iTunes Gift Certificates Reverse Engineered

News
By Tuan An Nguyen
published

A Chinese website is selling iTunes gift cards that are worth up to $200 for as low as $3.

How is this possible? Chinese hackers managed to reverse engineer the algorithms responsible for creating iTunes voucher codes, creating fully legitimate codes that are redeemable via the iTunes store into a customer's account. The hackers have now made key generators to actually create the codes on the fly. Unfortunately for them, the codes only work in the U.S. iTunes store.

Which is why the codes are now being sold on Taobao, the largest auction site in China.

At this time, Apple hasn't made any public comments on the situation, most likely because its working on a solution to invalid the codes. Unfortunately, the codes are legitimate and are based on Apple's own algorithm for generating codes, so any attempt to alter the codes would potentially hurt all the existing cards in stores.

The cards are now starting to also appear on eBay, but for much more--around $40 for a $200 card.

What do you think of the situation? Do you feel that $0.99 is already a fair asking price for a single song and that the hackers are stepping way out of line?

Tuan An Nguyen
39 Comments Comment from the forums
  • These thieves are probably the same ones responsible for viruses and the like making many lives a misery.

    Why don't they use their skills to create something useful?
    Reply
  • eddieroolz
    Probably because this is "useful" to them...

    But seriously though, Chinese hackers can reverse engineer anything these days! It's only matter of time until they crack other, more serious things too...
    Reply
  • Flameout
    US$0.99 is still the same price for a song if i were to buy an actual cd containing an average of 10 songs, so yeah I get y they do this
    Reply
  • resonance451
    I think iTunes songs should be available at a higher bit-rate and I think charging to upgrade to iTunes plus is irritating, but in spite of my complaints I can't be moved to support piracy, particularly when iTunes is a great alternative to purchasing in-store. While things need to change in the music industry, it's not justification for attempting to ruin the better part of the industry because you couldn't be bothered to pay for the goods and services you desire.
    Reply
  • Anyone else remember the PWN2OWN contest where the MacBook Air was hacked in less than a minute!
    -> http://www.securityfocus.com/brief/711
    Reply
  • dariushro
    Apple is too stupid to base its vouchers on algorithms instead of database...incredibly stupid.
    Reply
  • selling in china auction site does not mean it is from that country. Can someone confirm where it is actually from?
    Reply
  • Tindytim
    FlameoutUS$0.99 is still the same price for a song if i were to buy an actual cd containing an average of 10 songs, so yeah I get y they do thisI bought "Revolutionary Vol.2" for $12, and it had 18 songs on it. That's less than $0.67 per song, not including the art that went into creating the case, and the fold out pages with lyrics. Not to mention the fact that the quality is much higher and that I can rip it into any format of my choice.

    $0.99 for some relatively low quality file seems like a huge rip to me.
    Reply
  • thejerk
    People are always going to find ways to circumvent a system. It seems that it's part of human nature. I don't support piracy, but I certainly don't feel too terrible that Apple's deep pockets are being picked. If anything, these hackers did Apple a favor, showing them fundamental flaws in the security of these algorithms. Why not consider the profits of the exploit payment of a "consulting fee," and move on, lol...

    Anyone else old enough to remember "them" telling us that CDs were going to eventually sell for $5 each because they'd be cheap to replicate, etc, etc? Well the record companies kept the prices up all these years to keep profits high. They got what they deserved when file sharing took off, and I think that Apple is seeing the business end of the whip, too.

    When you run a business, there's always a point where you must change or die. Basically, you adapt to the market, or you close up and fail. It's time for change... higher bitrates, lower prices... whatever. Change, or fail.
    Reply
  • Humans think
    dariushroApple is too stupid to base its vouchers on algorithms instead of database...incredibly stupid.
    You are so damn right :P Every algorithm can be reverse engineered if you have a big enough sampe :P
    Reply