I just finished writing Behind the iTunes Music Store: A Technical Description of iTMS and FairPlay. As you might guess, it explains how the iTunes Music Store works, including the only human-readable description of how FairPlay, Apple’s DRM system, works. Get it before the government does!

Comments, corrections, and additions are appreciated. Also, I’m looking for a way to intercept and decrypt SSL traffic.

posted March 29, 2004 04:20 PM (Technology) (2 comments) #


President Bush: Why Can’t He Stop Lying?
Shorter Richard Clarke
Against All Enemies: The Movie
How iTMS Works
Free Culture Wiki: Piracy Hits a New Low


Judging mainly by the fact that iTunes links to Security.framework, it probably uses the SSL routines from that framework. Perhaps you could write a mach-inject + mach-override (http://www.rentzsch.com) hack to load into iTunes.

It could then patch relevant functions to make them log unencrypted SSL communications (pre-encrypted outgoing data and already-decrypted incoming data, I guess) to some sort of console or file. That would probably be much easier than trying to decrypt in-transit SSL-encrypted data.

posted by Adam at March 29, 2004 07:23 PM #

Nice work Aaron.

Be an interesting integration excercise to hack a P2P file sharing app to expose itself as “itms://localhost:8080”.

posted by Jeff Kandt at March 29, 2004 09:31 PM #

Subscribe to comments on this post.

Add Your Comment

If you don't want to post a comment, you can always send me your thoughts by email.

Remember personal info?

Note: I may edit or delete your comment. (More...)

Aaron Swartz (me@aaronsw.com)