Search the iTunes Music Store

I whipped up a quick PHP script that allows anyone (even PC users like myself) to search the iTunes Music Store. Sound clips are in Apple’s proprietary M4P format, so don’t expect to be able to listen to them unless you have iTunes installed.

You can try out the search for a limited time here (until it gets too popular), or download the script for your own site. Feel free to modify it however you like.

Update: Apple seems to be encrypting (or compressing?) their XML now, which breaks the script entirely. It doesn’t seem to be gzip-encoding, either. Any guesses on what they’re up to?

February 10, 2004: Someone sent me the e-mail below, discussing how they figured out the encryption. This is a bit above my head, but other people may find it useful.

April 17, 2004: Someone finally wrote a script to work around iTunes encryption. Go play with iTMS-4-All.


Anonymous wrote:

Last year you had a blog entry about Apple encrypting the iTunes Music Store.

I didn’t see any follow ups on this, so I don’t know if anyone cares anymore, but I’ve figured out the encryption.

The encryption is standard AES128 CBC. The iv, of course, is sent in the header, and the encryption key is:

8a 9d ad 39 9f b0 14 c1 31 be 61 18 20 d7 88 95

After decrypting, you’ll end up with a gzip file.

The key is actually generated from the following code snippet:

(using openssl’s md5)

MD5_CTX ctx

unsigned char key[16];

MD5_Init(&ctx);

MD5_Update(&ctx,”Accept-Language”,15);

MD5_Update(&ctx,”user-agent”,10);

MD5_Update(&ctx,”max-age”,7);

MD5_Final(key,&ctx);

// key[16] contains the AES key now

Hope this helps revive everyone’s ITMS interfaces.

22 thoughts on “Search the iTunes Music Store

  1. They’re encoded in regular old vanilla AAC. I’m sure there’s a player that supports that in Windows somewhere, it’ss hardly new.

  2. The latest version of Winamp 2x supports AAC encoding. But then I read here that older AAC plugins for Winamp won’t play iTunes Musc Store stuff. So I’m not sure if that means the new native support doesn’t work either.

    This thread on the Winamp forum is still developing and contains some useful info re: AAC and .m4a.

  3. The clips were M4P files, which is Apple’s DRM-added version of AAC. I doubt they’ll play on anything besides Quicktime, and it doesn’t appear that the newest Quicktime for the PC supports it yet.

  4. Apple is now using the Rijndael-256 algorithm in addition to gzip compression for encoding data from the iTunes store.

    Here’s the HTTP header response from iTunes following a search request:

    HTTP/1.1 200 Apple

    Date: Sun, 11 May 2003 02:13:05 GMT

    Content-Length: 3616

    Content-Type: text/xml; charset=iso-8859-1

    Cache-Control: no-transform

    Server: Apache/1.3.27 (Darwin)

    content-encoding: gzip, x-aes-cbc

    x-apple-max-age: 3600

    x-apple-crypto-iv: d9e5395496e7e82498105ea9041c6102

    x-apple-protocol-key: 2

    x-apple-asset-version: 186

    x-apple-application-instance: 1

    Via: 1.1 netcache01 (NetCache NetApp/5.2.1R2D2)

    I tried writing something to decrypt their XML but ran into some roadblocks. Firstly, the IV for decryption is given, but there’s no telling what additional encryption is needed on the key itself (which I assume is ‘x-apple-protocol-key’). I also don’t know if the data is gzipped and then encrypted or vice-verse.

    I don’t know man, I’m stuck.

  5. Looks like Apple has got a set of AES keys built into iTunes. The HTTP response header indicates which key (key 2 in build 186) should be used, along with the IV to use.

    Some handy work with a debugger should help you pry out the keys from iTunes. This is what the DeCSS folks did with Xing’s software to grab a CSS key.

  6. Using toast titanium was the easiest for me. I bought an album, drug the .m4p’s to toast, wrote an image, mounted the image, used itunes to MP3 them, and then dropped them on my PC over the network.

  7. Fash, if I got that right, you’re doing some transcoding [.m4p→.wav(if you’re using Toast Titanium to create an Audio CD)→.mp3] here, which results in a serious loss of quality (which, in turn, is something that’s not highly desirable).

  8. iTunes is a bugger to, well, debug. So many threads! So much data! Knowing where to “break” becomes rather arbitrary as I don’t know of any specific system calls that would be used in working with encryption. I wonder how big the key is? It seems unlikely, but maybe it could be brute forced.

  9. Hmmm… why bother with iTunes… or anything made by Apple, for that matter? Just let them die the silent death that’s been waiting since Steve first hoisted that skull and crossbones flag.

  10. the small clips (30 secs) of the apple store can be played back with mplayer (which uses faad2 / and openQT (openQuicktime) used by ffmpeg)

  11. My iTunes 4 sends this string to the music store:

    GET /WebObjects/MZStore.woa/wa/com.apple.jingle.app.store.DirectAction/browse?path=%2F4 HTTP/1.1.Accept-Language: en-en, en;q=0.75, en-us;q=0.50, fr;q=0.25.

    User-Agent: iTunes/4.1 ($OS)

    Accept-Encoding: gzip, x-aes-cbc.

    Host: ax.phobos.apple.com.edgesuite.net.

    Cookie: countryVerified=1.

    .

    Not the Accept-Encoding part 🙂

  12. Here’s an interesting site that converted the Perl interface into PHP.

    I think if he’s using PHP it is going to be a lot easier for other web site to follow, since the Perl implemetation of itms-4-all is quite difficult because of the decryption library that needed to be installed the web site.

    Link

Comments are closed.