QTFairUse
Last Friday, Jon Johansen (of DeCSS fame) released QTFairUse, an open-source program for Windows that circumvents the FairPlay DRM scheme used by the iTunes Music Store.
QTFairUse doesn’t actually break the FairPlay scheme. Instead, it circumvents it by patching QuickTime to dump the unprotected audio stream from memory to disk.
It’s already possible to circumvent the FairPlay scheme; all you have to do is burn the protected audio tracks to an audio CD, then rip those tracks back into iTunes. Of course, this is a bit labour-intensive, and you’ll lose some audio quality in the process.
With QTFairUse, you get a perfect, unprotected, digital copy of the protected audio; unfortunately, you don’t get any of the other metadata that’s found in the original file. This means that the audio is unplayable in most media players, although it is possible to massage the data so that it’s playable.
So, right now, if you really want to have a DRM-free version of music you purchased from the iTMS, you’re probably better off doing the burn-rip jig. QTFairUse isn’t mature enough to make making DRM-free versions of music easy and straightforward.
What happens, though, if QTFairUse (or a similar program) does mature? What happens if it becomes incredibly easy to make perfect, unprotected digital copies of protected music. How much of an impact will QTFairUse have on Apple and the iTunes Music Store?
Not much, I’d imagine.
Most (if not all) of the iTunes Music Store inventory is available on the various peer-to-peer networks; the people using the iTunes music store already have ways to get their music without paying for it, and yet they don’t. Why?
The iTunes Music Store offers convenience (it’s easy to find music), quality (the music is high quality), and good karma (the music is legal). People aren’t going to give those benefits up. QTFairUse will enable them to play their music on computers that don’t have iTunes (say, Linux machines), or allow them to share music with their friends. QTFairUse will even let them upload music to peer-to-peer networks (although the people that end up downloading that music probably wouldn’t consider shopping at the iTunes Music Store anyway).
Of course, Apple could patch QuickTime, thus disabling QTFairUse and rendering the whole question moot, but right now I don’t think it’s a big enough issue for Apple to worry about, nor do I think it’ll ever become one.
Interesting notes regarding this issue.. but I think Apple has to realize the AAC is not perfect and can be cracked.. I wonder what the big five think of this development?
Cheers,
RtC
Anything can be circumvented in some way or other, lossy always, and not surprisingly lossless as well—I feel John’s opinion is very valid. I use iTunes because of the 3 reasons he gave—most of all being convenience—and only revert to other forms when the labels aren’t making the music available legally on iTunes.
This is exactly what the MS Palladium thing is/was all about. At some point, you have to have uncompressed bits that are fed to an output device, and given today’s open architectures, there’s nothing stopping someone from grabbing that data, which is what’s going on here. Palladium goes the extra mile and prevents this kind of access. However, it also has some other extremely unpleasant side-effects, even worse than current Windows licensing terms, which is why I steer well clear of anything MS.
iTMS is not available in Europe, so it’s not like most of us over here have an opportunity to do anything anyway.
Note that AAC has nothing to do with copy protection. Also like mp3, it is an open and published standard.
Apple uses a crypto wrapper and are aware that it can be cracked. They have stated that most people are honest and won’t try. The risk is probably similar to credit card fraud (a few percent).
Human ingenuity cannot concoct a cypher which human ingenuity cannot resolve.
-Edgar Allen Poe
I think this is all a load of nonesense, I’ve been a mac advocate for quite a while and I must say, this is yet another example of the vunerability of PC’s, QTFairUse surfaced shortly after iTunes was released for Windows, however there was no such Patch for quicktime that would work on the mac. It seems that this is tipicly the case when a popular program is made redely accessable to the avrige PC user. This is one of the many reasons I prefer computing on the Mac.
In conclution;
Artificial inteligence is no match for natural stupidity.
First, on topic. I’d be inclined to agree with you, John. If people weren’t willing to pay, they’d still be using KaZaA and getting two minutes and thirty-seven seconds of clicks and whistles.
Now, Mac-Boy:
While your comment on the vulnerability on the PC is a valid one (it just may be possible to recite the Windows Update page from memory now), I think you’re missing a key point. The fact that Macs may be more secure than PCs has little to nothing to do with the fact that PC programs are cracked more often; rather, it has everything to do with the state of mind of the people making these modifications. There is a certain “screw Windows” mentality that seems to hold fairly constant with these folks (if I may be so crass as to lump them all together), and as a result far fewer Mac programs are cracked.
I remember reading a discussion, though I can’t remember where it took place, about the frequency of viruses released for the various operating systems. There the issue of security was again raised, but many people agreed that there just isn’t a point in releasing Mac viruses. It’s like beating up the 200lb weakling instead of the 98lb one: why bother?
Your other comment, and I quote, “it seems that this is tipicly[sic] the case when a popular program is made redely[sic] accessable[sic] to the avrige[sic] PC user,” is just out and out wrong. No two ways about it. As a slightly above “average” PC user, there is no way I could even begin to think about writing a program capable of circumventing a bowl of Alphabet Soup, let alone the FairPlay scheme. Those able to do so are a distinct minority of the computing population, and furthermore probably aren’t even Windows users anyway.
In conclution[sic]:
Artificial intelligence may be no match for natural stupidity, but it sure is useful in filtering out those stupid spelling mistakes.
My apologies for the length of this comment.
Another point mac-boy, is that unless I missed something reading through some of the QT specs, someone could probably whip up an app similar to QTFairUse for Mac that exploits the same memory dump vulnerability.
I could be wrong though, QT for Mac could be be nigh invulnerable to this kind of attack, but that wouldn’t mean that someone didn’t try to exploit it.
Jeremy; does it make you feel superior to point out other people’s spelling mistakes?
No, I did not say that it could not be done on the mac, The point I’m trying to make that it is more likely to happen to a pc program than a mac one. Fore the simple fact that there are more pc users than mac users, thus there are more hackers; more hackers, more hacked programs… Get it?
Audio Hijack pro has done this for some time on the Mac. It neatly intercepts the raw audio bits and lets you place them anywhere .. including a file .. It makes short work of turning Itunes output into mp3s
Next time “mac-boy” at least research your own toys.
http://www.rogueamoeba.com
Where can I get a binary qtfairuse.exe?
I failed to use minGW so far
Tnanks
Enrico
QTFairUse isn’t any quicker than burning your songs to disk and re-ripping them. In fact, the burning/ripping method is much faster. It does give the advantage that there is no loss… but the reason that appears to be cited by the QTFairUse author is to allow him to play his purchased M4P songs on Linux. Apple doesn’t presently provide any means of playing Protected AAC files in Linux.
Quite a bit of misinformation in these posts. AAC is NOT an open format. Itunes is not the end all be all of digital music distribution systems. Free is always better. Nuff said.