• View
• Edit
• History
• Print

NookDRM

2013-01-28

Since about the middle of September 2012 I have noticed that the DRM'd books from B&N are no longer being converted by my un-DRM tools executing on Focalor. When I run the tools manually, I get an error indicating that the "Key cannot be the null string".

I have made no changes to my tools in over a year, and can only come up with the idea that one or more files have become corrupted, particularly the user key file, or that B&N has introduced something new in the structure or encryption methodology of their books since September. To do that would require that all readers be updated with that new methodology, but I have successfully read some of these newer files with version 1.0.0 firmware in a Simple Touch reader, so I believe this is not the culprit.

In the meantime, awaiting a solution, I have placed all the B&N files downloaded since September 1, 2012 in the folder eTexts/BN/BNbooks.

I just regenerated the user key using the ILoveCabbages keygen script and confirmed that the key it generated is identical to the one historically used, so the key file is good.

2013-01-29

Further thought suggested that around the same time as this trouble started, it was then that B&N notified us that the credit card on file had expired. In response to that I updated B&N with my Discover CC. On a chance that the newer DRM books were encrypted using this new CC as part of the key, I went back to Focalor and regenerated a new key with that new card's number.

Sure enough, that did it!

I'm wondering about the old files already on my nook devices, that were originally encrypted with the first card. Are they still that way, or does B&N re-encrypt everything in the cloud with the new card number and re-deliver all the content, behind the scenes? Otherwise, the device would have to have both keys, one for each card, and try them both, but that seems to un-elegant to me. It complicates things. I'm guessing that content is re-encrypted with the 'current' key whenever it is downloaded from the cloud, but that still doesn't answer the case where files are already on the device. Hmm...

2016-01-18

B&N have change the encryption key for Nook users. No longer is it a combination of the username (email address) and the credit card number. The key is now a random value assigned to the account by B&N. So, this new key is not something that can be generated using the old ILuvCabbages script, either.

However, all is not lost! Browsing the web regarding tools to overcome this new situation shows that others have taken the ILuvCabbages scripts, enhanced them, and built them into a couple of plugins for Firefox and Calibre. And after some scrounging, I was able to determine that they are still GPL'd, with the code available on GitHub. So, I downloaded the DeDRM_tools-6.2.2.zip file and poked around. The docs suggested that the plugins could get the new key for you, using an unpublished URL that uses the username (email address) and password to their B&N account. Indeed, this is true. I found the URL in the /lib/ignobelkeyfetch.pyw file. Using my brain a little bit, I was able to stuff the variable parts of the URL with what was needed, including a random 30-digit hex number. Here is the URL:

https://cart4.barnesandnoble.com/services/service.aspx? \
Version=2&acctPassword=bookstore&devID=hobbes_9.3.50818_27daf82afcc3798dcb287022041307& \
emailAddress=shop@rebeccablaser.com&outFormat=5&schema=1&service=1&stage=deviceHashB

For the random chunk in the devID value I used dd if=/dev/urandom bs=1 count=30 | hexdump -C to give me a series of random hex digits. I collapsed them into a single no-whitespace string and chopped it to 30 characters. So, using this URL, I used wget and saved the response as new_key.download. This is a tiny chunk of XML that contains the 'ccHash' value that is the encryption key encoded in Base64, just what is needed for the old ILuvCabbages script. I extracted that 28-byte value, saving it as new.key.extracted.b64.

All I had to do was establish a soft-link to the new key and I was back in business!

TODO:

- Need to rework the ILuvCabbages python scripts to be able to run on Linux from the command line, thus allowing me to drop my use of Windows for this task (focalor/WinXP).

- Need to modify the scripts to collapse all whitespace in the resulting file's filename.