Apple Hacking commences

First Minutes of iTunes 4

There are lots of Macs in my office and everyone is furiously downloading iTunes 4 to check out the new software as well as the music store.

I’ve only tinkered with the store briefly… what has been fascinating is watching the playlists of co-workers appear in my shared music folder. Wow. Until this morning, I thought I had a lot of MP3s on my machine… Damn.

Currently, I have shared list on shuffle. I’m listening to country western — I do not, in fact, like country western music. I think I’ll keep running total of the size (by number of songs) of each of the libraries which show up:

516 (mine), 1990, 3211, 7, 486, 311, 240, 987, 2111, 135…

[Update]: Just noticed that iTunes maxes out the number of folks who can stream from your music @ 5. It’s unclear whether this is a performance check or ‘we don’t want you to be a radio station’ check. A quick examination via top revealed nothing interesting about the machine currently stream for five folks.

… the ads are up.

Feature request: Now that I know five people are listening to music on my machine, I’d really like to know what they’re listening to. Hacking commences…

… First test of the iTune music library. I was looking for one song off the Moulin Rouge soundtrack. Not available — none of the album. Anyone know whether 200k songs is a lot or a little?

… My first run-in with the copyright infringement. I was randomly playing songs from someone’s else playfilist when I received the dialog “This computer is not authorized to play “Insert song here”. It asked for my .Mac account which I submitted. I was then presented with several pages of account verification forms which finished with a request for credit card information. HERE’S THE CONFUSING PART: Was I about to be billed for the song which was RANDOMLY being played or I was I just authorizing my Mac to listen to the song? If it was just authorization, why was I being asked for credit card information?

[(Not) Last Update]: The part of the iTunes story which is compelling is the licensing terms w/ the content. “ can play your music on up to three computers, enjoy unlimited synching with your iPods, burn unlimited CDs of individual songs, and burn unchanged playlists up to 10 times each.” These are, by far, the best terms you can get for a music service. The big question is how are they enforcing playing music on three machines? I understand that as long as you’re in iTunes they can enforce the terms as they control a player, but is there anything preventing me from pushing a purchased MP3 to a PC? To a Mac using a different player? Is there any attempt at digital rights management?

[File Sharing Update]: iTunes 4 listens on port 3689 for file sharing requests (FYI: if you’re behind a firewall, you need to open this up in order to share) That port appears to be serving HTTP — I’m currently TCPDUMPing to see if I can slap together some Perl to watch what people are listening to on my machine.

… Continued hacking on port 3689. Rough conclusions… DAAP server = Digital Audio Access Control = Apple’s DRM solution? Further investigation leads us to believe DAAP is related to the Rendezvous technology. MOVE ALONG. NOTHING TO SEE HERE.

Doesn’t iTunes require Quicktime? Perhaps the file sharing is based on Quicktime streaming server? Perhaps there is documentation on the developer network?

… MacRumors posted a nice summary of the DRM in iTunes 4.

… How to create links to the iTunes store

16 Responses

  1. Floid 21 years ago

    Thanks, Apple. I’m never going to hear the end of this.

    Strangely, I’ve got that fat bastard’s hairstyle.

  2. eli sarver 21 years ago

    1st thing I did with itunes: went into preferences and disabled the music store.

    1st thing I did with my sattelite dish: threw out the telephone cable used for Pay-Per-View.

  3. i’m not sure what happens if you throw the AAC files onto a PC, but i did notice that the little Finder preview ( in column view ) would playback my purchased songs, and the file comment said “Protected.” I then copied my files to my iBook from the PowerMac and they played, although my iTunes was logged in as the same username.

    fwiw, i’m pretty into digging through the Store and finding those single tracks from yesteryear and only having to pay $.99 instead of 20 bucks for some sh*tty Greatest Hits album for one track.

  4. Sad Throbber 21 years ago

    Those ads were enough to make me want to kill. Fat guys singing bad 70s songs badly, gay little white kids dancing to Sir Mix a Lot. That’s how you sell a crappy service.

  5. A friend of mine purchased a track and I copied it to my machine over the network. Then I disconnected my Mac from the internet by pulling the ethernet plug and tried to play the track.

    It said I was not authorized to play it, and would I like to authorize it. My friend entered his account name & password to authorize, after which we got a dialog that the Music Store could not be contacted.

    SO… if you have an unauthorized AAC, you must have a network connection to authorize. This is how they track the three machines.

    I believe once the track has been authorized, you no longer have to be connected to the net to play it. We didn’t actually test this, now that I think about it, but I highly doubt it goes out on the net every time you play one of the purchased files.

    My biggest concern is can I “bulk authorize” tracks if I, say, buy a new Mac and need to transfer a few hundred tracks to it?

  6. Stonewall Jackson 21 years ago


  7. zsazs 21 years ago

    Anyone want to take bets for when this’ll get hacked? As in, when they’ll defeat the DRM.

  8. i later copied a bunch of tracks to the ibook and they all worked without additional authorization. so its not something on a file by file basis is my guess, it authorizes the computer, not the track. my guess is that the file gets your data jammed into it as it downloads, which ties it to you.

    also, in QT Pro, Export is disabled for these tracks, so if you Save As… you notice that the soundtrack is still protected, you’re not recompressing the file. the first bummer i’ve noticed is that even with the new QT, FCP 3 won’t import the AAC files.

  9. Eli Sarver 21 years ago

    Actually, people have already been able to take the tracks into quicktime pro, “save as…” to AAC and play back without any ‘protected’ flags.

    I haven’t tried this myself, since I only have my own audio. I’ve just started re-ripping all of my albums, though, since this now supports AAC. AAC 128 sounds better than VBR –r3mix LAME MP3s to me.

  10. Geoffrey Gallaway 21 years ago

    I’m also trying to reverse engineer the iTunes sharing protocol so I can have a linux box share its collection. At first glance it doesn’t seem trivial. It looks like if you share your music collection iTunes enables a built-in web server that runs on port 3689. This web server is complete with HTTP basic authentication and gzip support. For instance, telnet to localhost on port 3689 and try “GET /content-codes HTTP/1.0” and you’ll get a listing.

    From what I understand the first real connection goes something like this: Your iTunes client connects to an iTunes server and says “Tell me what you know about the songs you have” and the iTunes server responds with a list of the properties for each song. For instance “daap.songcomposer” and “dmap.listingitem” and then it gives a key to map that property to such as “ascpmcna” for the composer.

    The problem I’m having is decoding the content and finding the field delimiters.

    Feel free to email me at the provided address ([email protected]), I’d love to have someone to work with on this.


  11. I go to college. Normally to steal each others’ music we have to go into the semi-clunky OS X appletalk file server interface and look for people kind enough to properly allow guest access. It can be useful, but it’s time consuming and painful — especially so because I know so many people have iTunes as this is still hugely a macintosh campus.

    Then I saw a friend of mine with iTunes 4, showing me how other peoples’ music automatically showed up — and you couldn’t copy it, but you could listen to it all damn day on the permanent college connection. I shat my pants. Here it is.. not napster, but good enough when you’re at college and better in some respects (automatically finding new music really easily, plus the fact that, as my friend said, it made him want to buy many of the albums other people had so he could listen when their computers were off). I figured it could still be circumvented by going to the people who owned the computers and transferring the files manually, but that’s good for us and bad for ‘the man’.

    So of course I ran home and installed iTunes 4. And of course it works, but, yes, the sharing functions require Jaguar.

    FUCK YOU, APPLE. Fuck you for making me buy upgrades for a computer I bought less than a year ago. But good work in making the upgrades ‘this makes your computer extra awesome’ rather than ‘this makes your computer perform basic functions’.

  12. just over 500 tracks?


    I’ve got a shade under 3000, and that’s with a handful of unripped CDs still left in my binder.

    after I download all my album covers from amazon, i’ll crank the total up to about 3100.

  13. Slightly longer (and earlier) discussion of itms:// links to the store.

  14. Eli Sarver 21 years ago

    Slightly more whorish link to my own stuff about itunes:

  15. Locke 21 years ago

    I was just reading and was wondering what some of you guys who actually use iTines think of the opinion this rather (seemingly)jaded individual. I have yet to use iTunes, as I’m a PC user via budget constraints.

  16. When you download tracks off of the music store, you can burn the playlist 10 times to cd. Burn a disc and then re-rip the tracks off of the disc. Protection free my friend. costs a disc tho 🙁