Reader Comments

I know that putting the words 'hacker", "iTunes" and "DRM" is an instant magnet for new readers but . . . put a little perspective on this, it's not news: a) there are hacks for every DRM and one of the frequent hacks, for all systems, exploits the fact that a decrypted data flow must reach the sound card b) these hacks have been around for a while c) Jon Lech Johansen's QTFairUse is just another in a series of this type of hack d) it doesn't matter which music application, OS or current hardware you use, they are all subject to this type of hack e) until sound cards or chip sets come out that decrypt the data on board, we'll have these hacks f) even once e) happens, people will still be able to take the analog sound output and recorded in another form g) DRM will always be hacked and NOBODY can completely "protect the intellectual property rights of artists who sell music"

This is a non issue. There is freeware available for the Mac (and I assume for Windows too) to enable the user to copy any sound his Machine makes or plays. So I can quite easily copy the music I download, and then save it as a MP3 file, bypassing the DRM. This guy has spend numerous hours of complicated programming for naught.

you have to be a complete moron to think you need new software to by pass any DRM strategy.... Itunes music has about a DOZEN ways that can be used to make an MP3 file.... Johansen, just doesn't have a clue as to how easy it is.... apparently.... iTunes is not there to keep people from using illegal means, it is there for people who respect music..... DRM is there to satisfy the labels, not iTunes appeal or customers technical abilities...... and saying MSFT can survive security exploits is like asking a horse to fly, i can at Will copy any WMA file i wish using not only a dozen ways to do it, but johansen's way too.... and there is NO copy protection that will ever be water proof.... EVER..... if you can hear the music, you can copy it.... that is how stupid your argument is.... iTunes is there for people who respect music and musicians, not for how hard it is to copy music... i prefer iTunes way though because the compression is much better for the bit rate than MSFT's..... striking deals is not dependend on DRM strategies, because illegal file sharing shows how little DRM is needed... all the music is already available for illegal downloads... if people want to steal music, they will the labels however were stupid enough to not provide an alternative.... Apple provided people with an alternative..... not MSFT, not the labels... APPLE.... if i want to download music, i'll see if an artist and label is smart enough to provide me an opportunity to do it legally... if an artist is stupid enough to preclude this form, like the BEATLES and metalica.... then i will download their music illegally, even though i do not even like their music, and everyone should, to make the point, that the DRM is not why we buy music,.... and stupidity that the beatles show will get you no where fast... we buy it, because we respect the artists smart enough to make the music available jon.

Poor Jon must have a lot of time on his hands during those long Norwegian nights. But his socialist act of self-aggrandisement is just a waste of time. People who are using Apple's iTunes Music Store are good people who are trying to be honest. If they were thieves like Johansen they wouldn't need to crack any code to steal music, they could steal it in a thousand places. The iTunes Music Store and other outlets are about people CHOOSING to get their music honestly. These are people who choose not to be thieves. As for the people who choose to steal, they really didn't need another method for taking something that doesn't belong to them.

It would have been fair to add that Apple has had a recent history of quickly releasing software updates to address issues. You may recall the streaming of music over the internet from iTunes 4.0, now has been limited to the intranet. While I trust Jon is capable, no one has yet verified his claim and whether what is produced can be made to create playable tracks. Software techniques to block replacing portions of a programs code as Jon did here is well known. Microsoft started doing it in 1996 by adding signatures to dll's thus crippling Novell's single sign-on technology for for Windows. The real issue is will Apple's solution to Jon's hack be elegant enough not to limit legitimate third party updates to Quicktime. And, is this form of updating Quicktime by third parties really what Apple should allow. I'd be apprehensive to replace part of my App with a hackers code, what else does that open my system to? It's my opinion that the real issue is how can a software company protect the quality and trustworthiness of its App while not limiting third party innovations and enhancements. Microsoft chose to use digital signing to cripple a competitor's (Novell's) ability to compete, will Apple's solution lock competitors out of Quicktime or will it elegantly protect the IP of the content flowing through Quicktime while maintaining Quicktime's usefulness as a powerful cross-platform multi-media framework?

FUD. I can't believe I wasted my time reading this. Editor's note: I know the feeling. I can't believe I wasted my time replying to this. --Paul

Paul, Another thing, you can already circumvent the DRM from Apple by burning the tracks to an audio CD and then re-ripping in mp3 or unprotected AAC. In fact, it's very easy to create a smart playlist in iTunes of all your protected AAC files, then burn that whole playlist to an audio CD (iTunes will even prompt you to put in more than one CD if necessary, isn't Apple thoughtful?) Then you can take these CDs and re-rip. All the track info even comes over from what I understand. The record companies are well aware of this. So I'm not sure how much they will care about this hack. As it is, they see Apple and iTunes as their savior. That may be wrong, but I'm sure they will give Apple the benefit of the doubt and some time to patch this. Editor's note: the reason creating an unprotected CD from Protected AAC files and then burning them to MP3 is unacceptable is that 128 Kbps AAC isn't CD quality, so the resulting songs won't be as high quality as, say, the originals, or the CD rips you could make from the 192 Kbps WMA files you might get from MusicMatch, which are of higher quality to start with. --Paul

Paul, here's a funny article from over at Fortune today: "The evil scientist Lex Luthor used his duplicator ray to try to clone Superman, but something went terribly wrong. The result was Bizarro, a good-natured but ugly and backward version of the Man of Steel. Bizarro was the antithesis of cool; his home planet, Htrae, was square," Peter Lewis writes for Fortune. "Which leads us into a discussion of Dell's new Bizarro version of Apple's iPod, called the Dell Digital Jukebox Music Player, or Dell DJ for short. Coming from the square world of Dell instead of the hip world of Apple, it's bigger, heavier, and clunkier than Apple's sleek, suave, elegant iPod, which arrived on the scene two years ago and quickly became the most popular portable digital music player on our home planet, Earth. Even worse, the Musicmatch-backed Dell Music Store is the clumsy, Bizarro counterpart to Apple's brilliant iTunes Music Store," Lewis writes. "Bizarro, the pathetic wretch, was driven mad by constant comparisons with the handsome, smart, and sexy Superman he was meant to emulate. So too must the DJ suffer from inevitable comparisons with the iPod, with its two-year headstart. If the iPod did not exist, the DJ might even lay claim to the title of Best Portable Music Player Since the Sony Walkman," Lewis writes. "But the iPod does exist, and so do Apple iTunes and the Apple iTunes Music Store, and thus the Dell DJ is doomed to be merely the second-best player on the market." http://www.fortune.com/fortune/technology/articles/0,15114,548314,00.html Boy, that IS funny, don't you think? The WinJunk solutions are really taking a beating from Apple this time. What will you guys do, Paul? Editor's note: "You guys"? You mean "me and Microsoft?" LOL. MS does what they do. I write about it. You seem to think there is some bizarre Wintel conspiracy but the truth is so much less exciting I won't even try to burst your bubble. Suffice to say the X-Files has been off the air for several years. --Paul

Your information on this exploit is hardly worth reading. The "hack" that you are describing exists in any and all DRM formats, yes even your favorite MS windoze media player Paul. On the contrary to your praise how MS has left a way to upgrade their DRM, it would not help in this case. Please go back and do more reading on the subject before you open your mouth, it would help you look not quite as stupid. This is about as bad as your last statement on how MS Longhorn is better than mac OS X in every way, yet you manage to name only one instance, and even that is hardly credible.

The particular chink in the armor, as I understand it basically catches the decoded digital stream as it is sent to the audio system. This is unprotectable, save for hardware changes in soundcards and computers and I for one would find that solution unacceptable. More to the point. using this method would be equally effective agains Microsoft's DRM system. Renewing doesn't matter if the stream is now converted to a vanilla MP3 file. I hope my understanding is correct, but welcome the comments of others. Also, doesn't it seem like this article is one the one side cacklingly pointing the finger at Apple, but on the other hoping for success and wishing for a system that does at least a little of what they've done: attempt to make a customer centric DRM system that at least makes the recording industry happy? Does the author want Apple to fail and enjoys hearing each example thereof, or does he think they did a fantastic job jump-starting legitimate downloadable music? Maybe it's just me.

It's still just an analog hole. Big deal.

The utility doesn't create a workable, playable, protection-free music file, but its source code will help other hackers bypass Apple's DRM security in their own applications, eventually leading to a complete breakdown of Apple's licensed DRM system, FairPlay. This doesnt do what i say it does, but I can see the future?????? Whats that between your ears Mr. Thurrrott?

Move along, folks, there's nothing to see here. Paul: are you familiar with a branch of science called "Physics"? Audio can't be protected. If you can hear it, you can reproduce it. I'm dismayed that Apple's DRM has been (somewhat) compromised, but "stream rippers" can bypass any DRM (heck, a microphone in front of a speaker can do it, for cryin' out loud). ANY DRM will eventually be broken. Therefore, the usefullness of DRM is, IMHO, based on the transparency to the user, and the protection of the rights of the USER as well as the copyright holder. Given the recent introduction of "CDs that arent' really CDs" and ridiculous DRM schemes like the one used at buymusic.com, I'm not entirely certain that a workable DRM scheme is yet in place.

Let me see if I've got this right. You buy the song, download it. Rip it. Add a header. Then convert it to an MP3. Why not burn it straight to CD then rip it back using iTunes to MP3? Hardly seems like the DRM has been cracked at all. Seems like a lot of effort for 99c. What has changed here? Nothing really. Nothing to see. Moving along please. No need to scare the locals.

Nice try :). He hasn't hacked iTunes at all, but has merely created a DLL that can intercept ACC streams. That's right people. Not long after iTunes was released for Windows he managed to do this with the wonderful Microsoft and Windows development environment!

Paul, This isn't an iTunes exploit or a DRM exploit but rather a technical and basic end-around of any DRM and that is, what should be called, the Analog exploit. No matter what DRM you have in place the music still needs to be heard and heard through analog speakers. All you have ever needed to do was intercept the stream from the app to the analog speakers. There are a number of places in the process this could be done. On the Mac there is a product called Audio Hijack that has been around for years. It does the same thing this "exploit" does and grabs the audio output from anything that makes a sound. Once a song is authorized and played there is no DRM and this will always be the Achilles heal of any DRM. -Jeff

I have a utility called F***WMA which has been able to get unprotected audio from Windows Media Player files ever since release version 7. It really isn't very hard. There are gaping flaws in both WMP and iTunes. Both iTunes and WMP allow you to burn music to a standard unprotected audio CD, which you can then rip easily. Secure music is *impossible* - if the music industry think different they are fools. If you can hear it, you can record it. Simple as that.

Paul, Who said anything about a conspiracy? For whatever reason, you like to play devil's advocate regarding Apple's success with iTunes and the iPod (and that's being charitable, Paul). And we're just having fun back (or at least some of us are). I do think you'd like to see Apple surpassed (why I'll leave alone - I don't know though I could speculate). Surpassing apple on iPod/iTunes/iTMS just hasn't happened because while Apple is not perfect, they are unique (making the whole package) and that uniqueness allows them to do things that are a lot harder for other companies. Not impossible. But harder. It took 10 years or so to copy the GUI of the mac adequately. Maybe copying iTunes/iPod/iTMS won't take that long. But these things take time for competitors that don't have the advantages that apple does. Surely you realize all of this already. (And don't give me that same spiel about Apple copying from MS too. Of course it does just a lot less.) Apple is in a unique spot and they take advantage of that. Of course there's disavantages to the apple way too (less choice), but right now all the digitial music choices in windows are inferior one way or the other, as well as being not much less money (iTMS/iTunes is the same price, iPod is a few hundred more which just isn't that much money any more). The Dell DJ also is less mainly because it's sold direct - Dell doesn't have to pay for retail distribution. But not everyone will buy that way.

is there anyway to do the DMR removal fast? if I wanted to crack 100 songs it would take a long time. there must be a way, or a program to do it a lot faster.

Sure, I could easily bypass DRM, or I could download the tracks from p2p. I could also drive my car without insurance or MOT and probably get away with it. I guess it comes down to the type of person you are and whether you are comfortable doing it.

"is there anyway to do the DMR removal fast?" Yes. Look for JHymn.