Will Adobe-DRMed ePub be like Microsoft .lit—a hit with many e-book techies because it’s easy for them to crack?
“Most importantly, Adobe’s current DE DRM has been cracked and once Adobe ePub is stripped of its DRM shackles, it is like any other ePub file.” – Spider Mattheson’s comment.
The TeleRead take: Hey, Spider, that’s an interesting observation—now that many e-reader-makers will be using Adobe “protection” and the Sony eBook Store will rely on it.
Now a question for knowledgeable TeleRead community members. For legal reasons, please don’t get into specifics; but in a general way, without revealing any how-to details or giving links to this information, tell us how easy you think Adobe’s DRM will be to crack. Amusingly, Microsoft .lit is a hit among some e-book techies because it is so simple to strip away the “protection”—not for piracy in most cases, but rather for the sake of convenience, such as for format conversions or backups or use on a bunch of devices.
I doubt it’ll be a challenge to crack Adobe DRM; tips are already circulating. This—beyond availability of scanners for use in making pirated copies of paper books—is one reason why I believe it would actually be safer for publishers not to rely on DRM in their business plans. Much better to avoid DRM or use social DRM and gear up to sue high-profile pirates, whom DRM won’t discourage anyway.
Meanwhile I suspect that many techies owning Kindles will look forward to cracking Adobe-DRMed ePub for conversion to Mobipocket or another K-usable format.
(Nutcracker photo from Wikipedia—taken by M. Minderhoud.)
August 14th, 2009 at 7:46 am
Sure, it’ll probably be cracked. OTOH, if there’s enough alternative non-DRM’d material out there, there may be no need: If the consumers shun the DRM’d material in favor of the non-DRM’d material, the publishers will eventually take the hint.
August 14th, 2009 at 8:41 am
Do they have a new version out?
The current version is cracked, AIUI.
(Not that I have tested it myself.)
http://www.mobileread.com/forums/showthread.php?t=39423
August 14th, 2009 at 9:00 am
The following should be perfectly legal, and is possibly erroneous:
Adobe’s DRM is in principle much harder to remove than the Microsoft format (lit).
EPUB consists of a ZIP-Archive filled with XML files (in a way, an EPUB-book is like a zipped website). Using Adobe’s DRM, the files in the ZIP are encrypted with a business strength method, so without the key, you are not getting at the contents. Furthermore, every reader gets their own individually encrypted version, so everyone has their own keys, and the keys of other readers are of no use.
The exploit you mention gets into Adobe’s Digital Editions (the reader application) and manages to extract the individual key. Using this key, it is possible to write a script that decrypts the encrypted file (very much like Digital Editions would do it internally) and store it as an ordinary, unencrypted EPUB file.
However, this means that you can only decrypt files you have a key for, i.e. you must get your hands at a legally obtained copy of the file, along with an instance of the reader application that is authorized to open it.
IMHO, this is not a terrible weakness of Adobe’s DRM. (As far as I know, you can break Microsoft’s DRM without knowing the key.) In fact, Adobe’s DRM is almost as good as it gets. Even if they manage to hide the key better, we could hack directy into the running reader software and look over Digital Edition’s shoulder while it does the decryption.
August 14th, 2009 at 9:16 am
The easiest ebook DRM to circumvent is now Adobe’s (ePub or PDF). This is because the available tools to do this are more user friendly than those for the other popular formats (LIT, MOBI, eReader). Note that all these DRM schemes have been circumvented. With the demise of Sony’s LRX, the only widely used format that has not been cracked is Amazon’s TOPAZ format. It is only used on a small fraction of the Kindle ebooks though.
August 14th, 2009 at 9:48 am
Joscha said:
(As far as I know, you can break Microsoft’s DRM without knowing the key.) In fact, Adobe’s DRM is almost as good as it gets.
____________________________________________________
My understanding is that the Adobe Adept was cracked in minutes; the hackers named their cracking tools inept as a dig at Adobe.
MS Reader cracking tools took a lot longer to break through the MSReader encyption but they work the same way as the Adbobe tool; they only work on a legally-purchased copy. (Or at least thats the last I heard of it; I don’t follow cracking tech so there might be something else floating around besides the well-publicized Lit converter…)
As to Mobipocket DRM, the tools for that one require a valid key, but the system offers it up publicly (it’s the license PID) so ebooks can be obtained via any browser, decrypted on any platform that hosts python, and rendered by any of several open source reader apps.
Other than legal constraints, there is nothing to stop independent application developers from bakinf mobipocket drm support into their applications/environment.
Hardly a trivial issue, of course.
Just another example of the inherent silliness/futility of the current DRM regimes.
Mind you, “uncrackable” DRM *can* be created and quite easily, without burndening consumers. But the content providers are simply too cheap to invest in the required back-end hardware so they resort to these half-baked software-based measures.
Ultimately they’ll just do as MS did and Adobe is doing; look the other way.
August 14th, 2009 at 1:19 pm
@Felix Torres
How would you create uncrackable DRM?
Obviously, any software DRM can be cracked by reverse-engineering the software (i.e., figuring out the decryption algorithm and key exchange protocol).
Hardware based DRM will require special reader hardware and thus greatly limit your customer base. At the same time, skilled device owners will be able to get at the data with a soldering iron. From my experience, I would say that the level of technical competency is similar in both cases (although there are fewer hardware guys than software guys).
Lets not forget that there is a very simple, last resort: You can tape down the “next-page” key on the eReader while filming the screen. Using a simple script that waits for page changes, you can trigger a screen capture, and finally OCR the pages with 100 percent accuracy. Although you will lose hyperlinks, you will get a very decent copy with little or no human intervention.
In other words: all text that is going to be displayed somewhere is vulnerable to piracy. Even the most sophisticated DRM can only increase the cost of creating the first pirated copy, and only to the price-point of automated screen-capture.
August 14th, 2009 at 1:40 pm
DRM is all about encryption. And “uncrackable” encryption exists (remember the quotes, please); it is simply encryption that is too hard to break so that by the time it is broken the payoff isn’t worth the effort.
For content all that is needed is two things: reduce the value of cracking the DRM by making it as non-obtrussive as possible while at the same time making it as specific as possible.
A good model of minimally obtrussive DRM is what Microsoft does to DRM’ed content provided on the XBOX 360; it is locked the user account so that the user can use the content on any connected 360 and it is locked to the console it was purchased on so that any other user on that console can access it. And, once a year, the user account can be transfered to a different console at will.
For ebooks, it would be easy to lock content to media and readers; all SD cards ever made come with unique serial numbers (that is what SD stands for: Secure Digital) and every ebook reader ever made has a unique serial number. Add in that every ebook published has a specific identifier number (ISBN or whatever) plus a unique transaction number generated by the credit card purchaser and you have four unique keys to feed your encryption engine.
Need I go on?
The real issue is that a truly secure DRM regime needs to offer consumers enough flexibility, even the ability to resell the content (perhaps for a small transaction fee that will funnel extra royalties to the author) would do away with the *need* for cracking the DRM. There is no better security than taking away the *incentive* to crack.
August 14th, 2009 at 2:13 pm
@Felix Torres
There is a fundamental difference between encryption for privacy, and encryption for DRM: In the first case, the user _wants_ the document to be encrypted and will take precautions to hide the key. In the latter case, the user does not benefit from the encryption, and may take efforts to expose the key. But in both cases, the key somehow needs to be in the hands of the user (even if it is a little obfuscated in the hardware).
DRM is always an annoyance to some degree, because it prevents customers from doing what they want with the document. They want to read it everywhere, anytime and forever, cite it, print it out and yes, share it. The rightsholder may have a legitimate business interest to stop the user from doing so, but unfortunately, DRM is never in the interest of the customer.
All other things being equal, customers will get a better value out of the DRM free version of the document. Even if the price is right, many users will routinely remove the DRM from every copy they buy, and some of these users will ‘altruistically’ upload the document into the darknet to save total strangers the trouble of removing the DRM themselves.
I think that watermarking is a much better alternative, because it does not prevent any kind of legitimate use. Even though it is possible to remove watermarks (with almost the same effort that it takes to remove DRM), there is less of an incentive to do so, simply because _the only people_ that are going to benefit from removing it are going to be the strangers in some darknet.
August 14th, 2009 at 2:19 pm
DRM is about encryption, but encryption can’t in principle work when the receiver is also the attacker. See http://craphound.com/msftdrm.txt for Cory Doctorow’s 2004 talk on this subject.
August 14th, 2009 at 10:42 pm
I was saying that Adobe’s DRM has already been cracked and that’s what makes the idea of a Sony store based on Adobe ePub so appealing. As Alan Wallcraft mentioned above, Adobe’s Digital Editions DRM may actually be the easiest DRM to remove. The tools have a GUI so no command prompt necessary. The only confusing bit might be that you need python installed. It’s pretty simple and straight forward after that. And when the DRM is stripped off an ePub file, users are left with that exact file without DRM. With LIT, the file is blown up into html and image files (you do have a LIT file without DRM but there are few readers left that actually use this format still). Inexperienced users might not have the tools or know-how to format the resulting files into a book that can be read on the Sony Reader or the Kindle (although in some cases it should be as simple as zipping up all the files and renaming the extension to epub or using the opf to create a mobipocket file). The Adobe cracking tools require the simple click of a button. Done. No more hassle. I really do hope that Adobe is looking the other way, as many believe Microsoft has been doing, and that it doesn’t get too much attention. Too much attention could get publishers to put pressure on Adobe to change the DRM or at least patch the current DRM (patches, of course, being less reliable and usually take less time to crack). As it stands, though, having a popular format that can be stripped of DRM can only help sales, in my opinion. Not everyone will know how or be interested in stripping DRM. But the people who are interested will likely gravitate towards Adobe’s ePub. The most unfortunate side effect of DRM then will be the fact that proprietary protection schemes increase the price of ebooks.