Cracking iTMS encryption
My guess is that crackers are giving the iTMS a grace period because they want to see it succeed. Ultimately, however, people are going to get annoyed with limitations on how they can use media they've purchased. I for one was awfully annoyed when they removed sharing as I had put my large music collection on a static connection at work so that I could access it from my home computer without eating up all my hard disk.
That said, I'm wondering if anyone has any idea on how it might be cracked? I'm no expert on cracking myself, but I would think one would need to compare different examples of iTMS songs and maybe against un-encrypted versions. I'm wondering about the following approaches ...
1. Get copies of the same songs purchased before and after iTMS started encrypting songs not to work with iTunes 4.0.0 and compare them bit by bit. Of course, since they encode user info you'd have to have the same person buy the same song again in the post 4.0.1 world.
2. Convert to AIFF then re-encode to AAC and compare against original.
I'm not suggesting that the encryption would just reveal itself by a simple comparison, but it's my understanding that this is the first step to deciphering the keys. Does anyone with better math than me know a better approach or what to do next?
That said, I'm wondering if anyone has any idea on how it might be cracked? I'm no expert on cracking myself, but I would think one would need to compare different examples of iTMS songs and maybe against un-encrypted versions. I'm wondering about the following approaches ...
1. Get copies of the same songs purchased before and after iTMS started encrypting songs not to work with iTunes 4.0.0 and compare them bit by bit. Of course, since they encode user info you'd have to have the same person buy the same song again in the post 4.0.1 world.
2. Convert to AIFF then re-encode to AAC and compare against original.
I'm not suggesting that the encryption would just reveal itself by a simple comparison, but it's my understanding that this is the first step to deciphering the keys. Does anyone with better math than me know a better approach or what to do next?
Comments
Originally posted by Willoughby
What you are talking about is illegal. I hope the mighty Brad and/or LoCash get in here soon to lockinate this thing.
It's actually a murky legal question as to it's legality. As a free speech issue I'm allowed to postulate as how to defeat an encryption scheme, overthrow the government, build a bomb, or as to how one might do any number of illegal things. I'm not allowed to actually do it.
So to be clear, I'm talking purely hypothetically here and in no way advocate one actually defeating iTMS encryption.
by comparing Song A on Macs A through D, you ought to be able to extract a series of differential bits which represent the unique encryption strings of each "playback" machine.
brute force decrypting the keys will likely require:
DMCA exemption... you're violating the "thou shalt not reverse-engineer" provisions
before and after encryption data samples, from multiple machines, not the same auth user
a distributed cryptography cracking farm similar to those at distributed.net
patience
luck
edit add:
if you were purely to compare rips of the same track on machine A and machine B, a bit-by-bit comparison would likely get masked by any discrepancies in encoding bit rate, drive speed, RAM, other processor demands, making detection of the "encryption differences" very difficult.
that is to say (with minor liberties taken for illustrative effect):
even if we're talking about identical machines and identical settings (same config out of box and booted to default rip, and miraculously reading the same for every process according to Terminal TOP) the rate of data read in to iTunes will differ slightly due to cache behaviour and buffering, which may slightly impact the encoding and cause fixed bit rate sampling to parse chunks differently. variable bit rate encoding will further add to discrepancies between two such tracks (even two versions of the same VBR rip are rarely bit-identical... try it). network activity during rip may cause further bit drift from "perfect test rips".
Please note: these bit-drifts need not noticably impact audio frequency or response in order to add complexity to the cryptographic challenge
methinks it's harder than you think to even get a "reference" source, let alone decrypt
Originally posted by Nordstrodamus
It's actually a murky legal question as to it's legality. As a free speech issue I'm allowed to postulate as how to defeat an encryption scheme, overthrow the government, build a bomb, or as to how one might do any number of illegal things. I'm not allowed to actually do it.
So to be clear, I'm talking purely hypothetically here and in no way advocate one actually defeating iTMS encryption.
Yeah but AI isn't exactly the steps of city hall. They're free to ban/block/lock anything they want.
AppleInsider is not Congress, and our posting guidelines are not federal law. Any descriptions of how to bypass iTMS' encryption will be edited, locked, and the poster sent on a retreat to meditate on the posting guidelines.
This will be the only warning.
Now, as to whether someone will crack the encryption: Inevitably, someone will; there are ways around every security mechanism ever devised, including (for instance) the Kryptonite lock I just bought for my bike. The mantra in the security business is that locks keep honest people honest.
Given that, the issue is, will the restrictions keep honest people honest? It's not really even an issue of how difficult they are to bypass, so much as whether the person feels any need to bypass it in order to use whatever it's securing in the obvious or familiar way (imagine a lock on your front door that only let you through twice a day, for instance - most people would have long since engineered another way into their own house, or broken the lock). The iTMS restrictions are liberal enough, and consistent enough, that I doubt most people will ever chafe against them.
And if they do, they won't be coming here to find out how to get rid of them.
Originally posted by Amorph
(imagine a lock on your front door that only let you through twice a day, for instance - most people would have long since engineered another way into their own house, or broken the lock). The iTMS restrictions are liberal enough, and consistent enough, that I doubt most people will ever chafe against them.
Excellent analogy, Amorph. It's your house, you own it, even if the manufacturer sold it to you with the understanding that the locks only let you in twice a day, it's quite reasonable for you to bypass that.
I think the "locks keeping honest people honest" mantra looses something on the net, however. The nature of the internet is more like flow of thought, and it's nearly impossible to prevent someone from accepting a thought. If someone comes up with a crack then it spreads through the internet like a thought and even honest people are likely to adopt it just to ensure that they are not hobbled in any respect as compared to their fellow netizens.
Lastly, I doubt this thread would actually produce a crack, but I'm quite interested in finding out if anyone has an idea of how easy it would be to develop such a crack. If even one person has a good idea on how to do it here in this limited forum then I'm surprised that it hasn't happened already.
nothing too detailed as far as how-to,
but snip if you see fit
Originally posted by Nordstrodamus
think the "locks keeping honest people honest" mantra looses something on the net, however. The nature of the internet is more like flow of thought, and it's nearly impossible to prevent someone from accepting a thought. If someone comes up with a crack then it spreads through the internet like a thought and even honest people are likely to adopt it just to ensure that they are not hobbled in any respect as compared to their fellow netizens.
I don't see this at all. If anything, most people hobble themselves for that reason, by e.g. not purchasing from online retailers because it means putting their credit card number "on the net". (I'm talking about older people, obviously, not students - but those are the people with money.) We get port-scanned regularly from dorm IPs, so I imagine that the people you're referring to are the same people who do that and install KaZaA and its attendant crapware on anything that moves. There's definitely a subculture.
Most people just want things to work, simply and intuitively. Also, most people (perhaps even the port scanners) want to be honest - any time music sharers are polled, they're quite eager to support the artists whose music they're listening to. This is precisely the thesis that iTMS is working from.
Lastly, I doubt this thread would actually produce a crack, but I'm quite interested in finding out if anyone has an idea of how easy it would be to develop such a crack. If even one person has a good idea on how to do it here in this limited forum then I'm surprised that it hasn't happened already.
This is just a roundabout way of soliciting a technique for cracking the service.
Originally posted by Placebo
What if...someone finds out how to download music off the iTMS server without paying?
Then the person who makes the discovery downloads like tomorrow will never come. It's not so much a problem for Apple, as they can boast getting such phenomonal activity in a single day, and deal with the hacker in private.
Don't you think the way Apple releases the total downloaded .m4a's since the lauch is a little like how McDonald's let's us know how many hamburgers they've sold? What I want to know is how many songs they have available now after all the music they've added since the launch.
Originally posted by Amorph
...y warning.
Now, as to whether someone will crack the encryption: Inevitably, someone will; there are ways around every security mechanism ever devised, including (for instance) the Kryptonite lock I just bought for my bike. The mantra in the security business is that locks keep honest people honest.
Heh...I have limited lock picking knowledge and after just watching a video of a lock pickers convention (they treat it like a sport) I am very worried haha. Locks are to keep the honest and undedicated honest
Can I have a link to the lock you chose, or is it some sort of metaphor?
They set the standard for bike locks, as they produce the legendary New York Lock...
(Note about padlocks...if you can lock them without the key, they aren't worth using
I think people still have the wrong idea about this Fairplay system. It ain't supposed to be foolproof to cracking, it's supposed to be inconvenient.
sorry..useless post time, just first I heard of our mega dude Amorph having a bike.. what do you ride?
Originally posted by BuonRotto
What's to crack? Write an audio CD with the track, then reimport. Ta-da!
I think people still have the wrong idea about this Fairplay system. It ain't supposed to be foolproof to cracking, it's supposed to be inconvenient.
You do realize that you will suffer either a sound quality or a file size penalty if you do this?
The only way to not lose sound quality is to re-rip the songs you've burned as AIFF -- or, if you have the software for it, something like FLAC (a non-lossy, ~2:1 audio compression scheme). Either way, you end up with a much bigger file, by a factor of about 11 or 5.5, than an original 128 kbps AAC file from iTMS.
If you re-rip to AAC, MP3, or any other lossy compressed format, you're subjecting the music to a second generation of compression noise -- a problem roughly analogous to making an analog tape copy of an another analog tape.
I've definitely heard sound mangled by going from 128K AAC -> AIFF -> 128K AAC. The problem is eased by using less compression in the second pass, such as 128K AAC -> AIFF -> 192K AAC. I've done the former not to get rid of DMS, but to edit music purchased from iTMS, and with reasonably good results.
Originally posted by wmf
The obvious way to crack it is to step through iTunes in a debugger.
Exactly.
The whole problem with these kind of media encryption schemes is that, inconvenient though breaking such processes down might be, if you can hear the music, or see the images, you are in fact already decrypting the data.
Breaking encryption ciphers can be very difficult -- and it's completely the wrong way to go about the problem. The way to attack this problem is to realize that somewhere inside your computer you're always being given the keys you need every time you play back a protected file. Either find the point in the playback code where you're given the needed keys, or find the point where the decrypted output is passed on to the next playback stage, and you'll have cracked the encryption.
Originally posted by wmf
The obvious way to crack it is to step through iTunes in a debugger.
Talking general here, dont want to be locked out you know...
Well, that kinnda assumes you have access to iTunes' source code ? Another way is to run your iTunes application though a decompiler. Sure, this will take a lot of time, but once its done, you can basically just read out the decryption algorithm. Such applications exsist, and some are freely avaliable online (Not sure if one exsists for Macs and/or Objective-C, though).
Another way would be to intercept the singnal sent from iTunes to the sound card, and store it on your harddrive. That will give you the uncompressed audio. However its simpler to just burn the m4a files to a CD, which will give you the same information.
As with any kind of encryption, of you can extract the encryption data (which isn't a single block of data, but rather spread out thoughout the file), then there is only a matter of time before you can crack the encryption. And there are a number of ways to do so, the most obvious and time consuming being brute force, where you guess every single combination untill you hit the correct one (kinnda like trying to break a code-lock. start with 0000 and end up with 9999). There are other ways that are more complicated and less time consuming.
But, as Amorph pointed out. Why would you ? You can play your files on three authorized computers, your iPod, and any other device that is capable of playing an audio CD. The obvious reason would be: "I want to share the songs i bought with my 'friends' on Kazaa", and since you wouldn't want to authorize their computers, you would need to crack the encryption.
However, you're better off weighing your options. Is cracking the encryption worth the time and effort, when you can do a simple "burn to CD and re-import in iTunes" which is fast and cheap (use your CD-RW), which looses little sound quality.
Feel free to snip away the "bad elements" of this post.
.:BoeManE:.
Originally posted by BoeManE
Well, that kinnda assumes you have access to iTunes' source code ?
No, you'd have to do it in assembly.
I agree that there's not much point in cracking it, but some bored person is undoubtedly working on it.