The Media Knows Not Of What It Speaks Concerning iTMS DRM Issues

by , 3:30 PM EST, November 25th, 2003

When Jon Johansen, previously known for writing the DeCSS code for decrypting DVDs for use on unsupported platforms, released an application called 'QTFairUse' meant to remove the DRM (Digital Restrictions Management) from Apple's iTunes Music Store files, the media went nuts over the story. Unfortunately, what they went nuts with were wild stories of everything from a magic DRM bullet to the ability to download free music files from the iTMS. None of this is the case.

In reality, QTFairUse isn't much more than an exploit to what could probably be called a vulnerability in Apple's QuickTime for Windows software, which handles the encoding, decoding, and authorization for iTunes. Johansen's software rips a raw AAC stream from within Quicktime just after it has been authorized, leaving an AAC file on the desktop.

According to some testing done by C|Net, the resulting file is not of much use in its resulting form. All of the header information in the original AAC file is lost, and all that is left is the raw AAC data, which will not play in most media players. From C|Net:

Johansen's program works by patching Apple's QuickTime software with a new software component of his own. Because he called the program a "memory dumper," programmers on message boards around the Web speculated that QTFairUse made a copy of the raw, unprotected song data from the computer's temporary memory after it was unprotected for playback, rather than simply recording the audio stream as it played. But this was not independently verified by Apple or Johansen.

If that is indeed the approach Johansen took, it's possible Apple could release an update to QuickTime that nullifies Johansen's work, much as Microsoft did for the early break of its digital rights management tools.

In several CNET experiments, the unprotected file created by Johansen's program was not playable. Several people on Web message boards reported using a series of other MPEG 4 audio tools to create a usable song from the resulting file, however.

You can read the full article at C|Net's Web site.

The Mac Observer Spin:

At the moment, Johansen's application isn't much to worry about. Apple could swoop in at any moment and fix QuickTime, breaking QTFairUse in the process. In the meantime, the application is hardly DropStuff-esque in its functionality, and the resulting file isn't even usable without more work.

It should also be stressed that the iTunes Music Store's DRM has not been cracked by this application. The AAC data is piped out of QuickTime after the file has been unencrypted in the normal matter. As far as we know, Apple's DRM has not yet been broken in the conventional sense.

That said, until Apple fixes this vulnerability in QuickTime for Windows, it's very possible that Johansen's application will be used in other applications that will provide DropStuff-like functionality. Of course, given the relatively low quality of iTMS songs and the difficulty of removing the DRM, cracked iTMS songs are unlikely to become a large market for mass peer to peer sharing. If anything, the program could allow legitimate iTMS users to use their purchased music across multiple platforms.

At least until Apple makes it go away.