Category Archives: DRM

The Men Who Stole the World

A decade ago, four young men changed the way the world works. They did this not with laws or guns or money but with software: they had radical, disruptive ideas, which they turned into code, which they released on the Internet for free. These four men, not one of whom finished college, laid the foundations for much of the digital-media environment we currently inhabit. Then, for all intents and purposes, they vanished.

Full article in TIME

Palm Pre USB hack confirmed

A little birdie provided me with the following:
Palm Pre Video

As I speculated in my previous blog post on Palm Pre Sync and now confirmed by the image above, when the Pre is in “Media Sync” mode it identifies itself as an Apple iPod. However, it’s only the Mass Storage interface that identifies itself as an iPod. The root USB node (IOUSBDevice) still identifies the device as a Palm Pre (not visible in the image above). This means that Apple can very easily update iTunes to block the Pre.

Follow me on Twitter.

Update: that the Pre still works with the new iTunes 8.2 release is not surprising and doesn’t mean much. The news about the Pre’s iTunes support came out on Friday. iTunes 8.2 was released on Monday. Software has release cycles that include QA. There’s simply no way Apple could have made changes to how iTunes identifies an iPod and passed the new build through QA in such a short amount of time.

Syncing music and video to the Palm Pre

Palm Pre video converter
Palm today announced that the Pre will sync seamlessly with iTunes. From the press release on Palm Pre iTunes sync:

Palm media sync is a feature of webOS that synchronizes seamlessly with iTunes, giving you a simple and easy way to transfer DRM-free music, photos and videos to your Palm Pre.(2) Simply connect Pre to your PC or Mac via the USB cable, select “media sync” on the phone, and iTunes will launch on your computer desktop. You can then choose which DRM-free media files to transfer.

Reading about this on blogs I’ve seen two clueless arguments being repeated:

Palm must be doing this in co-operation with Apple.

That must be why in Palm’s demo iTunes says “Syncing iPod” instead of “Syncing Pre” and Palm investor Roger McNamee called Apple a monopolist when Walt Mossberg asked how Apple is going to feel about this.

This is nothing new. RIM and Nokia have been doing iTunes sync for a while.

No, RIM and Nokia have offered their own software which reads the iTunes XML library file and syncs to their devices. That’s nothing like the Palm Pre which identifies itself to a PC as an iPod and syncs with iTunes directly instead of 3rd party software.

The following is worth noting in Palm’s press release:

(2) Compatible with iTunes 8.1.1 on Windows XP/Vista and Mac OS X version 10.3.9-10.5.7

That’s called covering your rear :) Translated from PR-speak we get: “Don’t expect this to necessarily work with iTunes 8.1.2″.

So how is Palm doing this? It’s pretty simple, really. We’ll start with the most basic question that doesn’t even involve the Pre: To a PC, what’s the difference between an iPod and a Kingston memory stick? The iPod has a specific USB Vendor Id that identifies it as being an Apple product and a USB Product Id that identifies it as being a specific iPod model. In addition, the iPod’s filesystem has a specific folder and file structure. Modern iPods also respond to a custom USB command that returns an XML file with information about the device.

So how has Palm most likely enabled the Pre to sync directly with iTunes? By doing the following:

  • When you select “Media Sync” on the Pre, it will switch its USB interface to use Apple’s Vendor Id and the Product Id for a specific iPod model
  • The Pre exposes a filesystem through Mass Storage Class that mimics the structure of an iPod
  • The Pre responds to Apple’s custom USB command and returns XML info about the device

What can Apple do about this? When two parties implement an open standard, there’s usually some differences. In this case, there’s two implementations of a proprietary standard and it’s almost guaranteed that there will be differences. Apple will analyze the Pre and find out what those are. They will then be able to update iTunes to tell a real iPod apart from the “PrePod”.

Oh, and when that happens, be sure to download doubleTwist to sync your music and video to the Palm Pre :)

Follow me on Twitter.

Update: some people are linking to this Apple support article, claiming that’s how the Pre is able to sync with iTunes (of course, these people don’t actually explain the “how” since that would require them to know something about the subject). I didn’t even bother linking to that originally since I thought nobody would be technologically inept enough to use that as an argument: 1) That article has been archived and is no longer updated by Apple, 2) It applies to Mac OS X only, 3) The listed players are over half a decade old, 4) The reason those players were supported was because iTunes included CUSTOM CODE to support those players, 5) The Palm Pre’s iTunes sync capability works without installing any Palm software/plugins, 6) If the Palm Pre was using an iTunes API for 3rd party devices, then iTunes would be identifying the Palm Pre as a Pre, not as an iPod

WWDC 2008

I will be attending WWDC next week. If anyone wants to meet up, send me an email. We are still looking for a full-time Cocoa developer to work out of our San Francisco office.

doubleTwist is a one year old start-up in San Francisco backed by the same people who were behind Skype and Last.FM. Our mission is to simplify the flow of media to a wide range of CE devices and between family and friends. We are looking for a Cocoa developer to join our Mac team and work on the MacOS X version of doubleTwist. The Mac team currently consists of three people.

Requirements:
3+ years of Objective-C and Cocoa experience
A passion for improving the user experience around digital media

Plusses:
Experience with one or more of these APIs: IOKit, QTKit, CoreAudio
Involvement in/contributions to open source projects
Experience with the iPhone SDK

To apply, send your resume to jon at doubletwist.com. If possible, include code samples and/or links to open source projects you’ve contributed to.

Rogue developers

Update: The issue has been resolved. See update at the bottom of the post.

In August 2004, I reverse engineered Apple’s AirTunes protocol and released JustePort, the first non-Apple application to enable streaming to the AirPort Express. Because of my work, Rogue Amoeba was able to develop their $25 AirFoil application – a much more user friendly tool for streaming to the AirPort Express. I didn’t have any problems with this – I released JustePort as open source so that others could build similar applications by learning from my source code. What I did not particularly like though was the product page for Airfoil, claiming “It’s not just for iTunes anymore”. This misleading statement, suggesting that Airfoil was the first tool of its kind and that Rogue Amoeba did the hard work to enable non-Apple streaming to the AirPort Express, has since been removed from the Airfoil product page.

I was reading Rogue Amoeba’s blog today and noticed that they’ve released a Linux version of their Airfoil Speakers application. Airfoil Speakers is a complimentary application to AirFoil that implements the server part of the AirTunes protocol. By installing Airfoil Speakers on a computer (e.g. your home theater PC) you can stream audio to it using Airfoil from another computer. The release of the Linux version of Airfoil Speakers piqued my curiosity so I downloaded it and had a look. It uses .NET and requires mono. I downloaded the Windows version as well and it shares the core with the Linux version.

I ran AirfoilSpeakers.exe (MD5: 82b7ef8c05958ccb6e24289c8b21a27c) from the Windows version through monodis to see if I could find anything interesting. I came across this:

.namespace AirfoilServer.AirTunes
{
.class private auto ansi beforefieldinit Utility
extends [mscorlib]System.Object
{

// method line 853
.method public static hidebysig
default void LeReverse (unsigned int8[] arr, int32 index, int32 length) cil managed
{
// Method begins at RVA 0x104b6
// Code size 16 (0×10)
.maxstack 8
IL_0000: ldsfld bool [mscorlib]System.BitConverter::IsLittleEndian
IL_0005: brfalse.s IL_000f

IL_0007: ldarg.0
IL_0008: ldarg.1
IL_0009: ldarg.2
IL_000a: call void class [mscorlib]System.Array::Reverse(class [mscorlib]System.Array, int32, int32)
IL_000f: ret
} // end of method Utility::LeReverse

// method line 854
.method public static hidebysig
default void LeReverse (unsigned int8[] arr) cil managed
{
// Method begins at RVA 0x104c7
// Code size 11 (0xb)
.maxstack 8
IL_0000: ldarg.0
IL_0001: ldc.i4.0
IL_0002: ldarg.0
IL_0003: ldlen
IL_0004: conv.i4
IL_0005: call void class AirfoilServer.AirTunes.Utility::LeReverse(unsigned int8[], int32, int32)
IL_000a: ret
} // end of method Utility::LeReverse

// method line 855
.method public static hidebysig
default void RijndaelDecrypt (unsigned int8[] Buf, int32 Offset, int32 Count, unsigned int8[] Key, unsigned int8[] IV) cil managed
{
// Method begins at RVA 0x104d4
// Code size 80 (0×50)
.maxstack 5
.locals init (
class [mscorlib]System.Security.Cryptography.Rijndael V_0,
class [mscorlib]System.IO.MemoryStream V_1,
class [mscorlib]System.Security.Cryptography.ICryptoTransform V_2,
class [mscorlib]System.Security.Cryptography.CryptoStream V_3)
IL_0000: call class [mscorlib]System.Security.Cryptography.Rijndael class [mscorlib]System.Security.Cryptography.Rijndael::Create()
IL_0005: stloc.0
IL_0006: ldloc.0
IL_0007: ldc.i4.1
IL_0008: callvirt instance void class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::set_Mode(valuetype [mscorlib]System.Security.Cryptography.CipherMode)
IL_000d: ldloc.0
IL_000e: ldc.i4.1
IL_000f: callvirt instance void class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::set_Padding(valuetype [mscorlib]System.Security.Cryptography.PaddingMode)
IL_0014: newobj instance void class [mscorlib]System.IO.MemoryStream::.ctor()
IL_0019: stloc.1
IL_001a: ldloc.0
IL_001b: ldarg.3
IL_001c: ldarg.s 4
IL_001e: callvirt instance class [mscorlib]System.Security.Cryptography.ICryptoTransform class [mscorlib]System.Security.Cryptography.SymmetricAlgorithm::CreateDecryptor(unsigned int8[], unsigned int8[])
IL_0023: stloc.2
IL_0024: ldloc.1
IL_0025: ldloc.2
IL_0026: ldc.i4.1
IL_0027: newobj instance void class [mscorlib]System.Security.Cryptography.CryptoStream::.ctor(class [mscorlib]System.IO.Stream, class [mscorlib]System.Security.Cryptography.ICryptoTransform, valuetype [mscorlib]System.Security.Cryptography.CryptoStreamMode)
IL_002c: stloc.3
IL_002d: ldloc.3
IL_002e: ldarg.0
IL_002f: ldarg.1
IL_0030: ldarg.2
IL_0031: ldc.i4.s 0×10
IL_0033: div
IL_0034: ldc.i4.s 0×10
IL_0036: mul
IL_0037: callvirt instance void class [mscorlib]System.IO.Stream::Write(unsigned int8[], int32, int32)
IL_003c: ldloc.3
IL_003d: callvirt instance void class [mscorlib]System.IO.Stream::Close()
IL_0042: ldloc.1
IL_0043: callvirt instance unsigned int8[] class [mscorlib]System.IO.MemoryStream::ToArray()
IL_0048: ldarg.0
IL_0049: ldc.i4.0
IL_004a: callvirt instance void class [mscorlib]System.Array::CopyTo(class [mscorlib]System.Array, int32)
IL_004f: ret
} // end of method Utility::RijndaelDecrypt

// method line 856
.method public hidebysig specialname rtspecialname
instance default void .ctor () cil managed
{
// Method begins at RVA 0×10530
// Code size 7 (0×7)
.maxstack 8
IL_0000: ldarg.0
IL_0001: call instance void object::.ctor()
IL_0006: ret
} // end of method Utility::.ctor

} // end of class AirfoilServer.AirTunes.Utility
}

That Utility class looks very familiar. Where have I seen those exact functions before? Oh, that’s right, it’s the Utility class licensed under the GPL from my DeDRMS and SharpMusique source code packages.

I can’t say I’m surprised. GPL’ed code is frequently used in violation of the license. MacTheRipper, a popular DVD ripper for MacOS X, has been violating the GPL for years by using libdvdcss and refusing to release the source code.

I’m not going to be too hard on Rogue Amoeba though. Unlike many Mac users, they are against closed platforms. See their blog post about the iPhone SDK as well as the future of code signing in MacOS X.

Update: Quentin from Rogue Amoeba got in touch via email. The code ended up in Airfoil Speakers due to an honest mistake. Quentin writes:

We use a lot of open source software in our products, could not make them as good as we do without it in fact. And as such, we do our best to make sure the licenses are followed. All our commercial software is GPL-free, some use LGPL’ed libraries, and some BSD/MIT code in places. We try to make sure all the code we use is correctly acknowledged, and give back when we can (http://rogueamoeba.com/sources/, www.rogueamoeba.com/utm/2008/01/12/perian-is-awesome/).

So we’ve put together Utility.cs-less versions of Airfoil Speakers to fix our GPL compliance. The Linux version we are pushing out immediately (it’s still in beta technically) here: http://bigblueamoeba.com/tmp/airfoilspeakerslinux/. The Windows version will be officially pushed out this week after testing, but is available right now here: http://bigblueamoeba.com/tmp/airfoilspeakerswindows/

Thanks Quentin!

iPhone SDK

“Phones will only run apps signed by Apple. It also applies FairPlay to the package.”

Deric Horn, Apple Inc.

The SDK does look impressive. Hopefully CoreData will get added at some point.

Update: I knew it was too good to be true. From the iPhone HIG:

Only one iPhone application can run at a time, and third-party applications never run in the background. This means that when users switch to another application, answer the phone, or check their email, the application they were using quits. (p. 16)

So much for showing off AIM at the launch event as an example of what you can do with the SDK. Unless you’re someone like AOL, you’re not going to be writing any useful social clients for the iPhone. Oh, and this makes the Kleiner Perkins iFund look even more of a joke than their Java fund a decade ago.

doubleTwist desktop has launched

After a lot of hard work, we’ve finally released doubleTwist desktop. The goal of doubleTwist is to simplify the flow of media across devices and social networks. To give an example: say you shot a video with your Nokia N95 cellphone. How do you send that video to your friend and make sure he’ll be able to play it on his iPod or Sony PSP? Yesterday, the easiest solution was to give up. As of today, the answer is doubleTwist. With doubleTwist, you’ll be able to share and sync digital media without worrying about codecs and bitrates.

Download doubleTwist and send us your feedback! If you are a developer and want to add support for a new device, check out our developers page.

Think Closed

I was expecting that the iPhone firmware update would simply relock unlocked iPhones so that they could only be used with AT&T. I was wrong. As you may know by now, after an unlocked iPhone has been upgraded with the 1.1.1 firmware it will refuse to activate with any SIM. The technical evidence so far indicates that this was intentional by Apple. Although the iPhone is still alive, it’s completely useless. It’s essentially a brick.

Has Nokia or Sony Ericsson ever bricked or refused service on an unlocked phone? Not that I’ve heard of, and if they did, they would have been quickly sued in several countries where consumer rights are more strongly protected.

Did Sony ever brick PSPs over homebrew software? Did Microsoft ever overwrite someone’s BIOS with garbage because they detected an illegitimate Windows installation?

In light of other things Apple has done lately, such as adding an encrypted hash to the iPod database to lock out non-Apple software and disabling TV-out on the iPod unless the 3rd party accessory you’re using has an Apple authentication chip, it’s evident that Apple is well on its way to become one of the most consumer hostile tech companies.

When Steve Jobs claimed the iPhone was 5 years ahead of every other phone, was he talking about the iPhone’s revolutionary handcuffs?

In a world where open technologies are increasingly becoming the norm, Apple’s way of Thinking Different means marching in the opposite direction.

Update: According to the iPhone Dev Wiki, there is now a method for downgrading from 1.1.1 to 1.0.2 to revive your iPhone. There’s even a tutorial on YouTube.

Apple FUD about iPhone unlocking

Apple issued a FUD-filled press release yesterday about iPhone unlocking. A poster over at Ars, Quitch, offers this view:

So either Apple is intentionally bricking the phone, or their engineers haven’t heard of checksums.

Oh this is a hard one…

Apple’s claim that “unlocking programs available on the Internet cause irreparable damage to the iPhone’s software” is a blatant lie if you use the common sense definition of damage. Apple, of course, is using a different definition of damage: any change to the iPhone software that Apple doesn’t like is considered damage.

In any case, I doubt Apple has intentionally engineered the update to brick any iPhones. According to the iPhone Dev Team, there have been several hundred thousand downloads of the iPhone unlocking software. There’s no way of knowing exactly how many people have actually unlocked their iPhones, but I estimate it’s tens of thousands. Imagine the PR fallout from the iPhone price drop. Now double that… and mix in some lawsuits.

The only way Apple could unintentionally brick any iPhones is if they’re doing a diff patch of the baseband firmware without verifying that the original firmware hasn’t been modified. I doubt they’re doing a diff patch, but we’ll find out later this week when Apple releases the update.

As for the “you’ve modified the sacred firmware!” argument that’s being parroted around by some people, tx2tn over at Ars nails it:

As far as the “you changed the firmware” issues. That’s a load of crap. Yeah, you changed the firmware. So what? There is no great universal mystery about firmware. It’s just code, and under almost any other circumstances (translation – the rest of the world outside of Apple), can be reloaded to just start over. If it can be changed to be hacked, it can be changed to be reset back to normal.

Firmware is not magic.

Update: The iPhone software 1.1.1 update is out. According to early reports an unlocked iPhone will revert to being locked and inactivated with no way to reactivate with any SIM. The update also wipes out 3rd party applications.