well. That would be nice.
    • Later in the thread they refer to a "fast dumping" feature which does not use real-time capture. Not sure how that works; in any case the fast dumping doesn't work w/iTunes 7 yet,
    • So basically... (Score:3, Informative)

      by LKM (227954)

      They're capturing the unencrypted and unencoded audio stream? That means that they're transcoding if they store it as an AAC file, right?

  • will the iTunes people and the Media Monopolies in general learn that they will NEVER win the DRM war and all they are doing is costing themselves money and customers?
    • by goMac2500 (741295) on Wednesday September 13, 2006 @10:32AM (#16096031)
      I don't think "the iTunes people" really care. But they don't have a choice if they want to sell music. It's all about what the record labels want, not Apple.
      • I'd mostly agree with that but not entirely. They also like thier private DRM to try to lock others out. Now yes, the iPod can play non-DRMed media but in order to legally purchase most media off the net (movies, music, etc) the content owners will only allow it if its protected with DRM so your certainly correct there. However, if Apple didn't really care they'd license thier DRM to other online stores. Apple cares a LOT about that! ;-) If they did that they'd have tons of competitors to iTMS. As it
    • Simple answer. Also a simple reason.

      How many people use iTunes? How many of them know about and use the circumvention tool? No matter how many it may be, the answer is invariably "not all of them". I.e. some cannot copy their songs for friends. And those friends will thus also buy the songs.

      Copy protection does work. Not flawlessly, not against everyone, but at least SOME people will be kept from copying. Whether those people would have copied altogether and whether inconveniencing your paying customers is
    • by babbling (952366)
      Probably after they start using encryption well enough that programs like QTFairUse6 become impossible to create. This will happen. Once hardware supports encryption, DRM will become many times more difficult to crack.

      When programs like QTFairUse6 are around, people just "work around" the DRM. I tend to still avoid it because I don't want to purchase music and make these companies think that "consumers are okay with DRM".
      • Re: (Score:2, Informative)

        by Anonymous Coward
        > Probably after they start using encryption well enough that programs like QTFairUse6 become impossible to create.

        It's a truism I find myself having to repeat: you cannot encrypt something to keep it from its intended recipient. You can't embed it in hardware (CSS tried that, look how trivial that is), you can't do it with online activation. At some point, you the intended recipient of the "plaintext" are going to receive that content, and barring complete end-to-end encryption through the hardware wi
    • by joe 155 (937621)
      I doubt this is costing them customers, people who have ipods and who use iTunes (on the whole) don't care or don't know about DRM, probably because "It'll never affect me" or some other such notion.... Then it does. And they'll buy their music again, maybe complain, but probably not enough to do anything about it.

      If you really cared about DRM to the point that it would make you not use the service you'd probably be using a different service which doesn't have it.

  • Only a matter of time till both Apple and MS initiate lawsuits on those that cracked their DRM. No doubt aided and abetted by the **AA. The silver lining is that if this gets to the SC, the DMCA *might* get struck down as unconstitutional.
    • by xtracto (837672) on Wednesday September 13, 2006 @10:38AM (#16096065) Journal
      Only a matter of time till both Apple and MS initiate lawsuits on those that cracked their DRM. No doubt aided and abetted by the **AA. The silver lining is that if this gets to the SC, the DMCA *might* get struck down as unconstitutional.

      Cracked DRM? where? What this program does is something similar to dump some part of the memory in your machine into a file. It does not cracks anything, it does not modify any program, it is not any key generator, it just dumps a section of your computer memory into the disk.

      Guess what, Microsoft Office does exactly that when you click the "save document" function. =o)
      • by mrjb (547783)
        I'm not in the U.S. nor a citizen, but doesn't this "Circumvent" the copy protection?
        • by gfxguy (98788)
          An interesting question... if you recorded the analog output, would that circumvent copy protection? I mean, at that point, there's no copy protection to circumvent, right? So they are capturing a stream, it seems, after it's been formatted into something that can actually be played. In other words, they're not touching a copy protected file or stream, so how can they be circumventing the copy protection?

          I know it sounds really wishy-washy, but when mymp3 was ordered to shut down, it seems that intent of
      • by Moby Cock (771358)
        I am no lover of DRM or the DMCA but your arguement is a little weak. To say that this hack does the same thing as the 'Save As' function may be technically true but there is a little matter of intent to consider. A person who is involved in a horrible accident that causes a death of another is treated differently under the law because of intent. This purpose of the hack is to take away copy protection whereas the purpose of 'Save As' is to make a record of your work. They may do the cause the same proc
        • by gfxguy (98788)

          A person who is involved in a horrible accident that causes a death of another is treated differently under the law because of intent.

          Yes, it's true that we should treat people differently depending on whether or not something was intentional, but besides that, intent shouldn't matter. It shouldn't matter if you killed your wife because she was sleeping with someone else or simply because you wanted the life insurance money, for example. It shouldn't matter if you beat someone up because they were gay, al

      • by Jerf (17166) on Wednesday September 13, 2006 @11:04AM (#16096264) Journal
        When you play the law game, the argument of the form "Look, there's a definition of X in the dictionary, under which X didn't happen. Therefore, I didn't do X. Ha-ha! Got you!" works about as well as I've made it sound. You really don't get to pick definitions; you can do some limited advocacy if you can find some evidence, but you aren't going to get away with arguing that because one of the definitions of murder [m-w.com] is "something very difficult or dangerous", you therefore didn't commit murder when you shot that guy that was annoying you, on the grounds that it was quite easy and involved no danger to you.

        The DMCA [loc.gov] is pretty clear on what it means by circumvention:

        `(3) As used in this subsection--

        `(A) to `circumvent a technological measure' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and

        `(B) a technological measure `effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
        If you think you can convince a judge that this isn't textbook circumvention, hey, go for it. But saying it'd be an uphill battle is putting it lightly. Especially if you go in there claiming that it's somehow impossible for a "mere memory dump" to constitute circumvention, when it is clearly one of many types of transform wherein you put a protected work in one end, and get an unprotected work out the other.

        (Do not confuse this post with DMCA advocacy. I strongly disagree with outlawing technologies and actions; I think the law in this area should merely concern itself with results. But I also think you can't fight against something you don't understand; you just make yourself sound like an idiot. You need to understand there is a distinction between what the laws says and what you wish it said. Understanding the DMCA better is a necessary step in fighting it.)
        • by nine-times (778537) <nine.times@gmail.com> on Wednesday September 13, 2006 @02:21PM (#16097847) Homepage

          When you play the law game, the argument of the form "Look, there's a definition of X in the dictionary, under which X didn't happen. Therefore, I didn't do X. Ha-ha! Got you!" works about as well as I've made it sound.

          Oh yeah, as if lawyers never exploit technicalities. The technicality here, of course, is that you are gaining access to the copyrighted work with permission of the copyright owner and through the approved method. It's being decoded into memory in the correct and legal means, and you then have a legally decoded copy in memory. The user is then copying that copy in accordance with fair use. There's no circumvention of the controlled access to the work, because it's an issue of what the user who has controlled access does with that access.

          I'm not saying it's an iron-clad argument or anything, but it certainly could be argued on very technical grounds, and that's a large part of what lawyers do-- argue about the wording and meaning of laws in a very technical way. The point is, the transformation from a protected copy to an unprotected copy is done explicitly how the copyright holder has given permission for it to be done. Every time you play a song in iTunes, the program is making an unprotected copy in memory, and this program is simply a means to KEEP that copy.

        • Two things here:

          1) Descramble? No. Decrypt? Nada. Avoid? Nyet. Bypass? Nien. Remove? Iie. Deactivate? Nay. Impair? FALSE. It's not doing anything to "circumvent a technological measure." It is, in fact, accepting the output of authorized decryption, then doing "unapproved" things with that output. Thus the DMCA does not apply.

          2) This hack most certainly is handled "in the ordinary course of its operation", in that even if you don't have QTFairUse6 installed, iTunes still decrypts and stores to a memory addr
      • by nahdude812 (88157)
        It is still a DRM circumvention tool, and so still illegal in the US (not that I agree it should be, just pointing out the legal facts).
    • by soft_guy (534437)
      Only a matter of time till both Apple and MS initiate lawsuits on those that cracked their DRM.

      I thought the people that develop this kind of thing live in Norway or other countries which recognize fair use and don't extradite to the US over such matters.
  • by ControlFreal (661231) <`niek' `at' `bergboer.net'> on Wednesday September 13, 2006 @10:31AM (#16096023) Journal

    In a DRM system, the consumer's machine needs to get both the encrypted content, and the key to decrypt this content. Otherwise, the consumer cannot listen to the audio he just purchased. As long as we listen to music with our analog ears, and watch video with our analog eyes, this will be the case.

    As any cryptographer will tell you: if you have the cyphertext and the correct key, you can decrypt the content. Therefore, DRM systems are, by their very definition, nothing more than security by obscurity. It is a cryptographical pipe dream.

    • Re: (Score:3, Funny)

      As long as we listen to music with our analog ears, and watch video with our analog eyes, this will be the case.

      Heheh ... Just wait 'til we introduce our new BrainImplant(R) DRM-on-a-chip(TM) decoding system! We will pwn j00!

      Sincerely,
      The RIAA and MPAA Joint Cartel

    • by localman (111171) on Wednesday September 13, 2006 @10:42AM (#16096098) Homepage
      I agree with you. However it doesn't actually need to be a solid system to seemingly have the desired effect. iTunes 6 broke Hymn quite a while ago and until last week there was no way to decrypt. There still isn't on the Mac. They can keep changing things up and make it a pain. And even though there's still CD's out there and people can download from P2P, they file lawsuits to put a damper on that. So I think they believe their strategy is stopping 80% or more of the problem.

      However, I think the real reason legal music downloads is working is because iTunes is a better experience. That's it. I think they're wasting their own time and money with DRM and lawsuits and whatever. All they've ever had to do was provide a better experience and people will pay. People with money will, anyways. They've seen this but they won't believe it. And if they wanted to take it further down the "better experience" path, they'd drop DRM and lawsuits. But whatever; they won't.

      Cheers.
      • Why iTunes works (Score:5, Insightful)

        by Opportunist (166417) on Wednesday September 13, 2006 @10:58AM (#16096214)
        iTunes works not because you can't copy the song or because of DRM. It works because of two simple reasons:

        1. price
        2. easy to use

        Fairly simple. 99 cents is a sum that convinces people it's more convenient to click and pay than to fire up a filesharing system or phone 'round with their friends. It downloads quickly and it's guaranteed to work with your iPod, no need to wonder what format or how to transfer it, the software is built to fit.

        That's what makes it popular and that's why people pay for it. I bet a sizable sum that most of them didn't even notice yet that it contains DRM. Simply because nobody bothered to try to copy it instead of simply clicking and paying the buck.
        • Fairly simple. 99 cents is a sum that convinces people it's more convenient to click and pay

          it has to be said, though, that 99 cents for a whole DRM-free album (all of mp3 dot com) is an even better deal.

          yeah yeah, tell me about the russian mafia. we have our own mafia, its called the riaa. I see zero diff between them.

          oh, wait, there is a diff. the russian mob has never tried to take me (or my fellow americans) to court.

          • Buying at allofmp3 is just plain dumb. It's equally legal to just download the whole junk for free.
            • by Grishnakh (216268)
              Not necessarily. It only costs $1-3 or so for an album from allofmp3.com. You might be able to get that album on a P2P network, but it'll probably take forever to download, IF it even downloads completely without leaving out sections, and IF you can even find it in the first place (not all of us listen to the Top 40). With allofmp3, you can find exactly what you want and download it quickly and conveniently. For many people, that's probably worth the small cost.
          • Re: (Score:3, Insightful)

            by Blakey Rat (99501)
            If you're going to go to Allofmp3.com, why not just pirate the damned music? It's the same thing, except cheaper for you.
            • Re: (Score:3, Insightful)

              the russians give me a choice of the ENCODING (sometimes I want direct .flac and sometimes 160k is good enough).

              they are also always complete. never a partial/fragment song.

              the mp3 id tags are accurate and pre-set for me.

              at a dollar an album, its not even worth hacking around with poor quality pirate rips and encodes.

              (any other questions?)
        • Re:Why iTunes works (Score:5, Interesting)

          by AhtirTano (638534) on Wednesday September 13, 2006 @12:49PM (#16096995)

          I bet a sizable sum that most of them didn't even notice yet that it contains DRM. Simply because nobody bothered to try to copy it instead of simply clicking and paying the buck.

          I can give anecdotal support to that (for whatever that's worth). Everyone in my work group uses iTunes to manage their music. Some of us use the iTunes store heavily, some of us only use it for free stuff. A couple weeks ago we decided to make a master playlist so all of our musical preferences could be equally represented in the shuffle. Some people were quite shocked and a little angry to find out that some of their favorite tracks could not be put in the mix. A couple people swore of iTunes forever. (Though I have real doubts that they'll stick to that.)

    • by Moby Cock (771358)
      our analog eyes

      This may be a little off topic, but it strikes me that our eyes have a finite number of rods and cones to sample the incoming light. As such, they are a natural world digital system, albeit very high fidelity.
      • by Aladrin (926209)
        I've often thought about this, and my answer is that our eyes aren't as sensitive as you'd believe. The key is that 'finite number'... How small could such a receptor be and still be useful? And there's cones and rods both, taking up space.

        My theory on this is that yes, it's pretty 'high-def' in there, but our mind takes it a step further and interpolates. Our eyes are always moving, even if by almost imperceptable amounts. And they've proven how your mind makes your 'blind spot' look just as real and
        • by EvanED (569694)
          Our eyes are always moving, even if by almost imperceptable amounts. And they've proven how your mind makes your 'blind spot' look just as real and detailed as the rest of your vision.

          Not only that, but most of the field of your vision look hi-res when really the only part of the eye that has good resolution covers about an area of your view equal to the size of a quarter held at arm's length. Go ahead, try it: open up Notepad or something and type a letter. Stare at it. Now don't move your eye off of it fo
      • by camcorder (759720)
        If my ears won't catch a frequency played through the audio stream, or my eyes won't catch a color on an image, I would not care as a plain audience. That's why lossy compression algorithms are common, and more than enough for most people. If you need that fidelity you must be a professional and it's wise to pay for that content. Indeed it's ripping people off to sell lossy compressed audio or video. That's like demo of your original content.
    • Re: (Score:3, Insightful)

      by pegr (46683)
      As any cryptographer will tell you: if you have the cyphertext and the correct key, you can decrypt the content.

      This is exactly correct. In the classic crypto scenario, A(lice) encrypts communication to B(ob) to protect it from attacker C(harles).

      But as Bruce himself would tell you, in the DRM scenario, B and C are the same person! Attempts to enable "Trustworthy" computing is simply a move to make the computer itself B, with C being the computer's owner... You own it, you pay for it,
    • by TheSpoom (715771) * <[ten.00mrebu] [ta] [todhsals]> on Wednesday September 13, 2006 @11:49AM (#16096429) Homepage Journal
      I like Cory Doctorow's take on the DRM issue, as explained in his talk at Microsoft [uberm00.net]. Eye-opening to anyone who isn't into cryptography, it explains just how easy it is to break DRM.
  • by mitchell_pgh (536538) on Wednesday September 13, 2006 @10:45AM (#16096117)
    I really do fear that the future will be riddled with incompatibilities from DRM.

    I'm an "Apple Fanboy" but have limited my iTunes purchases to a few albums. CDs are still considerably more flexible regarding how and where I can use the music. Sure I own an iPod, but I also own a phone and PSP that can both play music. I also have a device that will play MP3s through my TV. None of those last three will play my FairPlay music. While I accept the limitations of the player, it's simply frustrating at times.

    Regarding the new Apple Movie Store, let me get this right... we pay $9.99 (to $14.99) for a movie... that's of a lower quality than DVD and can't really be moved outside of your local network (it's not like you can take it over to a friends house without unauthorizing their computer and authorizing their computer under your username). Just trying to explain this to my fiance made her eyes glaze over. Her exact words: "sounds compleicated... why not just go to the movie store."
    • by rthille (8526)
      CD's are no more flexible than music purchased from the iTunes Media Store.

      That's right no more flexible!

      That's because you can create a CD from music purchased from the iTMS. What's different is cost and quality. I can buy a used CD that will rip just fine, often for less than the $10 for the album on iTunes. And the CD I can create from iTMS music is already lossfully compressed, so the quality is lower. However, it's still a 'redbook' CD and can be ripped and compressed.
      Alternatively, you can look at
    • by humina (603463)
      "None of those last three will play my FairPlay music. While I accept the limitations of the player, it's simply frustrating at times."

      Limitations of the player? I think it would be more accurate to describe it as a limitation of the music files. Those music files are designed to be as limited as possible so that they only work on ipods. If apple sold mp3s then people could buy other players. Apple doesn't let other companies decode their protected format in order to keep their monopoly.

  • by rockhome (97505) on Wednesday September 13, 2006 @11:42AM (#16096400) Journal
    There are a lot of arguments about how bad DRM is and why it is stupid and how it restricts one's fair use.

    The arguments lack one perspective, that the purchase of music from iTunes, et. al., comes with certain conditions. There is no fundamental right to purchase anything free of conditions, so when music companies and online retailers decide that they will offer music that is ensconced in DRM, that is a business and marketing decision that they make, assuming that people will forgo some freedoms in order to have the convienience.

    The sort of "active" protest over DRM that is represented by tools to strip the DRM merely confirms that the market for the music exists and offers no reason for the music companies to move away from DRM. A better protest would be to boycott the entire DRM scheme altogether and only seek music from outlets that provide it free of DRM.

    Will you still be able to get all of the CCR and Radiohead from other, non-DRM outlets? No, but if you want to make a point with a corporation, you need to do it by removing yourself from the market. The problem that I see is that many people want to have it both ways; they want all of the convience of an iTunes or Rhapsody, or similar, none of the DRM and want all of this without any real sacrifice.

    A major problem today is the erroneous sense of entitlement that pervades so much. Too many people think that they are entitled to market for products that suits their needs and are willing to resort to unethical, if not blatantly criminal, activity to create that market. The truth is that the online music market will only change when providers are losing money because their markets have shrunk and they must retool the offering. AS long as people buy the DRM'ed music, that won't happen.
  • Apple does not care one way or another about how the RIAA/MPAA view DRM as long as they can get content. Apple wants to keep DRM so you have to buy iPods. If you could easily strip iTunes DRM and put it on any player then Apple's bread and butter high margin hardware business has to deal with much more competition (their margins on media sales are garbage). Right now if you like iTunes - you either only listen/view on your Mac/PC or iPod. Apple owns the DAP market and has a small though not completely insig
  • by tlhIngan (30335) <.slashdot. .at. .worf.net.> on Wednesday September 13, 2006 @12:45PM (#16096953)
    Sorry, but QTFairUse6 does NOT break DRM in the same way that Hymn, et. al. do it. Hymn breaks DRM by getting the keys and decrypting the files itself. What QTFairUse does is... use iTunes to break it (relying on the fact that you have ciphertext, a key, and a black box (iTunes) that can take those two inputs and produce unencrypted audio).

    If you examine the source code, you'll see why it hasn't been ported to Mac - it isn't portable. It relies on the fact that for a brief period of time, there will be a frame of decrypted AAC data. It first attaches to the iTunes process, then it attaches a breakpoint inside of iTunes. You play your audio, and when iTunes finishes decrypting a frame of m4p, it hits the breakpoint. Then QTFairUse, acting as a debugger, grabs a copy of the AAC memory buffer, and writes it to a file, which is (surprise) unencrypted. (This was how the first iTunes hack was done, too).

    What QTFairUse6/MyFairTunes does is make it entirely automated by faking out a debugger. If you knew where to set the breakpoint, and where in memory to find the unencrypted data, you could basically do the same thing with your bog-standard VisualStudio debugger (albeit more slowly).

    The iTMS 6 format wasn't broken, just an alternate attack vector was found. And it might be more difficult in OS X, since a process can prevent itself from being debugged by setting permissions to do so.

    That's why QTFairUse is version specific - it needs to know where to find the memory buffer, and where to set the breakpoint.

"Only the hypocrite is really rotten to the core." -- Hannah Arendt.

Working...