March 22, 2005 3:37 PM PST

'DVD Jon' reopens iTunes backdoor

A group of underground programmers has posted code online it says will reopen a backdoor in Apple Computer's iTunes store, allowing Linux computer users to purchase music free of copy protection.

The release comes just a day after Apple blocked a previous version of the program, called PyMusique, in part by requiring all iTunes customers to use the latest version of Apple's software.

In a blog posting, Norwegian programmer Jon Johansen, who was previously responsible for releasing software used to copy DVDs online, said he had been successful at reverse engineering the latest iTunes encryption.

Cody Brocious, a Pennsylvania high school student working with Johansen, said they saw the project as "necessary for the Linux community," despite Apple's opposition.

The programmers' work has been one of the most persistent projects targeting Apple, whose iPod and iTunes Music Store have drawn consistent attacks and experiments by people eager to extend the capability of the products, or simply disarm copy protection.

The cat-and-mouse response is a familiar one in the technology world, as programmers have often sought to write software compatible with larger or more popular applications. Instant messaging companies such as America Online, Yahoo, Microsoft and Trillian have long feuded, blocking and reopening access to each other's software.

The PyMusique programmers say they are primarily interested in allowing people using Linux computers to purchase music from the iTunes store, explaining their goals in a blog posting online. Their software requires users to have an iTunes account and pay the ordinary price for music.

They say they weren't aiming at creating a tool for stripping iTunes copy-protection off songs. However, Apple's system adds the layer of copy-protection inside the iTunes software itself, and so they didn't need to add it in their own version, they said.

Apple's software already allows customers to create an unprotected version of a song, by burning an iTunes purchase to a CD. That file can be ripped into an ordinary MP3.

While Apple has made no public legal threats against the programmers, the iTunes terms of service bars the use of any unauthorized software to access the store. Copyright lawyers have previously said that the PyMusique system, which evades Apple's intention to wrap all purchases in copy protection, may well cross legal lines.

"The work I do is completely legal in my country," Johansen said in an e-mail interview. "Of course, I know very well that not doing anything illegal doesn't mean you won't be prosecuted (or) sued."

Johansen was prosecuted in Norway for releasing the DeCSS code in 1999, but was ultimately cleared of charges.

An Apple representative could not immediately be reached for comment.

Brocious said the updated version of PyMusique would only be available for Linux, and that the programmers would not make a Windows version this time.

48 comments

Join the conversation!
Add your comment
Go Jon Go! eom
eom
Posted by bobby_brady (765 comments )
Reply Link Flag
Go ahead. Encourage him.
So that it will be even harder to bring more legal music buying
options online. This does nothing but make an already skeptical
music industry even less open-minded to exploring other legal
options for those of us interested in seeing the space
proliferate.
Posted by deepkidd (6 comments )
Link Flag
Nice
I guess they just tweaked the protocol enough to stop PyMusique from working. Steve just seems to be doing the minimum to keep the labels happy as far as blocking hacks (not that there is anything wrong with that).
Posted by unknown unknown (1951 comments )
Reply Link Flag
Jail Time
These selfiish --cks are doing nothing but making it more
difficult for others to gain a greater number of artists to these
stores.

They are messing with my past-time and millions of others
worldwide. Who the hell do they think they are?!

Fine, now a new method of encryption will be developed. Did
these IDIOTS actually think that their self grandizing acts would
result in non-encrypted data transfers?! Just how stupid is that
thought. Obviously they are smart enough to realize that would
never happen anyway. So the real point of this crap? ...
previously voiced (and i believe quite accurately) as selfish acts.

Put these putzs in the clink
Posted by Thomas, David (1947 comments )
Reply Link Flag
Law
I don't believe they are violating the law in their country.
Posted by System Tyrant (1453 comments )
Link Flag
Reply
"These selfiish --cks are doing nothing but making it more difficult for others to gain a greater number of artists to these
stores."

I am not sure that's the case. The recording industries has been quite successful despite the hacks. Restricting the number of artists they make avaliable makes these service less appealing to the masses and makes illegal downloads on P2P more appealing.


"They are messing with my past-time and millions of others worldwide. Who the hell do they think they are?!"

You past time is iTunes? People with a different past time.


"Fine, now a new method of encryption will be developed."

The problem with DRM system is the encryption. Encryption wasn't designed to be used in this manner. In order for the end-user to have access to their music they need the key for the encryption. So the security of content rests on little more than the developers ability to hide the key. Applications can decompiled and profiled to find out how they work. The biggest flaw is that the content has to exist in an unprotected state at some point.


"Did these IDIOTS actually think that their self grandizing acts would result in non-encrypted data transfers?!"

They don't have to be unencrypted because as I said above, in order for the system to work the user has to have the key. They can encrypt away.


"Just how stupid is that thought."

You tell me since your the one who had it.


"Obviously they are smart enough to realize that would never happen anyway."

I wouldn't say never. I think they're also smart enough to realize that it doesn't have to happen.


"so the real point of this crap? ...previously voiced (and i believe quite accurately) as selfish acts."

Perhaps, but people behave selfishly all the time.
Posted by unknown unknown (1951 comments )
Link Flag
No...
The client's sole purpose is to provide users of Linux(and other operating systems) access to the iTunes Music Store. It doesn't let them download music free, and the un-DRM'ed status of the files is solely a byproduct of Apple's oversight/limitations in hardware. If allowing more people access to iTMS is a selfish act, particularly by people who don't work for Apple, then I don't care to think of what else is.
Posted by (1 comment )
Link Flag
Or Maybe....
Or maybe Apple will wake up and put out a Linux version of iTunes. It would seem to me that if enough people using Linux want access to iTunes that it maybe time for Apple to spend the money.

Maybe this is the whole point of the opening and reopening of this backdoor and that is to show Apple that they need to support Linux and soon.

It would seem to me a greedy company like Apple would want to rake in as much money from stupid consumers that buy in to the marketing hype of something like iTunes.

Robert
Posted by (336 comments )
Link Flag
iTunage
I haven't download music from p2p since iTunes was released to windows. Not that I did that much before. Rest assured recording companies I lost them all when my backup drive failed (hence why I don't mind talking about it). I personally don't care about DRM. I buy my music and I play my music. Stripping the DRM from it for me is just pointless.

I think apple needs to produce a linux version. I am trying to move to linux, but things like this are holding me back.
Posted by System Tyrant (1453 comments )
Reply Link Flag
Evidently DRM is a dead end
This game of plugging and uncovering holes will go on forever (the list of historic examples seems to have no end). The music industry has to come up with something else.

Albums were the music currency unit in the past. P2P software and iTunes can take credit for introducing individual songs as a preferred music currency unit (as illegal and legal alternatives respectively). Now, it appears that even individual songs will not do. Napster has an all-you-can-eat monthly subscription for less than the price of a brand new CD. Who will want to purchase songs for $0.99 when you can have it all for less than a CD worth?

Songs have become a commodity, so something else (better) has to emerge as a differentiating factor in order to keep the music industry profitable (Apple does not make a cent of profit from iTunes sales, only iPod sales are profitable). We will witness dramatic changes to the way we purchase and listen to music in the near future. Stay tuned.
Posted by fhaidach (9 comments )
Reply Link Flag
Laying it on a bit thick
Who will want to purchase songs for $0.99 when you can have it all for less than a CD worth? Easy answer; someone who wants to keep what they have paid for and not just hired. Besides, not all the songs at Napster are included in the deal, and what happens if/when Napster goes broke again? Apple with sort out this iTunes problem (hopefully with a rewrite, not a patch) and Jon can find other way to keep in the limelight. I am with Steve here. Renting sux, I want to own. (However I prefer to buy CDs as I encode my songs to a higher bit-rate and I use my own JukeBox software.)
Posted by Andrew J Glina (1673 comments )
Link Flag
So can Apple people finally shut up about being "secure"
With a little concerted effort almost all pieces of software are vulnerable, but Apple fanatics seem to have forgotten that always stating "It is more secure...blahblahblah". Anyway, I love Apple and think OS X is great, but at least now they won't be blinded to the fact that if their products were targeted like Microsofts they would have a lot of problems too.
Posted by tsm26 (81 comments )
Reply Link Flag
Laughable
LOL. So you are telling me that security holes like 2003s RPC hole that effects Windows 2003, Windows XP, Windows 2000 Pro, Windows 2000 Server (in its various flavors.), and Windows NT 4 is the same as someone who has found a workaround in DRM that is managed from the end user side of things who has default full rights to the system. Dude that isnt just stupid that is down right Forest Gump like.
Posted by Jonathan (832 comments )
Link Flag
Nobody Claimed Apple was perfect
Nobody claimed that Apple was perfect. Even if they did, Apple's lack of perfection is nowhere near equivalent to Microsoft's poor design choices, sloppy programming and refusal to respond appropriately to discovered vulnerabilities that has lead to the security mess that is the entire Windows product line.
Posted by (9 comments )
Link Flag
Put "DVD Jon" in Jail
and throw away the key.
Posted by (274 comments )
Reply Link Flag
Why?
He hasn't broken the law, so whay jail him?
Posted by (1 comment )
Link Flag
Reply
What possible good would that do? He's not the only one able to hack iTunes and he's certainly not the only one willing to. They already tried to prosecute him for DeCSS and he was aquited both times (once on the original case and again on the appeal).
Posted by unknown unknown (1951 comments )
Link Flag
Copy DVDs? Not likely
>>In a blog posting, Norwegian programmer Jon Johansen, who was previously responsible for releasing software used to copy DVDs online, said he had been successful at reverse engineering the latest iTunes encryption.<<

For a journalist writing for C|Net News.com, this writer does not seem very clueful.

FYI - DVDs could *always* be copied (unlike VCDs, DVDs do not use any special disk format). Jon didn't contribute any code that let people copy something they couldn't copy before.

What he *actually* did was write code that let people on non-Windows operating systems view the DVDs they had actually paid for.

Quite a difference, eh?

Shame on you, John Borland. Go stand in a corner.
Posted by (2 comments )
Reply Link Flag
Oh really?
When was the last time you copied a DVD without using a decryption program?
Posted by nmcphers (261 comments )
Link Flag
Secure? Design flaw?
I think people often mistake about two things: security
loopholes and design flaws.

What you see in reality is design flaw.. if it is a software bug, it
can be immediately corrected. What you see here is a design
flaw. The fact that Apple is sending an non-DRM file to the
end-user and then encrypting it with the DRM on the user
computer is flawed. It is a design flaw.

When is it a security issue. If the same piece of code can
automatically transfer itself to other computers and change the
itunes default so that songs are not encrypted, then it is a
security issue.

If you notice, all the problems that windows viruses (virii?) are
exploiting today are nothing but design flaws of Windows!
Unfortunately, design flaws are not that easy to correct. You
provide patches, but those are temporary fixes.

What will happen with iTunes is that Apple will release 4.7.2
versrion in the next week or so; which will completely change
the way in which Music is transferred. iTMS will then require
4.7.2 or higher to download music.
Posted by S R (85 comments )
Reply Link Flag
Apple sues Linux
They can probably convict this guy when their lawyers can prove Linux to be a rogue and subversive operating system, since it's free and it's developers care more about quality than money. First blogger journalist rights, then the rest of the best internet innovations. Go apple! You are now "the man."

-----------------------------------------------------
Visit my site: <a class="jive-link-external" href="http://www.nuclearfootball.com" target="_newWindow">http://www.nuclearfootball.com</a>
Posted by (1 comment )
Reply Link Flag
Jail Time??
OK Mr. Probable Troll, against my better judgment, I'll bite:

There is no such thing as perfectly secure music, that is a fantasy. But the music industry doesn't need that, all they need is a "good enough" protection system. That is how it has always been.

DVD Jon is not doing anything illegal. He is not making is possible to do anything that couldn't be done before. (You could previously burn an itunes song to a CD, then rip the CD to an mp3.)

Furthermore, you can just go buy the physical CD and rip it to unprotected mp3, for about the same cost.

Finally, when someone temporarily hacks iTunes, it won't make the music industry retreat from iTunes. They have no choice but to participate, they know they are too late to the game as it is.

re your later post: Time for you to go back and compensate the artists whose work you stole via napster. You need to buy copies of all those tracks from iTunes, and delete your old mp3s.
Posted by (1 comment )
Reply Link Flag
Napster MP3s
Already have. Troll?! Come on. I made a legitimate point.
And it has nothing to do with ripping.

My anger, and disappointment is a direct result of talented
programmers who use their skills to hack software under the
guise of un-covering "holes" in an application. I would not have
said a damn thing if his application was solely on the Linux
platform. But when he, and others, distributed it to other
platforms, it served NO OTHER purpose than to show off.
Programmers, like scientists have more responsibility than just
their own egos. All programmers have egos. I am a
programmer, and my ego is just as large. But that is no excuse
to play coy about what you do.

The end result, it directly affects others who use the service.
This is true of all services. I feel no need to comment about
hackers who legitimately uncover problems in software, that is
something that needs to be done. But obviously this has
nothing to do with that subject. There is no merit here, just
plain down right disappointment.
Posted by Thomas, David (1947 comments )
Link Flag
Jon
Stay strong
Posted by (1 comment )
Reply Link Flag
Hack a new name while you're at it-
'DVD Jon' should hack a new name... like:

The Cracker Hacker
or howabout
iHack
or
DVD Jon PartII
Posted by Fashion Technologist (2 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.