Aaron Swartz gives an excellent in-depth explanation of how the iTunes Music Store and Freeplay (the Digital Restrictions Management technology used to protect iTMS files) work here.
Here's the Fairplay part, and the simple procedure for doing a phantom authorization of a system:
The iTunes client hashes some system information to get a unique ID for the computer. It sends this hash to the iTunes server. If it doesn't already have three hashes, the iTunes server attaches this hash to the user's account and sends back the account's decryption key. The key is stored in iTunes's SC Info file, encrypted using the hash (so the file cannot be moved to another computer).When you go to play a song, iTunes simply hashes the information together, uses this to decrypt the SC Info file and retrieve the key, and uses the key to decrypt and play the song.
(The hash is MD5 and the song encryption is AES.)
When you place an encrypted song on an iPod, it decrypts the SC Info file, reencrypts it using the hash of the iPod's info, and copies the resulting SC Info file to the iPod.
Deauthorization simply runs the process backwards: the hash is sent to Apple, Apple removes it from their list, and the SC Info file on the local machine is deleted.
This leads to a hole in the system which allows you to authorize as many computers as you want: authorize the computer, make a backup of the SC Info file, deauthorize the computer, replace the SC Info file with the backup. Now the computer thinks it's authorized to play songs, but the store thinks it isn't (and thus allows you to authorize other computers).
Excellent detective work, Aaron. FYI, the SC Info file is found in /Users/Shared/SC Info/SC Info.sidb in case you don't feel like searching for it. It's hidden in Finder of course, but you can see it from the command line.
Standard disclaimer applies. This shouldn't be used as a way of allowing an unlimited number of machines to play your .m4p's. but is a good way to extend your fair use rights so you're not limited to playing the music on only 3 of your systems. =)
Posted by Kevin Railsback at April 4, 2004 04:58 PM | TrackBack