[miyoyo]

Sorry for the time it took to fix, apparently old versions of wireshark don't show failed dns requests... or I broke the settings.

Not to worry, it was just me not correctly resolving the domain name, I've fixed it and here is what I can tell you about the book download process.


So, it firsts downloads the usual sync data (including the book's reading status), then it downloads the book's metadata (using https://storeapi.kobo.com/v1/library/{BookUUID}/metadata), approx. 9kb, then it uses the unique ANDROID download token over HTTP (not HTTPS) to storedownloads.kobo.com, that redirects to the actual book's download link, that is a static url.

So technically, to siphon books, you just have to listen to any storedownloads.kobo.com requests that passes around.

And to tell it to download books from anywhere, you just have to change the storeapi redirect URL.

This could logically allow for a modular sync system, with plugins for ex. Google drive or dropbox.

There are also different book variations, such as versions for iPhone, android, iPad, "generic" and a jpub HTML5 version

EDIT:
I'm wondering what language to write the sync server in
I've thought about GOlang, but the fact that it's compiled and that it has terrible regex knocks it out of the competition
Then, there's JavaScript, it's got average regex performance, it's memory heavy but with node.js it's probably the fastest to develop for, and one of the few good async solutions.

Then again, it depends if it's made for single-user operation or we actually give a shit about the user id, because if we don't then there are a whole lot of languages we could use that are bad at async.