zal91

Apple DRM Hack

25 posts in this topic

I wrote an article on how to remove the protections from apps bought from the appstore.

There are probably loads of mistakes, but I don't care. I was just trying to get the info out.

http://zephleggett.com/?p=9

0

Share this post


Link to post
Share on other sites

I do not use a mac, but the concept looks quite good. I'm not surprised this works. I think you should add this to docdroppers.org.

One comment:

After that you must change the cryptid to 0; this is usually found around 0×800.

I guess you just open the file in your hex editor and search for a number around 0x800 that is the cryptid given by otool. I don't know about otool, but can it also write to the file? If not, are there tools available that can do it? If there is no tool available, maybe you could provide a link to documentation about how a mach binary header is structured. This is not necessary, but would be good for completion.

Another thought, I'm wondering if this could be used for iPod games that you can buy from the apple store. Hum... probably not, as I don't think we can ssh to an iPod.

For music bought through iTunes, it is as simple as burning a CD with the DRM-enabled music, and then ripping the CD to another format without DRM.

Good job :voteyes:

Edited by Aghaster
0

Share this post


Link to post
Share on other sites

Thanks Aghaster, it's nice to see positive input from an intelligent person. otool can't write to a file, you just have to change a value with a hex editor.

Kind of off-topic, but there is a nice app that strips DRM from music. It is written in Java and it is cross platform. It will losslessy strip DRM from iTunes Store music files in seconds. The name of it is "Requiem", I'm sure you can find it with a little Googling. It works by exploiting a mechanism QuickTime uses to play encrypted files.

Edited by Zeph
0

Share this post


Link to post
Share on other sites
Thanks Aghaster, it's nice to see positive input from an intelligent person. otool can't write to a file, you just have to change a value with a hex editor.

Kind of off-topic, but there is a nice app that strips DRM from music. It is written in Java and it is cross platform. It will losslessy strip DRM from iTunes Store music files in seconds. The name of it is "Requiem", I'm sure you can find it with a little Googling. It works by exploiting a mechanism QuickTime uses to play encrypted files.

Great thing to know, I thought those tools worked until a certain version of iTunes, at least the tool written by the same guy who wrote DeCSS. I think we should add a "Removing Apple DRM" article to docdroppers, for all information concerning that.

Also, someone made a funny comment on your blog:

pytey on July 27th, 2008

take it down man, not cool, will bring major heat.

0

Share this post


Link to post
Share on other sites

Yeah, it is also funny that pytey is a respected member of the iPhone-Dev Team.

0

Share this post


Link to post
Share on other sites

Honestly, I wouldn't have posted it publicly either. This is something that should have been kept relatively private for at least a little while as well as the fact that there are possibly some major legal concerns depending on how trigger happy apple is going to be about it.

0

Share this post


Link to post
Share on other sites
Honestly, I wouldn't have posted it publicly either. This is something that should have been kept relatively private for at least a little while as well as the fact that there are possibly some major legal concerns depending on how trigger happy apple is going to be about it.

Even if this works, it is quite simple, I can't imagine that Zeph is the first one to figure this out (no offense). This was probably brought by other people two. The idea of dumping memory of a running program in order to bypass the encryption is not new, I've seen that being used for unpacking programs packed with codeveil.

*maybe* this could bring some heat, but I don't think it is the most crucial revelation of "secrets" ever.

Edited by Aghaster
0

Share this post


Link to post
Share on other sites

Yeah, people high up (iPhone Dev-Team Hackers), are giving me loads of crap.

Edited by Zeph
0

Share this post


Link to post
Share on other sites

Of course the idea isn't new. But this seems to be the first public example of using it to decrypt iPhone apps. Apple has a history of going after people to stop them from doing anything that they don't like. I just wouldn't want to see you get sued over it whether or not they can win there are still a ton of legal fees and time that would go into a law suite. It's a cool hack, but something I would have kept down low, The thing about a lot of the homebrew devs for various platforms are that they are usually against releasing hacks to enable piracy because they don't want the company to shut them down or come after them.

0

Share this post


Link to post
Share on other sites

Part of me didn't want to release it and part of me did. I don't want apple to come down on the modifications, but I also think people should have the knowledge. The process for decrypting it isn't something your average Joe would be looking for anyway.

0

Share this post


Link to post
Share on other sites

On a relatively related side-note, this all works because of one thing: ptrace. I love ptrace, such a powerful tool.

0

Share this post


Link to post
Share on other sites

Well, I was DMCA'd rather fast.

0

Share this post


Link to post
Share on other sites
Well, I was DMCA'd rather fast.

Wow, lame.. even more so that you actually took the site down. ;)

America sucks, etc.. etc..

0

Share this post


Link to post
Share on other sites

I didn't take the site down, my host did. Want to host it?

0

Share this post


Link to post
Share on other sites

Zeph can you post the article?

0

Share this post


Link to post
Share on other sites
Well, I was DMCA'd rather fast.

Wow, lame.. even more so that you actually took the site down. ;)

America sucks, etc.. etc..

For sure the government sucks.

Wonder if you can get web hosting in China. I'm sure they don't care about the DMCA :)

0

Share this post


Link to post
Share on other sites

Well, I finally got my site up with help from Drake Anubis. He had a cool idea just to add some blur to the post instead of completely removing it.

http://zephleggett.com/

0

Share this post


Link to post
Share on other sites

Can't see your articles there... :(

Again DMCA....................

hmm............

0

Share this post


Link to post
Share on other sites
Well, I finally got my site up with help from Drake Anubis. He had a cool idea just to add some blur to the post instead of completely removing it.

http://zephleggett.com/

That's not cool, that's DMCA advocation... delete the article or post it again, you have options... what you did is not one, fix it.. now. ;)

0

Share this post


Link to post
Share on other sites
Well, I finally got my site up with help from Drake Anubis. He had a cool idea just to add some blur to the post instead of completely removing it.

http://zephleggett.com/

That's not cool, that's DMCA advocation... delete the article or post it again, you have options... what you did is not one, fix it.. now. ;)

Maybe you like being sued, but most of us don't.

0

Share this post


Link to post
Share on other sites

You could try Baywords. They're run by the owners of The Pirate Bay.

Is it a suable offense anyways? Digg seems to have gotten away with something similar

0

Share this post


Link to post
Share on other sites

I just don't want to deal with it. I have some hook-ups to offshore servers now. Next time I have a questionable hack I'll just post it there.

0

Share this post


Link to post
Share on other sites
Well, I was DMCA'd rather fast.

No, actually, I was DMCA'd rather fast. <_<

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now