QTFairUse6 Updated Hours After iTunes7 Release

Nrbelex writes "Mere hours after iTunes 7's release, QTFairUse6 has received an update which enables it to continue stripping iTunes songs of their 'FairPlay' DRM. Some features are experimental but at least it's proof that the concept still works."

I'm almost ready to buy

When third-party vendors start adding essential features like this, and on a timely basis, I start thinking about subscribing/installing/whatever you have to do to iTunes

Re:Apple - "whoops"

I hope Apple didn't spend too much time and effort on that, being that it only took a few hours for people to undo it. DRM is a pain. I don't particularily believe in downloading content I haven't paid for...

Slightly off topic, but I wonder how you feel about downloding content that was on broadcast TV. Take the show "Lost" for example. Lets say you missed it when it was broadcast. Now, you could have recorded it for free and stripped out the commercials. But you didn't for whatever reason. You could wait a year for the DVD to come out, but you don't want to wait. You could pay some "legit" online service for the convenience of downloading, but why should pay for something that was broadcast for free just yesterday? Is there anything wrong with downloading it or getting it from a friend?

-matthew

Re:I'm almost ready to buy

It's called slashdot. It's a self-regulated forum of intellectuals who espouse fairness, rational discourse, wit and good fellowship above all else.

How it works (why it's easy)

From the linked site:

the program attaches itself to the running itunes process and intercepts the decrypted stream as the song plays. It needs to know where in memory to grab the stream from and this is different depending on which itunes you have. It cannot just decrypt a file on its own.

So an update to the iTunes software just means an update to the memory address offset to read the data from. Piece of cake.

Re:So basically...

iTunes unencrypts the m4p file to AAC, then transcodes the AAC file to .wav before sending to the sound card driver. QTFairUse6 just intercepts the AAC datastream before it gets transformed to .wav and writes it to disk.

How much has changed?

Does anyone know how much the iTunes DRM scheme changed with the new release?

At what point...

will the iTunes people and the Media Monopolies in general learn that they will NEVER win the DRM war and all they are doing is costing themselves money and customers?

Re:At what point...

I don't think "the iTunes people" really care. But they don't have a choice if they want to sell music. It's all about what the record labels want, not Apple.

Re:At what point...

They do gain a benefit in that it makes it hard to use iTunes-purchased music on non-iPod MP3 players, true. However, it's also pretty well known (though I don't have a source, it's pretty well accepted as fact) that Jobs has fought with the record companies over the DRM. Jobs wanted cheap music, DRM free, at a flat fee, that could be transfered back-and-forth between the iPod and your computer. The labels wanted music with expensive variable pricing and extremely restrictive DRM. The current system, with mostly flat pricing (more expensive than what Apple wanted but cheaper than the label's intended), somewhat loose DRM, and one-way syncing from iTunes->iPod was the compromise.

Really, when you think of it in a certain way, why would Apple care terribly about the DRM? They don't make much off of these sales, and a lot of their cost probably comes from bandwidth, which isn't used except when someone actually buys something. On their end, it's largely promotional.

Let the law suits begin

Only a matter of time till both Apple and MS initiate lawsuits on those that cracked their DRM. No doubt aided and abetted by the **AA. The silver lining is that if this gets to the SC, the DMCA *might* get struck down as unconstitutional.

Re:Let the law suits begin

Only a matter of time till both Apple and MS initiate lawsuits on those that cracked their DRM. No doubt aided and abetted by the **AA. The silver lining is that if this gets to the SC, the DMCA *might* get struck down as unconstitutional.

Cracked DRM? where? What this program does is something similar to dump some part of the memory in your machine into a file. It does not cracks anything, it does not modify any program, it is not any key generator, it just dumps a section of your computer memory into the disk.

Guess what, Microsoft Office does exactly that when you click the "save document" function. =o)

Re:Let the law suits begin

When you play the law game, the argument of the form "Look, there's a definition of X in the dictionary, under which X didn't happen. Therefore, I didn't do X. Ha-ha! Got you!" works about as well as I've made it sound. You really don't get to pick definitions; you can do some limited advocacy if you can find some evidence, but you aren't going to get away with arguing that because one of the definitions of murder [m-w.com] is "something very difficult or dangerous", you therefore didn't commit murder when you shot that guy that was annoying you, on the grounds that it was quite easy and involved no danger to you.

The DMCA [loc.gov] is pretty clear on what it means by circumvention:

`(3) As used in this subsection--

`(A) to `circumvent a technological measure' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and

`(B) a technological measure `effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

If you think you can convince a judge that this isn't textbook circumvention, hey, go for it. But saying it'd be an uphill battle is putting it lightly. Especially if you go in there claiming that it's somehow impossible for a "mere memory dump" to constitute circumvention, when it is clearly one of many types of transform wherein you put a protected work in one end, and get an unprotected work out the other.

(Do not confuse this post with DMCA advocacy. I strongly disagree with outlawing technologies and actions; I think the law in this area should merely concern itself with results. But I also think you can't fight against something you don't understand; you just make yourself sound like an idiot. You need to understand there is a distinction between what the laws says and what you wish it said. Understanding the DMCA better is a necessary step in fighting it.)

Re:Let the law suits begin

When you play the law game, the argument of the form "Look, there's a definition of X in the dictionary, under which X didn't happen. Therefore, I didn't do X. Ha-ha! Got you!" works about as well as I've made it sound.

Oh yeah, as if lawyers never exploit technicalities. The technicality here, of course, is that you are gaining access to the copyrighted work with permission of the copyright owner and through the approved method. It's being decoded into memory in the correct and legal means, and you then have a legally decoded copy in memory. The user is then copying that copy in accordance with fair use. There's no circumvention of the controlled access to the work, because it's an issue of what the user who has controlled access does with that access.

I'm not saying it's an iron-clad argument or anything, but it certainly could be argued on very technical grounds, and that's a large part of what lawyers do-- argue about the wording and meaning of laws in a very technical way. The point is, the transformation from a protected copy to an unprotected copy is done explicitly how the copyright holder has given permission for it to be done. Every time you play a song in iTunes, the program is making an unprotected copy in memory, and this program is simply a means to KEEP that copy.

DRM is a cryptographical pipe dream

In a DRM system, the consumer's machine needs to get both the encrypted content, and the key to decrypt this content. Otherwise, the consumer cannot listen to the audio he just purchased. As long as we listen to music with our analog ears, and watch video with our analog eyes, this will be the case.

As any cryptographer will tell you: if you have the cyphertext and the correct key, you can decrypt the content. Therefore, DRM systems are, by their very definition, nothing more than security by obscurity. It is a cryptographical pipe dream.

Re:DRM is a cryptographical pipe dream

I agree with you. However it doesn't actually need to be a solid system to seemingly have the desired effect. iTunes 6 broke Hymn quite a while ago and until last week there was no way to decrypt. There still isn't on the Mac. They can keep changing things up and make it a pain. And even though there's still CD's out there and people can download from P2P, they file lawsuits to put a damper on that. So I think they believe their strategy is stopping 80% or more of the problem.

However, I think the real reason legal music downloads is working is because iTunes is a better experience. That's it. I think they're wasting their own time and money with DRM and lawsuits and whatever. All they've ever had to do was provide a better experience and people will pay. People with money will, anyways. They've seen this but they won't believe it. And if they wanted to take it further down the "better experience" path, they'd drop DRM and lawsuits. But whatever; they won't.

Cheers.

Why iTunes works

iTunes works not because you can't copy the song or because of DRM. It works because of two simple reasons:

1. price
2. easy to use

Fairly simple. 99 cents is a sum that convinces people it's more convenient to click and pay than to fire up a filesharing system or phone 'round with their friends. It downloads quickly and it's guaranteed to work with your iPod, no need to wonder what format or how to transfer it, the software is built to fit.

That's what makes it popular and that's why people pay for it. I bet a sizable sum that most of them didn't even notice yet that it contains DRM. Simply because nobody bothered to try to copy it instead of simply clicking and paying the buck.

Re:Why iTunes works

"finally, the russians do claim that they are sending a percent of the fees to the artists. I can trust that as much as I trust the riaa sending its 'cut' to its artists."

The licensing fees that the Russian sites pay are estimated to be on the order of a few hundred bucks a month. Divide that by the tens of thousands of tracks they sell per month, and it's hundredths of a cent. However, the Russian sites refuse to divulge which tracks are being downloaded. Some indie artists have asked. They refuse to tell.

By comparison, an iTunes sale will net the artist around $0.15. And, yes, iTunes reports and pays. Sell a thousand tracks a month and that's $150 per month, vs. zero for sales on the Russian sites.

Now, you might think that $150 means nothing to your average recording artist, and that they can easily eat this loss. But the reality is that the typical recording artist has a standard of living that's much closer to your own (and quite likely worse) than the image you might have from watching MTV. If you would miss that $150 a month -- or, better put, if you would be angry if somebody cheated you out of $150 on the rationale that they thought you didn't need it -- then it's a safe assumption that your favorite artist would, too.

Make no mistake -- it's perfectly acceptable to say something like "I don't give fuck all if an artist makes $15 or $150 or $1500 a month. Just give me all the DRM-free music I can handle, baby!". As the Electric Company pointed out, the most important person in the world is YOU, and not some random artist. Pirate all you want if that works with your moral code. But it is intellectually dishonest to state that you use a Russian site for your music because it is no worse a deal for the artist than buying it legitimately.

Re:Why iTunes works

I bet a sizable sum that most of them didn't even notice yet that it contains DRM. Simply because nobody bothered to try to copy it instead of simply clicking and paying the buck.

I can give anecdotal support to that (for whatever that's worth). Everyone in my work group uses iTunes to manage their music. Some of us use the iTunes store heavily, some of us only use it for free stuff. A couple weeks ago we decided to make a master playlist so all of our musical preferences could be equally represented in the shuffle. Some people were quite shocked and a little angry to find out that some of their favorite tracks could not be put in the mix. A couple people swore of iTunes forever. (Though I have real doubts that they'll stick to that.)

Re:DRM is a cryptographical pipe dream

I like Cory Doctorow's take on the DRM issue, as explained in his talk at Microsoft [uberm00.net]. Eye-opening to anyone who isn't into cryptography, it explains just how easy it is to break DRM.

Moo

That was quick. Almost too quick...

The Future Looks Dim with DRM

I really do fear that the future will be riddled with incompatibilities from DRM.

I'm an "Apple Fanboy" but have limited my iTunes purchases to a few albums. CDs are still considerably more flexible regarding how and where I can use the music. Sure I own an iPod, but I also own a phone and PSP that can both play music. I also have a device that will play MP3s through my TV. None of those last three will play my FairPlay music. While I accept the limitations of the player, it's simply frustrating at times.

Regarding the new Apple Movie Store, let me get this right... we pay $9.99 (to $14.99) for a movie... that's of a lower quality than DVD and can't really be moved outside of your local network (it's not like you can take it over to a friends house without unauthorizing their computer and authorizing their computer under your username). Just trying to explain this to my fiance made her eyes glaze over. Her exact words: "sounds compleicated... why not just go to the movie store."

Why you are all wrong

There are a lot of arguments about how bad DRM is and why it is stupid and how it restricts one's fair use.

The arguments lack one perspective, that the purchase of music from iTunes, et. al., comes with certain conditions. There is no fundamental right to purchase anything free of conditions, so when music companies and online retailers decide that they will offer music that is ensconced in DRM, that is a business and marketing decision that they make, assuming that people will forgo some freedoms in order to have the convienience.

The sort of "active" protest over DRM that is represented by tools to strip the DRM merely confirms that the market for the music exists and offers no reason for the music companies to move away from DRM. A better protest would be to boycott the entire DRM scheme altogether and only seek music from outlets that provide it free of DRM.

Will you still be able to get all of the CCR and Radiohead from other, non-DRM outlets? No, but if you want to make a point with a corporation, you need to do it by removing yourself from the market. The problem that I see is that many people want to have it both ways; they want all of the convience of an iTunes or Rhapsody, or similar, none of the DRM and want all of this without any real sacrifice.

A major problem today is the erroneous sense of entitlement that pervades so much. Too many people think that they are entitled to market for products that suits their needs and are willing to resort to unethical, if not blatantly criminal, activity to create that market. The truth is that the online music market will only change when providers are losing money because their markets have shrunk and they must retool the offering. AS long as people buy the DRM'ed music, that won't happen.

Re:Why you are all wrong

Actually, the European Comission does consider that there is a right to purchase things free of conditions, and in the case of any transaction that looks like a sale, it is a sale, and the constraints the seller can put on the purchaser are very limited.

Troubled times.

I think it's a symptom of technology, personally. We love technology as good little consumer whores. Well, just so happens, so do the greedy bastards at record labels. Just as much as we like to use technology, in increasingly grave amounts to make our lives easier, faster, dumber, cheaper, smoother, so do they. Unfortunatly, it's become far too easy for them to screw with our lives as far as consumption of entertainment goes.

Perhaps it's time for them to be taught that their product is simply not as valuable as they think it is and try to sue us into thinking it is as well.

I'm obviously not a Mac user....

I read that headline and thought that Trolltech had adjusted the QT license in response to the new iTunes.

DRM is not about copy protection

As I see it (in my own cynical way) DRM is not really about copy protection, it is for profit protection. Many people absolutely love itunes, the interface is highly intuitive and it is a nice, easy, hassle free way to buy music. The caveat is of course you have to buy one of Apple's players to use it, and of course when your player dies, or when new content comes out your player can't handle you have to use - another apple branded player!!

It boils down to the fact that once you have bought into Apple's DRM you are stuck having to either stick with apple branded players for the rest of your life, or resort to something like hymn or QTFairPlay to listen to your music, and end up breaking laws. Plus of course most people won't bother with the hassle of decrypting music and just buy another ipod anyway. Either way the upshot is, the industry wins the customer loses.

DRM for Apple is about hardware

Apple does not care one way or another about how the RIAA/MPAA view DRM as long as they can get content. Apple wants to keep DRM so you have to buy iPods. If you could easily strip iTunes DRM and put it on any player then Apple's bread and butter high margin hardware business has to deal with much more competition (their margins on media sales are garbage). Right now if you like iTunes - you either only listen/view on your Mac/PC or iPod. Apple owns the DAP market and has a small though not completely insignificant workstation and laptop market percentage.

QTFairUse6/myFairTunes does NOT break DRM!

Sorry, but QTFairUse6 does NOT break DRM in the same way that Hymn, et. al. do it. Hymn breaks DRM by getting the keys and decrypting the files itself. What QTFairUse does is... use iTunes to break it (relying on the fact that you have ciphertext, a key, and a black box (iTunes) that can take those two inputs and produce unencrypted audio).

If you examine the source code, you'll see why it hasn't been ported to Mac - it isn't portable. It relies on the fact that for a brief period of time, there will be a frame of decrypted AAC data. It first attaches to the iTunes process, then it attaches a breakpoint inside of iTunes. You play your audio, and when iTunes finishes decrypting a frame of m4p, it hits the breakpoint. Then QTFairUse, acting as a debugger, grabs a copy of the AAC memory buffer, and writes it to a file, which is (surprise) unencrypted. (This was how the first iTunes hack was done, too).

What QTFairUse6/MyFairTunes does is make it entirely automated by faking out a debugger. If you knew where to set the breakpoint, and where in memory to find the unencrypted data, you could basically do the same thing with your bog-standard VisualStudio debugger (albeit more slowly).

The iTMS 6 format wasn't broken, just an alternate attack vector was found. And it might be more difficult in OS X, since a process can prevent itself from being debugged by setting permissions to do so.

That's why QTFairUse is version specific - it needs to know where to find the memory buffer, and where to set the breakpoint.

DRM

To say the DRM has no legitimacy is just plain stupid. Reminds me of the similarly moronic 'All music should be free' line around in the Napster days. Apple was the first company to give us a decent model of legal music downloads. I'm happy that Apple instituted something that prevents(or at least slows down) music from appearing on P2P networks. People have a right to be paid for their work. I understand that people want to put their music on whatever they want and they should be able to. But technically iTunes isn't selling you that. You are allowed to authorize 5 computers, burn it 5 times (or something like that), and put it any iPod you want. They tell you that. None of that is hard to read fine print. If you don't like it don't buy it from them. DRM, or something like it, is a necessity in preventing the average person from being able to share their whole library with the world. Anyone here could get around it. Many outside of slashdot cyberwalls can't. At least not without effort or help. DRM isnt perfect and apple should improve it. But eliminating it completely just isnt the answer.

Is this necessary?

Can someone please explain why this is necessary? Can't you still just play the song with itunes and record from the wav source with a tool like Audacity?
Maybe I'm missing something.

What I can't figure out...

is why won't iTunes let you copy music from the iPod to the computer? - It's insane!

I have had an iPod for quite a while now, and have always used gtkpod. I wanted to purchase an audiobook s oI installed iTunes to get the audible file onto my iPod. Well since I now had it, although on a windows prtition I never use, I fiugred I would give it a shot, maybe buy a game and take advantage of the album art feature for the albums I dont have art for, well lo and behold I can't seem to population my iTunes library from my iPod.... the most assinine thing I've ever seen, its a basic feature why wont it do it?

From yet another Apple DRM thread some time ago

To quote myself:

DRM, lack of WMA compatiblity, ITMS files can't play on other players, "this here no name plastic player from China is cheaper and plays Ogg and... yadda yadda yadda".

OK, sit down, shut up and pay attention.

The overwhelming majority of people who buy iPods and KEEP buying iPods don't care a fat rat's ass about ANY OF THAT. Not one little bit do they care.

They want something that simply works. They don't care about ITMS DRM. They DO care about the fact that they can get music they want right now for a modest sum. They know they'll get a quality file.

They buy iPods because the interface is simple and it works well.

They buy iPods because they are small, sturdy and hold an amazing amount of music.

The overwhelming majority of the buying public is who Apple is targetting the iPod line to.

Not you smelly Linux hippies with your handmade machines and having to config it. And then you have to write some shell scripts. Update your RPMs. You have to partition your drives. And patch your kernel. Compile your binaries. Check your version dependencies. Probably do that once or twice.

Just to install an MP3 player. (and after all that, you STILL won't have more friends!)

You are not the consumer Apple cares about.

You have never been the consumer Apple cares about.

You will never be the consumer Apple cares about.

Get over yourself and welcome your new, Jonathan Ive designed, overlords!

By the way...

...no need to burn iTunes purchased music to a CD and then rip to MP3. (if you're using OS X, that is.)

Audio Hijack [rogueamoeba.com] intercepts the audio stream, stores it, and then gives you the option to safe it in diverse formats, including MP3 or a lossless format.

It also does the same thing with any streaming audio source, as well. Real, WMA, et al.

US$16.00. Worth every cent, in my opinion.

The free iTunes songs this week is called...

"Yours to Keep"

How ironic!

wouldn't burn and rip be faster?

This thing runs in real-time. Wouldn't it be faster to just burn an audio CD-R and then rip it? Say you have 60 minutes of music. Burn at 20x, rip at 20x, and we are talking maybe 10 minutes (I threw in some time for overhead). That's a lot better than 60 minutes!

Quality would be the same, too.

Re:Cracking because we care.

impediment in the way of our pursuit of doing-whatever-the-hell-we-want-with-the-music-we- purchase

FYP

Re:DRM has no place in the free market.

I beleive the dignified response a consumer should give to Apple and other makers of DRM is:
"Neener neener naw naw," coupled with happy-dancing around the computer desk.

Re:Cracking because we care.

Honestly, the reason people do this, is because most DRM, like [un-]'FairPlay', prevents a lot of valid and legitimate use.

I have well over 200 CDs in my CD cases at home, many probably have copy protection on them, though I've never done anything special to get around it (well, one CD crashes my Windows computer no matter what I do, so I don't put it in there). I have copies of all of these on my HD. Not so I can share the music with others online, I've never shared one song, but because I don't want the cpu hogging garbage the CP puts on my computer, and because I don't want to listen to one CD at a time, and switch every time I want a new song, especially since this risks damaging the CDs. On top of that, I want to listen to it on whatever device I have, be it my notebook, my desktop, my sterio, or my portable audio player. In this last case, DRM can cause major headaches and hinderances. Kein danke.

It restores my faith in humanity that there are people who willingly and freely help us preserve up our legitimate interests, when companies would try to take it away from us for a few extra bucks.

Re:Folks here don't "get" DRM

no, because people who don't have legitimate uses find easy ways around them.

The people who stick to legitimate uses are more likely to give up and say "forget it, I guess I won't use it for my legitimiate use because I can't", and not bother looking for a crack.

The only people that DRM hurts is the honest people who are not technically inclined.

Re:This is wrong

here is no legitimate reason to strip the DRM from iTunes Store purchases

Itunes music didn't work particularly well on my Sandisk MP3 player till I burned it to CD-R and then extracted it as MP3. It quickly got to be too much hassle, so I stopped using Itunes.

Re:Folks here don't "get" DRM

The majority of people don't have DRM-laden music at all, yet most people have hundreds or thousands of songs. Mostly downloaded. Sure, there are a few who thinks that DRM-laden music at $.99 a piece is a bargain but I can't see how the market have spoken in favour of DRM when 99% of the music on peoples hardrives don't have DRM.

Re:This is wrong

So, I could download something from iTunes, and without hassle, put it on my non-apple MP3 player, have a copy on my work (windows) PC, my home (Windows) PC, my notebook (BSD), and use it on my Audiotron player (MP3 and WMA compatable) that pipes it through my sterio?

Somehow I doubt it, yet those are all legitimate uses.

What the authors don't get

Is that by stripping the DRM, they're actually supporting the iTunes model and therefore the record labels because people will continue to buy from them instead of switching to the non DRM competition.

It's the same reason MS don't come down too hard on piracy of their OS and office suites. It actually supports their business.

 

Re:What the authors don't get

people will continue to buy from them instead of switching to the non DRM competition.

And that'd be what, exactly? Emusic just has indie stuff, allofmp3.com is still in a legal grey area as far as most people are concerned, and has some other issues (audible pops in the music, incorrect id3 tags (Everything I get is tagged 'Blues' for genre, for instance), strangely limited selection for many artists; the list goes on). I'd like to know where there's a legal service of the same quality as iTunes, but without the DRM.