DVD Jon hacks iTunes, creates program that allows you to buy...

[Panther]

Note: This application has been untested by this site, and Apple will likely take steps to prevent future usage.

iTMS just used web service interfaces and XML over HTTP... It will be interesting to see just how they could stop an app from accessing.

What is more likely is that the iTMS servers would add in the DRM and buyer metadata before it gets downloaded. Its actually a little shocking that it wasn't designed to do that in the first place!

 

[paulypants]

Oh! There goes the email from Gorog to the Music Labels!

 

[Macaddicttt]

Anyone care to make this interesting? I'm taking all bets. How long until Apple fixes the problem?

 

[jmsait19]

Oh! There goes the email from Gorog to the Music Labels!

even so, if an itms song's drm is cracked, you still payed 99 cents for it. where if the napster to go drm is cracked, people have thousands of songs for 15 bucks a month. which hurts more?

 

[qzak]

might as well ask, other people are probably wondering too... whats DRM?

 

[DTphonehome]

might as well ask, other people are probably wondering too... whats DRM?

DRM= digital rights management= copy protection

I'm also quite surprised that Apple DRMs the songs as they are downloaded. All it takes is a hack into the servers housing the music and there goes the neighborhood.

 

[SPUY767]

People don't realize

That when you do things like this, it hurts apple. Apple has a market to protect. If people keep doing this enough until the RIAA gets pissed and won't let apple sell music any more. It's just like complaining that apple hass had to change their DRM policies. It's not apple that is doing it, it's pressure from the Recording Industry. Apple has to walk an extremely fine line, and they do a goo djob of it, so those folks need to lighten up.

 

[DavidLeblond]

might as well ask, other people are probably wondering too... whats DRM?

In a nutshell (help! I'm in a nutshell!) DRM (Digital Rights Management) is that little wrapper around the downloaded AAC files that makes it so you can only play the song on up to five computers/devices.

 

[mkjellman]

For those who don't speak the lingo-

Digital Rights Managment

It is a huge source of debate within the recording industry, the consumer, and the online stores who are selling digital management. This is what limits you to the number of times you can burn a playlist, play the music on other computers, and use it on portable devices. It is the recording industries way of reducing piracy of their software, but that is up to debate.

What is big is that there is no OS X binary yet, so we will see. I am also surprised the John has not focused on Janus yet, I hope he does because it would send a very clear message to the recording industry.

I personally use Hymn because I need my music to be compatible with Traktor and my Roku device. I think it will be very difficult for Apple to stop this unless they release a new "security" patch for iTunes modifying their protocol.


Time will tell.

 

[jsw]

It's actually a little shocking that it wasn't designed to do that in the first place!

It's a lot easier to use the buyer's CPU to add DRM than to task the iTunes servers with doing it - so making the servers do it will cause Apple to either add more horsepower there or slow down iTunes' response times under load.

 

[Vonnie]

Fantastic

Personally I think this is great! Any sort of DRM sucks, even if it is rather "liberal". That's like giving all your customers in your shop a pair of handcuffs to prevent theft, and saying "but these cuffs are really comfortable".

 

[yg17]

DRM= digital rights management= copy protection

I'm also quite surprised that Apple DRMs the songs as they are downloaded. All it takes is a hack into the servers housing the music and there goes the neighborhood.

The music has to be stored un-DRMed which is a huge risk for the iTMS or Napster or any other online store. The difference is when it gets the DRM added to it. If it gets the DRM at the server before its sent out for download, then this will solve the problem. But either way, the music has to be stored without any DRM somewhere and hacking into the servers would indeed be trouble

 

[sangre de toro]

the more barriers there are the more we get used to them. Give us a break! You pay for it, you use it and if anybody restricts you ... Long live to the many dvd whatever!

 

[wnurse]

It's a great convenience until the RIAA gets pissed and either changes their mind about downloadable music or tells Apple to hike their prices.

We shouldn't worry though, Apple will defeat this in no time.

Really?. how?. Regardless of what apple does, it might be even easier for DVD Jon to break their new programming than for them to come up with new programming. Think about it. A company with a lot of paid developers getting outwitted by a guy with time on his hands. I think he wins everytime. Their cost to defeat him is astromnomical compared to his cost to defeat them.

Although it's an eye opener to know that itunes itself is what wraps the music with DRM. I'd have thought the music was already DRM'd on the server. But I can see why apple chose that route, so that to get DRM'd songs onto an ipod, you would have to use itunes. I bet they never thought someone would bypass the itunes interface (kind of shortsighted if you ask me, this should have been anticipated).

One way around this problem would be to store the music in an encoded format and have itunes decode the music and wrap in DRM.
Unfortunately, that can be bypassed too. A competent enough person (example DVD jon) could intercept the process between decode and before DRM wrapping and deliver the music. Another way would be for itunes server to request itunes to send a key and then use that key to add DRM to the music on server before delivering to user, although then you could build a player that intercepted the key and uses it to remove the DRM.
I'm sure for every solution apple can think of, DVD jon can think of a way to defeat it. There might be no technical solution to the problem at all.

 

[Porchland]

In interviews Steve Jobs has gone on record saying that unbreakable DRM is impossible. What you're seeing from Apple is a "good enough" strategy. After all, they don't really care, it's only there to appease the RIAA.

...

Apple will make another "good enough" fix to block it for another 6 months. But they really don't care. Although externally they "care", I bet internally it doesn't particularly bother them because ITMS is so big that the record companies can't afford to pull out of it.

Suggesting that Apple isn't concerned about DRM any further than needed to appease the record labels is ridiculous. Apple doesn't care about the integrity of its business model unless the RIAA is on on its back?

That's like saying Honda doesn't care whether its airbags deploy correctly unless the airbag contract is on its back. A defective product -- whether it's an iTMS track without DRM or a Honda with bad airbags -- isn't good for the manufacturer. Apple needs for its DRM to be good to protect its OWN future revenues through iTMS -- not just the record labels' profits.

 

[albinogoldfish]

Just hire'em!

Echoing a comment I saw elsewhere, why doesn't someone just hire this guy. It probably costs more for Apple to sue each person than it would be to hire them and keep them busy fixing these problems internally.

 

[Porchland]

Personally I think this is great! Any sort of DRM sucks, even if it is rather "liberal". That's like giving all your customers in your shop a pair of handcuffs to prevent theft, and saying "but these cuffs are really comfortable".

But since "DRM sucks," I guess you'd rather the store give it away for free and go out of business when the cashflow immediately dries up.

 

[DavidLeblond]

Although it's an eye opener to know that itunes itself is what wraps the music with DRM. I'd have thought the music was already DRM'd on the server. But I can see why apple chose that route, so that to get DRM'd songs onto an ipod, you would have to use itunes. I bet they never thought someone would bypass the itunes interface (kind of shortsighted if you ask me, this should have been anticipated).

Actually the reason why it isn't encoded with DRM on the server is that if they did that they would need a copy of every song for every customer they have on the server.

They don't care how you put songs on the iPod anyway... just that you buy an iPod to put the songs on. iTMS is there to sell iPods after all. Therefore if someone breaks the DRM and allows you to put the downloaded songs on ANY MP3 player it most DEFINATELY will not please Apple. The DRM isn't just there to appease the RIAA, it is there to make sure we keep buying iPods.

 

[Dippo]

Personally I think this is great! Any sort of DRM sucks, even if it is rather "liberal". That's like giving all your customers in your shop a pair of handcuffs to prevent theft, and saying "but these cuffs are really comfortable".

I can't see anything really wrong with this program.
You still have to buy the music!

The labels need to get over trying to shove this DRM crap down our throats.
It will never work! This has been demostrated time and time again.

Of course Apple will shut it down soon.

 

[wnurse]

aah of course

Actually the reason why it isn't encoded with DRM on the server is that if they did that they would need a copy of every song for every customer they have on the server.

aah yes of course.. (slap on forehead). hmm.. then adding DRM on fly before delivering might be the workaround apple does... although as noted in my previous post, that can be defeated too.

 

[Nermal]

Does anyone know how to use the app? The readme file is empty

 

[jiggie2g]

DVD Jon is unstoppable this guy could crack a Diamond.

 

[ASP272]

I haven't used the program, but anything that scares the music industry and bands like Metallic (about increased sharing/piracy) is bad news for itms. Apple will hopefully fix it before I finish typing this response.

 

[ShavenYak]

I would bet you will find this hole in WMA stores for the same reason. Of course Jon prefers to target the source that will get him headlines.

From my limited knowledge of WMA from a miserable two days spent trying to help a friend's daughter with a crappy RCA player and Wal*Mart downloads, I think they may work differently. The license file is separate from the actual WMA file, so I'm betting the WMA is encrypted just once, with a long random key, and sent across the wire to any purchasers already encrypted. The key is then transmitted to the user and stored in the license file. Both the WMA and the license file are needed for playback.

I could be wrong, but it seems like it would be silly to separate the license information from the music file unless you were doing something like this. Of course, Microsoft is well-known for silly decisions....

 

[desdomg]

This is great news - by removing the DRM I can play my music on any device I like. It is my music after all. The music industry needs to get used to the idea that you should really only sell a track once to each user, not one track for each device the user wants to play that track on.

Apple and the music industry in general will continue to rake in the $$$ regardless of this development - the real threat to the industry was always P2P, not sales.