hi all news:
i have looked a littel on the source code of : MobiDeDRM
and from what i have seen there is a vector like this:
Code:
def parseDRM(self, data, count, pid):
pid = pid.ljust(16,'\0')
keyvec1 = "\x72\x38\x33\xB0\xB4\xF2\xE3\xCA\xDF\x09\x01\xD6\xE2\xE0\x3F\x96"
temp_key = PC1(keyvec1, pid, False)
temp_key_sum = sum(map(ord,temp_key)) & 0xff
i looked this bytes in the Kindle for PC:
\x72\x38\x33\xB0\xB4\xF2\xE3\xCA\xDF\x09\x01\xD6\x E2\xE0\x3F\x96
and yes i found it!
Code:
005709AA mov ecx, ds:dword_BFC5A8 ; keyvec1 like in - MobiDeDRM
.text:005709B0 mov edx, ds:dword_BFC5AC
.text:005709B6 mov eax, ds:dword_BFC5B0
.text:005709BB mov [esp+0C4h+var_AC], ecx
.text:005709BF mov ecx, ds:dword_BFC5B4
.text:005709C5 mov [esp+0C4h+var_98], 3
.text:005709CD mov [esp+0C4h+var_A8], edx
.text:005709D1 mov [esp+0C4h+var_A4], eax
.text:005709D5 mov [esp+0C4h+var_A0], ecx
.text:005709D9 jz loc_570ABC
.text:005709DF mov dword ptr [ebp+4], 1
.text:005709E6 jmp loc_570ABC
currently i'm starting to debug to see when it is used...
Regards,
LaBBa.