Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book General > News

Notices

Reply
 
Thread Tools Search this Thread
Old 02-15-2015, 07:58 PM   #1
ChesterFritz
Book Writer
ChesterFritz has become one with the cosmosChesterFritz has become one with the cosmosChesterFritz has become one with the cosmosChesterFritz has become one with the cosmosChesterFritz has become one with the cosmosChesterFritz has become one with the cosmosChesterFritz has become one with the cosmosChesterFritz has become one with the cosmosChesterFritz has become one with the cosmosChesterFritz has become one with the cosmosChesterFritz has become one with the cosmos
 
Posts: 12
Karma: 21884
Join Date: Jun 2014
Device: Kindle
Clicklocker Is a Bad DRM Solution

I wrote a reverse engineering article on my blog about the DRM solution known as ClickLocker. While the author claims that it has industrial strength security, I prove in this tutorial that this just isn't so. The goal of this tutorial is not to teach you how to pirate clicklocker protected ebooks, but to show you how weak this protection is. I hope that you enjoy and find it useful when choosing the best DRM solution for your product:

Code:
http://reverseengineeringtips.blogspot.com/2015/02/the-exagerated-promises-of-clicklocker.html

Last edited by ChesterFritz; 02-16-2015 at 02:59 PM.
ChesterFritz is offline   Reply With Quote
Old 02-16-2015, 09:23 AM   #2
HarryT
eBook Enthusiast
HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.
 
HarryT's Avatar
 
Posts: 85,536
Karma: 82356324
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
Moderator Notice
Please bear in mind, should you decide to post in this thread, that detailed discussions of DRM removal are not permitted at MR. Any posts which violate this rule will be deleted without comment or notice.

Thank you.
HarryT is offline   Reply With Quote
Advert
Old 02-17-2015, 07:28 PM   #3
Quexos
Member Retired
Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.
 
Posts: 1,999
Karma: 11348924
Join Date: Jan 2011
Location: Limbo
Device: none
Quote:
Originally Posted by HarryT View Post
Please bear in mind, should you decide to post in this thread, that detailed discussions of DRM removal are not permitted at MR. Any posts which violate this rule will be deleted without comment or notice.

Thank you.
I wonder (and this is only curiosity) why on one hand it is made clear that DRM removal discussions are not allowed and at the same time there is a thread somewhere (too lazy to look for it but I know it's there) about DRM removal and what software to use and how to do it, something about a certain apprentice named Alf... which, apex of irony, was started by a mod...

Don't get me wrong, I'm not starting a discussion here about whether MR should or should not be a free place where DRM removal should or should not be encouraged and discussed, I'm only questioning the logic behind the obvious contradiction of MR's stance against such tools and the very existence of that particular thread?
Quexos is offline   Reply With Quote
Old 02-17-2015, 07:43 PM   #4
Shades
Zealot
Shades ought to be getting tired of karma fortunes by now.Shades ought to be getting tired of karma fortunes by now.Shades ought to be getting tired of karma fortunes by now.Shades ought to be getting tired of karma fortunes by now.Shades ought to be getting tired of karma fortunes by now.Shades ought to be getting tired of karma fortunes by now.Shades ought to be getting tired of karma fortunes by now.Shades ought to be getting tired of karma fortunes by now.Shades ought to be getting tired of karma fortunes by now.Shades ought to be getting tired of karma fortunes by now.Shades ought to be getting tired of karma fortunes by now.
 
Shades's Avatar
 
Posts: 116
Karma: 1246392
Join Date: Nov 2010
Device: Nexus 4 + FBReader, Nook 1st Ed.
Quote:
Originally Posted by Quexos View Post
I wonder (and this is only curiosity) why on one hand it is made clear that DRM removal discussions are not allowed and at the same time there is a thread somewhere (too lazy to look for it but I know it's there) about DRM removal and what software to use and how to do it, something about a certain apprentice named Alf... which, apex of irony, was started by a mod...

Don't get me wrong, I'm not starting a discussion here about whether MR should or should not be a free place where DRM removal should or should not be encouraged and discussed, I'm only questioning the logic behind the obvious contradiction of MR's stance against such tools and the very existence of that particular thread?
The site's host country changed and so MR is forced to obey the U.S.'s laws. Including those on DRM.
Shades is offline   Reply With Quote
Old 02-17-2015, 07:58 PM   #5
Quexos
Member Retired
Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.Quexos ought to be getting tired of karma fortunes by now.
 
Posts: 1,999
Karma: 11348924
Join Date: Jan 2011
Location: Limbo
Device: none
Quote:
Originally Posted by Shades View Post
The site's host country changed and so MR is forced to obey the U.S.'s laws. Including those on DRM.
Oh the site changed its host country? I never knew that. But that still would not explain it all clearly. I mean US law has something called the 1st amendment on freedom of speech so the US being host to this website does not explain the contradiction mentioned in my previous post.
The mystery thickens... or at the very least remains the same

Last edited by Quexos; 02-17-2015 at 08:07 PM.
Quexos is offline   Reply With Quote
Advert
Old 02-18-2015, 01:54 AM   #6
Sweetpea
Grand Sorcerer
Sweetpea ought to be getting tired of karma fortunes by now.Sweetpea ought to be getting tired of karma fortunes by now.Sweetpea ought to be getting tired of karma fortunes by now.Sweetpea ought to be getting tired of karma fortunes by now.Sweetpea ought to be getting tired of karma fortunes by now.Sweetpea ought to be getting tired of karma fortunes by now.Sweetpea ought to be getting tired of karma fortunes by now.Sweetpea ought to be getting tired of karma fortunes by now.Sweetpea ought to be getting tired of karma fortunes by now.Sweetpea ought to be getting tired of karma fortunes by now.Sweetpea ought to be getting tired of karma fortunes by now.
 
Sweetpea's Avatar
 
Posts: 9,429
Karma: 28957780
Join Date: Dec 2008
Location: Krewerd
Device: Dell V8Pro; Asus Zenpad S8; Onyx Boox T68; Kobo Aura One
Let's go back to the OP:

Quote:
Originally Posted by ChesterFritz View Post
I wrote a reverse engineering article on my blog about the DRM solution known as ClickLocker. While the author claims that it has industrial strength security, I prove in this tutorial that this just isn't so. The goal of this tutorial is not to teach you how to pirate clicklocker protected ebooks, but to show you how weak this protection is. I hope that you enjoy and find it useful when choosing the best DRM solution for your product:

Code:
http://reverseengineeringtips.blogspot.com/2015/02/the-exagerated-promises-of-clicklocker.html
The best DRM solution is the one where the legal user of the product doesn't encounter any problems when he wants to use said product in the way it was supposed to. In case of ebooks, that means that if I buy a book, I should be able to read it on all my ebook reading devices, without having to jump any hoops, like DRM removal. So, either let me convert one format to the other without having to remove the DRM or offer me the format of my choice when buying the book. Also, let me download the book without having to install any extra software so I can download it on any device I own that has an internet connection. And lastly, let me read the book on any device. With or without internet connection.
Sweetpea is offline   Reply With Quote
Old 02-18-2015, 02:38 AM   #7
twowheels
Wizard
twowheels ought to be getting tired of karma fortunes by now.twowheels ought to be getting tired of karma fortunes by now.twowheels ought to be getting tired of karma fortunes by now.twowheels ought to be getting tired of karma fortunes by now.twowheels ought to be getting tired of karma fortunes by now.twowheels ought to be getting tired of karma fortunes by now.twowheels ought to be getting tired of karma fortunes by now.twowheels ought to be getting tired of karma fortunes by now.twowheels ought to be getting tired of karma fortunes by now.twowheels ought to be getting tired of karma fortunes by now.twowheels ought to be getting tired of karma fortunes by now.
 
twowheels's Avatar
 
Posts: 1,412
Karma: 10028496
Join Date: Nov 2010
Device: Kindle PaperWhite 1st Gen, iPad Pro 10", iPhone 7
I've never run across Clicklocker and am not sure who uses it, but wow... that's bad.

This is ALMOST as bad as a game I cracked for a roommate back in ~1993.

A common copy protection scheme back then was to include a card or booklet of things to look up before you could play the game. These were often low contrast images that were hard to photocopy on the machines of the era. He was colorblind and unable to decipher these and unable to play the game without asking somebody else to start it for him, so I took a crack at it.

In about 2 minutes I found where they were calling to the protection... replaced the jmp & jne calls with nop instead, and I was done... it no longer asked for the codes.

I then looked at it a little closer and saw that it had an executable called prot.exe. I ran that directly and saw that it was a program that had you make the choices. If you ran it and gave the correct answer it would return 0 and if you ran it and gave it the wrong answer it would return 1.

So... I fired up my editor and wrote this program in C:

int main() { return 0; } // I didn't know back then about the implicit return value

Compiled it and saved it as prot.exe... done... cracked it two completely different ways in less than 10 minutes. Their copy protection clearly served no purpose beyond inconveniencing actual paying users.

Last edited by twowheels; 02-18-2015 at 02:42 AM.
twowheels is offline   Reply With Quote
Old 02-18-2015, 03:50 AM   #8
Brazen_NL
Slobbering Dog
Brazen_NL ought to be getting tired of karma fortunes by now.Brazen_NL ought to be getting tired of karma fortunes by now.Brazen_NL ought to be getting tired of karma fortunes by now.Brazen_NL ought to be getting tired of karma fortunes by now.Brazen_NL ought to be getting tired of karma fortunes by now.Brazen_NL ought to be getting tired of karma fortunes by now.Brazen_NL ought to be getting tired of karma fortunes by now.Brazen_NL ought to be getting tired of karma fortunes by now.Brazen_NL ought to be getting tired of karma fortunes by now.Brazen_NL ought to be getting tired of karma fortunes by now.Brazen_NL ought to be getting tired of karma fortunes by now.
 
Brazen_NL's Avatar
 
Posts: 454
Karma: 2522512
Join Date: Feb 2015
Location: NL
Device: Kindle PW2/iPad/iPhone
Quote:
Originally Posted by twowheels View Post
A common copy protection scheme back then was to include a card or booklet of things to look up before you could play the game. These were often low contrast images that were hard to photocopy on the machines of the era.
Sierra comes to mind. I loved those games!

I even remember playing them and reading it out loud for my kid brothers. It was like an interactive book to them.
Brazen_NL is offline   Reply With Quote
Old 02-18-2015, 04:34 AM   #9
Ghitulescu
Evangelist
Ghitulescu gives new meaning to the word 'superlative.'Ghitulescu gives new meaning to the word 'superlative.'Ghitulescu gives new meaning to the word 'superlative.'Ghitulescu gives new meaning to the word 'superlative.'Ghitulescu gives new meaning to the word 'superlative.'Ghitulescu gives new meaning to the word 'superlative.'Ghitulescu gives new meaning to the word 'superlative.'Ghitulescu gives new meaning to the word 'superlative.'Ghitulescu gives new meaning to the word 'superlative.'Ghitulescu gives new meaning to the word 'superlative.'Ghitulescu gives new meaning to the word 'superlative.'
 
Posts: 440
Karma: 150782
Join Date: Aug 2014
Device: PRS-T1
The only way to get rid of DRM is to buy physical products.
You know that grey bricks, the paper books?
These are not paired with any brain/eyes so they can be borrowed, sold, bought like a pair of shoes.
Ghitulescu is offline   Reply With Quote
Old 02-18-2015, 05:25 AM   #10
HarryT
eBook Enthusiast
HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.
 
HarryT's Avatar
 
Posts: 85,536
Karma: 82356324
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
The main purpose of DRM is not to defeat the professional criminal who wants to steal your product, but to give the overwhelming majority of honest users a gentle reminder when they try to do something that's outside the terms of usage of the product, such as giving a copy of it to their friends. Just as door and window locks won't stop a burglar from breaking into your house, but remind the casual by-passer that it's private property.

In that sense I really don't think it's terribly important how strong or otherwise a DRM system is. The typical user won't care; the professional criminal won't be stopped by it.
HarryT is offline   Reply With Quote
Old 02-18-2015, 07:00 AM   #11
murg
No Comment
murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.
 
Posts: 3,237
Karma: 23878043
Join Date: Jan 2012
Location: Australia
Device: Kobo: Not just an eReader, it's an adventure!
Quote:
Originally Posted by HarryT View Post
The main purpose of DRM is not to defeat the professional criminal who wants to steal your product, but to give the overwhelming majority of honest users a gentle reminder when they try to do something that's outside the terms of usage of the product, such as giving a copy of it to their friends. Just as door and window locks won't stop a burglar from breaking into your house, but remind the casual by-passer that it's private property.

In that sense I really don't think it's terribly important how strong or otherwise a DRM system is. The typical user won't care; the professional criminal won't be stopped by it.
A gentle reminder? So, breaking the law is now gentle?
murg is offline   Reply With Quote
Old 02-18-2015, 07:09 AM   #12
HarryT
eBook Enthusiast
HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.
 
HarryT's Avatar
 
Posts: 85,536
Karma: 82356324
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
Quote:
Originally Posted by murg View Post
A gentle reminder? So, breaking the law is now gentle?
No, the fact that the product stops you from doing illegal things unless you specifically take action to circumvent the DRM is the gentle reminder that I was referring to. Apologies if I didn't make my meaning clear.
HarryT is offline   Reply With Quote
Old 02-18-2015, 09:57 AM   #13
webroot
Zealot
webroot ought to be getting tired of karma fortunes by now.webroot ought to be getting tired of karma fortunes by now.webroot ought to be getting tired of karma fortunes by now.webroot ought to be getting tired of karma fortunes by now.webroot ought to be getting tired of karma fortunes by now.webroot ought to be getting tired of karma fortunes by now.webroot ought to be getting tired of karma fortunes by now.webroot ought to be getting tired of karma fortunes by now.webroot ought to be getting tired of karma fortunes by now.webroot ought to be getting tired of karma fortunes by now.webroot ought to be getting tired of karma fortunes by now.
 
webroot's Avatar
 
Posts: 108
Karma: 3026116
Join Date: Oct 2014
Device: android
this is an excellent post on how he cracked that software, but it is misleading too, as to many here, specially when we use the term DRM, its just about license cracking for this particular software and not really ebook DRM cracking ( or piracy). I wonder why original poster mention the need for encryption in executable binary! If that holds true then there is nothing wrong in cracking this app and posting details.
webroot is offline   Reply With Quote
Old 02-18-2015, 11:31 AM   #14
theducks
Well trained by Cats
theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.
 
theducks's Avatar
 
Posts: 23,274
Karma: 24326584
Join Date: Aug 2009
Location: (The original) Silicon Valley, USA
Device: K4NT, Galaxy Tab A, Kobo Aura2
Quote:
Originally Posted by Quexos View Post
Oh the site changed its host country? I never knew that. But that still would not explain it all clearly. I mean US law has something called the 1st amendment on freedom of speech so the US being host to this website does not explain the contradiction mentioned in my previous post.
The mystery thickens... or at the very least remains the same
the US also has the DMCA which supersedes your interpretation of the 1st amendment. The Supreme court was not of your opinion on this either.


Best laws Disney (lawyers) could buy

(you don't think all those bills are written by the staff? )
theducks is offline   Reply With Quote
Old 02-18-2015, 12:15 PM   #15
rollei
Addict
rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.
 
Posts: 216
Karma: 1000210
Join Date: Mar 2014
Device: Kobo
Quote:

http://reverseengineeringtips.blogsp...icklocker.html

Now that we are finished, I must state that the goal of this tutorial was NOT to teach you how to pirate a ClickLocker protected product, but rather to show you that this product is not as strong as their website implies. A good DRM management software would employ encryption that could not be broken without a valid decryption key being supplied by the server upon activation. This is far from the case with ClickLocker. While my goal here is not to defame ClickLocker, I hope that you will consider these factors before using their low security product. Until next time, happy reversing.

Posted by Chester Fritz at 12:30 PM
OP did say "the goal of this tutorial was NOT to teach you how to pirate a ClickLocker protected product, but rather to show you that this product is not as strong as their website implies."

The tutorial also helped owners of software, e-books, video, audio, apps etc to take corrective measures to safeguard their properties, which otherwise may have been stolen while using ClickLocker to secure their properties.

The tutorial may cause ClickLocker to lose sales, shutdown, face lawsuits or a total revamp of their "locking" product.
rollei is offline   Reply With Quote
Reply

Tags
clicklocker, drm, unpacking

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DRM Good or Bad? Justin Nemo Writers' Corner 543 04-27-2012 03:22 AM
DRM bad, Piracy Good leebase General Discussions 20 12-02-2010 12:14 AM
So, what's so bad about DRM, anyway? vivaldirules Lounge 15 09-28-2008 08:30 PM
DRM = BAD Nate the great News 49 12-06-2007 04:33 PM


All times are GMT -4. The time now is 01:16 PM.


MobileRead.com is a privately owned, operated and funded community.