Results 1 to 14 of 14

Thread: Adobe Digital Editions DRM

  1. #1

    Adobe Digital Editions DRM

    Hey,
    Just ran into a new kind of DRM-protected PDF. Instead of opening in Acrobat as usual it sent me to a page to download Adobe Digital Editions Beta. After trying to load the pdf into that (which of course didnt work) I'm thinking this might turn out to be an interesting reversing project. So before I start I just want to know if anyone else has been checking this out?

  2. #2
    The only experience I have with PDFs is having to reconstruct partially corrupted files, but I have gained quite a bit of knowledge about the file structure in the process.

    If the content stream hasn't been encrypted (just "protected" by some lame JavaScript, who would've thought PDFs could have JS!) it's possible to rip it verbatim into another PDF and rebuild the rest of the file around it... and even if it has been encrypted with the standard security methods then it is equally easy.

  3. #3
    I've reconstructed encrypted PDFs before when a manufacturer has sent us a password protected PDF, with the password in the same email as the PDF, and with the "print/copy parts" security enabled so we had to screengrab everything rather than just copy and paste.

    As you can imagine, that got boring real quick, and since we could read the pdf on screen anyway, we eventually created another PDF with no such restrictions and no password

    I would assume that DRM'd PDFs would be similar - not that bad to hack if you can already read them and just want to make non-DRM'd versions. Could be a complete bitch (or almost impossible?) if you can't already read them however.

  4. #4
    +F has some interesting info here:

    http://www.searchlores.org/pdffing.htm

  5. #5
    I can't say I've ever heard of Adobe Digital Editions DRM until now. In the past, I have seen PDFs which have passwords that are tied to a specific machine and are only active for a specified amount of time depending on the license which in itself is DRM at it's best/worst, delete as appropriate.

    I remember once trying to dump an pasword protected PDF from memory to use in it unencrypted form. I couldn't find the file in Acrobat memory space or anywhere else for that matter.

    Has anyone else had success in this approach?
    Last edited by 5aLIVE; June 10th, 2007 at 06:24.

  6. #6
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    The PDF file format is fully documented by Adobe -- http://www.adobe.com/devnet/pdf/pdf_reference.html

  7. #7
    iPixel
    Guest

    Lightbulb .etd file

    If you open the ebx.etd file that loads the book, you'll see that it gives you a bunch of information on the file (order number, authentication server, and the URL of the actual PDF file).

    Code:
    <?xml version="1.0" encoding="UTF-8" ?>
    <ebx-transfer-data>
    <x-ebx-version>0.7</x-ebx-version>
    <minversion>
     <glassbook>152</glassbook>
    </minversion>
    <entries>
     <entry>
      <voucherurl>http://207.54.136.76/fulfill/ebx.etd</voucherurl>
      <orderid>412150971403023</orderid>
      <bookid>ContentReserveID:329D695B-399A-47C9-A12F-7E75C731F5C3-50</bookid>
      <title>101 Best Tech Resumes</title>
      <nonce>vGhgs0kwFeGc04qIIqH3PMmFS17IsjaQmi2nJ8OIQTyXmdwJEJkpOR3eZxV8</nonce>
      <type>ContentReserveID</type>
      <identifier>329D695B-399A-47C9-A12F-7E75C731F5C3-50</identifier>
      <bookfileurl>http://acs.contentreserve.com/ACSStore1/18/101BestTechResumes.pdf</bookfileurl>
     </entry>
     <etd-entry>
      <fulfillurl>
       <baseurl>http://207.54.136.76/fulfill/ebx.etd</baseurl>
       <param>action=lend</param>
       <param>orderid=412150971403023</param>
       <param>bookid=ContentReserveID:329D695B-399A-47C9-A12F-7E75C731F5C3-50</param>
      </fulfillurl>
     </etd-entry>
    </entries>
    </ebx-transfer-data>
    You can't open the PDF directly, but when you're authenticated, the server sends the following page (url: http://207.54.136.76/fulfill/ebx.etd?action=lend&orderid=412150971403022&bookid=ContentReserveID:329D695B-399A-47C9-A12F-7E75C731F5C3-50):

    Code:
    HTTP/1.1 200 OK
    
    Date: Sun, 17 Jun 2007 17:14:21 GMT
    
    Server: Microsoft-IIS/6.0
    
    X-Powered-By: ASP.NET
    
    x-EBX-Version: 0.7
    
    x-EBX-Authenticationinfo: voucher="PEVCWC1Wb3VjaGVyIHZlcnNpb249IjAuOSI+CjxJRCB0eXBlPSJDb250ZW50UmVzZXJ2ZUlEIj5Db250ZW50UmVzZXJ2ZUlEOjMyOUQ2OTVCLTM5OUEtNDdDOS1BMTJGLTdFNzVDNzMxRjVDMy01MDwvSUQ+CjxDb250ZW50S2V5IEVuY3J5cHRlZFdpdGg9IlJTQTEwMjQiIHR5cGU9IlJDNCI+SWJaZ2dSQm5tN3NSb3d0UmtaTEVTZVhwWHRvVlY2K0VlUER0a1dTYy9rOW9yN0k3d1ZNSzd6QlhZbUJVQTBhQzBYQnNRYkZrOTVtTmQvVFJWMktFeGVYQnptcEN3M1hiNFNuczhuTTB1RGZPNUUzUG5JTC81a2Qwb0Y2Q1hJMGdFTjFIbW5qaUpEem90WUk5WHZMd2kxMElJQ2FTS1pRZ2NGZ2hNK0xBUDNNPTwvQ29udGVudEtleT4KPENvcHlDb3VudD4xPC9Db3B5Q291bnQ+CjxSaWdodHMgdmVyc2lvbj0iMC45IiB0eXBlPSJFQlgiPgo8VG90PjExODIxMDA0NjA8L1RvdD4KPENvcHlUb0NsaXAgRmlyc3Q9IjAiIEludGVydmFsPSIwIiBNYXg9IjAiPjA8L0NvcHlUb0NsaXA+CjxQcmludCBGaXJzdD0iMCIgSW50ZXJ2YWw9Ii0xIiBNYXg9Ii0xIj4wPC9QcmludD4KPExlbmQgSG9wcz0iLTEiIElEPSJqQ0pkZXFzRXBWTitnMjR2SzB6Rk9HVENwWDg0IiBSZXR1cm5VUkw9Imh0dHA6Ly8yMDcuNTQuMTM2Ljc2L2Z1bGZpbGwvZWJ4LmV0ZCIgU3RhdGU9IkJvcnJvd2VkIiBXaGVuPSIxMTgyMTAwNDYwIj4x"
    
    x-EBX-Authinfo2: voucher="ODEzOTYyPC9MZW5kPgo8VXNlIEV4cGlyZVR5cGU9IlVubGltaXRlZCI+MDwvVXNlPgo8TW9kaWZ5UmlnaHRzIEZpcnN0PSIwIiBJbnRlcnZhbD0iMCIgTWF4PSIwIj4wPC9Nb2RpZnlSaWdodHM+CjxSZWFkQWxvdWQgRmlyc3Q9IjAiIEludGVydmFsPSItMSIgTWF4PSItMSI+MDwvUmVhZEFsb3VkPgo8RGV2aWNlQ291bnQ+LTE8L0RldmljZUNvdW50Pgo8L1JpZ2h0cz4KPE1BQyB0eXBlPSJTSEExIj5HQ3loTk5VcDZRWURmcTAvZjRSL1d6aDhyUGM9PC9NQUM+CjwvRUJYLVZvdWNoZXI+
    
    Content-Length: 0
    
    Content-Type: text/html
    
    Cache-control: private
    That's the info for http://acs.contentreserve.com/ACSStore1/18/101BestTechResumes.pdf, anyone have an idea as to how to open the PDF with this info?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    I am missing an EBX_HANDLER (de/en)cryption filter.

    The only two other pieces of important information I can gather are:

    - /V 3 : (PDF 1.4) An unpublished algorithm allowing encryption key lengths ranging from 40 to 128 bits. (This algorithm is unpublished as an export requirement of the U.S. Department of Commerce.)

    - /Length 128 : 128-bit key.

    Those "keys" that you've managed to post look a whole lot longer than 128 bits. I feel RSA is somehow involved in this.

    Either Google is squelching results or noone has published any public information about this. Looks like it's time to get out the debugger...

    I might as well post this relevant link: http://www.gnu.org/philosophy/right-to-read.html

  9. #9
    iPixel
    Guest

    File Headers

    The one thing I notice that is different about this file is that the headers are different than that of a regular PDF. It has much more. It looks to be in plain text, but almost all of it is a stream object, and that may be encrypted.

    I'll run it through a debugger when I get a chance, and see if I can figure out this encryption... =/
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    Quote Originally Posted by iPixel View Post
    but almost all of it is a stream object, and that may be encrypted.
    It sure is, since the flate decoder couldn't decompress it. This is just a standard PDF file encrypted with a new security handler.

    P.S. be careful so you don't become the next Dmitry Sklyarov

  11. #11
    Wasn't Dmitry Sklyarov eventually released without charge? In which case, it doesn't really matter

  12. #12
    jzburn12
    Guest
    In either case, has anyone made any headway on getting past this new DRM?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13

    sage

    Quote Originally Posted by jzburn12 View Post
    In either case, has anyone made any headway on getting past this new DRM?
    No, the question here is, have YOU made any effort toward that?

  14. #14
    It's solved - ineptpdf handles the problem

Similar Threads

  1. Adobe DRM (Digital Right Management)
    By kepeto in forum RCE Cryptographics
    Replies: 13
    Last Post: August 7th, 2007, 05:48
  2. Dll protection with Digital Signature
    By peterg70 in forum The Newbie Forum
    Replies: 2
    Last Post: January 14th, 2004, 23:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •