Reverse Engineering Reverse Engineered DRM
Very early on in the years of the iPod, my colleagues and I found it to be the perfect device for our team to listen to work-related recordings. We wanted to protect the media from exfiltration in case the devices got stolen and so Apple's DRM seemed like a perfect solution.
Yes, technically a determined adversary could attach a line in cable to the iPad and pull the recording off. My early-stage engineer's mind found it hard to deal with the imperfection of the solution – logically, if there is a way to get the media out, why bother do the DRM in the first place? But many conversations (and much reflection) have helped me learn my first of many "professional" lessons. In the real world (and especially in the workplace setting), solutions are imperfect. In case of security, frictions are an underrated barrier. I knew enough to understand that DRM itself – security by obscurity – wasn't a perfect solution, and so then it was just a matter of degrees.
Once I overcame that mental obstacle, I encountered a technical one. There was no way for third parties to use DRM as a service. I determined to build one.
Fortunately for me, around that time, enterprising hackers were able to reverse-engineer DRM encryption. My insight was to use the hack (which was open sourced) and reverse engineer it... that is, forward-engineer DRM.
I suspected it would only be a matter of time before Apple came up with V2 and invalidate the hack, but as far as I was concerned I didn't care – so long as never updates either iTunes or the iPad firmware, the solution would work reliably. And it did, for several years, until we switched to another device that allowed third-party encryption.
Here is the repository that contains my “hacked hack”, some documentation as well as the original hack source code. Enjoy!
Of course, by now the version of DRM, iTunes, the iPod (what is an iPod?!), and the framework the code runs under are woefully out of date. But it was still a fun project.