Sony's DRM supplier XCP ripped off a free software project so that it could defeat Apple iTunes.
Remember when Sony got nailed for including code an open-source crack for iTunes in its rootkit DRM? Princeton researcher Alex Halderman has been patiently teasing apart the rootkit, looking for an explanation. Why would Sony's arms-merchant rip off an anti-DRM program for its DRM?
Halderman concludes that the XCP — the Sony rootkit — was intended to be used to crack open iTunes and insert Sony's music into it, without allowing Sony customers to convert their music into MP3s along the way.
This exposes one of the things about DRM that most people miss: it doesn't really matter what permissions a given DRM grants or prohibits (as fun as it might be to point out the absurdity of a DRM that keeps you from listening to your own music). The important thing about DRM is that it gives the company or consortium that controls the DRM control over who can use the DRM.
So Apple can make an iPod and shut Real and Microsoft and Sony out of it. Napster can make a subscription music service and shut Apple out of it. And so on.
Reverse-engineering Apple's DRM is hard, but not overwhelmingly so. Jon Johansen and his pals generally went through each new release like a hot knife through butter (Jon's got a new job and says he's putting his Apple-coring hobby on hold for a while, so the iTunes 6 version of DRM has stood for longer than its predecessors).
So when Sony's arms-dealer was making its munitions, it added an attractive new feature for Sony and others: the ability to break DRM to sneak music into iTunes.
The answer is that XCP utilizes the DRMS code not to remove Apple DRM but to add it. I've discovered that XCP uses code from DRMS as part of a hidden XCP feature that provides iTunes and iPod compatibility. This functionality has shipped on nearly every XCP CD, but it has never been enabled or made visible in the XCP user interface. Despite being inactive, the code appears to be fully functional and was compatible with the current version of iTunes when the first XCP CDs were released. This strongly suggests that the infringing DRMS code was deliberately copied by XCP's creator, First4Internet, rather than accidentally included as part of a more general purpose media library used for other functions in the copy protection system.
Previous installments of the Sony Rootkit Roundup: Part I, Part II, Part III, Part IV
(Cool Sony CD image courtesy of Collapsibletank)
