So, I'm just a busy little bee. Writing an application which piggybacks the iTunes application; correcting tag information, organizing tracks, synchronizing, etc. I decided to add a little more flavor to the app. I wanted it to download album artwork information for tracks which did not have it.

The main reasoning for this is the new Coverflow feature in iTunes. I'm sure by now, you all know what a BIIIIIIIIG fan I am of CoverFlow.

I developed a hugely extensible framework for downloading album art from various sources like Amazon.com, Walmart.com, AllOfMP3.org, etc. I even developed an extension for downloading artwork from the iTunes Store. I figured, Hey, Why not? The album artwork is free as long as you have an iTunes account. In my opinion, the iTunes Store generally has the highest quality (600x600) album artwork to boot. Everybody and their mother has a script to download album art from them. Why not me?

So I built my little app and I'm just as happy as a clam, when I start noticing, the number of results returned from the iTunes Store was slowly diminishing. Even album artwork that I had already downloaded from them was not being returned. I did a little bit of diagnosis. The app was doing what it was supposed to do. I couldn't figure it out. I did a little research online and that's when it hit me.

Apple encrypts their free artwork

Since that dark day when Apple decided to encrypt their album artwork, I have been feverishly trying to devise a strategy to decipher their encryption scheme. Of course, this is pureley an academic exercise.

I started by determining the encryption scheme. It is unlike the XML-RPC web request that is sent to obtain the album artwork url, which is a combination of randomly generated keys, well-known values and MD5 hashing. By my best account it seems like Rijndael/AES 128-bit encryption. The trick is finding the key and the initialization vector used to encrypt the image data. If Apple follows its own patterns, it may use well-known string values as part of the key/init vector.

I've tried disassembling the iTunes executable to look for potential keys that might be used in the encryption, but that is really beyond my depth. If anyone wants to give it a go, there is some VB.Net source for attempting a brute force decryption available with this article. Try running the source on a dedicated machine and with only a few concurrent threads. If anyone gets the brute force decryption to succeed, please let me know what the data was that worked.

	Marv on Record - Apple encrypts their free artwork
	Marv on Record - Comments: Apple encrypts their free artwork
	Command-Tab - iTunes Art Redux
	Brute Force Source (927 KB)