New Tool Cracks Apple's FairPlay DRM 1126
goombah99 writes "PlayFair is an integrated utility that removes the DRM from AAC music files protected by Apple's FairPlay encryption. Information is limited, but the source code is on SourceForge.net and it appears to actually remove the encryption itself and not simply hijack the QuickTime audio stream as earlier methods did. The cracking operation can only be done on songs the user has already has valid licenses for and requires either an iPod or a windows computer for key recovery. If you choose to redistribute these songs you will be violating the contract you bought them under: better hope they aren't watermarked or you might end up paying for releasing one in the wild. To me the authors are vandals not revolutionaries, and may have ensured WMA becomes the standard."
Re:FoulPlay (Score:2, Informative)
Incorrect background on VeriDisc/FairPlay (Score:5, Informative)
Apple bought VeriDisc. They didn't license FairPlay; they own it.
Anybody have time to look at the code? (Score:1, Informative)
Most of the heavy lifting for this program is done by the mp4v2 and mp4ff libraries.
Does this thing reencode the files? If so, how is this any sort of breakthrough? We could already do that.
Re:FoulPlay (Score:5, Informative)
ERROR Above: WMA *NOT* AAC was rated #1 (Score:3, Informative)
fairplay CVS is still up (Score:5, Informative)
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot
Re:maybe now you can have fair use (Score:2, Informative)
You can't buy any new ones because your new billing address will be in Canada. But this won't prevent you from playing your existing protected AAC files, or even from authorizing/deauthorizing your existing computers.
Wrong. (Score:4, Informative)
I mean, all "hacks" on DRM of this nature (single authority source, encrypted carrier, hardware or firmware enforcement) will be exactly the same technique. The question is how do you get at the unencrypted scheme or your session keys... this is an example of how to do that under Fairplay w/iPods.
Point being, at some stage you have to store a decryption key somewhere, and all you need to is intercept it or extract it. It checks your iTunes for it's user key, or generates the one the iPod would (eventually) use. Apparently using this and MD5 hashing of information from each protected song, you get a session key which can decrypted the DRMS atom (AES if you were wondering... figures). And that's it.
I wouldn't really call it hacking... it's reverse engineering and re-implementation of Veridisc's algorithm.
Point is, I was waiting for someone to finally hunker down and pick it apart. Now I know... so if I ever run into a situation where I need the unprotected stream, I can get it, but you're not going to see me giving these unprotected streams to my friends... I paid for them! I just need to increase my value.
Now I can use the AAC streams in my car (got a laptop rigged up... OGGs, MP3s, and now iTunes... heee heee!)
Re:Lies (Score:3, Informative)
If an iTunes DRM'ed protected AAC file found it's way legally to your hard drive, I'm going to guess that happened using iTunes, the terms of which you agreed to. So, if you agreed to to their terms before using their service, I believe you are going to be legally bound to those tunes, no?
What things are you legally entitled to do as specifically written in copyright law that Apple iTunes prevents you from doing? I would highly advise you read section IV of the ruling in the MPAA v. 2600 case [harvard.edu] for more information on "fair use". The term is so heavily misused on Slashdot that it has become meaningless.
Re:Tough to enforce everybody's rights all at once (Score:3, Informative)
Some sort of watermark based on a hash of the DRM key perhaps?
Fine:
Joe has "Invisible Touch" and runs fairplay on it. he takes the resulting DRM-free AAC file and runs md5sum. He then posts on
Bill also has "Invisible Touch", and follows the same process that Joe did. He discovers one of two things:
The file hashes are identical, thus removing fear of retribution by fanatical enforcement agency personel.
The file hashes are different: So Bill posts his, in the odd chance that maybe it's just a fluke, and waits for other people to do the same.
Well, I don't have iTunes, so I can't join in the fun. Anybody want to try this out?
Re:Lies (Score:3, Informative)
big deal (Score:2, Informative)
Re:Lies (Score:5, Informative)
Quit yer trolling...who said anything about violating copyright laws? If I'm working on my car and want to refer to some pages out of the shop manual, I'll make a copy of the relevant pages and work from those so the manual doesn't get dirtied up. That is fair use. Another example of fair use is dubbing a CD to tape so I can play it in my car (which doesn't have a CD player). That's also fair use. How, then, is stripping the DRM off an .m4p so I can convert it to Ogg Vorbis for playback on my Palm (an example of format-shifting analogous to the aforementioned CD-to-tape dub) not fair use? It's only copyright infringement if I turn around and put the resulting .m4a files up on $P2P_NETWORK or otherwise distribute them to others.
Beware, downloaded songs are watermarked (Score:5, Informative)
Besides, CD quality is still better audio.
Re:Let's hope (Score:2, Informative)
Re:Beware,-- WRONG! - PEPSI CAPS (Score:0, Informative)
All other account info is fake. no credit card.
free itunes music, no DRM, thanks pepsi
Re:So let me get this straight... (Score:3, Informative)
Re:Lies (Score:5, Informative)
Re:Lies (Score:5, Informative)
I think part of the problem is that folks are looking at AAC as 'Apple's format.' It's not. AAC -- Advanced Audio Coding -- is an open standard; there's an ISO number for it, and it was come up with by the MPEG standards group. AAC is to MPEG4 what MP3 (MPEG1 Audio Layer 3) was to the original MPEG. AAC itself is quite widely played by software players -- more than just iTunes -- and is more or less the intended successor to MP3. (NOTE: Intended. I make no predictions about whether or not it will actually happen.)
Where you can point the finger at Apple is on their DRM implementation on top of AAC; that's not part of the AAC specification, and so means that while an un-protected AAC file can play on iTunes, WinAmp, etc., a protected iTunes Music Store one cannot. THIS is a little unfortunate; I'd love to be able to load protected AAC onto my NetMD minidisc player without having to burn it to CD first.
WMA makes me more nervous as a format, because as far as I know it's controlled by a single entity (Microsoft) instead of an open group (MPEG standards group). However, it can't be discounted that WMA's integration of DRM has made it the more attractive commercial option for folks, since it's possible to make differing players handle the same DRM-protected files.
Whether or not AAC with some form of DRM will catch on remains to be seen, I guess.
Legalities - FairPlay hacking is illegal (Score:5, Informative)
It is just as illegal. Actually, more so. Downloading copyrighted music is simple a copyright infringment. (at the moment) This means it falls under civil law.
However, creating a tool like this circumvents a copyright protection scheme. This is a criminal act punishable by up to 5 years in prison or $500,000, under the DMCA of 1998. (section 1201)
As an aside you mention if Apple had it's way...Even at the risk of appearing as an Apple apologist...Apple didn't want DRM at all. They struck a deal with the RIAA. Essentially the RIAA said, NO DRM, NO MUSIC. Apple said, okay...we'll put in a little DRM. I wish I could find the quote from Steve Jobs but he essentially said, "DRM is stupid, users want control of their files and rightly so, DRM will kill the market."
Re:Lies (Score:2, Informative)
Actually Fair Use is common law, not positive law
Get yer Gentoo ebuild right here (Score:3, Informative)
The Easynews mirror (what I normally use) didn't have it. It might not have synced over yet. UNC had it. I just wrote a Gentoo ebuild (cribbed it from another ebuild, really) for it, and it grabbed it from the Belnet mirror.
Speaking of the ebuild, here it is:
# Copyright 1999-2004 Gentoo Technologies, Inc.
z "
# Distributed under the terms of the GNU General Public License v2
# $Header: $
# Short one-line description of this package.
DESCRIPTION="Playfair enables fair use of iTunes Music Store downloads."
HOMEPAGE="http://playfair.sourceforge.net/"
SRC_URI="mirror://sourceforge/playfair/${P}.tar.g
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="x86"
IUSE=""
DEPEND=""
S=${WORKDIR}/${P}
src_compile() {
econf || die
emake || die "emake failed"
}
src_install() {
einstall || die
}
Dump it in /usr/local/portage/media-sound/playfair, make sure PORTDIR_OVERLAY is set in /etc/make.conf, and issue emerge --fetchonly playfair && (cd /usr/local/portage/media-sound/playfair; ebuild playfair-0.2.ebuild digest) && emerge playfair to install.
Re:Lies (Score:5, Informative)
In theory, anyone who wanted could use the FairPlay DRM and thus play Apple iTunes Music Store music. However, AAC not having an inherent DRM seems to have discouraged everyone but Apple from using it commercially, whereas WMA has the DRM right there so if you're using WMA you don't have to go shopping for separate DRM solutions.
That was the point I attempted to make in the earlier post.
Re:DeCSS (Score:3, Informative)
Name some of those "most countries". Your statement is wrong in all Common Law countries, almost all of Europe, and pretty much everywhere else that I'm aware of.
Well, technically, you are correct that contracts can't take away rights. However, you can give up rights as part of your consideration to form a contract, and that is legally enforceable. There are certain rights that you cannot give up this way, but none that are applicable here.
Re:Has anybody tried it? (Score:2, Informative)
I then moved the file over to my laptop which has never seen iTunes or an iPod, and was able to play the file (renamed to
So far, one good data point!
Re:Lies (Score:1, Informative)
How many WMA9 drm file have you played on WMP for Mac then? None, since it doesn't actually play them.
Why do you think none of the WMA online stores support Mac (or anything apart from Windows).
>Dont talk trash unless you really know what you are talking about....
Quite...
IP is neither Intellectual nor Property... (Score:2, Informative)
William Stone III explodes the Myth of Intellectual Property in a series of articles entitled
Law Versus Reality [webleyweb.com]
http://www.webleyweb.com/tle/tle265-20040404-09
Part 1 [webleyweb.com]
quote from the article:
I've argued that information shares none of property's unique characteristics, therefore information cannot be treated as identical to property.
Re:Lies (Score:5, Informative)
Every online music store out there uses version 2 of WMA's DRM.
Re:Lies (Score:3, Informative)
Uh, kinda odd for them to be using AAC [aac-audio.com] then, isn't it?
And why exactly would Apple be charging royalties for AAC use? It's one of those open standards you seem to champion (despite your lack of familiarity with them), and Apple not a creation of Apple's.
Re:Lies (Score:2, Informative)
Re:Wow, whats with all the hoopla? (Score:3, Informative)
Re:We can only hope WMA will win! (Score:2, Informative)
Re:Lies (Score:4, Informative)
There's my work machine, my home machine (two users, my wife and I), her 20GB iPod, my iPod Mini, and my laptop. Oh, whoops, can't do that, just ran out of licenses, and that's not even counting the old Pentium II that keep around as a print server/backup machine.
Or, are my wife and I not allowed to share one download? We can own a house together, but not an audio file?
Fortunately, via m4p2mp4.exe you can strip the DRM out of them as necessary, or do the old m4p->CD audio->mp4 conversion, though recreating metadata is a bit of a pain in the arse. [techfreaks.org]
For the millionth time (Score:5, Informative)
Copyright violation = making an unauthorised COPY of something
YOU CANNOT STEAL SOMETHING BY MAKING A COPY.
Re:Lies (Score:3, Informative)
That's an oversimplification, of course. To give just one example, I believe that photocopying one chapter from a book to distribute to students in a class for educational reasons, charging them no more than the cost of the coyping itself, has generally been held to be fair use.
Here's a reference with some further details on copying for educational purposes [upenn.edu]. (Not that educational justifies any copying, or that it is the only such justification. But it's one good source of examples.)
--Bruce Fields
Re:Lies (Score:4, Informative)
Apart from the Mac WMP's inability to play WMA files (mentioned by six replies already), iTunes always allows you to burn on CDs. (Up to 10 copies per playlist. If you need more, change the playlist. But if you do, you are probably pirating the music.)
Dont talk trash unless you really know what you are talking about....
Must have patch for playfair-0.2 (Score:1, Informative)
Instructions (If you need anything besides the link to the patch, so help you god):
download and extract playfair-0.2.tar.gz [sourceforge.net]
Download the patch file at: playfair.0.2.rename.patch [sourceforge.net]
Extract playfair-0.2.tar.gz and put file playfair.0.2.rename.patch into the directory playfair-0.2/src
Apply the patch by doing the following:
# gzip -d -c playfair-0.2.tar.gz | tar xvf - .. ./configure && make install
# cd playfair-0.2/src/
# patch -p1 < playfair.0.2.rename.patch
# cd
#
NOTE: You need to be root to do the "make install"
An unquestionably legal way for fair use? (Score:2, Informative)
Re:We can only hope WMA will win! (Score:2, Informative)
So, to compare the two: (X refers to the freedoms allowed under fair use)
DVDs - You bought the hardware. The law (and judicial precident) say you can do X. They try to stop you from doing X. The DMCA prevents you from circumventing some protection measures, but the actual copies and derivitive works (that you dont distribute) are legal.
Regardless, the GPL is a _license_. This is a different beast. Once you get a piece of GPL code, the law says you can do X. Like a DVD, copyright laws say you may _not_ distribute copies, modified or otherwise. However, as a _license_, the GPL says you _may_ distribute, provided you follow certain conditions. It's not a contract in any way, shape, or form.
It's similar to if I were to compose a piece of sheet music or write a book. If I give it to you, you can do a lot of things with it, but you cannot distribute copies permission. Now suppose I add the license "You may make and distribute unlimited copies, provided you do not remove this copyright notice". Do you have to sign a contract for that? Of course not, because it is a right you being given, not a freedom being taken.
If the law says that I can drive my car on any public road I choose, I do NOT want my car company placing artificial restrictions on where I can drive it. If it's their car, fine. Once it's in my posession, it's fair game.
Re:fairplay CVS is still up (Score:3, Informative)
http://unc.dl.sourceforge.net/sourceforge/playfai
Re:Why would someone do this (Score:2, Informative)
Bullshit. iTMS has some exclusive tracks and a large selection of classical music. p2p is great for popular stuff, but once you drop off the top 100 the critical mass isn't there.
Re:Lies (Score:4, Informative)
TITLE 17 - COPYRIGHTS [cornell.edu]
There's a clause in USC 117 (copyright law) that says that ephemeral copies aren't supposed to be infringing.
The ephemeral clause is Sec. 112. [cornell.edu] It is extremely narrowly drawn and effectively worthless. Ephemeral uses obviously fall within fair use, so the fact that the exemptions listed in the text are absurdly narrow is irrelevant.
The librarian of congress apparently has some power to craft exemptions here (perhaps we should be lobbying there, more?)
There are two possible kinds of exemptions to the DMCA. There are absolutely useless exemptions, and there are exemptions that will effectively and totally gut the DMCA. Thus far the library of congress has been good little librarians and very careful not to allow any exemptions that might irritate anyone. Lobbying there has been a waste of time.
fair use... something like four factors
The for factors are listed in Section 107. [cornell.edu]
(1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
(4) the effect of the use upon the potential market
An important point to note is that it says "factors to be considered shall include ". The four factors are merely examples that shall be considered. The courts routinely consider other factors. For example "transformative" use weighs in favor of fair use. Things like collages and parody are transformative.
you guys should Google for USC 117
Link to 117 [cornell.edu]
The mess with 117 is that it reffers to an "owner of a copy of a computer program". They are trying to play word games by claiming that you never actually own a copy, they try to claim that copies are always "licenced" under EULA's. However an EULA is really just a contract. If you buy a box of software and don't willingly bind yourself to that contract then you get no benefits from that contract, but you are not restricted by it either. You can then simply install and run the software you now own on the disk you now own. If there's a click-through licence agreement you could always make the effort to tweak your machine to bypass it. This is why they are lobbying to get a law passed to make EULAs binding.
The few very rare cases upholding EULAs have been based purely on arguments that the buyer somehow willingly agreed to be bound by it.
-
Re:Lies (Score:5, Informative)
big difference bucko.
I know, I have 3 of those 500+ devices... and the DAMNED things wont play the protected ones.
Warning: Long-ass document (Score:1, Informative)
If you get tired, skip down to the *But, but* part.
gewg_
Re:fairplay CVS is still up (Score:1, Informative)
http://heanet.dl.sourceforge.net/sourceforge/pl
http://switch.dl.sourceforge.net/sourc
http://aleron.dl.sourceforge.net/s
http://unc.dl.sourceforge.net/sourceforge/p
http://umn.dl.sourceforge.net/sourceforge/p
http://easynews.dl.sourceforge.net/sourcefo
http://cesnet.dl.sourceforge.net/sourceforg
http://keihanna.dl.sourceforge.net/sou
http://belnet.dl.sourceforge.net/sourcef
http://twtelecom.dl.sourceforge.net/so
Re:Lies (Score:2, Informative)
this is from there EULA and its not very nice
for no on should have root access besides me on my hard disks
"* Digital Rights Management (Security). You agree that in order to protect the integrity of content and software protected by digital rights management ("Secure Content"), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update. "
" intresting that if you agree you give up your admin rights to them..... and they tell you on a web site and not let you have a chance to agree or disagree with it
M$ wants control simple as that
Mod this down as incorrect (Score:3, Informative)
Learn a bit more before you go bitching...
Re:How do you obtain the drm key? (Score:2, Informative)
C:\Documents and Settings\YOUR_USERNAME\Application Data\drms
Copy the contents of that directory into ~/.drms and you should be good to go.
VideoLan (Score:5, Informative)
Hopefully someone takes this new code and makes a windows version, that can do process large amounts of files at a time...
Re:Lies (Score:3, Informative)