iTunes Gift Certificates Reverse Engineered

These thieves are probably the same ones responsible for viruses and the like making many lives a misery.

Why don't they use their skills to create something useful?

Probably because this is "useful" to them...

But seriously though, Chinese hackers can reverse engineer anything these days! It's only matter of time until they crack other, more serious things too...

US$0.99 is still the same price for a song if i were to buy an actual cd containing an average of 10 songs, so yeah I get y they do this

I think iTunes songs should be available at a higher bit-rate and I think charging to upgrade to iTunes plus is irritating, but in spite of my complaints I can't be moved to support piracy, particularly when iTunes is a great alternative to purchasing in-store. While things need to change in the music industry, it's not justification for attempting to ruin the better part of the industry because you couldn't be bothered to pay for the goods and services you desire.

Anyone else remember the PWN2OWN contest where the MacBook Air was hacked in less than a minute!
-> http://www.securityfocus.com/brief/711

Apple is too stupid to base its vouchers on algorithms instead of database...incredibly stupid.

selling in china auction site does not mean it is from that country. Can someone confirm where it is actually from?

I bought "Revolutionary Vol.2" for $12, and it had 18 songs on it. That's less than $0.67 per song, not including the art that went into creating the case, and the fold out pages with lyrics. Not to mention the fact that the quality is much higher and that I can rip it into any format of my choice.

$0.99 for some relatively low quality file seems like a huge rip to me.

People are always going to find ways to circumvent a system. It seems that it's part of human nature. I don't support piracy, but I certainly don't feel too terrible that Apple's deep pockets are being picked. If anything, these hackers did Apple a favor, showing them fundamental flaws in the security of these algorithms. Why not consider the profits of the exploit payment of a "consulting fee," and move on, lol...

Anyone else old enough to remember "them" telling us that CDs were going to eventually sell for $5 each because they'd be cheap to replicate, etc, etc? Well the record companies kept the prices up all these years to keep profits high. They got what they deserved when file sharing took off, and I think that Apple is seeing the business end of the whip, too.

When you run a business, there's always a point where you must change or die. Basically, you adapt to the market, or you close up and fail. It's time for change... higher bitrates, lower prices... whatever. Change, or fail.

You are so damn right Every algorithm can be reverse engineered if you have a big enough sampe

I wouldnt mind buying music, if a single song cost 10c.

At 99c, I think i'll get my music "elsewhere".

But Apple...it just works?
hehehehehe

Wtf all you talkin bout Willis?! Apple is infallible, come on, since when have they EVER admitted "wrong doing?" IE getting owned by Creative, and settling out of court for STEALING ideas, long already "innovated." Apple is all about extra helpings of dressing and making snobs feel even more elevated.

Here I've googled it for you all: http://tinyurl.com/chtc8s

Decent hardware, but their "image," is trite and haughty, just like many of their user base. Better or worse, Apple will always be alive and well b/c there's too many people that wanna pretend to be "better" or more "informed" than the rest of "us." Go APPLE! HAHAHA

Nagh you forgot another option: Change, Fail... or CONTROL the "market!" Control it and thus you have no reason to "change," even if that's what the consumers demand/need/everyone would benefit from. The RIAA/MPAA are trying their best to maintain CONTROL Vs change. "Change," scares big business, and COSTS them "PROFIT." lol... They'll resist change as long as they can maintain control... same old news.

Side effect of the DMCA law. Cracking DRM or any encryption is illegal in USA, but the law never sopped criminals. Now, if only security researches ware allowed to do reverse engineering Apple could have early notice and replace the algorithm or the business model before it becomes a public problem. They support DMCA they deserve the penalty.
Next would be the Credit Card banks. They are actively suppressing the independent security research on RFID credit cards. Before you know someone will put small device next to the door of the big store and copy everyone's card even if it is into their pocket. That is what happens when our politicians votes for laws that protect old dinosaurs.

Really who cares..I'll say it again....people will always find a way to get what they want. Oh well. Learn or die...business wise and security wise.

The problem with this is not so much for people who will pirate songs but people can also use these $400 gift cards to buy real Ipod products. Too bad i live in canada, I would love to buy an ipod touch for 20 dollars lol

How could one not say the criminal act of theft is not crossing the line? They generated the code worth monetary value without surrendering any money - so if not theft, it is at least counterfeiting non-governmental legal tender.

While I agree Apple shares some of the blame for using an algorithm alone (versus an algorithm for 'fast processing' followed by verification in a database), it does not make the criminal act any less so. If you walk into a convenience store and do not see an attendant, it does not mean you are free to grab whatever is close by and leave legally.

As to the price per song, that's a bit more complicated. The lack of physical media and warehouse/distribution chains reduce costs, but maintaining servers and paying bandwidth probably eat much of that up. Thus, for individual DRM-free songs I think $0.99 is reasonable. If you buy a whole set of songs at the same time, it should cost no more than the marketed package (either the cost of the CD or the multi-CD set at MSRP). For songs with DRM on it, the $0.99 price should be reduced to reflect the restricted nature of the product.

Would I pay $0.99 per song? No. I believe that the artists of the songs should be the main recipients of the income, much in the same way that I believe that farmers should be the recipients of the cost of food I purchase. Next should come the retailers of the product who act as "intermediary" purchasers - sine they should assume a risk if the product does not sell. Last should come the supplemental manufacturing chains - such as the studios that maintain the costly equipment to record the songs and pay the engineers to make it sound perfect. The current system does not support this pricing structure.

Of course, the RIAA tactics have prevented me from buying music for several years. I will not buy original CDs, used CDs (which helps drive the original CD markets), or digital songs due to what I view as criminal extortion (the 'settle for $3k or we'll sue and cost you more than $3k in legal fees' tactic). Honestly, its not all that bad - I've rediscovered the pleasure of reading again... that, and I now have time to come to Tom's and post!

Consider it part of the new stimulus plan, it's great for economic recovery! Woops, nm...

Although I told piracy isn't stealing most of the time, *this* is not piracy, *this* is stealing.
Don't know what they were thinking at Apple, but, relying on an algorithm to verify authenticity of a code, but not to check them up from a database called for the trouble. It's plain stupid.

I agree, digtial distribution versions should be dirt cheap.

Apple is fucked – what can they do? Of course this is stealing, even if you don't agree with paying $1 for a crappy (lossy) digital format. It just goes on to show that the whole digital world requires a paradigm shift if the record industry (and probably also the movie industry in the long run) wants to have any chance for survival. Once something makes it out there in digital format, it spreads like wildfire and there's no way you can stop it, legal or not.

As always, some (many?) morons think that stealing can somehow be legitimized by claiming unfair pricing. Stealing is stealing. It is taking something and not paying the seller the asking price. If you don't like the price, don't buy it. Stealing is only and entirely just stealing. How much more clear can this be made?

I think .99 cents is fair for a DRM free full version of a song. I do not think the hackers are out of line with respect to price of a song, they are not out to GET the music industry, just make a buck, they are however doing it illegally, and thus for that part they are way out of line. It really is funny how pathetic Apple is, and just how fervently godlike they are to the people who beleive in them. Here we have a major seller using crappy coding for basically their entire business model. Nice job JOBS.

cool. hope they decide to do the wii point card's next

What makes this really wrong is that they are actually making profit out of those codes IMHO. That is plain stealing.

hmm.. yeah. If you supply a valid code you are not stealing anything, the code allows you to legally download the music. If you leave your TV on your front lawn, someone will take it aswell. (Did they really steal it? Or did you temp them to take it?)

In response to the convenience store analogy, you are incorrect. The idea here is similar to paying $40 to receive $200 worth of VALID US DOLLARS. The code exists and therefore is worth it's value to Apple.

Considering that Apple rips off it's customers, selling them a PC in a $1000 dollar case or whatnot, they are the ones that started by ripping off customers, now the customers have simply turned the tables, lol.

"What makes this really wrong is that they are actually making profit out of those codes IMHO. That is plain stealing." - Nope, they provided a service. They put time and effort into this project, this is not stealing on their part. They are stealing as much as Apple or any other company is stealing for developing their products.

Nonetheless, they are selling a code that they generate. It does not matter what their code does, they have created the code and therefore they are not doing something unethical. It is Apple that is doing wrong by giving away discounted music to people that supply a code that has not been backed by the proper funds.

The fact still remains that if you do not run a secure network, someone will take your data. This really shouldn't be illegal, we are using computers and it is tempting to do interesting things with them.

The fact that their are laws that govern computer usage should be the real crime here. This is not the real world, it is a computer. There should be no laws.

But the fact still remains, if I had 100 music files that I did not pay for, it would be illegal. Though, if I would not have bought them legally - the music industry lost NO money. Surely some people have thousands of music files, though if they would only have purchased several hundred of them legally if they had to, they really didn't steal much at all.

PV9685:

I was going to say that your comments were nonsense, but I think you bring up an interesting point. There may be some strange legal technicality, but generally, I can't see where selling a code number is illegal. If the purchaser's agreement does not say that the card is just a transfer mechanism and you must have paid the dollar value for the dollars represented on the card, then it is not your problem.

There are some strange laws surrounding DVD encription, but it is a weird legal area.

"If you supply a valid code you are not stealing anything, the code allows you to legally download the music. If you leave your TV on your front lawn, someone will take it as well. (Did they really steal it? Or did you temp them to take it?)... The fact still remains that if you do not run a secure network, someone will take your data."

So basically it's not stealing cause it was not a secure enough network, similar to the case of the TV in the lawn, well if you leave your TV in your locked house and someone breaks in to take it then it's not stealing because the house wasn't secure, at least not secure enough for the robber who can pick the lock, so it makes it ok to take the TV, it would be a crime only if the house was secure (yeah right we should evaluate if the house was "secure" enough before we decide who is the rightfully owner of the TV), and if you are a master in breaking in then you can take anything you want because noting is secure according to you.

Sorry, I don’t buy this theory.

ok this goes beyond downloading torrents, this is actual theft! This is no different then reverse engineering wal-mart gift cards and going to buy stuff with it.

I am curious how Apple is going to resolve this issue.

If you consider how many unspent legitimate gift cards are out there worldwide, Apple can’t just void all gift cards and build a new system. How is Apple going to know which are legit and which are frauds without a database of some sort?
This is a nasty, nasty situation for Apple.