QTFairUse6 Updated Hours After iTunes7 Release 292
Nrbelex writes "Mere hours after iTunes 7's release, QTFairUse6 has received an update which enables it to continue stripping iTunes songs of their 'FairPlay' DRM. Some features are experimental but at least it's proof that the concept still works."
DRM is a cryptographical pipe dream (Score:5, Informative)
In a DRM system, the consumer's machine needs to get both the encrypted content, and the key to decrypt this content. Otherwise, the consumer cannot listen to the audio he just purchased. As long as we listen to music with our analog ears, and watch video with our analog eyes, this will be the case.
As any cryptographer will tell you: if you have the cyphertext and the correct key, you can decrypt the content. Therefore, DRM systems are, by their very definition, nothing more than security by obscurity. It is a cryptographical pipe dream.
Re:Let the law suits begin (Score:5, Informative)
Cracked DRM? where? What this program does is something similar to dump some part of the memory in your machine into a file. It does not cracks anything, it does not modify any program, it is not any key generator, it just dumps a section of your computer memory into the disk.
Guess what, Microsoft Office does exactly that when you click the "save document" function. =o)
So basically... (Score:3, Informative)
They're capturing the unencrypted and unencoded audio stream? That means that they're transcoding if they store it as an AAC file, right?
Re:This is wrong (Score:5, Informative)
Somehow I doubt it, yet those are all legitimate uses.
Re:So basically... (Score:2, Informative)
Re:So basically... (Score:4, Informative)
Re:This is wrong (Score:4, Informative)
Yeah sure. Wanting to listen to purchased music on Linux systems is wrong.
Re:DRM is a cryptographical pipe dream (Score:4, Informative)
Re:At what point... (Score:2, Informative)
It's a truism I find myself having to repeat: you cannot encrypt something to keep it from its intended recipient. You can't embed it in hardware (CSS tried that, look how trivial that is), you can't do it with online activation. At some point, you the intended recipient of the "plaintext" are going to receive that content, and barring complete end-to-end encryption through the hardware with no leakage whatsoever, some process will always be able to get at those bits.
They're trying to lock down the hardware, but that's also a pretty doomed effort, since it just doesn't work out economically for the hardware manufacturers.
Re:This is wrong (Score:2, Informative)
QTFairUse6/myFairTunes does NOT break DRM! (Score:5, Informative)
If you examine the source code, you'll see why it hasn't been ported to Mac - it isn't portable. It relies on the fact that for a brief period of time, there will be a frame of decrypted AAC data. It first attaches to the iTunes process, then it attaches a breakpoint inside of iTunes. You play your audio, and when iTunes finishes decrypting a frame of m4p, it hits the breakpoint. Then QTFairUse, acting as a debugger, grabs a copy of the AAC memory buffer, and writes it to a file, which is (surprise) unencrypted. (This was how the first iTunes hack was done, too).
What QTFairUse6/MyFairTunes does is make it entirely automated by faking out a debugger. If you knew where to set the breakpoint, and where in memory to find the unencrypted data, you could basically do the same thing with your bog-standard VisualStudio debugger (albeit more slowly).
The iTMS 6 format wasn't broken, just an alternate attack vector was found. And it might be more difficult in OS X, since a process can prevent itself from being debugged by setting permissions to do so.
That's why QTFairUse is version specific - it needs to know where to find the memory buffer, and where to set the breakpoint.
Re:Apple - "whoops" (Score:2, Informative)
Re:Moo (Score:3, Informative)
Find the AAC stream decoding function using a subset of the old one as the 'signature bytes'. Do this many times with different sig sets until you find something that more or less consistently matches up.
Look for references to it in other functions that also appear to be stream-decoding. There shouldn't be too many, and one of them must be the FairPlay decryptor.
Hook into the new address you've found, and start dumping.
QED. And, no, I'm not saying "I wish I'd done that". I havent (though, I was in the process of...). Even if I had, I live in the states, so redistribution is a no-no.
Re:At what point... (Score:4, Informative)
They do gain a benefit in that it makes it hard to use iTunes-purchased music on non-iPod MP3 players, true. However, it's also pretty well known (though I don't have a source, it's pretty well accepted as fact) that Jobs has fought with the record companies over the DRM. Jobs wanted cheap music, DRM free, at a flat fee, that could be transfered back-and-forth between the iPod and your computer. The labels wanted music with expensive variable pricing and extremely restrictive DRM. The current system, with mostly flat pricing (more expensive than what Apple wanted but cheaper than the label's intended), somewhat loose DRM, and one-way syncing from iTunes->iPod was the compromise.
Really, when you think of it in a certain way, why would Apple care terribly about the DRM? They don't make much off of these sales, and a lot of their cost probably comes from bandwidth, which isn't used except when someone actually buys something. On their end, it's largely promotional.
You were distributing, that's illegal... (Score:1, Informative)
P.S. Don't take this as an indication that I personally approve of copyright laws. Sneakernet FTW!