Hackers build backdoor into iTunes

A trio of independent programmers has released new software that allows people to tap into Apple Computer's iTunes music store and purchase songs free of any anticopying protections.

Joined by Jon Johansen, the Norwegian programmer responsible for distributing DVD-cracking code in late 1999, the programmers say their "PyMusique" software is a "fair" interface for iTunes, primarily aimed at allowing people who use the Linux operating system to purchase music from Apple's store.

Jon Johansen

But with a Windows version of the software also available, it's likely to trigger a legal response from Apple, which has closely guarded access to its online music store and has depended on its copy-protection software to gain rights to sell music online.

In an interview late Friday, one of the program's creators, 17-year-old Pennsylvania high school student Cody Brocious, said the ability to save songs without copy protection was essentially an accident derived from the way Apple's system downloads songs. He said the software wasn't intended to harm Apple.

"The intent of the project was to be able to purchase files from the iTunes Music Store," Brocious said. "I believe very firmly that the project is ethical and does nothing but good for the community at large."

Apple representatives had no immediate comment on the software.

The PyMusique release is the latest and most ambitious skirmish in a long-running battle between Apple and hackers intent on removing digital-rights management from the company's songs. As the most popular online music store, Apple has helped prove that consumers will purchase copy-protected songs but also has been a test case for whether that copy-protection can sustain attacks.

The release draws from the work of a handful of scattered programmers over the past year who have successively identified how different pieces of the iTunes software works.

Brocious said he started his project after hearing of another programmer's work creating a Web-based interface to the iTunes store.

He and other programmers found that the iTunes store downloads songs wrapped in encryption, but that music purchasers are given the key to unlock that encryption when they buy a song. Ordinarily, the iTunes software would then rewrap the song in Apple's FairPlay digital rights management software, he says--but with their Linux version, that separate step didn't turn out to be necessary.

The result was a song that had been paid for and downloaded, but lacked the copy protections Apple's store ordinarily provides.

Brocious, who has left his most recent development on the software to another programmer, said he hasn't been contacted by Apple and

Why?

What I don't understand is why? iTunes downloads can be burned onto CD's, and it is one of the least restrictive forms of DRM. So as far as Fair Use is concerned, I have more of an issue with copy protected CD's that can't be uploaded into iTunes to begin with.

[WarpKat]

Agreed

The DRM is defeated by burning the protected music to CD and the back into MP3 format.<br /><br />The AAC format, at least according to some digital music store reviews and compatability charts, seems to be privvy to Apple for the moment.<br /><br />ATRAC3 (the proprietary Sony format) seems to be in the same boat through the Sony Connect Music Store. The RAX format (used by Real Player) is also applicable here.<br /><br />I think Apple is going to start crying about it and bring yet another needless injunction against DVD Jon.<br /><br />If it's computer-driven, it can be hacked. Apple knew this going into the market so they can't really blame anybody but themselves for this problem. I'll stick with Sony and Real.

[lingsun]

Because burning & reripping degrades the music quality

Because burning &#38; reripping degrades the music quality. Because I want to be able to sell one computer and transfer my purchased music to another without going through all the hassles that Apple wants to put you through. That's why I buy songs on Rhapsody when I can. Music is burned to CD as a CD audio track when it's purchased.

I will tell you why

You can download nicely using a Windows and Apple computer but what about us Linux users? DVD Jon did this for the same reason as he did DECSS to watch DVD's on Linux. Notice he released the source code and not a Linux version, won't take long for one of us to come up with a linux version, especially since it is written in Python :)

[bobby_brady]

I thought of that myself

What is the point when you can save it to CDR which rips out the infested DRM crap.

[unknown unknown]

Reply

"What I don't understand is why? iTunes downloads can be burned onto CD's"<br /><br />This is much faster than burn a CD. If you read the comments in some of Jon's code, he gives his reason for do it. The jist of it is he wants to show how flawed DRM is. There also seem to be some disappointment in Apple for caving the recording industries DRM demands, but that's my interpretation. I don't see what difference it makes in how your break DRM, by burning a CD or using this software. The end result is still the same, an unprotected copy.<br /><br />"and it is one of the least restrictive forms of DRM."<br /><br />The restriction on the DRM encumbered songs can be changed without notice and those restriction can be applied retroactively. They maybe the least restrictive now, but nothing is certain. I wouldn't under estimate the recording industries greed.

[muntz]

no better than a bulk spammer

" "and it is one of the least restrictive forms of DRM."<br /><br />The restriction on the DRM encumbered songs can be changed <br />without notice and those restriction can be applied retroactively. <br />They maybe the least restrictive now, but nothing is certain. I <br />wouldn't under estimate the recording industries greed.""<br /><br />so why is this loser targeting Apple? He should spend his useless <br />skills lobbying the recording industry if he feels this strongly <br />against DRM.<br /><br />this only makes WMA's DRM seem more attractive. way to give <br />an even bigger/scarier -- and soon to have their hand in every <br />media DRM -- company more footing. this guy is a "real hero." <br />thanks to his tireless efforts, i'm not going to be able to buy a <br />DVD that will play on any future systems because they're going <br />to load DVDs, CDs and mp3 with more and more crap every time <br />he needs his little ego stroked. this guy is making my life and <br />future media purchases more difficult.

Why Not Attack WMA Then?

"This is much faster than burn a CD. If you read the comments in some of Jon's code, he gives his reason for do it. The jist of it is he wants to show how flawed DRM is. There also seem to be some disappointment in Apple for caving the recording industries DRM demands, but that's my interpretation. I don't see what difference it makes in how your break DRM, by burning a CD or using this software. The end result is still the same, an unprotected copy."<br /><br />If the purpose is to show how flawed DRM is, then all that will be accomplished by this ******* is more restrictive DRM and aiding Microsoft with their DRM garbage.

[tocam27]

DMCA?

Why should a guy in Norway give a (insert explitive here) about the DMCA? As long as he stays out of the US that law has absolutely no teeth abroad. He may have violated a software agreement and, I suppose, he could be sued but not under US law, they'd have to make sure he broke a norwegian law.

Actually...

Actually you maybe not quite correct. It would all depend on treaties the US has with the country in question. I know our government has worked to hard to enforce our copyright laws in other countries and their may very well be treaties that would allow such a law suite. It might not be easy or cheap but it could be possible. <br /><br />I am even more inclined to think it could be done is the one lawyer mentioned in the article seemed to think it was something this kids lawyer should be worried about.<br /><br />There is also extradition. I don't know if it has ever been used for something like this, but that is a possibility too.<br /><br />Robert

[cwxpffkd]

Fair use

DVD Jon cited fair use when he helped crack the DVD to play DVDs on Linux. And he again cites it when he helped crack AAC. He is right too. Even if this nations lobbied government, the record or movie industry does not agree, so be it. We want to watch DVD movies we rent or purchase on the platform of our choice. I would like to make a personal copy as well. And we do not want limits on music we purchase.

[muntz]

dude

don't lump everyone in with your views. not all users care about <br />a little DRM.

[unknown unknown]

Reply

I have to agree with J Muntz (at least in part), you should really avoid using "we" because as J Muntz pointed there are those don't agree.

"Fair Use!" - The battlecry for the misinformed.

All due respect, Heath, but "Fair Use" is the battlecry for the misinformed.<br /><br />"Fair Use" does not explicitly give anyone the right to have a 'backup' copy of their music, movies, games, et cetera. Fair Use makes few explicit exceptions and everything else must be put to a four point test to determine if the case qualifies.<br /><br />Feel free to have a look at it yourself:<br /><a class="jive-link-external" href="http://caselaw.lp.findlaw.com/casecode/uscodes/17/chapters/1/sections/section%5F107.html" target="_newWindow">http://caselaw.lp.findlaw.com/casecode/uscodes/17/chapters/1/sections/section%5F107.html</a><br /><br />There is no recent case law which sets a precedent under Fair Use stating end users have the right to make backup copies of media they paid for. In fact, under DMCA and subsequent revisions to copyright law, it's illegal to bypass ANY copyright protection (17 USC 1201) which means you can't claim Fair Use if another part of the process was deemed illegal.<br /><br />No, I don't agree with copyright law as it stands but, frankly, I'm sick of this belief that people have these "rights" when, in fact, there is no legal precedent which sets such a right and the law plainly says otherwise.<br /><br />IMO, to win the battle to get more consumer friendly copyright laws, we have to be knowledgable about how the law is currently set up.

[Jeff Putz]

I don't get it

First off I can't say that the iTunes DRM has ever got in the way of anything for me. Second, I get the impression from this article that the actual assignment of the file to the user takes place on the client. That seems kind of stupid to me.

[David Arbogast]

Interface will be Killed. Possible law suit.

My prediction is that Apple will shut this down fairly quickly. The question remaining, is whether they will prosecute this guy for some type of criminal action. They absolutely have the legal right to shut down his interface, and if they can show that the release of unprotected files stressed their relationship with content providers, they may be able to sue for damages as well. This was not a very smart move without the blessing of Apple. Whether you like DRM or not, this guy is getting himself in some hot water.

[pencoyd]

Avoid personal attacks

Please keep your disagreements civil. Personal attacks are not permitted.<br /><br />Not coincidentally, they don't strengthen an argument.<br /><br />Thanks for participating.<br /><br />John Roberts<br />CNET News.com product development