Category Archives: DRM

Apple FUD about iPhone unlocking

Apple issued a FUD-filled press release yesterday about iPhone unlocking. A poster over at Ars, Quitch, offers this view:

So either Apple is intentionally bricking the phone, or their engineers haven’t heard of checksums.

Oh this is a hard one…

Apple’s claim that “unlocking programs available on the Internet cause irreparable damage to the iPhone’s software” is a blatant lie if you use the common sense definition of damage. Apple, of course, is using a different definition of damage: any change to the iPhone software that Apple doesn’t like is considered damage.

In any case, I doubt Apple has intentionally engineered the update to brick any iPhones. According to the iPhone Dev Team, there have been several hundred thousand downloads of the iPhone unlocking software. There’s no way of knowing exactly how many people have actually unlocked their iPhones, but I estimate it’s tens of thousands. Imagine the PR fallout from the iPhone price drop. Now double that… and mix in some lawsuits.

The only way Apple could unintentionally brick any iPhones is if they’re doing a diff patch of the baseband firmware without verifying that the original firmware hasn’t been modified. I doubt they’re doing a diff patch, but we’ll find out later this week when Apple releases the update.

As for the “you’ve modified the sacred firmware!” argument that’s being parroted around by some people, tx2tn over at Ars nails it:

As far as the “you changed the firmware” issues. That’s a load of crap. Yeah, you changed the firmware. So what? There is no great universal mystery about firmware. It’s just code, and under almost any other circumstances (translation – the rest of the world outside of Apple), can be reloaded to just start over. If it can be changed to be hacked, it can be changed to be reset back to normal.

Firmware is not magic.

Update: The iPhone software 1.1.1 update is out. According to early reports an unlocked iPhone will revert to being locked and inactivated with no way to reactivate with any SIM. The update also wipes out 3rd party applications.

iPhone Independence Day

I’ve found a way to activate a brand new unactivated iPhone without giving any of your money or personal information to NSA AT&T. The iPhone does not have phone capability, but the iPod and WiFi work. Stay tuned!

Update:

Magic iTunes 7.3.0.54 numbers:

Offset 2048912: 33C0C3

Offset 257074: 28

Offset 257013: 33C9B1

Add “127.0.0.1 albert.apple.com” to c:windowssystem32driversetchosts

Download Phone Activation Server v1.0 to activate your iPhone for iPod+WiFi use. Note that this application will not do anything unless you understand the magic numbers as well as add the hosts entry. Phone Activation Server (PAS) requires that you have the MS .NET Framework 2.0 installed.

Download PAS v1.0 Source Code.

Unbricking the iPhone

I’ve been playing with a friend’s iPhone to see how the activation process works (there are people who want an iPhone to use it as an iPod and WiFi device without having to enter into a 2-year AT&T contract).

The following pieces of information are used to activate an iPhone:

Unfortunately, the activation data is cryptographically signed. The following certificate (“Apple iPhone Activation”, issued by “Apple iPhone Certification Authority”) is used to verify the signature:

-----BEGIN CERTIFICATE-----
MIIDZzCCAk+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJVUzET
MBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlv
biBBdXRob3JpdHkxLTArBgNVBAMTJEFwcGxlIGlQaG9uZSBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTAeFw0wNzA0MTYyMjU1MDJaFw0xNDA0MTYyMjU1MDJaMFsxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQKEwpBcHBsZSBJbmMuMRUwEwYDVQQLEwxBcHBsZSBp
UGhvbmUxIDAeBgNVBAMTF0FwcGxlIGlQaG9uZSBBY3RpdmF0aW9uMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDFAXzRImArmoiHfbS2oPcqAfbEv0d1jk7GbnX7
+4YUlyIfprzBVdlmz2JHYv1+04IzJtL7cL97UI7fk0i0OMY0al8a+JPQa4Ug611T
bqEt+njAmAkge3HXWDBdAXD9MhkC7T/9o77zOQ1oli4cUdzlnYWfzmW0PduOxuve
AeYY4wIDAQABo4GbMIGYMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMB0G
A1UdDgQWBBShoNL+t7Rz/psUaq/NPXNPH+/WlDAfBgNVHSMEGDAWgBTnNCouIt45
YGu0lM53g2EvMaB8NTA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vd3d3LmFwcGxl
LmNvbS9hcHBsZWNhL2lwaG9uZS5jcmwwDQYJKoZIhvcNAQEFBQADggEBAF9qmrUN
dA+FROYGP7pWcYTAK+pLyOf9zOaE7aeVI885V8Y/BKHhlwAo+zEkiOU3FbEPCS9V
tS18ZBcwD/+d5ZQTMFknhcUJwdPqqjnm9LqTfH/x4pw8ONHRDzxHdp96gOV3A4+8
abkoASfcYqvIRypXnbur3bRRhTzAs4VILS6jTyFYymZeSewtBubmmigo1kCQiZGc
76c5feDAyHb2bzEqtvx3WprljtS46QT5CR6YelinZnio32jAzRYTxtS6r3JsvZDi
J07+EHcmfGdpxwgO+7btW1pFar0ZjF9/jYKKnOYNyvCrwszhafbSYwzAG5EJoXFB
4d+piWHUDcPxtcc=
-----END CERTIFICATE-----

C# developer needed at DoubleTwist

We have an opening for an experienced C# developer at DoubleTwist:

  • Should have 5+ years experience in software development
  • Should have 3+ years of experience with .NET, C# and web services
  • Should have a degree in Computer Science or related field
  • Experience developing digital media applications is a plus
  • Experience with .NET under Linux (Mono) is a plus
  • You will be tasked with working on both our client software as well as server backend code. Besides coding, you will be responsible for assisting with documentation, building test plans, debugging software, providing design input, and helping in every way to ensure the successful rollout of each phase of the project.

    Location: San Francisco

    If you are interested, send us your résumé. If you know of someone who might be interested, please forward this to them.

    Monkeys needed at DoubleTwist

    Photo by Tetsuro MatsuzawaIf breaking down proprietary barriers and empowering consumers sounds like your cup of tea, send us your résumé. If you know of someone who might be interested, please forward this to them.

    Opening: Reverse Engineering Monkey
    We’re looking for a code monkey to work on our DRM interoperability technology. Must possess strong skills in the areas of cryptography, reverse engineering, AJAX, code disassembly, code protection/obfuscation and software optimization. Experience domesticating penguins and eating apples is a plus.

    Required skills include C, C++, x86 ASM, DRM and Windows APIs. Strong mathematical knowledge of algorithm analysis and implementation is desired. Minimum of 3 years of directly related experience.

    Your favorite number is 0x90.

    Location: Antarctica or your home country.

    Opening: Senior Software Monkey
    We’re looking for a senior code monkey to work on our audio/video products. Must have strong experience designing, implementing, debugging and optimizing userland applications. Multi-platform experience is desired.

    Required skills include C, C++, C# and Windows APIs. Requirements include strong experience with current digital audio/video technology (MPEG4, H264 and AAC). Minimum of 5 years of directly related experience.

    Location: San Francisco or Norway.

    EMI goes DRM-free at higher pricepoint

    EMI has been rumored for months to start licensing DRM-free tracks at a higher pricepoint. From today’s press release:

    London, 2 April 2007 — EMI Music today announced that it is launching new premium downloads for retail on a global basis, making all of its digital repertoire available at a much higher sound quality than existing downloads and free of digital rights management (DRM) restrictions.

    Apple’s iTunes Store (www.itunes.com) is the first online music store to receive EMI’s new premium downloads. Apple has announced that iTunes will make individual AAC format tracks available from EMI artists at twice the sound quality of existing downloads, with their DRM removed, at a price of $1.29/€1.29/£0.99. iTunes wil continue to offer consumers the ability to pay $0.99/€0.99/£0.79 for standard sound quality tracks with DRM still applied. Complete albums from EMI Music artists purchased on the iTunes Store will automatically be sold at the higher sound quality and DRM-free, with no change in the price. Consumers who have already purchased standard tracks or albums with DRM will be able to upgrade their digital music for $0.30/€0.30/£0.20 per track. All EMI music videos will also be available on the iTunes Store DRM-free with no change in price.

    When people a while ago requested that Apple start selling DRM-free content from independent labels, some Apple fans argued that Apple couldn’t do this because it would break consistency in iTunes and create consumer confusion. Now Apple is going to be selling some DRM-free music at a higher price point. So much for the consistency and confusion argument! It will be interesting to see how this offering will be branded in the iTunes Store (DRM-free or “Higher Quality”?).

    EMI is the smallest of the four major record labels and is in the worst financial shape. More conservative labels such as Universal and Sony BMG are unfortunately not likely to follow anytime soon.

    Will Steve Jobs follow up with “Thoughts on Movies”? Highly unlikely, although the thought of a Disney director calling for an end to video DRM is entertaining! Steve’s main argument in “Thoughts on Music” was that CDs don’t have DRM. The studios have always insisted on copy protection (Macrovision, CSS, AACS) and that’s not likely to change in our digital lifetime. Perhaps Steve will start drafting another manifesto after the Apple TV has 90% market share 😉

    Update: Steve’s Thoughts on Movies during the webcast:

    Q: I take it then that you are going to be advocating the removal of the DRM of the videos you sell on iTunes. Any particular [inaudible] you could do that now with Disney given your involvement with the Disney company?

    A: You know, video, uh… I knew I’d get that question today. Video is pretty different than music right now because the video industry does not distribute 90 percent of their content DRM free; never has, and so I think they are in a pretty different situation and so I wouldn’t hold the two in parallel at all.

    DAAP Licensing

    DAAP (Digital Audio Access Protocol) is a protocol defined by Apple and used for iTunes streaming. Apple has licensed the DAAP protocol to at least one company: Roku. Their SoundBridge product is a networked music player that streams music from your computer. Thanks to Bonjour and DAAP the SoundBridge can stream music from an iTunes library without any configuration necessary.

    The first version of DAAP was reverse engineered. In response, Apple added hashing of secret values to the next version of DAAP to block non-iTunes clients from connecting to the new version of iTunes. The new version of DAAP was also reverse engineered.

    When Apple released iTunes 7 last September, they changed the secret hashing. You would think they would have informed their DAAP licensees of this in advance and provided them with updated DAAP documentation (they wouldn’t need to reveal the release date of the new iTunes version).

    Not so.

    According to this forum post by Roku’s Mike Kobb they were not given advance notice, let alone any updated documentation. It appears that it took Apple several weeks to supply Roku with updated DAAP documentation.

    In light of this, it is not surprising that Steve Jobs is claiming that licensing FairPlay is not feasible and using bogus arguments to support his claim. Licensing FairPlay is quite feasible, it’s just that Steve doesn’t want to do so. Of course, from a business perspective I don’t mind 😉

    I knew last year that Apple had licensed DAAP to Roku, but I didn’t learn until today that Apple had stabbed Roku in the back. Thanks to snorp (developer of ipod-sharp and other cool code) for pointing this out to me.

    Steve on licensing FairPlay

    This is the 3rd and last post about Steve’s “Thoughts on Music:)

    However, a key provision of our agreements with the music companies is that if our DRM system is compromised and their music becomes playable on unauthorized devices, we have only a small number of weeks to fix the problem or they can withdraw their entire music catalog from our iTunes store.

    The most serious problem is that licensing a DRM involves disclosing some of its secrets to many people in many companies, and history tells us that inevitably these secrets will leak.

    Apple has concluded that if it licenses FairPlay to others, it can no longer guarantee to protect the music it licenses from the big four music companies. Perhaps this same conclusion contributed to Microsoft’s recent decision to switch their emphasis from an “open” model of licensing their DRM to others to a “closed” model of offering a proprietary music store, proprietary jukebox software and proprietary players.

    Let’s look at the real world outside the Reality Distortion Field:

  • Microsoft’s Windows Media DRM 10 (marketing name PlaysForSure) has not had more security breaches than FairPlay despite the fact that it has been licensed to dozens of companies.
  • Microsoft’s decision to make the Zune DRM a closed system was a business decision and had nothing to do with DRM security. PlaysForSure is still in the market place and will be for the foreseeable future. Content owners are still authorizing content to be sold with PlaysForSure. In fact, WalMart launched a new movie download store (don’t click the link if you’re using Firefox unless you’re into abstract art) using PlaysForSure today.
  • Steve’s misleading statistics

    In his article “Thoughts on Music” Steve Jobs argues that people are not really locked into the iPod.

    Through the end of 2006, customers purchased a total of 90 million iPods and 2 billion songs from the iTunes store. On average, that’s 22 songs purchased from the iTunes store for each iPod ever sold.

    Its hard to believe that just 3% of the music on the average iPod is enough to lock users into buying only iPods in the future. And since 97% of the music on the average iPod was not purchased from the iTunes store, iPod users are clearly not locked into the iTunes store to acquire their music.

    Yes, hard to believe, until you realize that Steve is using misleading statistics. There may be 90 million iPods sold, but not all of them are currently in use. Furthermore, it’s the number of iTunes Store customers and average sales per customer that’s relevant, and Apple has never disclosed these figures.

    Many iPod owners have never bought anything from the iTunes Store. Some have bought hundreds of songs. Some have bought thousands. At the 2004 Macworld Expo, Steve revealed that one customer had bought $29,500 worth of music.

    If you’ve only bought 10 songs, the lock-in is obviously not very strong. However, if you’ve bought 100 songs ($99), 10 TV-shows ($19.90) and 5 movies ($49.95), you’ll think twice about upgrading to a non-Apple portable player or set-top box. In effect, it’s the customers who would be the most valuable to an Apple competitor that get locked in. The kind of customers who would spend $300 on a set-top box.