QTFairUse6 Updated Hours After iTunes7 Release

Nrbelex writes "Mere hours after iTunes 7's release, QTFairUse6 has received an update which enables it to continue stripping iTunes songs of their 'FairPlay' DRM. Some features are experimental but at least it's proof that the concept still works."

How it works (why it's easy)

[BadAnalogyGuy (945258)]

From the linked site:

the program attaches itself to the running itunes process and intercepts the decrypted stream as the song plays. It needs to know where in memory to grab the stream from and this is different depending on which itunes you have. It cannot just decrypt a file on its own.

So an update to the iTunes software just means an update to the memory address offset to read the data from. Piece of cake.

Re:So basically...

[TortiusMaximus (719234)]

iTunes unencrypts the m4p file to AAC, then transcodes the AAC file to .wav before sending to the sound card driver. QTFairUse6 just intercepts the AAC datastream before it gets transformed to .wav and writes it to disk.

DRM is a cryptographical pipe dream

[ControlFreal (661231)]

In a DRM system, the consumer's machine needs to get both the encrypted content, and the key to decrypt this content. Otherwise, the consumer cannot listen to the audio he just purchased. As long as we listen to music with our analog ears, and watch video with our analog eyes, this will be the case.

As any cryptographer will tell you: if you have the cyphertext and the correct key, you can decrypt the content. Therefore, DRM systems are, by their very definition, nothing more than security by obscurity. It is a cryptographical pipe dream.

Re:

[morgan_greywolf (835522)]

As long as we listen to music with our analog ears, and watch video with our analog eyes, this will be the case.

Heheh ... Just wait 'til we introduce our new BrainImplant(R) DRM-on-a-chip(TM) decoding system! We will pwn j00!

Sincerely,
The RIAA and MPAA Joint Cartel

Re:DRM is a cryptographical pipe dream

[localman (111171)]

I agree with you. However it doesn't actually need to be a solid system to seemingly have the desired effect. iTunes 6 broke Hymn quite a while ago and until last week there was no way to decrypt. There still isn't on the Mac. They can keep changing things up and make it a pain. And even though there's still CD's out there and people can download from P2P, they file lawsuits to put a damper on that. So I think they believe their strategy is stopping 80% or more of the problem.

However, I think the real reason legal music downloads is working is because iTunes is a better experience. That's it. I think they're wasting their own time and money with DRM and lawsuits and whatever. All they've ever had to do was provide a better experience and people will pay. People with money will, anyways. They've seen this but they won't believe it. And if they wanted to take it further down the "better experience" path, they'd drop DRM and lawsuits. But whatever; they won't.

Cheers.

Why iTunes works

[Opportunist (166417)]

iTunes works not because you can't copy the song or because of DRM. It works because of two simple reasons:

1. price
2. easy to use

Fairly simple. 99 cents is a sum that convinces people it's more convenient to click and pay than to fire up a filesharing system or phone 'round with their friends. It downloads quickly and it's guaranteed to work with your iPod, no need to wonder what format or how to transfer it, the software is built to fit.

That's what makes it popular and that's why people pay for it. I bet a sizable sum that most of them didn't even notice yet that it contains DRM. Simply because nobody bothered to try to copy it instead of simply clicking and paying the buck.

Re:Why iTunes works

[AhtirTano (638534)]

I bet a sizable sum that most of them didn't even notice yet that it contains DRM. Simply because nobody bothered to try to copy it instead of simply clicking and paying the buck.

I can give anecdotal support to that (for whatever that's worth). Everyone in my work group uses iTunes to manage their music. Some of us use the iTunes store heavily, some of us only use it for free stuff. A couple weeks ago we decided to make a master playlist so all of our musical preferences could be equally represented in the shuffle. Some people were quite shocked and a little angry to find out that some of their favorite tracks could not be put in the mix. A couple people swore of iTunes forever. (Though I have real doubts that they'll stick to that.)

Re:Why iTunes works

[shark72 (702619)]

"finally, the russians do claim that they are sending a percent of the fees to the artists. I can trust that as much as I trust the riaa sending its 'cut' to its artists."

The licensing fees that the Russian sites pay are estimated to be on the order of a few hundred bucks a month. Divide that by the tens of thousands of tracks they sell per month, and it's hundredths of a cent. However, the Russian sites refuse to divulge which tracks are being downloaded. Some indie artists have asked. They refuse to tell.

By comparison, an iTunes sale will net the artist around $0.15. And, yes, iTunes reports and pays. Sell a thousand tracks a month and that's $150 per month, vs. zero for sales on the Russian sites.

Now, you might think that $150 means nothing to your average recording artist, and that they can easily eat this loss. But the reality is that the typical recording artist has a standard of living that's much closer to your own (and quite likely worse) than the image you might have from watching MTV. If you would miss that $150 a month -- or, better put, if you would be angry if somebody cheated you out of $150 on the rationale that they thought you didn't need it -- then it's a safe assumption that your favorite artist would, too.

Make no mistake -- it's perfectly acceptable to say something like "I don't give fuck all if an artist makes $15 or $150 or $1500 a month. Just give me all the DRM-free music I can handle, baby!". As the Electric Company pointed out, the most important person in the world is YOU, and not some random artist. Pirate all you want if that works with your moral code. But it is intellectually dishonest to state that you use a Russian site for your music because it is no worse a deal for the artist than buying it legitimately.

Re:DRM is a cryptographical pipe dream

[TheSpoom (715771)]

I like Cory Doctorow's take on the DRM issue, as explained in his talk at Microsoft [uberm00.net]. Eye-opening to anyone who isn't into cryptography, it explains just how easy it is to break DRM.

The Future Looks Dim with DRM

[mitchell_pgh (536538)]

I really do fear that the future will be riddled with incompatibilities from DRM.

I'm an "Apple Fanboy" but have limited my iTunes purchases to a few albums. CDs are still considerably more flexible regarding how and where I can use the music. Sure I own an iPod, but I also own a phone and PSP that can both play music. I also have a device that will play MP3s through my TV. None of those last three will play my FairPlay music. While I accept the limitations of the player, it's simply frustrating at times.

Regarding the new Apple Movie Store, let me get this right... we pay $9.99 (to $14.99) for a movie... that's of a lower quality than DVD and can't really be moved outside of your local network (it's not like you can take it over to a friends house without unauthorizing their computer and authorizing their computer under your username). Just trying to explain this to my fiance made her eyes glaze over. Her exact words: "sounds compleicated... why not just go to the movie store."

Why you are all wrong

[rockhome (97505)]

There are a lot of arguments about how bad DRM is and why it is stupid and how it restricts one's fair use.

The arguments lack one perspective, that the purchase of music from iTunes, et. al., comes with certain conditions. There is no fundamental right to purchase anything free of conditions, so when music companies and online retailers decide that they will offer music that is ensconced in DRM, that is a business and marketing decision that they make, assuming that people will forgo some freedoms in order to have the convienience.

The sort of "active" protest over DRM that is represented by tools to strip the DRM merely confirms that the market for the music exists and offers no reason for the music companies to move away from DRM. A better protest would be to boycott the entire DRM scheme altogether and only seek music from outlets that provide it free of DRM.

Will you still be able to get all of the CCR and Radiohead from other, non-DRM outlets? No, but if you want to make a point with a corporation, you need to do it by removing yourself from the market. The problem that I see is that many people want to have it both ways; they want all of the convience of an iTunes or Rhapsody, or similar, none of the DRM and want all of this without any real sacrifice.

A major problem today is the erroneous sense of entitlement that pervades so much. Too many people think that they are entitled to market for products that suits their needs and are willing to resort to unethical, if not blatantly criminal, activity to create that market. The truth is that the online music market will only change when providers are losing money because their markets have shrunk and they must retool the offering. AS long as people buy the DRM'ed music, that won't happen.

Re:Why you are all wrong

[ambrosen (176977)]

Actually, the European Comission does consider that there is a right to purchase things free of conditions, and in the case of any transaction that looks like a sale, it is a sale, and the constraints the seller can put on the purchaser are very limited.

QTFairUse6/myFairTunes does NOT break DRM!

[tlhIngan (30335)]

Sorry, but QTFairUse6 does NOT break DRM in the same way that Hymn, et. al. do it. Hymn breaks DRM by getting the keys and decrypting the files itself. What QTFairUse does is... use iTunes to break it (relying on the fact that you have ciphertext, a key, and a black box (iTunes) that can take those two inputs and produce unencrypted audio).

If you examine the source code, you'll see why it hasn't been ported to Mac - it isn't portable. It relies on the fact that for a brief period of time, there will be a frame of decrypted AAC data. It first attaches to the iTunes process, then it attaches a breakpoint inside of iTunes. You play your audio, and when iTunes finishes decrypting a frame of m4p, it hits the breakpoint. Then QTFairUse, acting as a debugger, grabs a copy of the AAC memory buffer, and writes it to a file, which is (surprise) unencrypted. (This was how the first iTunes hack was done, too).

What QTFairUse6/MyFairTunes does is make it entirely automated by faking out a debugger. If you knew where to set the breakpoint, and where in memory to find the unencrypted data, you could basically do the same thing with your bog-standard VisualStudio debugger (albeit more slowly).

The iTMS 6 format wasn't broken, just an alternate attack vector was found. And it might be more difficult in OS X, since a process can prevent itself from being debugged by setting permissions to do so.

That's why QTFairUse is version specific - it needs to know where to find the memory buffer, and where to set the breakpoint.

Re:At what point...

[goMac2500 (741295)]

I don't think "the iTunes people" really care. But they don't have a choice if they want to sell music. It's all about what the record labels want, not Apple.

Re:At what point...

[nine-times (778537)]

They do gain a benefit in that it makes it hard to use iTunes-purchased music on non-iPod MP3 players, true. However, it's also pretty well known (though I don't have a source, it's pretty well accepted as fact) that Jobs has fought with the record companies over the DRM. Jobs wanted cheap music, DRM free, at a flat fee, that could be transfered back-and-forth between the iPod and your computer. The labels wanted music with expensive variable pricing and extremely restrictive DRM. The current system, with mostly flat pricing (more expensive than what Apple wanted but cheaper than the label's intended), somewhat loose DRM, and one-way syncing from iTunes->iPod was the compromise.

Really, when you think of it in a certain way, why would Apple care terribly about the DRM? They don't make much off of these sales, and a lot of their cost probably comes from bandwidth, which isn't used except when someone actually buys something. On their end, it's largely promotional.

Re:Let the law suits begin

[xtracto (837672)]

Only a matter of time till both Apple and MS initiate lawsuits on those that cracked their DRM. No doubt aided and abetted by the **AA. The silver lining is that if this gets to the SC, the DMCA *might* get struck down as unconstitutional.

Cracked DRM? where? What this program does is something similar to dump some part of the memory in your machine into a file. It does not cracks anything, it does not modify any program, it is not any key generator, it just dumps a section of your computer memory into the disk.

Guess what, Microsoft Office does exactly that when you click the "save document" function. =o)

Re:Let the law suits begin

[Jerf (17166)]

When you play the law game, the argument of the form "Look, there's a definition of X in the dictionary, under which X didn't happen. Therefore, I didn't do X. Ha-ha! Got you!" works about as well as I've made it sound. You really don't get to pick definitions; you can do some limited advocacy if you can find some evidence, but you aren't going to get away with arguing that because one of the definitions of murder [m-w.com] is "something very difficult or dangerous", you therefore didn't commit murder when you shot that guy that was annoying you, on the grounds that it was quite easy and involved no danger to you.

The DMCA [loc.gov] is pretty clear on what it means by circumvention:

`(3) As used in this subsection--

`(A) to `circumvent a technological measure' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and

`(B) a technological measure `effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

If you think you can convince a judge that this isn't textbook circumvention, hey, go for it. But saying it'd be an uphill battle is putting it lightly. Especially if you go in there claiming that it's somehow impossible for a "mere memory dump" to constitute circumvention, when it is clearly one of many types of transform wherein you put a protected work in one end, and get an unprotected work out the other.

(Do not confuse this post with DMCA advocacy. I strongly disagree with outlawing technologies and actions; I think the law in this area should merely concern itself with results. But I also think you can't fight against something you don't understand; you just make yourself sound like an idiot. You need to understand there is a distinction between what the laws says and what you wish it said. Understanding the DMCA better is a necessary step in fighting it.)

Re:Let the law suits begin

[nine-times (778537)]

When you play the law game, the argument of the form "Look, there's a definition of X in the dictionary, under which X didn't happen. Therefore, I didn't do X. Ha-ha! Got you!" works about as well as I've made it sound.

Oh yeah, as if lawyers never exploit technicalities. The technicality here, of course, is that you are gaining access to the copyrighted work with permission of the copyright owner and through the approved method. It's being decoded into memory in the correct and legal means, and you then have a legally decoded copy in memory. The user is then copying that copy in accordance with fair use. There's no circumvention of the controlled access to the work, because it's an issue of what the user who has controlled access does with that access.

I'm not saying it's an iron-clad argument or anything, but it certainly could be argued on very technical grounds, and that's a large part of what lawyers do-- argue about the wording and meaning of laws in a very technical way. The point is, the transformation from a protected copy to an unprotected copy is done explicitly how the copyright holder has given permission for it to be done. Every time you play a song in iTunes, the program is making an unprotected copy in memory, and this program is simply a means to KEEP that copy.

Re:

[From A Far Away Land (930780)]

I beleive the dignified response a consumer should give to Apple and other makers of DRM is:
"Neener neener naw naw," coupled with happy-dancing around the computer desk.

Re:This is wrong

[jimstapleton (999106)]

So, I could download something from iTunes, and without hassle, put it on my non-apple MP3 player, have a copy on my work (windows) PC, my home (Windows) PC, my notebook (BSD), and use it on my Audiotron player (MP3 and WMA compatable) that pipes it through my sterio?

Somehow I doubt it, yet those are all legitimate uses.

What the authors don't get

[Colin Smith (2679)]

Is that by stripping the DRM, they're actually supporting the iTunes model and therefore the record labels because people will continue to buy from them instead of switching to the non DRM competition.

It's the same reason MS don't come down too hard on piracy of their OS and office suites. It actually supports their business.

 

Re:What the authors don't get

[SkipRosebaugh (50138)]

people will continue to buy from them instead of switching to the non DRM competition.

And that'd be what, exactly? Emusic just has indie stuff, allofmp3.com is still in a legal grey area as far as most people are concerned, and has some other issues (audible pops in the music, incorrect id3 tags (Everything I get is tagged 'Blues' for genre, for instance), strangely limited selection for many artists; the list goes on). I'd like to know where there's a legal service of the same quality as iTunes, but without the DRM.

Re:This is wrong

[Shawn is an Asshole (845769)]

There is no legitimate reason to strip the DRM from iTunes Store purchases.

Yeah sure. Wanting to listen to purchased music on Linux systems is wrong.

Re:I'm almost ready to buy

[Intron (870560)]

It's called slashdot. It's a self-regulated forum of intellectuals who espouse fairness, rational discourse, wit and good fellowship above all else.

Re:Apple - "whoops"

[misleb (129952)]

I hope Apple didn't spend too much time and effort on that, being that it only took a few hours for people to undo it. DRM is a pain. I don't particularily believe in downloading content I haven't paid for...

Slightly off topic, but I wonder how you feel about downloding content that was on broadcast TV. Take the show "Lost" for example. Lets say you missed it when it was broadcast. Now, you could have recorded it for free and stripped out the commercials. But you didn't for whatever reason. You could wait a year for the DVD to come out, but you don't want to wait. You could pay some "legit" online service for the convenience of downloading, but why should pay for something that was broadcast for free just yesterday? Is there anything wrong with downloading it or getting it from a friend?

-matthew