iTunes 4.5 Authentication Cracked

fooishbar writes "Yesterday, Apple released iTunes 4.5, which deliberately broke the 4.2 authentication scheme, which had been successfully reverse-engineered. However, crazney has been at it again, and within 24 hours of downloading iTunes 4.5, has broken the new scheme, and added more features to this library along the way. If you want to incorporate iTMS support in your program, give libopendaap a go!" Reader ScottGant submits this story about the Pepsi/iTunes promotion: "News.com has this story about Pepsi's iTunes promotion give-away. The promotion, which is slated to end this Friday, was to have given away 100 million tracks through Apple's iTunes music site. But according to Apple on Wednesday, only about 5 million free songs have been redeemed."

Only five million?

[Liselle]

That's way less than they anticipated. Only 5 million out of 100 knocked me flat. Since iTunes serves a pretty specific market, I guess that says a lot. Especially since the tracks are free. The question on my mind: how many of those 100 million winners actually reached folks? TFA mentioned something about distribution problems.

Also, about the new authentication crack: I am curious how this will impact their deal to offer free weekly songs, I'm assuming it's some sort of deal with the record industry. Today is a fairly uninspiring Avril Lavigne track (but free! I got it anyway! :P), but I have to wonder.

Re:Only five million?

[OS24Ever]

According to a lot of posts on Macrumors.com and other Mac news sites there were a lot of posts from people in the *huge* markets like New York, LA, San Fran, etc who were posting that they never found a bottle with the promotion on it.

Personally in Raleigh, NC I never saw a 'iTunes' bottle but then again I don't drink a lot of soft drinks anyway.

This is annoying.

[Pave Low]

The idea that Apple is "breaking" or "crippling" this part of iTunes is misleading. It wasn't a feature that Apple provided to begin with, and any hacks to break the DRM scheme will be thwarted by Apple eventually.

If you don't like this, you shouldn't use iTunes at all and don't buy their music because this is something they need to sell music online. Last I checked, you can just buy the CD at the store that contains no DRM at all.

4.5 busted sharing with previous versions

[crackshoe]

my main problem with 4.5 is that it no longer allowed sharing with other itunes running boxen on my home network - the one machine i had updated to 4.5 ( my parents imac) couldn't accesss my music on the g5. it seems like a fairly annoying thing that wouldn't be particularly hard to not break for no particular reason. while i personally think theres no reason to break apple's authentication or other security features in itunes (the current permisions are more than enough for me, and i have less than 20 pruchased tracks, and only 2 machines i play em on), its nice to know that work arounds do exist.

Re:That was quick

[pudge]

I hope apple didnt invest too much time/money in this new fixed drm. Will these media pimps ever learn?

This isn't about DRM, it is about access to the music store, sharing, etc. outside of the iTunes application.

And despite the poster's assertion, there's no real reason to think the authentication scheme was intended to break compatibility; as most developers know, sometimes you need to make changes for other reasons that force a break in compatibility. If this WERE about DRM, I'd say it was likely, but I see no reason to think this separate change was deliberate. It may have been, but no one's given any reason to think it.

Re:Only five million?

[BrookHarty]

I hardly drink pepsi in the bottle, just the cans from the vending machine. The couple times I did buy bottles, the 24 ounce bottles where winners, the smaller bottles never won.

Bad thing, I never remembered to keep the bottle, I tossed it like normal. Dont know how many other people don't know, or don't care.

Re:Only five million?

[SoCalChris]

TFA mentioned something about distribution problems.

In the area I'm in (Downtown Long Beach, Ca), the iTunes bottles didn't reach most stores until the end of February. All of the stores were carrying Lakers promotional bottles instead.

Once the iTunes bottles started showing up, I won a few songs. When I went to redeem them, iTunes didn't have any of the specific songs that I wanted. They didn't have any Led Zeppelin songs, so I went looking for some songs off of a CD that my wife wants. They didn't have that either, so my caps didn't get turned in.

Re:Why do "free" songs require credit card numbers

[DraKKon]

Well there's that.. and I didn't see any of the special bottles until the beginning of April. Wasn't it supposed to start in the middle of february?

But to keep myself on topic.. Apple probably has a standard singup path.. They assume that if you are going to redeem a free song.. that you might buy something later.. But yes.. its lame to require a credit card when you are making a purchase of $0.00..

Pepsi Redemption Rate

[MyNameIsFred]

...according to Apple on Wednesday, only about 5 million free songs have been redeemed...

I wonder what the typical redemption rate is for the Pepsi, Coke and other softdrink give aways. I know for paper coupons [cnn.com] the redemption rate is about 2 percent. Granted alot of those coupons go straight into the trash. However, when people print coupons from the web only 20 percent are redeemed. And if someone is going to print them, you would think they would use them.

My point, is the Pepsi-iTunes rate of 5 percent unexpected?

Re:Only five million?

[Schnapple]

Thing that gets me is this - who is it that's going to go buy a Pepsi for a free song? $1.29 for a bottlecap with a 33% of a 99-cent song. Doesn't add up. So the only people who would get the songs in the first place were the ones who drink Pepsi to begin with - but most of them drink it in cans. If every cap had a free song then I would see Pepsi sales shoot up - but that's not good for Pepsi to eat 99-cents of whatever they get from the $1.29 sale.

I'd say the only ones who benefit from this deal is Apple, but that credit card requirement scared away most people. So, other than more awareness, Apple didn't gain much from this.

5% sounds about right

[71thumper]

Given the classic assumptions on "mail-in rebates" that only 10% of the people actually bother if the amount is less than $100...5% is actually amazingly high for something that has a very narrow audience given the number of people who by Pepsi (i.e., lots of people that bought winners didn't care about iTunes).

I personally got about 30 free songs

[ScottGant]

My wife and I would go out of our way to get the Pepsies with the promotion. We won quite a few times.

It wasn't a bad promotion, but many times we had to go out of our way to even find the Pepsies with the offer. They were hard to find.

Re:Why do "free" songs require credit card numbers

[Chanc_Gorkon]

Well, and another problem I saw was it was bitch to read the caps soemtimes. Another problem was that they only let you enter 10 a day. I guess they don't like my practice of ferreting them out of trash cans (we are a pepsi campus). I plan on getting a Xbox this way as well thanks to DewU. If I fail to get 550 points, I will get a minifridge for my desk.

How is this authentication Cracked.

[raptor21]

If a person still needs a account to login to iTMS with this bit of reverse engineered method, the Authentication hasn't been cracked!!!

Authentication cracked means that you cand take an encrypted password and retreive the plain text for and already existing account.
All this guy seems to be able to do is figure out where and how iTunes sends its login information, so he can put it in his own application.

5million, because they want a credit card.

[Comsn]

they want a credit card for you to retrieve your free itunes aac, and since this was a promotion geared towards teens, how are they supposed to get thier free music?

i had a couple caps but i didnt feel like signing up. great promotion there. only .5% went thru with it.

100,000 winning caps were not produced!

[Perl-Pusher]

I collected over 150 bottle caps and not one was a winner! I drink about 6 diet pepsi's per day. And my friends at work saved the caps for me. So this is no suprize to me. I don't personally know anyone who won a song.

Re:Yay for hackers!!!

[SatanicPuppy]

I don't know why they bother trying to up the security. There is no way to secure media content that is compatible with mass distribution. It's the same problem they had with DVD encryption---you can't cut out the illegitimate users while not cutting out the legitimate users at the same time.

They need to work on their business model, because this piecemeal anti-cracking stuff is a joke.

Just like Rebates

[Anonymous Coward]

I have personally won three or four songs, I use a mac and iTunes. I have never redeemed any of them. I always forget and throw the cap away about 5 minutes after the "haha I won".
Woops. Oh well, who cares about one free track anyway? What am I going to do with one free track. I've used the music store twice and it was to purchase full albums that I could't find on IRC to download.

Re:Wrong way round

[hanssprudel]

For better or for worse, DRM is a battle that content providers will lose

No [againsttcpa.com] they [cam.ac.uk] won't [notcpa.org].

Don't be surprised when Apple suddenly becomes one of the biggest supporters of "trusted" computing, and introduces a palladium technology of their own. And all the Mac zealots who were busy telling us before why Apple DRM was good, while Microsoft DRM was bad, will come back to tell us why Mac Palladium is good.

I'm not saying the coders here are doing something wrong because they are pushing Apple in that direction: if we self censor ourselves to appease the DRM monglers, then we are where they wants us anyways. Apple picked sides in this battle, and for all the bullshit their fans are feeding us about "nice" DRM, the side they chose leads only one way. Goodbye user controlled computer. Welcome Palladium controlled user.

Re:Only five million?

[daviddennis]

I was planning to switch from Coke to Pepsi for the duration of the promotion, but as you say it's not cost-effective for heavy drinkers such as myself to buy individual bottles.

I did buy a few and I won all but one of them. I really liked the promotion and I'm sorry it's (nearly) over. There are still caps in the stores, so I think they should have extended the redemption period.

Since I wasn't able to tilt the bottle and see which bottles were winners, I thought it was interesting that I won most of them. I live in LA, and we've only had the bottles for a couple of weeks now. Perhaps they had to use up the winning caps and so a higher percentage of people here were winners.

I think they should have stuck in maybe 3 codes for each 12-pack. That would have given the heavy drinkers a chance to win. The contest as it is seems designed for light drinkers, and that's just plain silly. Why not cater to your huge customers and hope to snag a few from Coke?

(I'm afraid that I like Diet Coke in cans quite a bit more than Diet Pepsi in bottles, so from a conversion perspective this was a flop).

D

Re:Only five million?

[outZider]

What credit card requirement? I don't have a credit card, and I use the service just fine... Gift cards from Target and Pepsi free songs.

My experience.

[rdewalt]

I've redeemed 24 caps. My "find" rate was on the order of 50%. I still have three left in my "To be used" stack, that I doubt I -will- be able to use before the expiration period.

Why? Because there is not enough music I -LIKE- on iTunes. I don't like 90% of the pablum they tried to force to me, and when I was browsing around, there wasn't anything I wanted that I Didn't Already Have. Nearly a third of my 24 redeems were recommendations from friends, or re-aquisitions of songs I don't have on CD alreay.

Did it change my soda drinking habits? Sort of. Before the promo, I was a diet coke drinker, I swapped to Diet Pepsi while I could find the bottles. Now, I drink Diet Coke again. (Well, Diet Mt Dew, there's another promo on Dew Points...)

As for breaking it? Eeh, I never worried about the first one. I burned to CD all the songs I DL'ed, and listen in the car. My MP3 Player is my PC where I have them legitimately anyway. Perhaps in the future that will change.

Pepsi F*CKED the distribution

[rjung2k]

End of February? You were lucky -- I was working in Anaheim since January 2004, and we didn't see any yellow iTunes caps until the third week of March, which was right before the promotion ended.

I'm still getting yellow caps now; it's a good thing Apple is still letting me redeem them (at least through tomorrow), because I've already cashed in 7 or 8, and could reap a few more between now and the end of work tomorrow.

Re:Am I the only one who thinks this is bad?

[Anonymous Coward]

Where are all the projects setting out to crack DRM'ed WMAs from the competition?

Re:Fantastic.

[Ararat]

I think your vision of civilization is seriously warped, and your grasp of Japanese history is terribly flawed. While Tokugawa exhibited genius in uniting Japan into a single nation under the Shogunate, the culture that evolved from his social theories trapped Japan, for centuries, into a static class-ridden state that rejected change, both social and technological innovation, and was very much the equivalent of the European Dark Ages.

The elevation of the samurai to a ruling class, and the rigid caste system that they enforced, froze Japan's cultural development and reduced what had been a vital nation into a backward and primitive country that was fragile and all but helpless when it confronted aggressive US and Western neo-colonialism in the mid-1900s.

(It remains to be seen if such model, a culture largely shaped by fear of change and innovation -- and a desperate effort to freeze a economic elite in power by oppressive laws -- will prove irresistible to the RIAA and the US Congress;-)

For the vast majority of Japanese subjects, the experience of the Shogunate -- despite the peace that it brought to their nation -- must have been excruciating terrible. You were what you were born to be, period. Social mobility disappeared. Economic development, technical development, social development, and political development were all but brought to a grinding halt. Even the damn wheel seems to have been forbidden on carriages. Women (even samurai women) were, for the first time, forced into a state of utter dependance on males.

Rule by oppressive soldiers -- soldiers, mind you, in a centuries long interregnum in which there was no war -- made for a sad, damaged, pitiful, feudal society that is only retroactively redeemed in its ruling class poetry and Bushido myths.

By the mid-19th Century, culminating in the Imperial Restoration, the social structure had become so corrupt and self-destructive that -- when it briefly confronted the West -- it collapsed into a fascist monarchist revolution that set the stage for the aggressive Japanese militarism and imperialism that roiled Asia and the world for 50 years, until the WWII surrender placed them in MacArthur's thrall.

Step cautiously when you recommend Tokugawa's social vision. The new millennium already has an overabundance of fearful powerful folk and "leaders" who dream of extending the status quo indefinitely.

_Ararat

Re:Wrong way round

[hanssprudel]

Fine. Goodbye American locked-down computer. Welcome Chinese non-TCPA alternative.

Goodbye Internet access, which will require that your computer authenticates itself as correctly TCPA user hostile.

And even if you do find an ISP that will let you online, goodbye web content, since webpages will consist of encrypted content that only TCPA can read.

Goodbye IM access (they are currently breaking third party clients for "security reasons" every other month. With TCPA in place they will do it ones and for all).

Goodbye email access (Bill Gates is talking about using "trusted" mail agents to stop spam).

Goodbye computer gaming (TCPA "trusted" clients to stop cheating).

Goodbye reading Microsoft Office documents.

Re:Only five million?

[Fnkmaster]

Agreed - like any rebate program, the redemption rates are usually quite low. And those are redemptions on 10,20 or 30 dollar rebates - the return is much more substantial than the effort invested. Though the return from this promotion is high relative to the product cost, they might have had a much higher redemption rate if they were giving away something with a higher perceived value and giving it away less frequently than 1 in 3. Though it's nice to get a 99 cent free item with a 1.29 bottle purchase, there's still the cost of remembering to hold onto the bottle cap, signing up for the service and so on to redeem it - realistically, the costs of this effort may be valued by many people at pretty close to the dollar value of the item itself.

Then, as you pointed out quite accurately, there's the system requirements, bandwidth requirements, computer-experience and application installation experience requirements, and the need to be interested in music (many people don't listen to much music, or are just interested enough to listen to what's on the radio). Frankly, I think a 5% redemption rate should be viewed as a rather decent success of this product. If they thought honestly that they'd get a 30% redemption rate, they were kidding themselves. Personally, I think I would have guessed more like 10% based on my sense of the market.

I also think the promotion would have been much more successful if it targetted regular Pepsi drinkers who drink from cans. The return from cashing in these free songs is much higher if you've collected 10-15 free songs, and I'd say the likelihood of that person getting the songs and going through the effort is much higher than the likelihood of somebody else.

I'll us myself as an example (though I'm a bad one in most ways). I am not a regular Pepsi drinker - I drink Pepsi usually only when there are no other options (i.e. no Diet Coke around). I won an iTunes cap while on the road driving from Boston to New York at a rest stop in Connecticut where they only sold bottles, and only sold Diet Pepsi. I have used iTunes and purchased probably 15 dollars worth of songs from iTunes in the past. I thought it was very cool and great that I had a bottle cap worth a dollar, and I put the bottle somewhere meaning to keep and redeem the free song. Nonetheless, I didn't really give it enough thought to be terribly careful with that bottle, and ended up throwing it out by accident when cleaning my car after the drive. Had I gotten that bottle cap upstairs and dropped it by my computer, I probably would have redeemed it at some point. So even among people interested enough, competent enough, and so on who happen to get a winning bottle cap, the redemption rate is likely to be at best maybe 50%? And that's a pretty small fraction of the population

Pepsi only, not Pepsi products

[log0n]

I personally took advantage of the promotion - all in all got about 50+/- free songs. I don't drink all that much soda, I had a lot of help from friends/coworkers (they all know me as the lone Powerbook guy among the sea of Dell - since it was Apple's promotion, they figured I was the only person who could use the caps ;-) ).

I think one thing that hurt the promotion was the lack of variety in sodas that could win. Pepsi, Diet Pepsi. No Caffiene Free Pepsi, Lemon Pepsi, Vanilla Pepsi, etc. No Mtn Dew (I can safely assume that the 5mil would break 10mil from the Slashdot crowd alone), no Dr Pepper, etc. I prefer Pepsi over Coke so when I was interested in a cola, it was going to be Pepsi. But I know a lot of people who generally like Pepsi products, just not Pepsi.

I'm in the DC area, we had the new bottles pretty quick after the promotion started (largely due to the lardy fatsos in Baltimore w/ a caffiene craze I bet ;-)).

$.02

Re:Not surprising (in retrospect)/iTunes #'s

[adzoox]

You say not surprising like it were a bad thing for Apple to have 5 million songs downloaded - if even 1/10th of 1% of those = 5000 people - purchased additional songs it was worth the FREE publicity Apple got.

This promo wasn't a failure by ANY means:

Let's say Pepsi produced 100 million bottles with free song caps. Out of those, 70 million were sold. 50% of the buyers had computers (down to 35 million) and 50% of them had broadband (down to 17.5 million) and 50% of them were interested in digital music (now down to ~9 million).

Apple got over 1/2 of those people to use iTunes, many for the first time. Many of these people, now that they had to download the software are likely to remain apple music customers.

Then you break it down further - those who like the iTunes Store that also drink Pepsi and those that have a portable player that will play them and those that were just generally confused and thought that it was STILL stealing or thought that it was exclusively an Apple Promotion.

I KNOW older people that think ALL downloaded music must be stolen or illegal AND I know people who think iTunes ONLY works on Macs or if it has an Apple Logo and says Apple Computer it must be Apple/Mac ONLY.

I'd say; if we take ALL that into consideration they actually had a 75-90% redemption rate.

Re:Wrong way round

[valmont]

you are only locked into Apple's platform if you choose to remain locked. Apple is giving you the tools you need to pursue fair use to its full extent. You can burn your iTMS music to CDs all you want, DRM restrictions are EASY to get around and LEGAL within fair-use, they are merely there to prevent the mainstream crowd to instantly feed their iTMS music to P2P networks.

Re:Yay for hackers!!!

[shark72]

Your comments are very astute if we assume that most people are similar to Slashdot readers. Apple has done a tremendous job of getting iTunes / iPod awareness into the mainstream -- there's a higher non-geek ratio than many people understand. Most iTMS users don't read Slashdot or other tech blogging sites, nor visit Sourceforge regularly. Most iTMS users don't have more than five PCs, or need to burn more than eight copies of a CD, or have a huge desire to dump their collection of iTunes-purchased tracks into their Kazaa share directory.

It just may be so that among your circle of friends, awareness and use of the iTunes crackers approaches 100% -- no debating that. However, among my circle of friends who use iTunes, awareness is practically zero, and when I've mentioned it to them, their responses have been more along the lines of "how retarded," rather than "ooh, just what I've been looking for." Internet or no, there's a whole different strata of users beyond the Slashdot crowd.

Re:Only five million?

[Monx]

Other than the moral part, there's no advantage in using itunes over anything else

iTMS is a music store. iTunes is a kick-ass audio player/organizer. It is second to none, imho. No winamp user I know who tried iTunes ever went back.

Some shortcomings, but the DB makes up for them

[Monx]

iTunes on Windows is slow

I believe that it was a poor design choice on Apple's part, but iTunes performance degrades quickly in the presence of shoddy video drivers. This may have been your problem. Also, if you disable SoundCheck (or just let it finish running) performance improves dramatically. SoundCheck determines the volumes of your music files and has iTunes compensate for bad rips, etc.

iTunes on Windows is slow

FairPlay is the DRM system used on files from the iTMS. iTunes could care less what you do with any of your files that were acquired elsewhere. It will even let you stream audio across your network with almost zero setup.

Winamp 2.95 is fast, convenient, and smart.

It sure is better than the 3.x version, but it has zero library management functions. It takes no time to search for a song in my library in iTunes. If I want to hear a song, I can begin to type any part of its name or its artist's name or even the album name and the song list updates live with each keystroke. It often takes just one or two characters to bring the song you want into the window. That is the one feature that sets iTunes apart from Winamp for me. I really liked Winamp and Macamp but I hated trying to find a particular song. I had to use filesystem searches, but that's not good enough.

You might want to take a second look at iTunes after you update your video drivers. Since you want it to be light weight, turn off all of the music store and sound enhancement features (turn off SoundCheck!). Then you will have an awesome music library management program. I think that if you have a significant music library that you will appreciate the search feature so much that it will eclipse iTunes other shortcomings.

5 Million is unsurprising

[WapoStyle]

I did not see a yellow cap until about a month after the promotion started and the yellow caps disappeared during the last week of March. I didn't see any caps at all during the month of April.

It would seem that Pepsi did indeed screw up big time with the distribution. It's a shame the caps were only around for about a month, I would have gotten many more free songs if they didn't disappear so fast.