'DVD Jon' reopens iTunes backdoor

A group of underground programmers has posted code online it says will reopen a backdoor in Apple Computer's iTunes store, allowing Linux computer users to purchase music free of copy protection.

The release comes just a day after Apple blocked a previous version of the program, called PyMusique, in part by requiring all iTunes customers to use the latest version of Apple's software.

In a blog posting, Norwegian programmer Jon Johansen, who was previously responsible for releasing software used to copy DVDs online, said he had been successful at reverse engineering the latest iTunes encryption.

Cody Brocious, a Pennsylvania high school student working with Johansen, said they saw the project as "necessary for the Linux community," despite Apple's opposition.

The programmers' work has been one of the most persistent projects targeting Apple, whose iPod and iTunes Music Store have drawn consistent attacks and experiments by people eager to extend the capability of the products, or simply disarm copy protection.

The cat-and-mouse response is a familiar one in the technology world, as programmers have often sought to write software compatible with larger or more popular applications. Instant messaging companies such as America Online, Yahoo, Microsoft and Trillian have long feuded, blocking and reopening access to each other's software.

The PyMusique programmers say they are primarily interested in allowing people using Linux computers to purchase music from the iTunes store, explaining their goals in a blog posting online. Their software requires users to have an iTunes account and pay the ordinary price for music.

They say they weren't aiming at creating a tool for stripping iTunes copy-protection off songs. However, Apple's system adds the layer of copy-protection inside the iTunes software itself, and so they didn't need to add it in their own version, they said.

Apple's software already allows customers to create an unprotected version of a song, by burning an iTunes purchase to a CD. That file can be ripped into an ordinary MP3.

While Apple has made no public legal threats against the programmers, the iTunes terms of service bars the use of any unauthorized software to access the store. Copyright lawyers have previously said that the PyMusique system, which evades Apple's intention to wrap all purchases in copy protection, may well cross legal lines.

"The work I do is completely legal in my country," Johansen said in an e-mail interview. "Of course, I know very well that not doing anything illegal doesn't mean you won't be prosecuted (or) sued."

Johansen was prosecuted in Norway for releasing the DeCSS code in 1999, but was ultimately cleared of charges.

An Apple representative could not immediately be reached for comment.

Brocious said the updated version of PyMusique would only be available for Linux, and that the programmers would not make a Windows version this time.

[bobby_brady]

Go Jon Go! eom

eom

[unknown unknown]

Nice

I guess they just tweaked the protocol enough to stop PyMusique from working. Steve just seems to be doing the minimum to keep the labels happy as far as blocking hacks (not that there is anything wrong with that).

[Thomas, David]

Jail Time

These selfiish --cks are doing nothing but making it more
difficult for others to gain a greater number of artists to these
stores.

They are messing with my past-time and millions of others
worldwide. Who the hell do they think they are?!

Fine, now a new method of encryption will be developed. Did
these IDIOTS actually think that their self grandizing acts would
result in non-encrypted data transfers?! Just how stupid is that
thought. Obviously they are smart enough to realize that would
never happen anyway. So the real point of this crap? ...
previously voiced (and i believe quite accurately) as selfish acts.

Put these putzs in the clink

[System Tyrant]

iTunage

I haven't download music from p2p since iTunes was released to windows. Not that I did that much before. Rest assured recording companies I lost them all when my backup drive failed (hence why I don't mind talking about it). I personally don't care about DRM. I buy my music and I play my music. Stripping the DRM from it for me is just pointless.

I think apple needs to produce a linux version. I am trying to move to linux, but things like this are holding me back.

Evidently DRM is a dead end

This game of plugging and uncovering holes will go on forever (the list of historic examples seems to have no end). The music industry has to come up with something else.

Albums were the music currency unit in the past. P2P software and iTunes can take credit for introducing individual songs as a preferred music currency unit (as illegal and legal alternatives respectively). Now, it appears that even individual songs will not do. Napster has an all-you-can-eat monthly subscription for less than the price of a brand new CD. Who will want to purchase songs for $0.99 when you can have it all for less than a CD worth?

Songs have become a commodity, so something else (better) has to emerge as a differentiating factor in order to keep the music industry profitable (Apple does not make a cent of profit from iTunes sales, only iPod sales are profitable). We will witness dramatic changes to the way we purchase and listen to music in the near future. Stay tuned.

[tsm26]

So can Apple people finally shut up about being "secure"

With a little concerted effort almost all pieces of software are vulnerable, but Apple fanatics seem to have forgotten that always stating "It is more secure...blahblahblah". Anyway, I love Apple and think OS X is great, but at least now they won't be blinded to the fact that if their products were targeted like Microsofts they would have a lot of problems too.

Put "DVD Jon" in Jail

and throw away the key.

Copy DVDs? Not likely

>>In a blog posting, Norwegian programmer Jon Johansen, who was previously responsible for releasing software used to copy DVDs online, said he had been successful at reverse engineering the latest iTunes encryption.<<

For a journalist writing for C|Net News.com, this writer does not seem very clueful.

FYI - DVDs could *always* be copied (unlike VCDs, DVDs do not use any special disk format). Jon didn't contribute any code that let people copy something they couldn't copy before.

What he *actually* did was write code that let people on non-Windows operating systems view the DVDs they had actually paid for.

Quite a difference, eh?

Shame on you, John Borland. Go stand in a corner.

[S R]

Secure? Design flaw?

I think people often mistake about two things: security
loopholes and design flaws.

What you see in reality is design flaw.. if it is a software bug, it
can be immediately corrected. What you see here is a design
flaw. The fact that Apple is sending an non-DRM file to the
end-user and then encrypting it with the DRM on the user
computer is flawed. It is a design flaw.

When is it a security issue. If the same piece of code can
automatically transfer itself to other computers and change the
itunes default so that songs are not encrypted, then it is a
security issue.

If you notice, all the problems that windows viruses (virii?) are
exploiting today are nothing but design flaws of Windows!
Unfortunately, design flaws are not that easy to correct. You
provide patches, but those are temporary fixes.

What will happen with iTunes is that Apple will release 4.7.2
versrion in the next week or so; which will completely change
the way in which Music is transferred. iTMS will then require
4.7.2 or higher to download music.

Apple sues Linux

They can probably convict this guy when their lawyers can prove Linux to be a rogue and subversive operating system, since it's free and it's developers care more about quality than money. First blogger journalist rights, then the rest of the best internet innovations. Go apple! You are now "the man."

-----------------------------------------------------
Visit my site: http://www.nuclearfootball.com

Jail Time??

OK Mr. Probable Troll, against my better judgment, I'll bite:

There is no such thing as perfectly secure music, that is a fantasy. But the music industry doesn't need that, all they need is a "good enough" protection system. That is how it has always been.

DVD Jon is not doing anything illegal. He is not making is possible to do anything that couldn't be done before. (You could previously burn an itunes song to a CD, then rip the CD to an mp3.)

Furthermore, you can just go buy the physical CD and rip it to unprotected mp3, for about the same cost.

Finally, when someone temporarily hacks iTunes, it won't make the music industry retreat from iTunes. They have no choice but to participate, they know they are too late to the game as it is.

re your later post: Time for you to go back and compensate the artists whose work you stole via napster. You need to buy copies of all those tracks from iTunes, and delete your old mp3s.

Jon

Stay strong

[Fashion Technologist]

Hack a new name while you're at it-

'DVD Jon' should hack a new name... like:

The Cracker Hacker
or howabout
iHack
or
DVD Jon PartII