

Hackers break Kindle DRM - shrike
http://www.theregister.co.uk/2009/12/23/amazon_kindle_hacked/

======
robin_reala
This was posted as a comment on the original article. No idea if it’s true or
not, but it’s an interesting insight:

 _As one of the engineers who worked on Kindle, I'd like to point out that
most people at Amazon are pretty anti-DRM themselves - it's the PUBLISHERS who
insisted on it, and we put in DRM so as to keep THEM happy, because without
publishers, there are no books to sell. We knew full well that the device and
DRM would be hacked eventually - the hope was that we could just stay ahead of
them for long enough to prove the feasibility of selling books in this way to
publishers._

~~~
po
In a similar vain The Register states:

"Once upon a time, Apple laced its iTunes-purchased offerings with similar DRM
restrictions that evoked major headaches when trying to do something as simple
as transferring songs to a new PC."

…as if Apple came up with the the idea to begin with. I think most people
reading know the parties that insisted on having DRM in the iTunes Music
Store, but it is still misleading, lazy reporting.

As someone who has worked in media, I can state with authority that the
majority of engineers know DRM is merely a futile speed bump. Sometimes a
speed bump is just fine with the lawyers. They'll take it.

------
shrike
Exploit code is here - <http://pastie.org/753699>

~~~
barrkel
It looks like the hard work is done by a different script, mobidedrm by
Darkreverser, and this script just pulls the file path out of a running
instance of the Kindle PC app. I presume the Kindle app is creating a
temporary file on disk which mobidedrm is then able to reverse, rather than
decrypting the original file, otherwise there'd be no point in writing a Win32
debugger in Python. (It's also pulling out a couple of more bits of info.)

The technique is very sensitive to the version of the Kindle app. It's
currently using the hash of the executable to choose which breakpoint
locations to set and hook, which are hard-coded virtual addresses.

~~~
lemming
I believe what the script is actually doing is extracting the Mobipocket PID -
K4PC uses a different PID for each book.

------
jrockway
OK, but it's been broken for ages. There is a simple python script floating
around that you can run on Kindle books to turn them into .html files. The
decryption key is just your Kindle's serial number (which I believe is
available via USB, so typing it in is not strictly necessary).

If you don't have a Kindle, that might be a problem though. But I think Amazon
lets you "register" a Kindle, so you can just make up a serial number, buy
books, and decrypt them.

Basically, the DRM scheme is just a joke to keep publishers happy. If your
eyes can see something, it can be copied.

~~~
lemming
Actually, K4PC uses a different scheme - the book key is not encrypted in the
same way as for normal kindle books. I believe each book uses a different
Mobipocket PID, and what this new script does is extract the PID for a
particular book and then invoke the original script using that PID.

Also, the PID is not the kindle serial number, but can be calculated from it.
There's another script around to do that.

------
bioweek
It's ironic, if there were a reliable way to break the DRM, I'd be incented to
buy lots of Kindle books at even above the paperback price.

right now I just can't stand the idea of paying almost as much as a real book
for something that I can't share and will die with my kindle in a couple of
years.

------
fa
Many Kindle books, especially technical ones, are in the so-called Topaz
format with embedded fonts which nobody has been able to reverse-engineer or
break DRM for. I don't know if this breakthrough changes that---doesn't seem
like it.

------
theschwa
Still waiting for an e-book torrent site.

~~~
awa
I don't think ebooks make a strong case for torrents mainly because of their
small size and the sheer number. Emule or IRC have been traditionally strong
channels for ebook sharing.

~~~
kierank
You've ignored Rapidshare (and other clones)

~~~
papersmith
Last time I used Rapidshare the free account had a restriction of something
like 1 file per day. I wonder if it's still the case.

~~~
Evgeny
I am definitely unable to read more than one book per day so that would be
plenty for me.

