O’Reilly’s OSDir website has posted an interview with “Future Proof” the author of JHymn a decryption program for protected AAC files based on hymn by DVD Jon. The interview provides some very interesting details about how Apple’s DRM is implemented.
OSDir.com: Basically, how does Apple’s DRM for the iTunes Music Store work?
FP: In a protected file, the “mp4a” atom — part of a standard AAC file — is replaced by a non-standard, proprietary “drms” atom. This contains the same basic information about a song as the “mp4a” atom, plus the identity of the purchaser and some of the cryptographic information needed to decrypt the music. The actual decryption key needed to decrypt the music is not stored here, however,but merely an indicator as to which key — among many possible keys — assigned to a particular user should be used.
Once you have found the needed key, you apply that key, using AES decryption, to the data in the “mdat” atom, which, in an unprotected file, contains all of the raw AAC audio sample data.
Apart from this, there are various atoms added beyond what you’d find in an unprotected AAC file, such as an “apID” atom, which marks music files with the iTunes Music Store ID of the purchaser.
OSDir.com: Does hymn actually decrypt the DRM, or does it technically work another way?
FP: Yes, the music is actually decrypted. Unlike, say, burning a song to a CD and re-ripping it, you don’t lose any sound quality when you can access the original data in decrypted form.