mirrors/DeDRM_tools
mirrors/DeDRM_tools
1
0
Fork 0
mirror of https://github.com/noDRM/DeDRM_tools.git synced 2024-11-05 13:36:10 +06:00
Code Issues Projects Releases Wiki Activity
049f44231c
DeDRM_tools/skindle/skindle.c
Bart Simpson 049f44231c First Kindle 4 PC solution
2015-02-27 22:02:56 +00:00

1040 lines
29 KiB
C
Raw Blame History

/*
Copyright 2010 BartSimpson
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
/*
* Dependencies: none
* build on cygwin: gcc -o skindle skindle.c md5.c sha1.c b64.c -lCrypt32
* Under cygwin, you can just type make to build it.
* While the binary builds if you use the -mno-cygwin switch, it fails to
* work for some reason. The code should compile with Visual Studio, just
* add all the files to a project and add the Crypt32.lib dependency and
* it should build as a Win32 console app.
*/
/*
* MUST be run on the computer on which KindleForPC is installed
* under the account that was used to purchase DRM'ed content.
* Requires your kindle.info file which can be found in something like:
* <User home>\...\Amazon\Kindle For PC\{AMAwzsaPaaZAzmZzZQzgZCAkZ3AjA_AY}
* where ... varies by platform but is "Local Settings\Application Data" on XP
*/
/*
What: KindleForPC DRM removal utility to preserve your fair use rights!
Why: Fair use is a well established doctrine, and I am no fan of vendor
lockin.
How: This utility implements the PID extraction, DRM key generation and
decryption algorithms employed by the KindleForPC application. This
is a stand alone app that does not require you to determine a PID on
your own, and it does not need to run KindleForPC in order to extract
any data from memory.
Shoutz: The DarkReverser - thanks for mobidedrm! The last part of this
is just a C port of mobidedrm.
labba and I<3cabbages for motivating me to do this the right way.
You guys shouldn't need to spend all your time responding to all the
changes Amazon is going to force you to make in unswindle each time
the release a new version.
Lawrence Lessig - You are my hero. 'Nuff said.
Thumbs down: Disney, MPAA, RIAA - you guys suck. Making billions off
of the exploitation of works out of copyright while vigourously
pushing copyright extension to prevent others from doing the same
is the height of hypocrasy.
Congress - you guys suck too. Why you arrogant pricks think you
are smarter than the founding fathers is beyond me.
*/
#include <windows.h>
#include <Wincrypt.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
//If you prefer to use openssl uncomment the following
//#include <openssl/sha.h>
//#include <openssl/md5.h>
//If you prefer to use openssl remove the following 2 line
#include "md5.h"
#include "sha1.h"
unsigned int base64(unsigned char *inbuf, unsigned int len, unsigned char *outbuf);
/* The kindle.info file created when you install KindleForPC is a set
* of key:value pairs delimited by '{'. The keys and values are encoded
* in a variety of ways. Keys are the mazama64 encoded md5 hash of the
* key name, while values are the mazama64 encoding of the blob returned
* by the Windows CryptProtectData function. The use of CryptProtectData
* is what locks things to a particular user/machine
* kindle.info layout
* Key:AbaZZ6z4a7ZxzLzkZcaqauZMZjZ_Ztz6 ("kindle.account.tokens")
* Value: mazama64Encode(CryptProtectData(some sha1 hash))
* Key:AsAWa4ZJAQaCZ7A3zrZSaZavZMarZFAw ("kindle.cookie.item")
* Value: mazama64Encode(CryptProtectData(base64(144 bytes of data)))
* Key:ZHatAla4a-zTzWA-AvaeAvZQzKZ-agAz ("eulaVersionAccepted")
* Value: mazama64Encode(CryptProtectData(kindle version?))
* Key:ZiajZga7Z9zjZRz7AfZ-zRzUANZNZJzP ("login_date")
* Value: mazama64Encode(CryptProtectData(registration date))
* Key:ZkzeAUA-Z2ZYA2Z_ayA_ahZEATaEAOaG ("kindle.token.item")
* Value: mazama64Encode(CryptProtectData(multi-field crypto data))
* {enc:xxx}{iv:xxx}{key:xxx}{name:xxx}{serial:xxx}
* enc:base64(binary blob)
* iv:base64(16 bytes)
* key:base64(256 bytes)
* name:base64("ADPTokenEncryptionKey")
* serial:base64("1")
* Key:aVzrzRAFZ7aIzmASZOzVzIAGAKawzwaU ("login")
* Value: mazama64Encode(CryptProtectData(your amazon email))
* Key:avalzbzkAcAPAQA5ApZgaOZPzQZzaiaO mazama64Encode(md5("MazamaRandomNumber"))
* Value: mazama64Encode(CryptProtectData(mazama32Encode(32 bytes random data)))
* Key:zgACzqAjZ2zzAmAJa6ZFaZALaYAlZrz- ("kindle.key.item")
* Value: mazama64Encode(CryptProtectData(RSA private key)) no password
* Key:zga-aIANZPzbzfZ1zHZWZcA4afZMZcA_ ("kindle.name.info")
* Value: mazama64Encode(CryptProtectData(your name))
* Key:zlZ9afz1AfAVZjacaqa-ZHa1aIa_ajz7 ("kindle.device.info");
* Value: mazama64Encode(CryptProtectData(the name of your kindle))
*/
typedef struct _SimpleMapNode {
char *key;
char *value;
} SimpleMapNode;
typedef struct _MapList {
SimpleMapNode *node;
struct _MapList *next;
} MapList;
MapList *kindleMap;
#pragma pack(2)
typedef struct _PDB {
char name[32];
unsigned short attrib;
unsigned short version;
unsigned int created;
unsigned int modified;
unsigned int backup;
unsigned int modNum;
unsigned int appInfoID;
unsigned int sortInfoID;
unsigned int type;
unsigned int creator;
unsigned int uniqueIDseed;
unsigned int nextRecordListID;
unsigned short numRecs;
} PDB;
typedef struct _HeaderRec {
unsigned int offset;
unsigned int attribId;
} HeaderRec;
#define attrib(x) ((x)&0xFF)
#define id(x) (bswap_l((x) & 0xFFFFFF00))
typedef struct _PalmDocHeader {
unsigned short compression;
unsigned short reserverd1;
unsigned int textLength;
unsigned short recordCount;
unsigned short recordSize;
unsigned short encryptionType;
unsigned short reserved2;
} PalmDocHeader;
//checked lengths are 24, 116, 208, 228
typedef struct _MobiHeader {
unsigned int id;
unsigned int hdrLen;
unsigned int type;
unsigned int encoding;
unsigned int uniqueId;
unsigned int generator;
unsigned char reserved1[40];
unsigned int firstNonBookIdx;
unsigned int nameOffset;
unsigned int nameLength;
unsigned int language;
unsigned int inputLang;
unsigned int outputLang;
unsigned int formatVersion;
unsigned int firstImageIdx;
unsigned char unknown1[16];
unsigned int exthFlags;
unsigned char unknown2[36];
unsigned int drmOffset;
unsigned int drmCount;
unsigned int drmSize;
unsigned int drmFlags;
unsigned char unknown3[58];
unsigned short extra_flags;
} MobiHeader;
typedef struct _ExthRecHeader {
unsigned int type;
unsigned int len;
} ExthRecHeader;
typedef struct _ExthHeader {
unsigned int id;
unsigned int hdrLen;
unsigned int recordCount;
ExthRecHeader records[1];
} ExthHeader;
//#define bswap_l ntohl
//#define bswap_s ntohs
unsigned short bswap_s(unsigned short s) {
return (s >> 8) | (s << 8);
}
unsigned int bswap_l(unsigned int s) {
unsigned int u = bswap_s(s);
unsigned int l = bswap_s(s >> 16);
return (u << 16) | l;
}
MapList *findNode(char *key) {
MapList *l;
for (l = kindleMap; l; l = l->next) {
if (strcmp(key, l->node->key) == 0) {
return l;
}
}
return NULL;
}
void addMapNode(char *key, char *value) {
MapList *ml = findNode(key);
if (ml) {
free(ml->node->value);
ml->node->value = value;
}
else {
SimpleMapNode *smn = (SimpleMapNode*)malloc(sizeof(SimpleMapNode));
smn->key = key;
smn->value = value;
ml = (MapList*)malloc(sizeof(MapList));
ml->node = smn;
ml->next = kindleMap;
kindleMap = ml;
}
}
void dumpMap() {
MapList *l;
for (l = kindleMap; l; l = l->next) {
fprintf(stderr, "%s:%s\n", l->node->key, l->node->value);
}
}
void parseLine(char *line) {
char *colon = strchr(line, ':');
if (colon) {
char *key, *value;
int len = colon - line;
key = (char*)malloc(len + 1);
*colon++ = 0;
strcpy(key, line);
len = strlen(colon);
value = (char*)malloc(len + 1);
strcpy(value, colon);
value[len] = 0;
addMapNode(key, value);
}
}
int buildKindleMap(char *infoFile) {
int result = 0;
struct stat statbuf;
if (stat(infoFile, &statbuf) == 0) {
FILE *fd = fopen(infoFile, "rb");
char *infoBuf = (char*)malloc(statbuf.st_size + 1);
infoBuf[statbuf.st_size] = 0;
if (fread(infoBuf, statbuf.st_size, 1, fd) == 1) {
char *end = infoBuf + statbuf.st_size;
char *b = infoBuf, *e;
while (e = strchr(b, '{')) {
*e = 0;
if ((e - b) > 2) {
parseLine(b);
}
e++;
b = e;
}
if (b < end) {
parseLine(b);
}
}
else {
fprintf(stderr, "short read on info file\n");
}
free(infoBuf);
fclose(fd);
return 1;
}
return 0;
}
png_crc_table_init(unsigned int *crc_table) {
unsigned int i;
for (i = 0; i < 256; i++) {
unsigned int n = i;
unsigned int j;
for (j = 0; j < 8; j++) {
if (n & 1) {
n = 0xEDB88320 ^ (n >> 1);
}
else {
n >>= 1;
}
}
crc_table[i] = n;
}
}
unsigned int compute_png_crc(unsigned char *input, unsigned int len, unsigned int *crc_table) {
unsigned int crc = 0;
unsigned int i;
for (i = 0; i < len; i++) {
unsigned int v = (input[i] ^ crc) & 0xff;
crc = crc_table[v] ^ (crc >> 8);
}
return crc;
}
char *decodeString = "ABCDEFGHIJKLMNPQRSTUVWXYZ123456789";
void doPngDecode(unsigned char *input, unsigned int len, unsigned char *output) {
unsigned int crc_table[256];
unsigned int crc, i, x = 0;
unsigned int *out = (unsigned int*)output;
png_crc_table_init(crc_table);
crc = bswap_l(compute_png_crc(input, len, crc_table));
memset(output, 0, 8);
for (i = 0; i < len; i++) {
output[x++] ^= input[i];
if (x == 8) x = 0;
}
out[0] ^= crc;
out[1] ^= crc;
for (i = 0; i < 8; i++) {
unsigned char v = output[i];
output[i] = decodeString[((((v >> 5) & 3) ^ v) & 0x1F) + (v >> 7)];
}
}
char *string_20 = "n5Pr6St7Uv8Wx9YzAb0Cd1Ef2Gh3Jk4M";
char *string_40 = "AaZzB0bYyCc1XxDdW2wEeVv3FfUuG4g-TtHh5SsIiR6rJjQq7KkPpL8lOoMm9Nn_";
char *mazamaEncode(unsigned char *input, unsigned int len, unsigned char choice) {
unsigned int i;
char *enc, *out;
if (choice == 0x20) enc = string_20;
else if (choice == 0x40) enc = string_40;
else return NULL;
out = (char*)malloc(len * 2 + 1);
out[len * 2] = 0;
for (i = 0; i < len; i++) {
unsigned char v = input[i] + 128;
unsigned char q = v / choice;
unsigned char m = v % choice;
out[i * 2] = enc[q];
out[i * 2 + 1] = enc[m];
}
return out;
}
unsigned char *mazamaDecode(char *input, int *outlen) {
unsigned char *out;
int len = strlen(input);
char *dec = NULL;
int i, choice = 0x20;
*outlen = 0;
for (i = 0; i < 8 && i < len; i++) {
if (*input == string_20[i]) {
dec = string_20;
break;
}
}
if (dec == NULL) {
for (i = 0; i < 4 && i < len; i++) {
if (*input == string_40[i]) {
dec = string_40;
choice = 0x40;
break;
}
}
}
if (dec == NULL) {
return NULL;
}
out = (unsigned char*)malloc(len / 2 + 1);
out[len / 2] = 0;
for (i = 0; i < len; i += 2) {
int q, m, v;
char *p = strchr(dec, input[i]);
if (p == NULL) break;
q = p - dec;
p = strchr(dec, input[i + 1]);
if (p == NULL) break;
m = p - dec;
v = (choice * q + m) - 128;
out[(*outlen)++] = (unsigned char)v;
}
return out;
}
unsigned char *getExthData(ExthHeader *eh, unsigned int type, unsigned int *len) {
unsigned int i;
unsigned int exthRecords = bswap_l(eh->recordCount);
ExthRecHeader *erh = eh->records;
*len = 0;
for (i = 0; i < exthRecords; i++) {
unsigned int recType = bswap_l(erh->type);
unsigned int recLen = bswap_l(erh->len);
if (recLen < 8) {
fprintf(stderr, "Invalid exth record length %d\n", i);
return NULL;
}
if (recType == type) {
*len = recLen - 8;
return (unsigned char*)(erh + 1);
}
erh = (ExthRecHeader*)(recLen + (char*)erh);
}
return NULL;
}
void enumExthRecords(ExthHeader *eh) {
unsigned int exthRecords = bswap_l(eh->recordCount);
unsigned int i;
unsigned char *data;
ExthRecHeader *erh = eh->records;
for (i = 0; i < exthRecords; i++) {
unsigned int recType = bswap_l(erh->type);
unsigned int recLen = bswap_l(erh->len);
fprintf(stderr, "%d: type - %d, len %d\n", i, recType, recLen);
if (recLen < 8) {
fprintf(stderr, "Invalid exth record length %d\n", i);
return;
}
data = (unsigned char*)(erh + 1);
switch (recType) {
case 1: //drm_server_id
fprintf(stderr, "drm_server_id: %s\n", data);
break;
case 2: //drm_commerce_id
fprintf(stderr, "drm_commerce_id: %s\n", data);
break;
case 3: //drm_ebookbase_book_id
fprintf(stderr, "drm_ebookbase_book_id: %s\n", data);
break;
case 100: //author
fprintf(stderr, "author: %s\n", data);
break;
case 101: //publisher
fprintf(stderr, "publisher: %s\n", data);
break;
case 106: //publishingdate
fprintf(stderr, "publishingdate: %s\n", data);
break;
case 113: //asin
fprintf(stderr, "asin: %s\n", data);
break;
case 208: //book unique drm key
fprintf(stderr, "book drm key: %s\n", data);
break;
case 503: //updatedtitle
fprintf(stderr, "updatedtitle: %s\n", data);
break;
default:
break;
}
erh = (ExthRecHeader*)(recLen + (char*)erh);
}
}
//implementation of Pukall Cipher 1
unsigned char *PC1(unsigned char *key, unsigned int klen, unsigned char *src,
unsigned char *dest, unsigned int len, int decryption) {
unsigned int sum1 = 0;
unsigned int sum2 = 0;
unsigned int keyXorVal = 0;
unsigned short wkey[8];
unsigned int i;
if (klen != 16) {
fprintf(stderr, "Bad key length!\n");
return NULL;
}
for (i = 0; i < 8; i++) {
wkey[i] = (key[i * 2] << 8) | key[i * 2 + 1];
}
for (i = 0; i < len; i++) {
unsigned int temp1 = 0;
unsigned int byteXorVal = 0;
unsigned int j, curByte;
for (j = 0; j < 8; j++) {
temp1 ^= wkey[j];
sum2 = (sum2 + j) * 20021 + sum1;
sum1 = (temp1 * 346) & 0xFFFF;
sum2 = (sum2 + sum1) & 0xFFFF;
temp1 = (temp1 * 20021 + 1) & 0xFFFF;
byteXorVal ^= temp1 ^ sum2;
}
curByte = src[i];
if (!decryption) {
keyXorVal = curByte * 257;
}
curByte = ((curByte ^ (byteXorVal >> 8)) ^ byteXorVal) & 0xFF;
if (decryption) {
keyXorVal = curByte * 257;
}
for (j = 0; j < 8; j++) {
wkey[j] ^= keyXorVal;
}
dest[i] = curByte;
}
return dest;
}
unsigned int getSizeOfTrailingDataEntry(unsigned char *ptr, unsigned int size) {
unsigned int bitpos = 0;
unsigned int result = 0;
if (size <= 0) {
return result;
}
while (1) {
unsigned int v = ptr[size - 1];
result |= (v & 0x7F) << bitpos;
bitpos += 7;
size -= 1;
if ((v & 0x80) != 0 || (bitpos >= 28) || (size == 0)) {
return result;
}
}
}
unsigned int getSizeOfTrailingDataEntries(unsigned char *ptr, unsigned int size, unsigned int flags) {
unsigned int num = 0;
unsigned int testflags = flags >> 1;
while (testflags) {
if (testflags & 1) {
num += getSizeOfTrailingDataEntry(ptr, size - num);
}
testflags >>= 1;
}
if (flags & 1) {
num += (ptr[size - num - 1] & 0x3) + 1;
}
return num;
}
typedef struct _vstruct {
unsigned int verification;
unsigned int size;
unsigned int type;
unsigned char cksum[4];
unsigned char cookie[32];
} vstruct;
typedef struct _kstruct {
unsigned int ver;
unsigned int flags;
unsigned char finalkey[16];
unsigned int expiry;
unsigned int expiry2;
} kstruct;
unsigned char *parseDRM(unsigned char *data, unsigned int count, unsigned char *pid, unsigned int pidlen) {
unsigned int i;
unsigned char temp_key_sum = 0;
unsigned char *found_key = NULL;
unsigned char *keyvec1 = "\x72\x38\x33\xB0\xB4\xF2\xE3\xCA\xDF\x09\x01\xD6\xE2\xE0\x3F\x96";
unsigned char temp_key[16];
memset(temp_key, 0, 16);
memcpy(temp_key, pid, 8);
PC1(keyvec1, 16, temp_key, temp_key, 16, 0);
for (i = 0; i < 16; i++) {
temp_key_sum += temp_key[i];
}
for (i = 0; i < count; i++) {
unsigned char kk[32];
vstruct *v = (vstruct*)(data + i * 0x30);
kstruct *k = (kstruct*)PC1(temp_key, 16, v->cookie, kk, 32, 1);
if (v->verification == k->ver && v->cksum[0] == temp_key_sum &&
(bswap_l(k->flags) & 0x1F) == 1) {
found_key = (unsigned char*)malloc(16);
memcpy(found_key, k->finalkey, 16);
break;
}
}
return found_key;
}
#ifndef HEADER_MD5_H
#define MD5_DIGEST_LENGTH 16
#define MD5_CTX md5_state_t
#define MD5_Init md5_init
#define MD5_Update md5_append
#define MD5_Final(x, y) md5_finish(y, x)
#define MD5 md5
void md5(unsigned char *in, int len, unsigned char *md) {
MD5_CTX s;
MD5_Init(&s);
MD5_Update(&s, in, len);
MD5_Final(md, &s);
}
#endif
#ifndef HEADER_SHA_H
#define SHA_DIGEST_LENGTH 20
#define SHA_CTX sha1_state_s
#define SHA1_Init sha1_init
#define SHA1_Update sha1_update
#define SHA1_Final(x, y) sha1_finish(y, x)
#define SHA1 sha1
void sha1(unsigned char *in, int len, unsigned char *md) {
SHA_CTX s;
SHA1_Init(&s);
SHA1_Update(&s, in, len);
SHA1_Final(md, &s);
}
#endif
int main(int argc, char **argv) {
//had to pile all these up here to please VS2009
PDB header;
struct stat statbuf;
FILE *prc, *out;
HeaderRec *hr;
PalmDocHeader *pdh;
MobiHeader *mobi;
ExthHeader *exth;
long record0_offset;
unsigned int record0_size, mobiLen, extra_data_flags;
unsigned int recs, i, drmCount, len209;
unsigned char *record0, *d209;
unsigned char *vsn, *username, *mrn_key, *kat_key;
char drive[256];
char name[256];
DWORD nlen = sizeof(name);
char *d;
char volumeName[256];
DWORD volumeSerialNumber;
char fileSystemNameBuffer[256];
char volumeID[32];
unsigned char md5sum[MD5_DIGEST_LENGTH];
unsigned char sha1sum[SHA_DIGEST_LENGTH];
unsigned char pid_base64[SHA_DIGEST_LENGTH * 2];
unsigned int outl;
SHA_CTX sha1_ctx;
MapList *ml;
unsigned int drmOffset, drm_len;
unsigned char *drm, *found_key;
if (argc != 4) {
fprintf(stderr, "usage: %s\n <prc file> <output file> <kindle.info file>", argv[0]);
exit(1);
}
if (stat(argv[1], &statbuf) != 0) {
fprintf(stderr, "Unable to stat %s, quitting\n", argv[1]);
exit(1);
}
prc = fopen(argv[1], "rb");
if (prc == NULL) {
fprintf(stderr, "%s bad open, quitting\n", argv[1]);
exit(1);
}
if (fread(&header, sizeof(header), 1, prc) != 1) {
fprintf(stderr, "%s bad header read, quitting\n", argv[1]);
fclose(prc);
exit(1);
}
//do BOOKMOBI check
if (header.type != 0x4b4f4f42 || header.creator != 0x49424f4d) {
fprintf(stderr, "Invalid header type or creator, quitting\n");
fclose(prc);
exit(1);
}
if (!buildKindleMap(argv[3])) {
fprintf(stderr, "buildMap failed\n");
fclose(prc);
exit(1);
}
recs = bswap_s(header.numRecs);
hr = (HeaderRec*)malloc(recs * sizeof(HeaderRec));
if (fread(hr, sizeof(HeaderRec), recs, prc) != recs) {
fprintf(stderr, "Failed read of header record, quitting\n");
fclose(prc);
exit(1);
}
record0_offset = bswap_l(hr[0].offset);
record0_size = bswap_l(hr[1].offset) - record0_offset;
if (fseek(prc, record0_offset, SEEK_SET) == -1) {
fprintf(stderr, "bad seek to header record offset, quitting\n");
fclose(prc);
exit(1);
}
record0 = (unsigned char*)malloc(record0_size);
if (fread(record0, record0_size, 1, prc) != 1) {
fprintf(stderr, "bad read of record0, quitting\n");
free(record0);
fclose(prc);
exit(1);
}
pdh = (PalmDocHeader*)record0;
if (bswap_s(pdh->encryptionType) != 2) {
fprintf(stderr, "MOBI BOOK is not encrypted, quitting\n");
free(record0);
fclose(prc);
exit(1);
}
mobi = (MobiHeader*)(pdh + 1);
if (mobi->id != 0x49424f4d) {
fprintf(stderr, "MOBI header not found, quitting\n");
free(record0);
fclose(prc);
exit(1);
}
mobiLen = bswap_l(mobi->hdrLen);
extra_data_flags = 0;
if (mobiLen >= 0xe4) {
extra_data_flags = bswap_s(mobi->extra_flags);
}
if ((bswap_l(mobi->exthFlags) & 0x40) == 0) {
fprintf(stderr, "Missing exth header, quitting\n");
free(record0);
fclose(prc);
exit(1);
}
exth = (ExthHeader*)(mobiLen + (char*)mobi);
if (exth->id != 0x48545845) {
fprintf(stderr, "EXTH header not found\n");
free(record0);
fclose(prc);
exit(1);
}
//if you want a list of EXTH records, uncomment the following
// enumExthRecords(exth);
drmCount = bswap_l(mobi->drmCount);
if (drmCount == 0) {
fprintf(stderr, "no PIDs found in this file, quitting\n");
free(record0);
fclose(prc);
exit(1);
}
if (GetUserName(name, &nlen) == 0) {
fprintf(stderr, "GetUserName failed, quitting\n");
fclose(prc);
exit(1);
}
fprintf(stderr, "Using UserName = \"%s\"\n", name);
d = getenv("SystemDrive");
if (d) {
strcpy(drive, d);
strcat(drive, "\\");
}
else {
strcpy(drive, "c:\\");
}
fprintf(stderr, "Using SystemDrive = \"%s\"\n", drive);
if (GetVolumeInformation(drive, volumeName, sizeof(volumeName), &volumeSerialNumber,
NULL, NULL, fileSystemNameBuffer, sizeof(fileSystemNameBuffer))) {
sprintf(volumeID, "%u", volumeSerialNumber);
}
else {
strcpy(volumeID, "9999999999");
}
fprintf(stderr, "Using VolumeSerialNumber = \"%s\"\n", volumeID);
MD5(volumeID, strlen(volumeID), md5sum);
vsn = mazamaEncode(md5sum, MD5_DIGEST_LENGTH, 0x20);
MD5(name, strlen(name), md5sum);
username = mazamaEncode(md5sum, MD5_DIGEST_LENGTH, 0x20);
MD5("MazamaRandomNumber", 18, md5sum);
mrn_key = mazamaEncode(md5sum, MD5_DIGEST_LENGTH, 0x40);
MD5("kindle.account.tokens", 21, md5sum);
kat_key = mazamaEncode(md5sum, MD5_DIGEST_LENGTH, 0x40);
SHA1_Init(&sha1_ctx);
ml = findNode(mrn_key);
if (ml) {
DATA_BLOB DataIn;
DATA_BLOB DataOut;
DataIn.pbData = mazamaDecode(ml->node->value, (int*)&DataIn.cbData);
if (CryptUnprotectData(&DataIn, NULL, NULL, NULL, NULL, 1, &DataOut)) {
char *devId = (char*)malloc(DataOut.cbData + 2 * MD5_DIGEST_LENGTH + 1);
char *finalDevId;
unsigned char pidbuf[10];
// fprintf(stderr, "CryptUnprotectData success\n");
// fwrite(DataOut.pbData, DataOut.cbData, 1, stderr);
// fprintf(stderr, "\n");
memcpy(devId, DataOut.pbData, DataOut.cbData);
strcpy(devId + DataOut.cbData, vsn);
strcat(devId + DataOut.cbData, username);
// fprintf(stderr, "Computing sha1 over %d bytes\n", DataOut.cbData + 4 * MD5_DIGEST_LENGTH);
sha1(devId, DataOut.cbData + 4 * MD5_DIGEST_LENGTH, sha1sum);
finalDevId = mazamaEncode(sha1sum, SHA_DIGEST_LENGTH, 0x20);
// fprintf(stderr, "finalDevId: %s\n", finalDevId);
SHA1_Update(&sha1_ctx, finalDevId, strlen(finalDevId));
pidbuf[8] = 0;
doPngDecode(finalDevId, 4, (unsigned char*)pidbuf);
// fprintf(stderr, "Device PID: %s\n", pidbuf);
LocalFree(DataOut.pbData);
free(devId);
free(finalDevId);
}
else {
fprintf(stderr, "CryptUnprotectData failed, quitting\n");
free(record0);
fclose(prc);
exit(1);
}
free(DataIn.pbData);
}
ml = findNode(kat_key);
if (ml) {
DATA_BLOB DataIn;
DATA_BLOB DataOut;
DataIn.pbData = mazamaDecode(ml->node->value, (int*)&DataIn.cbData);
if (CryptUnprotectData(&DataIn, NULL, NULL, NULL, NULL, 1, &DataOut)) {
// fprintf(stderr, "CryptUnprotectData success\n");
// fwrite(DataOut.pbData, DataOut.cbData, 1, stderr);
// fprintf(stderr, "\n");
SHA1_Update(&sha1_ctx, DataOut.pbData, DataOut.cbData);
LocalFree(DataOut.pbData);
}
else {
fprintf(stderr, "CryptUnprotectData failed, quitting\n");
fclose(prc);
free(record0);
exit(1);
}
free(DataIn.pbData);
}
d209 = getExthData(exth, 209, &len209);
if (d209 != NULL) {
unsigned char *rec;
unsigned int idx;
SHA1_Update(&sha1_ctx, d209, len209);
for (idx = 0; idx < len209; idx += 5) {
unsigned int dlen;
unsigned int rtype = bswap_l(*(unsigned int*)(d209 + idx + 1));
rec = getExthData(exth, rtype, &dlen);
if (rec != NULL) {
// fprintf(stderr, "exth %d: %s\n", rtype, rec);
SHA1_Update(&sha1_ctx, rec, dlen);
}
}
}
SHA1_Final(sha1sum, &sha1_ctx);
outl = base64(sha1sum, SHA_DIGEST_LENGTH, pid_base64);
pid_base64[8] = 0;
fprintf(stderr, "PID for %s is: %s\n", header.name, pid_base64);
/*
unique pid is computed as:
base64(sha1(idArray . kindleToken . 209_data . 209_tokens))
*/
free(mrn_key);
free(kat_key);
free(vsn);
free(username);
drmOffset = bswap_l(mobi->drmOffset);
drm_len = bswap_l(mobi->drmSize);
drm = record0 + drmOffset;
found_key = parseDRM(drm, drmCount, pid_base64, 8);
if (found_key) {
fprintf(stderr, "Found a DRM key!\n");
}
else {
fprintf(stderr, "Failed to find DRM key\n");
free(record0);
fclose(prc);
exit(1);
}
// kill the drm keys
memset(record0 + drmOffset, 0, drm_len);
// kill the drm pointers
mobi->drmOffset = 0xffffffff;
mobi->drmCount = mobi->drmSize = mobi->drmFlags = 0;
// clear the crypto type
pdh->encryptionType = 0;
out = fopen(argv[2], "wb");
if (out == NULL) {
fprintf(stderr, "Failed to open output file, quitting\n");
free(record0);
fclose(prc);
exit(1);
}
fwrite(&header, sizeof(header), 1, out);
fwrite(hr, sizeof(HeaderRec), recs, out);
fwrite("\x00\x00", 1, 2, out);
fwrite(record0, record0_size, 1, out);
//need to zero out exth 209 data
for (i = 1; i < recs; i++) {
unsigned int offset = bswap_l(hr[i].offset);
unsigned int len, extra_size;
unsigned char *rec;
if (i == (recs - 1)) { //last record extends to end of file
len = statbuf.st_size - offset;
}
else {
len = bswap_l(hr[i + 1].offset) - offset;
}
//make sure we are at proper offset
while (ftell(out) < offset) {
fwrite("\x00", 1, 1, out);
}
rec = (unsigned char *)malloc(len);
if (fseek(prc, offset, SEEK_SET) != 0) {
fprintf(stderr, "Failed record seek on input, quitting\n");
free(record0);
free(rec);
fclose(prc);
fclose(out);
_unlink(argv[2]);
exit(1);
}
if (fread(rec, len, 1, prc) != 1) {
fprintf(stderr, "Failed record read on input, quitting\n");
free(record0);
free(rec);
fclose(prc);
fclose(out);
_unlink(argv[2]);
exit(1);
}
extra_size = getSizeOfTrailingDataEntries(rec, len, extra_data_flags);
PC1(found_key, 16, rec, rec, len - extra_size, 1);
fwrite(rec, len, 1, out);
free(rec);
}
fprintf(stderr, "Done! Enjoy!\n");
/*
//The following loop dumps the contents of your kindle.info file
for (ml = kindleMap; ml; ml = ml->next) {
DATA_BLOB DataIn;
DATA_BLOB DataOut;
DataIn.pbData = mazamaDecode(ml->node->value, (int*)&DataIn.cbData);
if (CryptUnprotectData(&DataIn, NULL, NULL, NULL, NULL, 1, &DataOut)) {
fprintf(stderr, "CryptUnprotectData success for key: %s\n", ml->node->key);
fwrite(DataOut.pbData, DataOut.cbData, 1, stderr);
fprintf(stderr, "\n");
LocalFree(DataOut.pbData);
}
else {
fprintf(stderr, "CryptUnprotectData failed\n");
}
free(DataIn.pbData);
}
*/
fclose(prc);
fclose(out);
free(record0);
return 0;
}
Reference in New Issue View Git Blame Copy Permalink