|  12-10-2009, 08:12 AM | #31 | 
| The Dank Side of the Moon            Posts: 35,930 Karma: 119747553 Join Date: Sep 2009 Location: Denver, CO Device: Kindle2 & PW, Onyx Boox Go6 | 
			
			I have no idea what any of that means or even if it's relevant to the issue at hand.   Seems you'd be looking at the KindleforPC software or a downloaded Kindle book rather than in the MobideDRM software. | 
|   |   | 
|  12-10-2009, 02:05 PM | #32 | |
| Wizard            Posts: 2,999 Karma: 300001 Join Date: Jan 2007 Location: Citrus Heights, California Device: TWO Kindle 2s, one each Bookeen Cybook Gen3, Sony PRS-500, Axim X51V | Quote: 
  Derek | |
|   |   | 
|  12-10-2009, 02:12 PM | #33 | |
| The Dank Side of the Moon            Posts: 35,930 Karma: 119747553 Join Date: Sep 2009 Location: Denver, CO Device: Kindle2 & PW, Onyx Boox Go6 | Quote: 
 I understand that, what I'm not following is why labba is looking in the source code of mobidedrm? The serial number is going to be in the KindlePC application or in the encoded book or both. | |
|   |   | 
|  12-10-2009, 02:40 PM | #34 | 
| Member        Posts: 23 Karma: 752 Join Date: Dec 2009 Device: none | 
			
			the Kindle for PC knows to load PRC file format and the MobiDeDRM contains code of decrypting a DRM PRC file i looked in this code and found the rutine that is responsible to decrypt a DRM PRC file have the same use like in the MobiDeDRM... now i need to find out what\where is the PID that is used to decrypt the PRC file so we could use it to extract this and will be able to do this on every computer. | 
|   |   | 
|  12-10-2009, 02:58 PM | #35 | |
| The Dank Side of the Moon            Posts: 35,930 Karma: 119747553 Join Date: Sep 2009 Location: Denver, CO Device: Kindle2 & PW, Onyx Boox Go6 | Quote: 
 | |
|   |   | 
|  12-10-2009, 03:16 PM | #36 | |
| Addict            Posts: 241 Karma: 2617 Join Date: Mar 2009 Location: Greenwood, SC Device: Kindle 2 | Quote: 
  I give up. On the plus side, i-heart-cabbages knows what's up and seems to be working on this, hopefully he'll come through again like he did with Adobe Adept. | |
|   |   | 
|  12-12-2009, 04:03 PM | #37 | |
| Leafy greens connoisseur            Posts: 49 Karma: 21271 Join Date: Feb 2009 Device: PRS-505 | Quote: 
  .  I am working on it, but haven't had much free time lately, and it turned out to be more complicated than I thought it would be at first glance.  What labba describes is essentially what I did to get to the point of being able to decrypt individual books, but there are several layers of encryption and obfuscation separating the kindle.info file from the per-book PID used for the final pass of Mobipocket/PC1 decryption which actually decrypts the book. In any case, I'll post when I finish, or if I give up. | |
|   |   | 
|  12-12-2009, 04:24 PM | #38 | |
| The Dank Side of the Moon            Posts: 35,930 Karma: 119747553 Join Date: Sep 2009 Location: Denver, CO Device: Kindle2 & PW, Onyx Boox Go6 | Quote: 
 Thank you sir! | |
|   |   | 
|  12-13-2009, 01:07 AM | #39 | 
| Member        Posts: 23 Karma: 752 Join Date: Dec 2009 Device: none | 
			
			good to know that i'm  not alone in this :-)  i'm currently continuing alos the RE on this target i hope we can share the info to get a faster results.. as for now i found that this is the main sub: Code: 00414270 $ 55 PUSH EBP 00414271 . 8BEC MOV EBP,ESP 00414273 . 83E4 F8 AND ESP,FFFFFFF8 00414276 . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 0041427C . 6A FF PUSH -1 0041427E . 68 8015A000 PUSH KindleFo.00A01580 00414283 . 50 PUSH EAX 00414284 . 64:8925 000000>MOV DWORD PTR FS:[0],ESP 0041428B . 83EC 28 SUB ESP,28 0041428E . 53 PUSH EBX 0041428F . 56 PUSH ESI 00414290 . 57 PUSH EDI 00414291 . 8BF9 MOV EDI,ECX 00414293 . 8B4F 3C MOV ECX,DWORD PTR DS:[EDI+3C] 00414296 . 33DB XOR EBX,EBX 00414298 . 3BCB CMP ECX,EBX 0041429A . 74 08 JE SHORT KindleFo.004142A4 ; taken 0041429C . 8B01 MOV EAX,DWORD PTR DS:[ECX] 0041429E . 8B50 2C MOV EDX,DWORD PTR DS:[EAX+2C] 004142A1 . 53 PUSH EBX 004142A2 . FFD2 CALL EDX 004142A4 > A1 60CBD100 MOV EAX,DWORD PTR DS:[D1CB60] 004142A9 . 894424 10 MOV DWORD PTR SS:[ESP+10],EAX 004142AD . B9 01000000 MOV ECX,1 004142B2 . F0:0FC108 LOCK XADD DWORD PTR DS:[EAX],ECX ; LOCK prefix 004142B6 . 895C24 3C MOV DWORD PTR SS:[ESP+3C],EBX 004142BA . 8B47 20 MOV EAX,DWORD PTR DS:[EDI+20] 004142BD . 3BC3 CMP EAX,EBX 004142BF . 0F84 76010000 JE KindleFo.0041443B ; not taken 004142C5 . 3858 1D CMP BYTE PTR DS:[EAX+1D],BL 004142C8 . 0F85 6D010000 JNZ KindleFo.0041443B ; not taken 004142CE . 3958 14 CMP DWORD PTR DS:[EAX+14],EBX 004142D1 . 0F84 ED000000 JE KindleFo.004143C4 ; not taken 004142D7 . 8D7424 20 LEA ESI,DWORD PTR SS:[ESP+20] 004142DB . E8 107D0500 CALL KindleFo.0046BFF0 004142E0 . C64424 3C 01 MOV BYTE PTR SS:[ESP+3C],1 004142E5 . 8B57 20 MOV EDX,DWORD PTR DS:[EDI+20] 004142E8 . 8B4A 14 MOV ECX,DWORD PTR DS:[EDX+14] 004142EB . 8B01 MOV EAX,DWORD PTR DS:[ECX] 004142ED . 8B40 08 MOV EAX,DWORD PTR DS:[EAX+8] 004142F0 . 8BD6 MOV EDX,ESI 004142F2 . 52 PUSH EDX 004142F3 . 8D5424 18 LEA EDX,DWORD PTR SS:[ESP+18] 004142F7 . 52 PUSH EDX 004142F8 . FFD0 CALL EAX ; Need Analysis: Encryption/Decryption Sub 004142FA . 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18] 004142FE . 51 PUSH ECX 004142FF . C64424 40 02 MOV BYTE PTR SS:[ESP+40],2 00414304 . E8 37A90200 CALL KindleFo.0043EC40 00414309 . 83C4 04 ADD ESP,4 0041430C . 50 PUSH EAX 0041430D . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14] 00414311 . C64424 40 03 MOV BYTE PTR SS:[ESP+40],3 00414316 . E8 C50B4F00 CALL KindleFo.00904EE0 0041431B . C64424 3C 02 MOV BYTE PTR SS:[ESP+3C],2 00414320 . 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+18] 00414324 . 83C8 FF OR EAX,FFFFFFFF 00414327 . F0:0FC102 LOCK XADD DWORD PTR DS:[EDX],EAX ; LOCK prefix 0041432B . 75 0D JNZ SHORT KindleFo.0041433A ; taken 0041432D . 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18] 00414331 . 51 PUSH ECX 00414332 . E8 990B4F00 CALL KindleFo.00904ED0 00414337 . 83C4 04 ADD ESP,4 0041433A > 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14] 0041433E . 3BCB CMP ECX,EBX 00414340 . 74 75 JE SHORT KindleFo.004143B7 ; PROBLEM: need no jump Code: 004142F8 . FFD0 CALL EAX ;Need Analysis: Encryption/Decryption Sub still working on it.. Last edited by labba; 12-13-2009 at 03:46 AM. | 
|   |   | 
|  12-13-2009, 05:07 AM | #40 | 
| Member        Posts: 23 Karma: 752 Join Date: Dec 2009 Device: none | 
			
			Hi! Progress: if i set a BP on the sub_54F7E0, then dumping the buffer pointed to by arg_0. You will get 8 PID characters, i think i need to add the two checksum chars my self accurding to the checksumPid function in the mobidedrm scripts. the BP will stop 5 time and will give 5 different strings... i will let you know if this could be the answer.. c ya for now.. LaBBa. | 
|   |   | 
|  12-13-2009, 01:06 PM | #41 | |
| reader            Posts: 6,977 Karma: 5183568 Join Date: Mar 2006 Location: Mississippi, USA Device: Kindle 3, Kobo Glo HD | Quote: 
 | |
|   |   | 
|  12-13-2009, 02:10 PM | #42 | 
| Member        Posts: 23 Karma: 752 Join Date: Dec 2009 Device: none | 
			
			let's finish first with this one before moving to the next...   | 
|   |   | 
|  12-13-2009, 02:25 PM | #43 | 
| Resident Curmudgeon            Posts: 80,677 Karma: 150249619 Join Date: Nov 2006 Location: Roslindale, Massachusetts Device: Kobo Libra 2, Kobo Aura H2O, PRS-650, PRS-T1, nook STR, PW3 | 
			
			Let's move onto B&N and then deal with this. I think more people will be interested in having the B&N ePub DRM stripped then this. And even if I am wrong, stripping the DRM from B&N ePub will still be a better thing to start work on.
		 | 
|   |   | 
|  12-13-2009, 02:33 PM | #44 | 
| The Dank Side of the Moon            Posts: 35,930 Karma: 119747553 Join Date: Sep 2009 Location: Denver, CO Device: Kindle2 & PW, Onyx Boox Go6 | 
			
			Except that there is nothing to work with yet. Not even example/sample epubs from B&N as far as I know.
		 | 
|   |   | 
|  12-13-2009, 03:03 PM | #45 | 
| Member        Posts: 23 Karma: 752 Join Date: Dec 2009 Device: none | 
			
			you can use your reversing skills to start doing it... like i do for kindle4pc..
		 | 
|   |   | 
|  | 
| Thread Tools | Search this Thread | 
| 
 | 
|  Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post | 
| discovering and loving this fb.2 reader.. | oncdoc | Astak EZReader | 2 | 04-19-2010 06:05 PM | 
| K4 Mac or PC Where are K4PC files? | lmittell | Amazon Kindle | 3 | 01-06-2010 01:04 AM | 
| Where is the PID on Pocket Pro, ADE and K4PC? | rxsz | Astak EZReader | 7 | 12-20-2009 05:29 AM | 
| Free on Kindle - Discovering Dani | koland | Deals and Resources (No Self-Promotion or Affiliate Links) | 0 | 09-28-2009 09:57 AM | 
| Kindle PID from Mobi PID - can anyone do it? | delphidb96 | Workshop | 2 | 04-27-2009 04:42 PM |