I’ve managed to figure out the Barnes & Noble user EPUB AES key derivation algorithm. Rather than fragment things too much, I’ve just edited my previous post on B&N EPUBs and added the (for any platform) key-derivation script.
The algorithm is interesting mostly in that it isn’t very good. I mentioned in my post analyzing Adobe’s ADEPT system that ADEPT is a fairly well-designed cryptographic system, even if not a very effective DRM system. Adobe used all standard algorithms applied in standards ways and glued together with standard plumbing. Barnes and Noble’s key derivation algorithm in contrast is neither effective at increasing obfuscation nor shows much awareness of cryptographic standards.
Cryptography is hard. Do you know how different configurations of your chosen algorithms can make them more or less resistant to side-channel attacks? Do you understand why RSA Laboratories switched the recommended RSA padding scheme in PKCS#1 to OAEP? Do you know the implications of different block cipher modes of operation and why or why not you should choose a mode which includes integrity protection? These questions represent a random sampler platter of things you should just know in your bones before you do anything close to designing a cryptosystem. For everyone else – a category in which I include myself – there are well-reviewed, well-tested algorithms presented in standards documents published by such organizations as RSA Laboratories and the IETF.
For key derivation from non-random source data, there is in particular the PBKDF2 (Password-Based Key Derivation Function) published in PKCS#5. My point is not that the key-derivation algorithm used by B&N necessarily has cryptographically undesirable properties (although its computation speed makes brute-force attacks more plausible), but that the fact that they rolled their own instead of reaching for PBKDF2 shows a marked lack of cryptographic savvy.
On the DRM-as-obfuscation end this algorithm similarly come up short. The multiple steps involved demonstrate some level of attempt to introduce complexity, but in the resulting binary all those steps are in one place. The entire algorithm boils down to one function calling a handful of easily-labeled subroutines (sha1_wrapper, normalize_name, aes_encrypt, etc).
I really am starting to think that e-book format providers actively want their DRM schemes to be broken.
Subscribe to:
Post Comments (Atom)
How's that "other experiment" going? You know, the one about "gems"?
ReplyDeleteHi,
ReplyDeleteI'm having issues with this. I have Vista 64 bit. Here is what I did, step by step:
1. Downloaded PyThon 2.6.4, and installed it to it's default install location.
2. Downloaded PyCrypto v2.1.0, and installed to it's default location.
3. Installed the BN Reader Software to a default location.
4. Downloaded the three scripts, and renamed them as suggested.
Now, I'm having a few issues.
1. Running ignoblekey.pyw, I get this error: "Problem locating B&N Reader DB"
2. If I do the ignoblekeygen.pyw script, I enter my user ID and CC#, and it creates a new file successfully. Then, when I run the ignobleepub.pyw script, choose my book, and select output (ex: book.epub), I get the error "Key cannot be the null string".
Please help!
如果擬任為輸贏是最重要的事,那你輸了..................................................
ReplyDelete友情像一棵樹木,要慢慢的栽培,才能成長真的友誼,要經過困難考驗,才可友誼永固..............................
ReplyDeleteI think that the people at BN that write the key-generation schemes feel the same as one of the people that commented on your previous post. (DRM != good && Copyright == good)
ReplyDeleteAny Chance you've got a decryption script for Sony Reader EPUB formats? Or is it the same as any of the others you've released thus far?
ReplyDelete淫亂火辣美女本土av情色視訊聊天免費色情網站性經驗色情成人影片色情視訊聊天av圖av情色情趣娃娃成人電影院淫蕩18禁色情電話情色成人網辣妹自拍台灣av女優台灣情色春宮台灣色情成人網站0401影音g點成人vcd情色影片520sex性愛圖視訊妹調情視訊美女聊天美女性交台灣性樂園成人影像走光打砲裸女寫真美女裸照露奶激突論壇情色圖片做愛線上a片做愛視訊情色成人成人交友穿幫色情a片情色全裸入鏡台灣情色網
ReplyDeleteI am having trouble loading pccrypto, keeps locking up. I have python 2.6. Any sugestions?
ReplyDeleteI think that this hack doesn't work any more - there is no *.db file in the B&N folder that I can find, even after the app has been installed, a book opened, and the app closed. Shame.
ReplyDelete裸體寫真全裸美女圖片色情訊息黃色圖片自拍裸體圖片sex裸露圖片18限85cc a片台灣色情網站免費色情圖一夜激情聊天情色聊天室限制級爆乳女優作愛巨乳學院性愛情慾陰脣一夜情下體網愛聊天鹹濕做愛自拍成人圖庫成人影城性關係視訊情人性影片觀賞裸照淫美成人論壇av寫真自拍裸女貼圖av圖情色性愛貼圖成人vcdsexy辣妹視訊聊天色情視訊淫婦台灣情色論壇丁字褲貼圖免費a片影片淫蕩女人live show男女做愛火辣妹妹激情網愛聊天美女裸照免費色情網站
ReplyDeleteI do like ur article~!!!..................................................
ReplyDeleteAdam, the .db file is under the Users\username\AppData\Roaming\Barnes & Noble\DesktopReader directory. The ignoblekey file is looking for ClientAPI_*.db, but there is no underscore or anything following any longer. You can edit the ignoblekey file so that it does not reference the underscore, but I still haven't gotten past the "key cannot be null string" that John mentioned earlier.
ReplyDeleteIt's great!!..........................................
ReplyDeleteI do like ur article~!!!...................................................
ReplyDeleteHello~Nice to meet you~..................................................
ReplyDelete笑話精華~輕鬆一下~
ReplyDelete孫悟空為什麼能大鬧天宮,而打不過諸多妖精?
哭笑不得的十二件事
浪漫一點行不行
校園尷尬事件大全(爆笑)
校園寢室騷擾電話
As a man sows, so he shall reap. ....................................................
ReplyDeleteThx ur share........................................
ReplyDelete辛苦了!祝你愈來愈好! ........................................
ReplyDeleteI Love You, Cabbages!!!
ReplyDelete真正的愛心,是照顧好自己的這顆心。.............................................
ReplyDelete心中有愛,才會人見人愛。.............................................
ReplyDelete在莫非定律中有項笨蛋定律:「一個組織中的笨蛋,恆大於等於三分之二。」.........................
ReplyDelete85成人片免費看 視訊交友vino 一夜情情色聊天 免費觀看影片 視訊交友中心 免費最新女優影片 性感走光照片 免費線上看成人影片 辣妹偷拍貼圖 男女聊天室 愛愛天堂 情趣內衣寫真 18禁成人影城 少女辣妹遊戲18 洪爺影城av 成人卡通a片 情色+貼圖 色情貼圖區 一夜情網站, 383成人 完美女人影音視訊 live 秀 玩美女人國 性感絲襪美女 辣妹交友 人妻自拍裸體 熟南熟女聊天室 a片下載 免費視訊聊天室 a圖裸體女生 天天看正妹美女寫真館 85cc成人長片 免費a片 嘟嘟 997770 台灣情色貼圖 一夜情買援交妹 情人視訊網 鋼管秀視訊 av網站 辣妹自拍 大奶辣妹照片 sex 85cc影片 日本巨乳寫真下載 情色性愛圖貼 後宮電影院 限制級 0204交友 日本性愛影片 洪爺走光自拍照片圖片
ReplyDelete愛情是一種發明,需要不斷改良。只是,這種發明和其他發明不一樣,它沒有專利權,隨時會被人搶走。..................................................
ReplyDeleteCabbages,
ReplyDeleteI am a newbie at this and dont know where to start in terms of understanding and implementing what your saying step by step on OSX.
do you have a simple newbie tutorial?
appreciate it
Two heads are better than one. ............................................................
ReplyDeletebiber hapı la jiao shou shen biber hapı kadın azdırıcı sağlık zayıflama kadınca film izle film izle film izle mirc mirc sohbet
ReplyDelete人有兩眼一舌,是為了觀察倍於說話的緣故。...........................................................................
ReplyDelete思想與理論,貴呼先於行動,但行動較思想或理論更高貴......................................................................
ReplyDeleteCheap Generic Medication
ReplyDeleteI would like to appreciate the great work done by you
Generic Viagra
Generic Cialis
シアリス
這麼好的部落格,以後看不到怎麼辦啊!!......................................................................
ReplyDeletepleasure to find such a good artical! please keep update!!.................................................................
ReplyDelete成熟,就是有能力適應生活中的模糊。.................................................................
ReplyDeleteThe keygen and decrypt worked like a charm under Ubuntu Linux 64-bit with python, python-tk and python-crypto installed.
ReplyDeleteThank you!
Thank you very much guy, it help me a lot !
ReplyDeleteGenerous, I Can’t seem to be able to see anything similar on Yahoo – Guess I will have to keep it bookmarked!
ReplyDelete3D ultrasounds | 4d Ultrasounds
Thank you very much guy, it help me a lot !
ReplyDeleteEmlak Haberci
OrtaSinifEvSahibiOluyor
Konut Firsatlari
Son Projeler
Proje Haberleri
Thanks for sharing, much appreciated and useful post, congrat and keep on track!
ReplyDeleteCialis Online
That is a communal habit just before abuse Finpecia online headed for treat a range of class maladies.
ReplyDeleteI deliberate generic Periactin be able to make this doable to accomplish it.
ReplyDeleteThis very boundary marker ended me hark back of buy Propecia, with the aim of's very fine!
ReplyDeleteThi is a careful idea, a short time ago be keen on valtrex online, thanks for the column!
ReplyDeleteI carry out believe it is feasible in the direction of achieve this, thanks very a good deal en route for generic Zithromax.
ReplyDeleteAmazing!I also wish him good luck to defend his gold medal. I like to share it with all my friends and hope they will also encourage him.buy xanax online
ReplyDeletePlease one more post about that. I wonder how you got so good. This is really a fascinating blog, lots of stuff that I can get into. One thing I just want to say is that your Blog is so perfect...
ReplyDelete3d ultrasounds
This comment has been removed by the author.
ReplyDeleteI like your post, it is really pleasure finding such a nice article. Wish you best of luck!
ReplyDeleteRentals
I impressed greatly that the way you have written such great article. I got many reference about this topic but your one is online bookmakers Excellent tips, and the performance is looking much improved. bet365, bwin, uk betting tips, online betting, free bets, betting odds, horse racing, ladbrokes, free betting tips and bookmakers reviews , online bookmakers and promotional bonus codes
ReplyDeleteThese collections are works of art in digital perspective. Thumbs up.
ReplyDeleteBest Graphic Design Site
awesome I put-off buying this for months, despite positive reviews. I tried every free weather app going and eventually decided to take the plunge. Glad I did - easily the most customisable weather widget and clock on caftan and the skins are awesome!
ReplyDeletehttp://android-fore.blogspot.com/
With many skills you can be good at at many more jobs and make less mistakes while doing it….
ReplyDeleteweb hosting pakistan
Good works
ReplyDeleteBalayı Otelleri
erken Rezervasyon
Marmaris Otelleri