I really know nothing about the m4v format, im just curious, eventually I'll run out of steam or figure it out.
I currently don't have a good method for running ktrace on /Applications/iTunes.app/Contents/MacOS/iTunes, the amount of data produced is incredibly difficult to sift through. We'll see though.
So right now I am using strings and grep.
After purchasing The Darjeeling Limited(great flippin movie btw), I ran the following:
$ strings Public/iTunes/iTunes\ Music/Movies/The\ Darjeeling\ Limited.m4v | grep 2008
output:
2008-02-26T08:00:00Z
2008-04-06 05:35:03
2008-04-06 06:01:55
notes:
I downloaded at 1:08AM CST 04/06/2008
------
After the playing the movie(started approx 01:15 CST 04/06/2008) with multiple pauses but no closing iTunes or switching media files, the new output is:
2008-02-26T08:00:00Z
2008-04-06 05:35:03
2008-04-06 06:01:55
2008-04-06 06:15:56
Why the change? And what do those times mean? Where is it
I'm going to close itunes , reopen, play again. see what happens.
output:
No changes.
---------
strings Public/iTunes/iTunes\ Music/Movies/The\ Darjeeling\ Limited.m4v | grep "
output:
\
Ah! embedded xml! probably a feature of m4v, so now I try:
strings Public/iTunes/iTunes\ Music/Movies/The\ Darjeeling\ Limited.m4v | grep -A100 -B2 "asset-info"
output:
....
BLAH BLAH BLAH BLAH BLAH
...
covr
data
JFIF
AppleMark
$3br
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
4ICC_PROFILE
$appl
scnrRGB XYZ
acspAPPL
appl
-appl
rXYZ
gXYZ
^C
------------
What is this AppleMark stuff I wonder...
Ah, so grepping shows 24 instances of AppleMark,
There are 24 chapters included in the video. This is still basic m4v stuff.
-------------
Ah, so why would the file be working by itself? Why not use apple store authentication or a central file on the system that works with itunes to make sure a file hack doesnt work or a time hack doesnt work or whatever?
hmm well...
My original thoughts were if the file had date information that maybe got updated as it was played with a system id attached to it, then maybe after the first play, the file is marked, and yada yada
BUT....
couldn't you just then copy the file somewhere else before using it, watch it, then copy the prewatched copy onto the system and it would still work(for atleast another 24 hours) - I don't think apple would do that, but I'm going to try it anyway.
So when the file is first downloaded, atleast 2 new files are created:
/Users/
and
/Users/
The Info.plist does not have to exist. It relies on download.m4v for it's existence. You can delete the info.plist and it will come right back. If you chmod 444 Info.plist, then you get a download error. The test here is, is it possible to modify the Info.plist to get whatever flags that set the movie as "rented" to not be set in the first place. I'm not sure how easy it would be to change this later.
The file seems to already know it is a rented movie, so we will need to now figure out how to trick the system, locally, into giving us more time.
discursive tangent:
--Also, eventually I can string and grep through a ktrace.out for the inbetween stuff that happens between iTunes Music --Store servers, iTunes and those 2 files.
--Why though? I forgot where I was going with that.
Need to also install ethereal, find out what happens when you play the movie for the first time.
One thing is clear, Apple store is contacted. If the packets are simple enough to figure out, and there isn't too much crazy business, an application could be made to circumvent the communication with fake communication like so:
an application is routing all traffic from itunes, either to the internet or to the fake apple servers
1. You click to play a Movie, or Are doing anything in iTunes
2. iTunes tries to contact Apple Store
a. if packets match rented movie checking in with server: route them to the dummy server application locally
b. else route packets as they would be normally routed
This application would only run when iTunes is open, in order to avoid performance issues on the norm.
There is a problem with this approach I didn't see until just now:
The timer would still be started by this process.
So the big question is:
What is timing the file?
Where is the data located, and how is it updated?
Are there one or multiple methods employed?
Okay, So here is I am going to try with a ktrace:
1. ktrace -t c(or i) iTunes.app/...../iTunes
2. kdump | grep for the following list:
create, mknod, link, symlink, mkdir
rename, remove, rmdir
access, getattr, setattr
just to see what it looks like
