Feeds

back to article Hackers break Amazon's Kindle DRM

Hackers from the US and Israel say they have broken copyright protections built in to Amazon's Kindle for PC, a feat that allows ebooks stored on the application to work with other devices. The hack began as an open challenge in this (translated) forum for participants to come up with a way to make ebooks published in Amazon's …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
FAIL

Teaching Amazon

Amazon should realise that determined people will always break DRM and that it was foolish to think otherwise.

Companies and organisations with far deeper pockets than Amazons have learned the lesson: Amazon was just too arrogant to think it could do better.

0
1
Anonymous Coward

@JaitcH

As one of the engineers who worked on Kindle, I'd like to point out that most people at Amazon are pretty anti-DRM themselves - it's the PUBLISHERS who insisted on it, and we put in DRM so as to keep THEM happy, because without publishers, there are no books to sell. We knew full well that the device and DRM would be hacked eventually - the hope was that we could just stay ahead of them for long enough to prove the feasibility of selling books in this way to publishers.

24
1
Thumb Up

Ta for the input

I like it when someone on the inside adds their 2c, and quite often it's exactly what you expected.

The developers have no choice, you should blame those providing the content. The case with Apple may have been much like this, where the media companies forced Apple to DRM the files against Apple's wishes.

0
0
Syd
Thumb Up

ComponentSource

10 years ago, I worked on the e-commerce system at dev tools specialist ComponentSource, and it was exactly the same issue. The main reason we put the DRM on was because otherwise no one would give us a license to sell their stuff on-line.

0
0
Silver badge

Thanks for confirming this

I've spoken to a number of authors who have released eBook versions of their novels and each and every one of them is fed up with DRM being imposed by publishers. In a couple of cases they have said they will not be licensing stuff for eBooks in future because the DRM is so restrictive they can't market their material in certain countries.

I guess the publishers and the movie industry are in the unenviable position of being more backward than the music business.

0
0
Anonymous Coward

Clearly, most publishers don't get it.

Some publishers, however, do. One example:

http://www.baen.com/library/

3
0
Silver badge
Pint

Useful feedback

I realise it's early times yet but standardising on a couple of uniform formats with tough encryption wold be better but then we run into marketing.

Of course publishers, controlling the content, could easily change things by dictating encryption and format. IMHO, as an potential overseas subscriber, Amazon in selling a disabled / crippled unit made a mistake as other units are full featured.

Perhaps PGP offers a solution?

0
1

All DRM must fail because

from a pretty good paper on DRM (and why it's bad):

"DRM systems are usually broken in minutes, sometimes days. Rarely,

months. It's not because the people who think them up are stupid.

It's not because the people who break them are smart. It's not

because there's a flaw in the algorithms. At the end of the day,

all DRM systems share a common vulnerability: they provide their

attackers with ciphertext, the cipher and the key. At this point,

the secret isn't a secret anymore."

http://craphound.com/msftdrm.txt

2
0
Thumb Up

Very True

The only solution (and I'm loathe to suggest it) is for the screen to be part of a tamper-proof cryptographic module. Therefore, the decryption key is only known to the screen and cannot be 'sniffed'.

Of course, there's still the analogue hole....

0
0
Thumb Down

"tamper-proof" ?

Any supposedly tamper-proof or copy-proof mechanism will eventually be tampered with or copied if someone is sufficiently interested. Even "tamper-evident" things are prone to being tampered with ....

The issue is not weak or badly implemented cryptography, it's that if you give someone complete control over the whatever it is they can do anything at all with it. The obvious thing to do with a tamper-proof cryptographic module is to either ignore it (and work around it) or subvert it; that's always assuming its tamper-proof-ness is sufficiently difficult to work around.

It's like ID cards: at least the Powers That Be have stopped saying that they're impossible to copy and have now reverted to saying that they're just difficult to copy (and alter).

0
0

Exactly

Encryption methods are normally used to keep a secret between two parties, and to thwart eavesdropping. DRM uses standard encryption methods to keep secrets between devices. However, everything needed to decrypt those secrets is available in a single point. As such, one this single point is compromised, the entire DRM method breaks down.

1
0
Big Brother

@AC "tamper-proof"?

I was thinking of tamper-proof modules in the vein of the IBM 4758: any attempt to read the contents of its RAM causes immediate wiping of said RAM. Consequently, such a component could not be "worked around" or "subverted" as it would be part of the screen itself. The result being that only the "tamper-proof screen" would ever have access to the decryption key, and thus it would never be in the easily-accessible RAM of the e-Reader itself. But that kind of technology is prohibitively expensive for use in consumer devices (e.g. a single IBM 4758 cryptocard costs somewhere in the region of $5k-$10k).

Even the rumoured Apple tablet won't cost that much....

0
0
Pirate

All DRM needs to be hacked...

"a feat that allows ebooks stored on the application to work with other devices."

This has always been the problem with portable proprietary mp3 / DVD players, eBook readers, mobile phones, etc. DRM either laced within the content or in the hardware itself. This has always cuased more problems for the user, than the pirates. In fact, it's usually the oustanding work of the pirates and hackers that SAVES THE USERS FROM THE NIGHTMARES caused by the proprietary manufactures and content providers in the first place. ;)

;p

5
1
Unhappy

Tampering can be justified

I would add the age old argument, what about when Kindle ( and others ) are long gone and your investment is tied up in device that is no longer supported and the manufacturer has long since denied interest.

Why do so many people spent so much time decrypting the encryption on old arcade games, the owners are long since gone and the hardware is so rare and expensive, the only way to play them is to decrypt them roms and break the law.

0
0
WTF?

Google Translate a little too good...

Why one would translate an English blog through a Hebrew->English translator is beyond me... I thought Google was doing too good of a job there!

0
0
Thumb Up

Just another avenue.

Ebooks exist in multiple formats these days. They are downloadable on any torrent site and there doesnt seem to be any limitation on anything any more (apart from PS3 games, which still remain quite well protected).

Seems that there are now only issues of whether it is justifiable to download something you already have a copy of (such as an ebook when you have the paperback).

I know that many people have downloaded music that they already have the CD of, rather than ripping. Is that wrong? I dont see it myself, but then i would never do that myself, nosireebob.

Anyway, back to reality. You buy a kindle book, crack it, port it to another device, and that stops google deleting it from your kindle (ala 1984).

Nice one.

2
1
Thumb Up

DRM works, sometimes

The only time DRM actually works is when the product is not popular and there is no market drive to hack the DRM. So for specialist software for a niche market DRM selling only to commercial companies, DRM probably works. The moment the product aims for the public, it's DRM is likely to be hacked because DRM becomes more of a hassle than a benefit.

1
1

So Amazon, Apple, et al are lying...

...to the content producers, persuading them that their content can be protected by clever DRM when they know full well that it can't. Anything to get the content into the catalogue, and when the DRM is inevitably broken, A, A et al just throw up their hands and cry "Hackers!"

Seems to me the content providers are fools, the middlemen are knaves, and only the hackers have honour, though in a petty-theft kind of way.

2
1

presumably

The wispernet means that they could completely change their drm system, give you a new firmware for it and then resend all of your books, with absolutely no interaction from yourself though.

0
0
Badgers

I don't get it.

I dislike DRM and have actively avoided purchasing any DRM-locked systems (I have been caught out a couple of times). I do not file share or provide copies to friends or sell the original and keep the copy. This seems, to me, to be the correct response. If nobody buys the DRM-ed sruff then the model will be seento fail.

But why buy DRM-ed products with the express intention of breaking them. This is always going to involve some inconvenience as you enter an arm race with the 'owner' trying to re-establish control rather than just refusing to play.

0
0
Megaphone

RE: I don't get it

there are often reasons that you end up having to buy a drm-ed product mainly that it is only available in a drmed format

for example if the ebook you are purchasing is only avaible from kindle with drm as the publisher has limited its availablity

0
0
Gold badge
Thumb Up

OTOH

Kindle content remained more secure longer than drone downlink video

Merry Xmas.

0
0

@John Smith 19

The drone downlink feed wasn't encrypted in the first place, so that's hardly a fair comparison.

0
0
Silver badge
Coat

Sir

Yeah, but the drone was a moving target :)

0
0
FAIL

Pointless game of hide and seek

It's quite simple really. If you have a bit of stand-alone kit with DRM, there is already in that kit all the information you need to break the DRM. This is the reason why DRM gets cracked so quickly. The ONLY protection that exists is "security through obfuscation" and we all know how well that works!

0
0
Anonymous Coward

On new for Kindle for PC

This hack is new only in that it works with books downloaded to the new Kindle for PC application. It's been possible to remove the DRM from books downloaded to an actual Kindle, or the Kindle app on an iPod/iPhone for more than a year.

0
0
Silver badge
Joke

Kindle Schmindle

I'm waiting for a decent ebook reader that runs on Linux and is powered by kitchen scraps!!

0
0

I did not know that.

"Texas Instruments has also been known to take action against customers who reverse engineer calculators."

Thoses would be Polish notators I assume?

4
0
Silver badge
FAIL

Nope

Only HP (the real HP, not the current incarnation that sells overpriced ink and has the slogan that reminds them they should invent) made RPN calculators; TI didn't.

0
0
Silver badge

Consumers must bare some of the blame

for DRM and not for the obvious reason of piracy. It is the consumers who buy DRM products who support and encourage DRM.

If one is not permitted to transfer legally purchased media amongst devices, I suggest not buying that manufacturers devices or published media, it really is as simple as that. If sales of proprietary DRM devices and protected media was practically zero, I wonder how long such DRM mechanisms would survive.

Regardless of what the law might say, If I purchase some electronic media, be it a book, game, film or music I have the right to read, play or view that media on ANY device I have that is capable of rendering the data stream, not just the one that has the proprietary DRM mechanism.

Proprietary DRM:Don't buy it, don't support it.

3
0
Joke

@adnim - Consumers must bare some

I'll be honest. I bare mine all the time. Nobody seems impressed.

0
0
Bronze badge
Pint

Mabye Amazon's execs need a visit from the IQ fairy...

I don't use products with DRM in it in any way or manner. ( I wouldn't touch it if they gave it away for free) Why do anything that might propagate that DRM garbage, right?. -_^

On the bright side it always gives the hackers something to do.

2
0

Gaming world DRM

Thems gotta be the worst of them all - especially the SecureROM ones! I don't object to buying a game (usually preowned as I don't really worry about playing the latest and greatest as soon as they come out) but invariably end up with a dodgy cracked executable to play the damn thing without lugging disks all over the country.

Not to mention they always make installing the damn game much, much more difficult, usually because I happen to have another, perfectly legal, bit of software on MY machine...

1
0

DRM can work?

For those people who claim DRM is doomed to fail, I would suggest that the DRM employed by Microsoft's in the XBOX 360 has been highly successful?

0
3
Silver badge
FAIL

wtf are you talking about

You might have had a point if you picked out the PS3 but the XBOX 360 being able to play pirated games is most of the reason it outsold the PS3 IMHO. Sure you are only hacking the firmware on the DVD drive and homebrew software is still rare (a few software revs have been broken but quickly patched) but it has been broken. M$ only response is to ban a million of I am guessing some of their best paying DLC customers (honestly if publishers smart they release the games very cheaply and make up their revenue on DLC). Always good to choke off revenue streams to show them pesky pirates (worth noting that PS3 sales have beaten XBOX since the bans).

0
0
WTF?

I'd rather buy a real book

With a real book, I can lend it to a friend, or sell it on ebay if I wanted to. I can even buy it second hand from a charity shop. Lets also not forget I can read it for free by going to my local library.

Real books have so many benefits. The only benefits to DRM crippled e-books are you can carry thousands at once, and you can buy them while sat on the train. I suspect most people aren't that bothered by that.

If only there was a way to ensure your friend gives the book back !

2
0
FAIL

Poor market model

One problem with ebooks is that the selling model is all wrong. I use an ereader as a way of carrying a lot of books around with me, for work or holiday. A lot of the books I have on the ereader I also have paper copies of. Given the choice, I would still prefer to read the physical copy than the electronic one. If I get an ebook from one of the free libraries and I enjoy it, chances are I will go out and buy the actual book.

If I was marketing this, I would give three options for buying a book. 1) Buy the physical book only 2) Buy the ebook only for the SAME PRICE as the physical book, inclusive of discounts 3) Buy the physical book and get the ebook for an extra couple of dollars.

If the other people who use the ereaders are like me, then option 3 is going to be the most popular option. Real book for reading at home, plus handy electronic travel option. At the moment I won't read any ebook I have to pay for because the cost is too high.

3
0

I like your options 1 and 3

but no. 2 ought to be "Buy the ebook only for CONSIDERABLY LESS than the physical book" since it's distribution costs are much lower and it would be a cheap way to get potential new customers to try your books. And this would still give a higher profit margin than on the physical book.

I'm quite happy to own ebook-only copies of many books, since storing them is so much easier and my netbook makes reading them actually more convenient than physical books. (For a start, I don't have to hold the book up myself when in bed or on a chair, nor do I have to think much about the lighting conditions in the room).

Oh, and "i♥cabbages"? What a great name for a hacker. None of this pretentious internet-tough-guy "Zero Cool" shit.

0
0
Bronze badge
Thumb Down

DRM and Freetards

DRM ultimately exists to protect against freetards; the people who would rather take for free than paying. In that sense - in the society we live in which is monetarily based - it is understandable and I would say acceptable in principle.

The problem is that DRM is usually too restrictive, goes against what people believe are their rights; the right to have backups, the right to use with other media and readers or players, the right to share what they have bought and consider they own.

Most people who bought a vinyl album and copied it to tape to preserve the album don't consider themselves freetards, most who rip CD's to play in-car or on their MP3 players don't see themselves as freetards, those who lend a CD or DVD to friends on a "you must see ( should buy ) this" basis don't see themselves as freetards -- That is really the right to have multiple copies providing only one is used at any time principle.

There are however those who do want to take and to never pay.

There has always been illegal / unauthorised copying and sharing and likely always will be. With technology changes that has become much easier; the having multiple copies but only one used at a time is harder to ensure or enforce.

The question for those who are anti-DRM is whether they are against DRM per se or are against DRM because it is often too restrictive.

If people accept those never intending to pay should not get a free run without sanction then what do they propose as a workable system which is fit for purpose to protect creator's and publisher's rights and revenues while granting reasonable rights to end-users ?

Ultimately it may be that the best DRM is that which locks what you've bought to yourself as an individual with the right to transfer ownership of those rights. That more balances the 'do anything you want personally' with the content while preventing unlimited sharing.

Of course, true freetards will never be happy with any system which prevents them getting something for nothing.

1
1
Anonymous Coward

What could possibly be wrong with that?

"Ultimately it may be that the best DRM is that which locks what you've bought to yourself as an individual with the right to transfer ownership of those rights. That more balances the 'do anything you want personally' with the content while preventing unlimited sharing."

Would this involve biometrics in some way? Or maybe ID cards. Or perhaps a purchased file could be linked to a user account and viewer software would need online verification every time it is used.

In answer to your question: I am against DRM. DRM is per se too restrictive.

1
0
Silver badge
Stop

About freetards

There will always be people who think they can get everything for nothing. Even if in some alternate universe Amazon offered books for FREE with FREE postage (i.e. select what you want, click the big yellow button, it will arrive a couple of days later), some people will still not be happy. They will want more, in addition to ordering everything they already can even if they have no interest or intention of reading those books.

DRM has been shown time and again to interfere with legitimate users while making things only slightly more difficult for freetards. I end up suffering the waste of processor time and energy to rip my DVDs (*MY* DVDs) to watch on the computer because Macrovision screws up my TV. I don't see why I should change my TV which works just fine for all the rubbish on satellite television just because a DVD publisher wants to implement a protection scheme that has been shown to be rendered useless by a fairly simple PIC circuit.

To support DRM is akin to agreeing to ban knives to prevent stabbings. People who stab will simply use something else sharp, while the rest of us normal sane people will have to face trying to get through a tough steak with two forks. Not a pleasant prospect, I'm sure you'd agree.

1
0
Troll

Same circular arguments we've had for years

Remember "Home Taping is Killing music" ?

I download the odd MP3 free. If I like it, I'll search out some more of the works of that artist, and if they aren't just a one hit wonder, I'll go someplace like Amazon and buy the CD. Ain't harming the Artist as far as I can see.

Same with the compilations I made on cassette when i was a kid. They've now been replaced by proper CD's.

All of these I will rip onto CD RW for use in the car, cos I'm not wrecking the original that I splashed out for.

As for books, I can see the lure of e-readers for taking loads of paperbacks on holiday, but I much prefer the proper low tech hard copy.

In all these cases, DRM just gets in the way and is a pain. The model posted elsewhere of buy a hard copy and get electronic for a token price is a good one. If authors are looking to get their product out, they have to think smart and market smart.

DRM ain't smart. Its rather a waste of time UMHO

1
0
Stop

Publisher's viewpoint

I make my living writing and publishing books. People buy my books, that enables me to eat regularly. If my books were available on the internet for free, that would be the absolute END of my cash flow. This has already happened to me on one title - no one buys it any more, it is available everywhere for free. As a consequence, all my books are ink on paper - dead trees. Yes, you can still photocopy them, but not in mass, and it takes more than a click on a mouse to do it. I've investigated digital media, but it appears that if I produce my books in digital form, I'll very quickly be out of business. If there is no further reward to me for writing and publishing books, then I will have to do something else.

2
1
Pirate

Cash cow market model

You won't eat because you are using the bad (old) "cash cow" market model. Take a look at suggestions from @Poor market model above.

Assume that your cusomers are not all freetards, most are prepared to pay, but that they will not pay for nothing - it has to cost you too.

So think about how you can add value: a fridge magnet, a mug, access to the author, first dibs at the next book... this is your chance to get creative.

And when you "get it" you will eat better than ever before.

2
1
Silver badge
Stop

A frigging fridge magnet ?!

Who the heck buys a book because it comes with a free fridge magnet? Everybody's already got a coffee mug. I don't want to chat with the author. 'First dibs' at the next book? - what kind of sad sap would get a rush out of that, (and what if it's no good)?

I want to read a good book and I'm willing to pay for that. (I'm also willing to freeload it if it's on the Torrents in a suitable form).

Does anybody remember reading good books? Does anyone remember buying vinyl or CDs because they included a free fridge magnet?

0
0
Lu

@ Publisher's viewpoint

"If my books were available on the internet for free, that would be the absolute END of my cash flow. This has already happened to me on one title - no one buys it any more, it is available everywhere for free"

I disagree with your sentiment, as I can give an example of an author who gives away his work for free and still gets sales.

Corey Doctorow, author of "Little Brother". The book's available online for free, under the Creative Commons license. You can also buy the hardcopy of the book in your normal bookshop.

I read the online book. I then bought the hardcopy, simply because I thought he deserved my money.

Hence, I know for a fact that you can sell books that are also available for free. And I know for a fact that they do get bought. How successful this model is, I don't know, but it made at least one sale, which is it's job.

Maybe your book's not good enough? Maybe your marketing isn't good enough? Maybe you just haven't researched the alternative models and can't comment on how successful they actually might be?

Regardless, e-books are here to stay, whether you like it or not. And as Apple discovered with iTunes, you can't keep them DRM'd for long (ironically, it was Amazon's own non-DRM mp3 store that was probably the final nail in that coffin.)

2
0
Go

now I can get one!

I had been waiting for this. now I can get a kindle! Amazon, Thank this hacker, as he has just given you a sale.

1
0
WTF?

audible.co.uk > .aa > CD > mp3... ta DA!

I took advantage of the audible.co.uk £12 for 3 months for 3 audio books offer the other day, only to realise after having parted with money that you can't get a vanilla MP3 of the audio books... which kinda defeats the object as I wanted to listen to them going to and from work on my non-DRM MP3 player.

However, it looks like you can burn the .aa audio books to CD... which I can then rip to MP3.

http://audible-uk.custhelp.com/app/answers/detail/a_id/3720/

So I've got to jump through some silly hoops to get an MP3 of something I've paid for and which they don't make readily available but can be obtained via a back-door. What a bunch of f***wits!

0
1

It's time for the goverment to step in

Since DRM, because of it's very nature, is ILLEGAL, the goverment need to stop in a Fine multi-billion every single company that sell DRM infected product.

0
0
Silver badge
Linux

DRM only illegal in US

Due mainly to historical legacy reasons instead of political (tell me when US is not biz friendly to the point of the law openly being hostile to living breathing human) DRM is only largely illegal in the US due to the Fair Use provisions of copyright law (haha look how Congress extends copyright length to protect Mickey Mouse). As far as I understand the EU and especially Japan (who hate Fair Use and tend to ignore it the most) do not have this provision (at least allowing for personal backups).

0
0

Page:

This topic is closed for new posts.