Hackers build backdoor into iTunes

A trio of independent programmers has released new software that allows people to tap into Apple Computer's iTunes music store and purchase songs free of any anticopying protections.

Joined by Jon Johansen, the Norwegian programmer responsible for distributing DVD-cracking code in late 1999, the programmers say their "PyMusique" software is a "fair" interface for iTunes, primarily aimed at allowing people who use the Linux operating system to purchase music from Apple's store.

Jon Johansen

But with a Windows version of the software also available, it's likely to trigger a legal response from Apple, which has closely guarded access to its online music store and has depended on its copy-protection software to gain rights to sell music online.

In an interview late Friday, one of the program's creators, 17-year-old Pennsylvania high school student Cody Brocious, said the ability to save songs without copy protection was essentially an accident derived from the way Apple's system downloads songs. He said the software wasn't intended to harm Apple.

"The intent of the project was to be able to purchase files from the iTunes Music Store," Brocious said. "I believe very firmly that the project is ethical and does nothing but good for the community at large."

Apple representatives had no immediate comment on the software.

The PyMusique release is the latest and most ambitious skirmish in a long-running battle between Apple and hackers intent on removing digital-rights management from the company's songs. As the most popular online music store, Apple has helped prove that consumers will purchase copy-protected songs but also has been a test case for whether that copy-protection can sustain attacks.

The release draws from the work of a handful of scattered programmers over the past year who have successively identified how different pieces of the iTunes software works.

Brocious said he started his project after hearing of another programmer's work creating a Web-based interface to the iTunes store.

He and other programmers found that the iTunes store downloads songs wrapped in encryption, but that music purchasers are given the key to unlock that encryption when they buy a song. Ordinarily, the iTunes software would then rewrap the song in Apple's FairPlay digital rights management software, he says--but with their Linux version, that separate step didn't turn out to be necessary.

The result was a song that had been paid for and downloaded, but lacked the copy protections Apple's store ordinarily provides.

Brocious, who has left his most recent development on the software to another programmer, said he hasn't been contacted by Apple and

Why?

What I don't understand is why? iTunes downloads can be burned onto CD's, and it is one of the least restrictive forms of DRM. So as far as Fair Use is concerned, I have more of an issue with copy protected CD's that can't be uploaded into iTunes to begin with.

[bobby_brady]

I thought of that myself

What is the point when you can save it to CDR which rips out the infested DRM crap.

[unknown unknown]

Reply

"What I don't understand is why? iTunes downloads can be burned onto CD's"

This is much faster than burn a CD. If you read the comments in some of Jon's code, he gives his reason for do it. The jist of it is he wants to show how flawed DRM is. There also seem to be some disappointment in Apple for caving the recording industries DRM demands, but that's my interpretation. I don't see what difference it makes in how your break DRM, by burning a CD or using this software. The end result is still the same, an unprotected copy.

"and it is one of the least restrictive forms of DRM."

The restriction on the DRM encumbered songs can be changed without notice and those restriction can be applied retroactively. They maybe the least restrictive now, but nothing is certain. I wouldn't under estimate the recording industries greed.

[tocam27]

DMCA?

Why should a guy in Norway give a (insert explitive here) about the DMCA? As long as he stays out of the US that law has absolutely no teeth abroad. He may have violated a software agreement and, I suppose, he could be sued but not under US law, they'd have to make sure he broke a norwegian law.

[cwxpffkd]

Fair use

DVD Jon cited fair use when he helped crack the DVD to play DVDs on Linux. And he again cites it when he helped crack AAC. He is right too. Even if this nations lobbied government, the record or movie industry does not agree, so be it. We want to watch DVD movies we rent or purchase on the platform of our choice. I would like to make a personal copy as well. And we do not want limits on music we purchase.

[Jeff Putz]

I don't get it

First off I can't say that the iTunes DRM has ever got in the way of anything for me. Second, I get the impression from this article that the actual assignment of the file to the user takes place on the client. That seems kind of stupid to me.

[David Arbogast]

Interface will be Killed. Possible law suit.

My prediction is that Apple will shut this down fairly quickly. The question remaining, is whether they will prosecute this guy for some type of criminal action. They absolutely have the legal right to shut down his interface, and if they can show that the release of unprotected files stressed their relationship with content providers, they may be able to sue for damages as well. This was not a very smart move without the blessing of Apple. Whether you like DRM or not, this guy is getting himself in some hot water.

[pencoyd]

Avoid personal attacks

Please keep your disagreements civil. Personal attacks are not permitted.

Not coincidentally, they don't strengthen an argument.

Thanks for participating.

John Roberts
CNET News.com product development