News | Mail Archive | OS Software Downloads Ad Info ::
Subject: Databases | Java | Linux | Open Source | XML | Data | Tech


Contribute:
· News/Reviews/Release
· Submit a New App!

Misc:
· My Account
· Editorial Feedback
· Logout
Login
 Username
 Password
 Remember me


 Become a Member!
 Login Problems?
News via email
Enter your Email
Recently Updated Mail Archives
php_mysql_jobs
clojure
svn-commits-list
GoogleAppEngine
entstrees
fop-users-xmlgraphics.apache.org
chromium-bugs
oracle9i_pl-sql
fedora-test-list
Android-Developers
webobjects-dev
chromium-reviews
ubuntu-sounder
java-jobs-north-america
tiddlywiki
tech_jobs
chromium-extensions
java-dev.lucene.apache.org
java-dev
hot-recruiters
Popular Mail Lists: windows linux solaris osx ubuntu fedora enterprise crm ruby python java xml perl php cvs subversion version contol db
database mysql postgresql mobile telephony voip apple apache
all
sitemap (mail)



Posted Jan 27, 2005

JHymn Goes Behind Atoms and Apple To Bring DRM-Free Music

      
By Howard Wen

Like all matter in the universe, MPEG-4 files are also made of "atoms" -- it's the term given for the set of nested data that comprises the structure of an MPEG-4 file. Atoms are key to the way the audio and video data within an MPEG-4 file are accessed. They figure in how Apple's digital rights management (DRM) scheme is used to protect music file purchases from its iTunes Music Store. (Apple uses the AAC file format; AAC is the audio layer in MPEG-4 files.) Atoms also factor in how hymn is able to "scrub" protected AAC files of Apple's DRM.

hymn is a decryption program based on the work of Jon Lech Johansen , who first reverse-engineered Apple's DRM scheme (called "FairPlay"). The original author of the hymn code, which he released under the GNU General Public License, has never come forward, and prefers to remain anonymous.

The current maintainer of hymn goes by the handle "FutureProof," who describes himself as "older than 30" and living "someplace where there's a lot of snow outside now" (the below interview with him was conducted in January). By profession, he works as a software engineer. He developed JHymn, a more user-friendly Java implementation of the original command-line version of hymn. His present goals for the project are to improve the JHymn user interface, and the effectiveness of its removing of the FairPlay DRM.

FutureProof spoke with us about the continuing development of hymn/JHymn, and explained what other tricks Apple has up its sleeve to cripple files purchased from the iTunes Music Store that the user has decrypted.

OSDir.com: What have been the recent legal actions, if any, that Apple has tried to take against the hymn project?

FP: Things have been quiet. I'm thinking that hymn has figured less into Apple's latest actions than their efforts against Real's Harmony project, with hymn and its derivatives simply being regarded as collateral damage.

OSDir.com: Basically, how does Apple's DRM for the iTunes Music Store work?

FP: In a protected file, the "mp4a" atom -- part of a standard AAC file -- is replaced by a non-standard, proprietary "drms" atom. This contains the same basic information about a song as the "mp4a" atom, plus the identity of the purchaser and some of the cryptographic information needed to decrypt the music. The actual decryption key needed to decrypt the music is not stored here, however,but merely an indicator as to which key -- among many possible keys -- assigned to a particular user should be used.

Once you have found the needed key, you apply that key, using AES decryption, to the data in the "mdat" atom, which, in an unprotected file, contains all of the raw AAC audio sample data.

Apart from this, there are various atoms added beyond what you'd find in an unprotected AAC file, such as an "apID" atom, which marks music files with the iTunes Music Store ID of the purchaser.

OSDir.com: Does hymn actually decrypt the DRM, or does it technically work another way?

FP: Yes, the music is actually decrypted. Unlike, say, burning a song to a CD and re-ripping it, you don't lose any sound quality when you can access the original data in decrypted form.

OSDir.com: What do you think is the biggest technical weakness of Apple's DRM technology?

FP: The weakness of any DRM scheme: Any encrypted audio or video is worthless until it is decrypted. If you can hear the music, if you can see the picture, you have been given the means to decrypt the once-encrypted information. Whatever your ears can hear and your eyes can see can certainly be recorded again, without encryption, by electronic means.


JHymn is a more user-friendly Java implementation of the original command-line version of hymn. Note the entries listed under "Unwanted atoms" -- these tags are embedded within a protected AAC file and are key to making Apple's FairPlay DRM work.

OSDir.com: As you've been working on hymn, have you learned anything interesting about the DRM technology that Apple uses?

FP: Although I've learned a good deal about the theory of DRM, and a little bit about the particular practice of DRM in Apple's case, I'm not actually much of an expert on the subject to comment on this. Someone else has broken the code; I'm just refining and improving the process. Should Apple update their DRM, it will probably be someone like Jon Lech Johansen who does the heavy lifting to crack it yet again.

OSDir.com: Apple has taken advantage of the fact that hymn does not strip away, by default, the user's own unique ID that is attached to music files that he/she has purchased from the iTunes Music Store. The company uses this information to prevent files which have been "de-DRM'ed" with hymn from being played whenever they release a new version of iTunes. How exactly is it that they have been able to do this whenever they release a new iTunes update?

FP: There's encryption, and then there's "watermarking." It's easier to remove encryption than watermarking. The original author of hymn preferred to leave the user's ID in unlocked files, as a sign that he wasn't promoting piracy. I've been working on removing the watermarking, however, now that I've seen it can, and will, be used against us.

JHymn seems to have done a pretty good job of removing that watermarking, but additional watermarks are cached outside of the protected files themselves, in the iTunes Library database, perhaps on the iPod itself. Watermarking can be much more clever than encryption. Whether Apple implements some of the trickier methods of watermarking is yet to be seen.

At any rate, once DRM has been successfully removed from a file, you do have in your possession at that point a perfectly "valid" AAC file that should play anywhere. Only Apple's software iTunes is going to be looking for Apple's watermarking. You'll still have a file that can be played by any other AAC-compatible software or hardware.

OSDir.com: To clarify, does this mean that a de-DRM'ed file should play on another computer -- but it might not on the computer which was used to originally purchase the music, because of these watermarks that linger on throughout the original computer?

FP: There's a problem where the iTunes database (and possibly your iPod, too) retains some info that a song had had DRM. The end result is kind of like "watermarking," but I don't know if it could be properly called such. This situation prevents you from playing the song with iTunes, or transferring it to your iPod, and only on your own computer.

Actual in-file watermarking (like the "geID" atom that caused problems when iTunes 4.6 came out) would stop your iTunes music from playing on anyone's computer, not just your own, but only via iTunes or QuickTime. Any other AAC decoders or players have no reason to look for Apple's special markings, nor any reason to want to enforce them. The files output by hymn and JHymn are perfectly good AAC files, which should be playable by any player which conforms with the AAC standards.

OSDir.com: Right now, hymn users must scrub out the unique identifiers from their purchased music, so that the files will play under the current version of iTunes. Is there a way that Apple could still prevent such music files from playing?

FP: I think my previous response pretty much answers this question: Yes, by detecting various forms of watermarking that haven't been removed, because we don't know they are there to be removed.

OSDir.com: So have things gotten to a point where a future version of hymn will need to, by default, scrub out the user's ID from the music files?

FP: If Apple decides to use the presence of a user ID as a tool against us, then, yes, removing such information could become a default action.

OSDir.com: What is now the recommended way to de-DRM one's iTunes Music Store song files with hymn/JHymn, in order to avoid the watermarks and other means that Apple recently implemented to prevent de-DRM'ed files from playing?

FP: I'd advise people who haven't updated to iTunes 4.7.1 to hold off for a bit. If they have already updated, or need to (perhaps to use a nice new iPod shuffle), they should use the latest version of JHymn to scrub their files -- not just the files that are still protected, but the files that have already been unprotected by earlier versions of JHymn.

There are still some potential problems until the next version of JHymn comes out, but some helpful (if somewhat tedious) work-arounds exist in the meantime, which are discussed in the hymn-project.org forums. These work-arounds basically involve removing any troublesome song from iTunes and re-adding it to iTunes, or otherwise coaxing iTunes into rebuilding its database, and doing so in a way to preserve as much of your iTunes set-up as possible, like playlists and song ratings.

OSDir.com: What do you have to say in response to those who take issue with hymn? I'm thinking about end users, like iPod/Apple fans, who insist Apple's DRM is "no big deal" and what you're doing is "wrong" -- not the music labels, who obviously don't like things like hymn?

FP: What I say is that all I'm trying to do is get the same flexibility to use my music that I'd have if I purchased a CD and ripped it myself, and that my efforts aid piracy no more than the existence of CDs aid piracy.

You run into problems using third-party products like EyeHome and Squeezebox and losing authorizations when computers break or crash.

As DRM schemes go, Apple's is, I must say, one of the best for end users. But that's like saying "the handcuffs are mighty comfortable handcuffs."

OSDir.com: What are the future plans for hymn? Any new significant developments for the next immediate version?

FP: The biggest thing will be improvements in how the iTunes Music Library gets updated, to help with problems seen due to iTunes 4.7.1.

Beyond that, I have some improved convenience features in mind, and improving the code dealing with conversion to the MP3 format. I imagine that some users will happily choose to accept the loss of a little bit of sound quality due to AAC-to-MP3 conversion, and perhaps the loss of CD artwork, in order to turn their iTunes purchases into a format which should be much safer from further assault by future versions of iTunes and the iPod.

OSDir.com: Do you own an iPod?

FP: "Only" three of them: one that has been relegated to portable hard drive duty; one that lives in my car most of the time for use with my Alpine head unit, which has a nice iPod interface; and a new iPod photo.

Obviously, I rather like my iPods. And my G5 PowerMac. And my G4 PowerBook. And the nearly 900 songs I've purchased via iTunes. Apple should be quite happy to have customers like me.

Perhaps it's just wishful thinking, but I don't imagine Steve Jobs -- not that his desires completely determine what Apple does -- wanting to push too hard on strengthening Apple's DRM. Any such push, if it does come, will likely come from the music industry, not Apple.

Howard Wen is a freelance writer who has contributed frequently to O'Reilly Network and written for Salon.com, Playboy.com, and Wired, among others.

Login/Become a Member! | 16 Comments
Threshold
Comments are owned by the poster. We aren't responsible for their content.
Re: JHymn Goes Behind Atoms and Apple To Bring DRM-Free Music (Score: 0)
by Anonymous on Jan 27, 2005 - 01:47 PM
I wonder how long it will take before unencrypted iTunes music store songs start appearaing on P2P networks? If it does happen, will people have any incentive to buy music online anymore? Maybe we'll be back where we started...

I suppose it's also possible that Apple has included some very obsure watermarking as a contingency plan against this..

Just thinking out loud here...


Re: JHymn Goes Behind Atoms and Apple To Bring DRM-Free Music (Score: 0)
by Anonymous on Jan 28, 2005 - 12:45 PM
Has anyone tried this...

Person YYY purchases Song AAA via iTunes, uses hymm to produce Song file 000
Person ZZZ purchases song AAA via iTunes, uses hymm to produce Song file 111

Compare files 000 & 111, what are the differences.... ?

Would that simple procedure not inform us quickly whether there is any "hidden" watermarking within the actual AAC stream ?


Re: JHymn Goes Behind Atoms and Apple To Bring DRM-Free Music (Score: 0)
by Anonymous on Jan 31, 2005 - 03:11 PM
FP: What I say is that all I'm trying to do is get the same flexibility to use my music that I'd have if I purchased a CD and ripped it myself, and that my efforts aid piracy no more than the existence of CDs aid piracy.


I guess some people don't understand that the copyright owner gets to choose how their property is used. There should be ABSOLUTELY NO EXPECTATION that downloaded music be available to use in the same manner as a CD




Advertise With Us! | Comments are property of their posters.
Copyrighted (c) 2009, but we're happy to let you use what you wish with attribution. OSDir.com
All logos and trademarks are the property of their respective owners.
OSDir is an inevitable website. super tiny logo | Contact | Privacy Policy

Page created in 0.722958 seconds.