MobileRead Forums - View Single Post

geca · 02-04-2022, 02:45 PM

Grégory, first of thanks for libgourou.

I tried using removal util on a book I bought from an ADB-backed store provided by vendor called "inkBOOK" (Arta Tech) but unfortunately without success.

I used XML files found inside .adobe-digital-editions and the encrypted epub that got stored by the app inside Books dir of my Android phone.

The removal util exited with Segmentation fault so I decided to investigate further by looking at your code and trying to mimic the process with OpenSSL CLI.

I base64-decoded the privateLicenseKey from activation.xml and verified it was in fact a valid RSA private key:

Code:

> openssl asn1parse -inform DER -in private-license-key.bin 
    0:d=0  hl=4 l= 630 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=2 l=  13 cons: SEQUENCE          
    9:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   20:d=2  hl=2 l=   0 prim: NULL              
   22:d=1  hl=4 l= 608 prim: OCTET STRING 	   [HEX DUMP]: ...

However, when I tried decrypting encryptedKey (from rights.xml inside the epub) with it, I get the following error:

Code:

> openssl rsautl -decrypt -in rightsEncryptedKey.bin -out plain.txt-inkey private-lincense-key.pem -raw
RSA operation error
140109553796480:error:0406506C:rsa routines:rsa_ossl_private_decrypt:data greater than mod len:crypto/rsa/rsa_ossl.c:400:

1. I made sure encryptedKey was decoded from base64
2. libgourou uses RSA_NO_PADDING when decrypting, so I used -raw switch. I tried other paddings also but without success.

Since nothing worked for me, I decided to look at DeDRM decrpytion procedure, specifically decryptBook method inside ineptepub.py. There I found this:

Code:

if len(bookkey) != 172:
  print("{0:s} is not a secure Adobe Adept ePub.".format(os.path.basename(inpath)))
  return 1

Since my encrypted key has length of 192 chars this led me to assume the decryption failure was related to the difference between lengths.

Which finally brings me to my questions:
- is 172 chars also the length that libgourou implicitly assumes?
- do you have any ideas on what else I could throw at openssl to try decrypting the encryptedKey?

FYI, from what I can gather the Android app uses v12.5.2 of the librmsdk lib behind the scenes.

P.S.: You may want to introduce a new enum (CLIENT_INVALID_PKCS8) here instead of re-using CLIENT_INVALID_PKCS12:

Code:

PKCS8_PRIV_KEY_INFO* p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(mem, NULL);

if (!p8inf)
  EXCEPTION(gourou::CLIENT_INVALID_PKCS12, ERR_error_string(ERR_get_error(), NULL));

Thanks.

02-04-2022, 02:45 PM	#57
geca Junior Member Posts: 2 Karma: 10 Join Date: Feb 2022 Device: none	Grégory, first of thanks for libgourou. I tried using removal util on a book I bought from an ADB-backed store provided by vendor called "inkBOOK" (Arta Tech) but unfortunately without success. I used XML files found inside .adobe-digital-editions and the encrypted epub that got stored by the app inside Books dir of my Android phone. The removal util exited with Segmentation fault so I decided to investigate further by looking at your code and trying to mimic the process with OpenSSL CLI. I base64-decoded the privateLicenseKey from activation.xml and verified it was in fact a valid RSA private key: Code: > openssl asn1parse -inform DER -in private-license-key.bin 0:d=0 hl=4 l= 630 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=2 l= 13 cons: SEQUENCE 9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption 20:d=2 hl=2 l= 0 prim: NULL 22:d=1 hl=4 l= 608 prim: OCTET STRING [HEX DUMP]: ... However, when I tried decrypting encryptedKey (from rights.xml inside the epub) with it, I get the following error: Code: > openssl rsautl -decrypt -in rightsEncryptedKey.bin -out plain.txt-inkey private-lincense-key.pem -raw RSA operation error 140109553796480:error:0406506C:rsa routines:rsa_ossl_private_decrypt:data greater than mod len:crypto/rsa/rsa_ossl.c:400: 1. I made sure encryptedKey was decoded from base64 2. libgourou uses RSA_NO_PADDING when decrypting, so I used -raw switch. I tried other paddings also but without success. Since nothing worked for me, I decided to look at DeDRM decrpytion procedure, specifically decryptBook method inside ineptepub.py. There I found this: Code: if len(bookkey) != 172: print("{0:s} is not a secure Adobe Adept ePub.".format(os.path.basename(inpath))) return 1 Since my encrypted key has length of 192 chars this led me to assume the decryption failure was related to the difference between lengths. Which finally brings me to my questions: - is 172 chars also the length that libgourou implicitly assumes? - do you have any ideas on what else I could throw at openssl to try decrypting the encryptedKey? FYI, from what I can gather the Android app uses v12.5.2 of the librmsdk lib behind the scenes. P.S.: You may want to introduce a new enum (CLIENT_INVALID_PKCS8) here instead of re-using CLIENT_INVALID_PKCS12: Code: PKCS8_PRIV_KEY_INFO* p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(mem, NULL); if (!p8inf) EXCEPTION(gourou::CLIENT_INVALID_PKCS12, ERR_error_string(ERR_get_error(), NULL)); Thanks.