Thread: Adventures in discovering the K4PC PID.
View Single Post
Old 11-27-2009, 09:53 AM   #9
clarknova
Addict
clarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with othersclarknova plays well with others
 
clarknova's Avatar
 
Posts: 241
Karma: 2617
Join Date: Mar 2009
Location: Greenwood, SC
Device: Kindle 2
Quote:
Originally Posted by wallcraft
I don't know how long it would take to crack the PID from a MOBI file, but this seems practical even using brute force and there might be faster ways.
About 7 days on 1 core of a 2.0ghz processor. This would be faster if you know the PID is a Kindle/Mobi pid (Which ends in either $ or * and limits the combinations to 105046700288) However for a Kindle 4 PC or iPod these increase to 1785793904896 combinations. I got lucky and it only took me about a day to brute force my Kindle 4 PC pid.

Quote:
Originally Posted by delphidb96
Except that the .azw files are directly de-DRMable using MobiDeDrm. (Presuming you've retrieved your iPod/iPhone/Kindle serial number and run it through a script to generate the PID.) In order to make that work with a single non-standard key that is NOT a mobi-format PID would mean that either a) the PID one generates from an iPhone/Kindle is somehow hashed with all the other Kindle-specific PIDs one has (six in my case, 2 iPod Touches, 3 PCs and one Kindle), and mind you, I've downloaded some of my purchases *BEFORE* owning K4PC and they are just as de-drmable using the current iPod PIDs as they were before, or b) that ain't how it works. Remember, my copy of MobiDeDRM does NOT have special "Amazon" de-drming modules - I'm actually running v0.04.
That's all irrelevant. If you'd just LOOK at the DRM sections you would see. If you open up any book from a Kindle, you'll look a the DRM section and notice that the "00 00 00 43" has been encrypted (16 bytes later) into the same string on EVERY book for that kindle.
Now if you look at books for your Kindle 4 PC, you'll see that "00 00 00 43" is encrypted DIFFERENTLY on every* book. This means they've introduced an IV into the book key encryption method.

* - So how did I brute force my PID when the encryption's changed? Because when I first installed K4PC I downloaded one book out of my library. It came across with the old encryption. Every book since has had the new encryption, and the only way I can readily tell which encryption method the book will use is by that EXTH 208 record (you know the one: "atv:kin:1:{base64 data}:{base64 data}" ). If that record has a length of 0xC7, then the book seems to use the old (normal) book key encryption. If the length is 0xDB, then it's the new method.
clarknova is offline   Reply With Quote