November 24, 2003 5:05 PM PST
Program points way to iTunes DRM hack
Late last week, programmer Jon Johansen posted a small program called QTFairUse to his Web site, with little in the way of instruction and even less explanation. But during the next few days, it became clear that the program served as a demonstration of how to evade, if not exactly break, the anticopying technology wrapped around the songs sold by Apple in its iTunes store.
Johansen's software isn't for technology novices. In its current form, it requires several complicated steps to create a working program from source code, and it doesn't create a working song file that can be immediately or simply played from a digital music program like Winamp or Microsoft's Windows Media Player.
But if other developers--or Johansen himself--pursue the project, it could herald the arrival of simple ripping programs that could create unprotected music files from iTunes songs as simply as from an ordinary compact disc.
Apple representatives did not return calls for comment. Johansen did not respond to an e-mail asking for comment.
Johansen's latest program, which works only for the Windows version of iTunes, is just the most recent move in the ongoing game of cat and mouse being played by digital rights management technology creators and hackers, who see the copy locks as a challenge.
The Norwegian's 1999 program, called DeCSS, ignited a debate over the legality of copying DVDs that has yet to end. Now widely distributed, DeCSS and similar tools are the foundation for much of Hollywood's fear that digital versions of movies will be copied and distributed online.
Johansen was sued in Norway for releasing the software, but a court there ruled that he had the right to decode a DVD he had purchased so that he could play it on a Linux-based computer.
Microsoft's copy-protection technologies have also come under consistent attack from hackers. One attempt was successful in breaking through the Windows Media rights management, but updates from Microsoft quickly defanged the hack.
More recently, a Princeton University student showed how to evade the copy-protection technique placed on a compact disc released by BMG simply by pushing the computer's shift key while loading the CD.
Johansen's program works by patching Apple's QuickTime software with a new software component of his own. Because he called the program a "memory dumper," programmers on message boards around the Web speculated that QTFairUse made a copy of the raw, unprotected song data from the computer's temporary memory after it was unprotected for playback, rather than simply recording the audio stream as it played. But this was not independently verified by Apple or Johansen.
If that is indeed the approach Johansen took, it's possible Apple could release an update to QuickTime that nullifies Johansen's work, much as Microsoft did for the early break of its digital rights management tools.
In several CNET News.com experiments, the unprotected file created by Johansen's program was not playable. Several people on Web message boards reported using a series of other MPEG 4 audio tools to create a usable song from the resulting file, however.
Another Windows iTunes add-on called MyTunes was released several weeks ago, which allowed computers to capture and save copies of songs streamed through iTunes from another computer on a local network. That program did not work with the copy-protected songs purchased from the iTunes store, however.