iTunes 4.5 Authentication Cracked 725
fooishbar writes "Yesterday, Apple released iTunes 4.5, which deliberately broke the 4.2 authentication scheme, which had been successfully reverse-engineered. However, crazney has been at it again, and within 24 hours of downloading iTunes 4.5, has broken the new scheme, and added more features to this library along the way. If you want to incorporate iTMS support in your program, give libopendaap a go!" Reader ScottGant submits this story about the Pepsi/iTunes promotion: "News.com has this story about Pepsi's iTunes promotion give-away. The promotion,
which is slated to end this Friday, was to have given away 100 million
tracks through Apple's iTunes
music site. But according to Apple on Wednesday, only about 5 million
free songs have been redeemed."
What stopped me from downloading (Score:0, Insightful)
So I took my number and went to iTunes.com. What a mess! What I was looking for was a place where I could enter my code and get a song. Instead, there was a confusing assortment of links like "Download", "Music Store", "Jukebox"... noplace that says "Enter your code here".
Now, I'm savvy enough to figure out that I'm going to have to download Apple's special player, run it, and *then* enter my code. But they didn't put the codes on the Slashdot homepage... they put them under the lips of Slurpee [bradfitz.com] cups. If you want to appeal to Joe Slurpee, you need to learn from the "spank the monkey" advertisers: make it mind-numbingly simple.
Here's what I'd have done, if Apple had any interest in hiring an old VB hand. Put a textbox right in the middle of the itunes.com page. Put a big button next to it that says "Download song and player". Generate an install packet that's already got the free song code in it. If the installer sees that iTunes is already installed, just feed it the song code, otherwise install and download.
Joe Slurpee sees: enter code, push button, hear song.
So... anyone want my leftover iTunes codes?
Fantastic. (Score:0, Insightful)
This reminds me of a historical anecdote. One of the many advancements made under Lord Tokugawa's rule, which is arguably the point at which Japan began to transform into the powerhouse of technological innovation we know and love today, was the world's first sukaisukure ('skyscraper'). Built as the southernmost endpoint of the Great Wall to commemorate its completion, the sukaisukure could hardly compare to today's structures; however, given that its architecture predated the use of steel in building design it stands as a testament to Tokugawa's extraordinary vision.
Despite Tokugawa's status as a visionary, he could not contend with the constant threat of an armed and discontented populace -- to secure his reign, he confiscated the weapons of the lower classes and permitted only those of samurai rank or higher to carry swords. Viewed as a tyrannical measure that sowed some degree of discontent, this nevertheless permitted Tokugawa's innovations to come to fruition and ultimately benefit society.
Apple is in a similar situation. They are at the bleeding edge of the industry, particularly in relation to the music industry's philosophies, and need desparately to prove that this model works. They can't afford to look on these hacks with benevolence because they've got to work with the RIAA and affiliated labels just to make the music available. Can't the people who want their music in freer formats simply buy it on CD and convert it for their own use -- thereby voting with their dollars for a better scheme -- rather than creating software that threatens Apple's relationship with its business partner and ultimately its customers via the policies it has to adopt in reaction?
Re:This is annoying. (Score:5, Insightful)
No they didn't (Score:5, Insightful)
I'm sure Apple doesn't care. (Score:5, Insightful)
- The De-Fairplay utilities don't have public development sites, and instead are forced to be these little files passed around on USENET and P2P and slashdot like they're some sort of contraband, well out of the public eye
- The way things work change just *SLIGHTLY* with every minor release of iTunes, causing all the De-Fairplay utilities to have to be updated with every minor release
Then, well. The slashdotters get to keep their de-Fairplay utilities and use them as much as they want; and from the RIAA's perspective, Apple's "doing something" about piracy, because there's no longer a publically visible way to crack Fairplay, and so they don't revoke Apple's license to sell music. Everybody wins! Except our civil liberties.
Re:This is annoying. (Score:2, Insightful)
Most people who are using these hacks aren't using them to illegally copy music, but are using them to play the songs they purchased on unsupported hardware. As far as I'm concerned, this constitutes fair use.
Why so few redeemed songs... (Score:5, Insightful)
But I think more importantly, the vast majority of people simply don't know much about iTunes (or don't even know what it IS). I dug a lot of "one free song" bottle caps out of the wastebaskets in our office because people didn't have a clue what they were...however, once I showed them how to redeem them, their reaction was usually something like "I can get any song I want?!? COOL!". This leads me to believe that Apple still has a ways to go in terms of public interest and awareness of the online music store scene...which is actually an exciting opportunity for them.
Wrong way round (Score:2, Insightful)
For better or for worse, DRM is a battle that content providers will lose.
K
Arms race (Score:4, Insightful)
In the end, though, if this stays a technology arms race, Apple will lose. Why? Because most of the smart people in the world don't work for Apple. (That's also true even for Microsoft, incidentally.)
Apple will have to take another tack if they want to preserve the integrity of the iTunes DRM. What that'll be, I dunno, but I hope they don't resort to suing their customers.
Good? (Score:4, Insightful)
Shameless hypocrisy (Score:3, Insightful)
Some people here have their tongues so far up Apple's ass that they are even willing to defend their DRM technology, and attack those that work around it.
Shame on anyone that is defending Apple here but didn't defend the MPAA's attack on DECSS.
Blind eye (Score:2, Insightful)
Sun Tzu on the Art of War: Attack your allies to weaken your enemy
Re:No they didn't (Score:2, Insightful)
Of course Nike's do cost $1.50 to manufacture (this is not an exaggeration), but still 20% off ain't none too bad.
Am I the only one who thinks this is bad? (Score:2, Insightful)
Re:This is annoying. (Score:4, Insightful)
Last I checked, you can just buy the CD at the store that contains no DRM at all.
The problem is that you never know what you are going to get when you buy a CD. Many CDs these days come with DRM that stops you from playing the songs on computers and even some stereos. And you don't know until you try it at which point the stores won't let you return it because it was opened. So given the choice between a useless, ~$15, round, shiny piece of sh... err... plastic or a ~$10 downloaded album that I can burn to a CD, copy to my iPod, or play on 5 different computers, I think the choice is obvious. The phrase "lesser of two evils" comes to mind.
Re:Only five million? (Score:4, Insightful)
100 miliion is the maximum possible number of redemptions; that's the number of winning labels they printed. You'd have to expect every single winning label to be redeemed to reach that number.
Apple expected of the 100 million winning labels, about 30% would ultimately be redeemed, or 30 million. 5 million compared to that isn't good, but it's better than compared to 100 million. I blame Pepsi's rather lackluster promotion efforts in part (a brief, off-handed mention in a commercial that ran once during the superbowl).
Sounds like an ego thing to me (Score:5, Insightful)
Ok, you're a clever guy. We get the message.
But is your ego helping those of us who would like the RIAA to see the light and start being more open in their approach to digital music?
Re:This is annoying. (Score:5, Insightful)
You are under obligation to abide by the terms of the agreement you entered with Apple. Apple is under no obligation to support every OS out there.
If you don't like the conditions Apple places in iTunes Music Store, including the limited number of supported platforms, don't use the service.
Re:Free iTune download (Score:2, Insightful)
Re:This is annoying. (Score:2, Insightful)
I think that it is much better to crack iTunes's file format so I can play the songs I legally purchased than to download songs completely illegally over a P2P network.
Re:Why do "free" songs require credit card numbers (Score:4, Insightful)
Other people's comments aside (about the CC field as optional for a signup), why would you say they fucked themselves?
They got the PR associated with giving away $100M worth of stuff. They only had to pay out $5M (less, since this certainly doesn't cost them as much as it would cost an actual customer). And you say they fucked themselves?
More like they fucked us. At least they used lube, but still... "Distribution problems" my ass. For anyone who considers every aspect of this as anything but well thought out and perfectly coordinated, I have a bridge to sell you...
Re:Fantastic. (Score:1, Insightful)
"I don't know what endgame they're working towards,"
Oh, but I know what Apple's endgame is. Gaining complete control over your music collection and deciding what you are and are not allowed to do. Witness the restrictions which are already increasing. 10 burns to 7? What next? Did you really think that Apple's "loophole" of allowing you to go DRM->CD->non-drm was going to last forever? The endgame for Apple and the rest of the online music industry to completely take away any rights you might once have had with regard to doing what you want with your music. Eventually there will come a time when people forget that you didn't had to have a license for every God dam machine you wanted to play music on.
If the current "Apple" model wins eventually we will all lose. You need to get over your whole benevolent dictator fantasy if you think that was ever going to be the long term model for online music sales. Better we force their hand now then slowly get caught up in their DRM like a lobster in a pot heating up on a stove. If you don't get out now you never will.
Hooray! (Score:5, Insightful)
But wait, that's not really what they wanted. What they really want is stores with no cash registers and libraries of thousands of pieces of music representing the creative efforts of generations of people while valuing those libraries at zero.
Oh, and they also want to complain about greed.
Re:Upgrade the other machines! (Score:3, Insightful)
Dear God... (Score:5, Insightful)
To those who couldn't find where to insert your code on iTunes. USE YOUR EYES. It was right there on the front page: "PEPSI iTUNES GIVEAWAY." With a Pepsi logo with headphones on it. Click on it, insert your code, then it says ONE FREE SONG in the upper right hand corner. Find a song, click DONWLOAD, and it downloads it free.
To those complaining about having to use a credit card: How else are you going to pay for the songs you download? Food stamps?!
And about the DRM. c'mon people. Apple has to play the game of the law and the game of the recording industry in order to sell these things. But you tell me. How many other service let you KEEP the rights to the songs you bought, allowing them to be burned with the only restriction: Can only burn the same PLAYLIST 7 times to CD....Hell, Add or subtract a song from that playlist and you have a whole new playlist ready to burn.
People...just have no sense of reason. This is the BEST legal download service available on the market. Plus, the software is free, and is THE BEST jukebox software, on ANY platform.
Even WINBLOWS users are stating that "opinion." Should be more like fact if you compare all the others.
Re:Yay for hackers!!! (Score:5, Insightful)
"I don't know why they bother trying to up the security. There is no way to secure media content that is compatible with mass distribution."
It's the "a little goes a long way" paradigm. There's not a car lock that will stop a sophisticated thief who wants your car, but it stops 90% of the punters. Same with locks on doors and copy protection on computer games and gaming consoles. There are likely professional car thieves who also wonder out loud why the car manufacturers don't just give up because it's a losing battle, etc., but it's not going to happen, either.
"They need to work on their business model, because this piecemeal anti-cracking stuff is a joke."
Apple has sold 70 million songs in their first year, and the iTMS is the most wildly successful of any of the legitimate download services, by a wide margin. I think their business model suits them just fine. Remember, Slashdot readers != the general populace. The little annoyances of playing cat-and-mouse with the "all music must be free" crowd is just one part of doing business and is similar to the fraud and theft issues that many other retailers deal with.
hacking itunes is wrong (Score:4, Insightful)
Itunes is a good thing , and if you hack their songs without paying you are a thief. It is not like Kazaa where you might say there is no victim, Itunes is based on selling its product,and if Itunes fails mac users are screwed.
If there is someday an Itunes for Linux are you going to hack that until it dies too?
Re:This is annoying. (Score:5, Insightful)
So really this has nothing to do with hurting Apple, or not agreeing to a "EULA", and it has everything to do with Apple cynically attempting to manipulate network effects. Your brother sharing his CD collection on the home network using iTunes? You can't use WinAmp, WMP, RhythmBox, Muine or whatever to access that, you have to use iTunes too. Then when you share your music, it cascades onwards.
This is especially true in places like homes, student flats and college networks, like the ones crazney is on. Really, Apple have no excuse for this: restricting DAAP can only have one goal and that is to use peer-power of the type that keeps Windows entrenched to give iTunes an upper hand. As such it frankly deserves to be cracked.
I know crazney. He's a good guy. We talk often - he isn't out to screw Apple or steal music. He wants to play the music on his Mac laptop using the iTunes streaming system: this seems totally fair to me.
Re:hacking itunes is wrong (Score:4, Insightful)
No, it's not misleading (Score:4, Insightful)
I have my entire music library--which, incidentally, is 100% legal and paid for--on a Linux server running daapd. iTunes 4.5 broke iTunes so I could no longer pay my legally purchased music on my Macintosh.
Fortunately, the maintainer of daapd worked out the fix about as quickly as the maintainer of libopendaap did, and I've been able to upgrade iTunes after all.
Make no mistake, Apple's screwing around does have a negative impact on their customers, even the ones who haven't infringed copyright.
Re:No they didn't (Score:2, Insightful)
Not surprising (in retrospect) (Score:3, Insightful)
1) Most people don't care about music. They put on the radio, and will buy a "Greatest Hits" collection perhaps once every 6 months, but that's about it.
2) The number of people who can be bothered to check out the iTMS, and know how to find Apple's software, and are savvy Internet users, is a minority of a minority of a minority. Sure, if all you read are trade rags on the Internet, you'd think it was the Second Coming of the Messiah. But most people couldn't care less.
3) So you're left with a comparatively small group of hipsters and gadgeteers who love music and know about the promotional offer. Now all that has to happen is for them to bump into a bottle (not can! not cup!) of Pepsi. Odds are pretty small.
This is stupid (Score:3, Insightful)
Uh, yeah. And if Ford doesn't want people to steal Explorers, they need to provide a way of distributing cars to people who don't have any.
What planet are you from?
Re:Arms race (Score:5, Insightful)
That however doesn't mean you don't attempt to enforce those allowances (legally in general they need to do that to insure proper precedents are set). I believe Apple will try to do that without causing problems for its customers, without punishing folks for the acts of a few, at least based on comments by Steve and company. Apple also has to attempt enforcement to likely placate record companies and artists listing song on the store.
Anyway, it is like the issue of cassette tapes back in the day... folks worried that rampant pirating of music would take place and kill sales. Well pirating did take place but the connivence of the tape form factor allowed things like tape players in cars, smaller/cheaper/easier to use stereos, and portable players like the Walkmans. This grew the market size for music and the large gains in market size easily offset the loss do to piracy.
You make a good way to buy and listen to music, one easier to use, more convenient and reasonably priced to out compete the illegal channels (generally most folks like to do the right thing). This is the thinking that Steve and company has stated a few times.
Personally I see hacking around FairPlay as a waste of time, it yields me nothing that I cannot already do based on my needs. If it pushes the business world to more draconian DRM and/or stronger legal actions that "punishes" everyone then it is doing folks more of a disservice then a service.
Re:Only five million? (Score:1, Insightful)
+ The person has to give a shit about getting music. That eliminates a huge portion of the poulation right there.
+ The person has have a personal computer -- not just a work computer.
+ The computer has to be pretty new -- 2000 or XP, which means consumer PCs since 2003 only. Your Compaq Presario running 98SE can not apply. Even older Macs can't do it (50% of the installed base).
+ The person has to download and install iTunes -- which is a pain-in-the-ass over modem. This is assuming they even can find where to get it from.
+ The person has to figure out the itunes UI -- could be difficult for the AOL crowd.
I dunno how they ever got an estimate of 30%. The system requirements themselves make that impossible.
Re:Wrong way round (Score:3, Insightful)
Seriously, the far East is rapidly catching up with technology, and I can think of few things that will spurn the Chinese into producing a viable PC alternative than the risk of being locked down to American corporate rule.
Of course the performance will never be bleeding edge, but for most tasks a 3 GHz processor (or whatever they are up to by the time TCPA becomes standard) will be overspecified, and I know where I will be placing my money.
By the time it becomes technically viable to mandate lockdown technology in Western PC hardware, it will certainly not be economically wise.
K
Re:Wrong way round (Score:3, Insightful)
Look... We get to have downloads, supposedly what everyone wanted (speedy, somewhat of a selection, etc). What do we do? We break it, in minutes (as predicted), and we look like a bunch of fucks. "We gave them what they wanted and they break in anyway." They are just going to make it harder and harder.
This process takes time and money from all sides. We are all going to continue to pay out the ass in the end.
Support free music (see link below). Do NOT support bands that demand their music is paid for. Do NOT support bands that are run by the RIAA.
Re:This is annoying. (Score:1, Insightful)
Don't like it don't use it. (Score:3, Insightful)
I won't, thanks! Oh, and if you don't like Playfair, don't use it either! Software should not be illegal. People in America should not be GOING TO PRISON FOR SPEAKING PUBLICLY [freesklyarov.org] about algorithms.
Some things are just absolutely wrong - don't you get that? The music business is of very little importance compared to the sickening law which Apple is invoking to protect their business interests.
Re:Only five million? (Score:5, Insightful)
There are all kinds of people (a.k.a. "kooks") who are now trying to tell you that Aspartame is bad for you. Funny how they came to that opinion just as NutraSweet's patent on Aspartame ran out, so anybody can produce a generic form of it cheaply.
I'm convinced that all this hand-wringing about Aspartame is driven by a desire to sell you on new sweeteners, like Splenda. Every time I "follow the money" on somebody issuing warnings about the Aspartame in Diet Coke, I discover somebody who's competing with it.
(Splenda and Sorbitol, by the way, often contain warning that "large quantities my cause mild diarrhea," by which they mean "even a few drops of this stuff will make you explosively burst out liquid faster than a fire hose within the hour, making severe dysentery seem healthy by comparison.")
Re:Only five million? (Score:1, Insightful)
Re:hacking itunes is wrong (Score:1, Insightful)
Re:This is annoying. (Score:5, Insightful)
I have two words for you: bull, and shit.
I don't care what their agreement says. Nobody has to "purchase rights" to "listen" to a song. If I want to listen to a song that's playing out on the street as I happen to be walking along, nobody has any right to charge me for the privilege. Conversely, nobody is allowed to sign away their rights under the law. If I sign an agreement saying "I hereby grant you the right to kill me by strangulation" that still doesn't give you the right to kill me and it doesn't give me the right to commit suicide either (which is illegal in most states).
Copyright law is pretty clear and the first sale doctrine well established. If I buy a song from iTunes, it's mine and I can do what I want with it provided I don't do anything to violate copyright law. That includes stripping the DRM to exercise my rights as expressly provided in copyright law (don't forget, fair use is not some nebulous concept someone came up with on Slashdot, it is part of the actual law).
Now, you can try to quote various things from the DMCA if you want, but that won't win you many friends around here. And I don't interpret the DMCA as overriding fair use rights anyway, and neither does anyone else I know of.
Re:Yay for hackers!!! (Score:3, Insightful)
You raise a good point but I think you're being a bit harsh on Apple's DRM restrictions, particularly with the understanding that Slashdot users != typical users. Apple's DRM allows sharing on three (or is it five now?) PCs. The vast majority of their customers likely do not personally own more than three PCs upon which they want to play music. Likewise, the ability to burn no more than seven (as I believe the new number is) copies of a playlist before you have to re-shuffle them -- again, the vast majority of customers don't have more than seven cars or other locations that need their own CD.
The only feature of their DRM which is likely to be an inconvenience to the typical user is the inability to convert directly to MP3 without an intermediate burn/rip. But, I certainly understand why this is the case. Apple -- like the businesses that you and I work for or even run -- are in business to make money. If making money on the back end by selling iPods is what allows them to sell songs at a buck a track, then that's fine with me -- if I want to put music on my Zen and it's too big of an inconvenience for me to burn/rip, then I'll get my tracks from an online store that offers WMAs. There are plenty of choices for consumers out there; using a cracking tool and violating license agreements is not the only way.
Re:This is annoying. (Score:2, Insightful)
It's Apple's perogative to write software to play their files wherever they like. If it doesn't meet your needs, you're welcome to use a different player. What you're not welcome to do is break the law -- even a silly law like the DMCA -- and cry "fair use" while you're doing it.
Besides, Apple's already GOT an out for fair use...burn and rip! Shit, you can burn a CD of iTMS music and rip it back USING iTunes, with negligible quality loss. The whole point of "fair" use is that it allows you to use a work you purchased in your own way without opening the possibility for you to unfairly infringe on the owner's exclusive copyright. A slight quality drop is fair in my book -- now, HDTV on the other hand...
That DRM must be a breaze to crack! (Score:5, Insightful)
(1) I spend 99c downloading a song
(2) I spend the next X hours of my life writing or downloading an Apple DRM decoder
(3) I end up with a non-DRM song and a 99c credit card bill
I can see why this is easier than just performing step 1 and quitting. I mean, since I have 6 computers I need to play the song on, or I want to burn 8 of the identical CD, or I have no life.
Re:That's funny. (Score:3, Insightful)
Actually, they do have that right. It was granted by the DMCA and that part of the law yet to be proven unconstitutional. It may never be, for the same reason that bans on assault rifles and public obscenity are upheld: there are other ways to protect the essence of the rights granted by the constitution while still protecting the rights and wishes of others.
In short: your rights are protected, but you don't have to be a dick about it. You can protect your home with a shotgun instead of an AK. You can say "fornicate" instead of "fuck." And you can back up your itunes sons, or re-rip the backups, as easily as you can use fairplay.
The constitution was purposefully vague, so that future generations wouldn't be tied down to loopholes in strict syntax. The rights granted by the Constitution override those imposed by legislation. And the DMCA has been tested and found unconstitutional in some respects -- Sklyarov comes to mind.
Re:Only five million? (Score:3, Insightful)
So two cans a day is okay, but 3.4 cans a day (24 cans per case divided by 7 days) will fuck you up. Obviously, something's wrong with that last can-and-a-half, so all you have to do is not drink 2 out of every 7 cans - thus, you can buy 14 cases a week, throw 4 of them away, and you'll be fine.
Re:This is annoying. (Score:1, Insightful)
He bought the music, why is he a burgler? What is he stealing?
"It's Apple's perogative to write software to play their files wherever they like. "
Its their perogative to TRY to write software that plays their files however they like. This simply shows they failed, are we all supposed to hush up and pretend a crippled DRM system isn't really crippled?
Wasted Caps (Score:4, Insightful)
Ok, now that's just plain silly. These are FREE songs we're talking about. So they didn't have a specific tune you wanted. What was keeping you from downloading a track from someone you never heard of? (The previews are there for a reason.)
You could have discovered something new that you really liked, without any risk of wasting money. Be a little more adventurous...
Re:This is annoying. (Score:3, Insightful)
Don't be silly. Nobody agrees to any EULAs, its just some crap one has to click on. Nobody actually reads or agrees to it. And if you ask people you'll find that something like 99% have that attitude, question then is can you really have such a minority law.
Re:This has nothing to do with the DRM! (Score:3, Insightful)
Except that it allows people to use Linux (or whatever) to access your legitimately-bought DRM-protected songs without having to break the encryption.
TiggsAnd this can only be a good thing.