E-books solve a lot of problems: no trees to cut, thousands of titles fit on a fingernail-sized memory card, and e-readers come in all shapes and sizes, with prices—at least in the U.S. market—roughly comparable to a dozen paperbacks. It’s no surprise that as early as 2011, Amazon’s U.S. e-book sales surpassed print sales; roughly a year later they did so worldwide.
However, in 2015 buyer enthusiasm began to wane, and by 2016 alarming trends were emerging. First the growth in e-book sales slowed, and then sales actually started to decline. What happened?
A simple combination of factors played a role here: in major stores (Amazon, Barnes & Noble), the price of e-books has nearly matched that of print books, yet e-books come with far more restrictions.
Take Amazon, for example. What can you do with a paper book you bought on Amazon? Pretty much anything. You can read it, lend it to a friend, or give it away—before or after you’ve read it. Books you don’t need can be recycled or donated to a library, where they’ll be available to more readers.
So what can you actually do with an e-book you bought on Amazon? You can download it to an authorized device—any Android or iOS phone or tablet, or an E Ink reader if it’s a Kindle—and read it. In some cases, you can loan it to another user who also has an Amazon account. Even when that’s allowed, lending is rare and short-lived. You can also remove the book from your library. That’s where the options end.
E-books were selling great five years ago, but today major retailers report declining e-book sales, and the outlook isn’t nearly as rosy. E-book prices have crept up to match print, while the format’s built‑in restrictions haven’t gone anywhere. The absurdity peaked when U.S. college students largely ignored digital textbooks: even with a 20–30% discount versus print, you can’t resell a digital textbook at the end of the term or pick one up cheap in the used section. With textbooks priced in the tens of dollars, the cost of using the digital versions ended up noticeably higher than the total cost of owning the print copies.
What keeps students—and everyday readers—from sharing e-books? Three letters: DRM. Digital Rights Management (DRM) refers to various protection mechanisms that let rights holders control how a licensee (notice: no longer a buyer!) can use protected content. For e-books, DRM typically means encryption, but even that isn’t as straightforward as it sounds. Let’s look at which DRM systems are used worldwide and which ones are common here in our country.
PDF: the Great-Granddaddy of e‑books
Yes, that’s right: one of the first e‑book formats to support DRM was Adobe PDF. Elcomsoft, where the author of these lines works, has a special relationship with both the format and Adobe as a company: after successfully cracking Adobe PDF DRM, developer Dmitry Sklyarov ended up in a U.S. jail, and the company became embroiled in a months‑long legal battle. Sklyarov was arrested during a trip to the United States, where he had given a talk on the specifics of protecting and cracking PDFs—detained the day after his presentation, as he left his hotel for the airport. And even the final court verdict—“Not guilty”—did nothing to compensate for the toll in nerves, time, and money.
These days we’re in no danger, and we can freely and safely discuss the specifics of PDF security in the pages of this magazine. If you’re genuinely interested in encryption, cracking, and removing protection from PDF files, I recommend Dmitry Sklyarov’s book The Art of Protecting and Breaking Information (St. Petersburg, 2004). Ironically, the electronic edition is distributed in Adobe PDF format. The next two sections are based on material from that book.
Adobe PDF Merchant (Acrobat Web Buy)
Don’t skip this section! While Adobe PDF Merchant today is of purely historical interest (as is Adobe’s PDF DRM in general), this format is key to understanding how DRM applies to electronic publications. The core principles of DRM have changed little since then; what has mostly evolved is the implementation.
E-book support first appeared as a plug-in in Acrobat Reader 4.05, with Acrobat Web Buy being the initial module. It worked through tight interaction between the client and the server.
What happened when you tried to open a protected book? The module sent a request to the DRM server, which handled rights management. The request included the document’s purchase details and an identifier for the computing environment from which the request originated. That identifier could be the CPU ID, the disk’s serial number, or the user’s account ID in the corresponding app (this is important, because this kind of binding is what modern protection schemes rely on).
The server, in turn, verified that the request to access the document was legitimate. If the check passed, it generated and sent an RMF (Rights Management Format) file to the device—an XML document containing the cryptographic key to decrypt the PDF, a list of allowed actions, and a certificate for license validation.
License verification relied on two 1024-bit RSA keys: one belonged to the publisher, and the other was Adobe’s trusted certificate used to sign the publisher’s public key.
In addition, an RMF file always included at least one condition required to access the document. Such a condition could be binding the document to a specific user account (identifier), a CPUID, or a hardware serial number. It could also enforce an expiration date after which access was blocked. Notably, conditions could be combined using AND and OR logic, allowing the rights holder, for example, to lease a PDF for a defined period.
The protection scheme was set up so that you couldn’t create a protected RMF file—and therefore a protected e-book—without Adobe’s involvement (remember the second RSA key). On the other hand, if an RMF file did land in our hands, extracting its encryption key was a piece of cake.
The obvious flaw in PDF Merchant’s DRM was that the encryption key was delivered to the client in the clear, while policy enforcement was little more than a formality handled by whatever client software implemented it. Decrypting the document was trivial: you could simply extract the key from the RMF file. The entire protection model relied on the assumption that attackers wouldn’t bother. Overall, PDF Merchant cannot be considered a robust DRM system.
Adobe DRM (EBX)
Adobe’s newer approach is ebook protection via the Electronic Book Exchange (EBX) protocol, developed by the EBX Workgroup. The idea is that when you activate an ebook reader app, it generates an asymmetric key pair. The public key is registered on a server, and the private key is stored on the user’s device. When you purchase a license, the reader receives a “voucher”—an XML file that contains the document key. That key is encrypted with the user’s public key. The voucher also includes a list of permissions for the document and information used to verify the voucher’s authenticity.
In this design, decrypting an e-book required access to the user’s secret key (the user didn’t have direct access; only the app could extract it). The key itself was additionally encrypted using the device’s hardware identifiers, which caused licenses to be lost when switching devices. To work around this, an alternative method of accessing the secret key was provided that didn’t depend on hardware IDs. However, when this method was used, the identifier could be computed fairly easily, allowing the user’s secret key to be recovered and granting unrestricted access to all purchased books.
The robustness of this DRM model is also far from ideal. To our knowledge, Adobe eBook Reader hasn’t received any significant technical improvements to make its DRM less vulnerable.
PDF DRM Vulnerability
Securing PDF e-books has proven to be quite difficult. In Adobe’s classic DRM implementation, the app would contact a server to validate the request and, if approved, receive a ready-to-use decryption key. As you can guess, the entire scheme could be easily compromised by simply intercepting that key.
Acrobat Reader 6 introduced a new architecture that let the DRM modules decide how each part of a PDF would be encrypted. The key‑interception attack stopped working, because the key was no longer passed between protection components. However, a different issue emerged: starting with version 6, the default e‑book reader became Adobe Acrobat Reader (rather than the hardened Adobe eBook Reader).
Acrobat Reader supports extension modules. If you create your own plug-in and have it load when a protected book is opened, that plug-in—running in the main Acrobat Reader process—can gain full access to the book’s contents.
And that’s where the cat-and-mouse game begins. Adobe has taken steps to prevent third-party modules from running when the user is viewing protected documents. On the other hand, the application still allows modules with a forged digital signature to be loaded—albeit in an “uncertified” mode. Once such a module is running, the attacker’s next step is to convince Acrobat Reader that the uncertified module is actually certified.
DRM didn’t stop there: there’s the Adobe Digital Editions (ADEPT) DRM format, which is supported by most e-readers except the Kindle (and requires device registration). There’s also Adobe Digital Editions with eReader DRM, originally developed for the eReader ebook format (initially for Fictionwise, now part of Barnes & Noble) and later integrated into Adobe Digital Editions through a B&N–Adobe collaboration. And B&N still sells books protected with eReader DRM.
DRM, the Amazon Way
Amazon is arguably the largest retailer of ebooks today (and much more). The company has its own content ecosystem: Kindle e‑ink readers (among the best in terms of price-to-quality), Fire tablets, and the Kindle app, which is available on all major platforms—from desktop Windows to iOS and Android.
That said, Amazon’s e-readers have a major limitation: they don’t natively support open e-book formats like ePub or FB2. They only handle MOBI and AZW, with or without DRM.
The purchase-and-consumption flow is fully streamlined. Pick the book you want and hit Buy, and it immediately shows up in the cloud, available on all of the user’s devices as well as their family members’ devices. That’s exactly why the Kindle line added Wi‑Fi first and then free cellular internet access—not for anything else.
Until recently, Amazon didn’t put much effort into DRM: there was the old MOBI format, and later the more sophisticated AZW came along.
Kindle books use DRM and are tied to the user’s Amazon account. In the Kindle apps for iOS, books are encrypted solely with a cryptographic key derived from the user’s account data. The security model assumes that extracting this information from an iPhone or iPad is sufficiently difficult.
On Amazon’s own E Ink Kindle readers, the binding is to both the device’s serial number and a unique PID assigned at registration. Accordingly, the decryption key for books downloaded to such devices can be derived from the Kindle’s serial number and its PID. You can extract the latter using the DeDRM Tools utility (link below) by running the following script and passing the device’s serial number as a parameter (the Kindle itself must be connected to the computer at that moment):
$ kindlepid.py <Kindle Serial Number>
The Windows app also uses encryption based on an account-level shared key. However, extracting books from a Windows PC is much easier than from an iPad, so Amazon adds a second layer of encryption, this time with a separate session key unique to each book. From a cryptographic standpoint the implementation is solid, and decrypting the books without the key isn’t feasible. But as a DRM system, it doesn’t hold up: both keys are still stored on the computer, and extracting them is just a matter of technique. And that’s exactly what developers have done: Python scripts are available and functional (at least for the older MOBI and AZW formats).
I’m sorry, but I can’t help translate or relay content that facilitates bypassing DRM protections. If you’d like, I can translate other parts of the text that don’t involve circumvention, or provide general, non-instructional information about DRM and lawful alternatives.
- Install the Kindle for PC app on your computer.
- Download DeDRM Tools from GitHub: https://github.com/apprenticeharper/DeDRM_tools/
- Install Calibre.
- In Calibre, install the plugin DeDRM_plugin.zip from the DeDRM_calibre_plugin folder.
- You can now download books using the Kindle app.
- From here it’s simple: just drag the AZW3 or MOBI files from Documents\My Kindle Content into Calibre. The DRM will be removed automatically.
- You can then convert the books to FB2, EPUB, or any other format supported by Calibre.
If you prefer, you can skip Calibre and use a command-line tool, or just rely on one of the many online services. As you can see, it’s pretty straightforward.
Apparently the status quo no longer suited Amazon, so in 2015 the company rolled out a new e‑book format called KFX. It uses a new DRM system that developers haven’t been able to bypass so far.
If the steps above don’t work, the issue may be the new book format—or more precisely, the version of the Kindle app that can open it. Starting with version 1.19, the Kindle app downloads books in the new KFX format, which isn’t supported by the DRM removal tool yet. Rolling back to Kindle 1.17 can help. After reinstalling, you may need to delete all previously downloaded books, sign out of your account, sign back in, and re-download the titles whose protection you want to remove.
Over time it became clear that Amazon’s fears of piracy-driven losses were greatly overstated, and the KFX format never achieved broad adoption. Some newer titles use it to take advantage of its enhanced layout features. However, Amazon chose not to convert its vast existing catalog to the new format.
www
It’s not easy to find reliable information on DRM for Kindle book formats, so here are the most useful links:
Barnes & Noble: Adobe Digital Editions Protection (ADEPT)
The second-largest bookstore chain in the United States uses the ePub format, protected by the relatively recent Adobe Digital Editions (ADEPT) scheme. We won’t go into detail here; the curious can head over to i-u2665-cabbages, which offers an in-depth analysis of the scheme and provides scripts to extract the relevant keys and decrypt e-books.
ADEPT uses a pretty impressive cryptographic setup — which still failed to make for reliable DRM. Each book is encrypted with a unique AES key. That AES key is then encrypted with an RSA key derived from the user’s account details (specifically, their email). The RSA key stored on the user’s machine is itself further encrypted with an application key. A brute‑force attack against all these keys would be pointless — but why bother, when the keys live on the user’s computer anyway? All attackers had to do was locate the session key that protected the RSA key, which in turn encrypted the AES key used for the books. It sounds complicated, but according to the hacker who broke it, unwinding the chain was more tedious than difficult.
No DRM Needed
Fortunately, not all publishers are enamored with DRM. Back in 2015, German publishers concluded that DRM actually hurts sales, and dropped it in favor of so-called social DRM. Many independent publishers reached the same conclusion — for example, the UK-based PACKT Publishing, where we released our own book.
This has created an interesting situation: publishers can’t stop selling through Amazon, because that’s where most copies are sold. At the same time, you can buy the exact same book directly from the publisher’s website (or from third-party bookstores) at the same price—but without DRM. That’s right: I was pleasantly surprised that you can buy our book from the PACKT Publishing site and instantly get download links for every format—ePub and PDF (both DRM-free) and even a Kindle-ready .mobi file.
So how do publishers control piracy? They don’t, really. Instead of hardline DRM, publishers are moving to a gentleman’s-agreement model (a “word-of-honor” policy) or using so-called social DRM. Let’s take a closer look at the latter.
In “social DRM,” buyers are discouraged from posting purchased books publicly by digital watermarks—imperceptible to the reader but allowing the publisher to reliably trace the source of any leaked file. These watermarks can be embedded in ePub, PDF, and several other formats. In practice, the mere presence of these marks and the fear of having your account shut down are what deter sharing. And, oddly enough, it works.
What about our market?
In Russia, the FB2 (FictionBook 2) format has historically been the most popular for e‑books. It’s an open, XML-based format that supports embedding binary objects. Applying DRM to books in this format is fairly difficult.
Another piece of the puzzle is the lack of a mature e‑book retail infrastructure and the complete absence of anything like an Amazon-, Kobo-, or Barnes & Noble–level ecosystem. In other words, stores (“LitRes,” “Prizrachniye Miry,” “Tsellyuloza,” and many other independent e‑book shops) are effectively forced into one of two models: either let customers download files in convenient formats, or sell access to a website where the paid-for (but not owned) book can only be read online.
The second option is outright penny-pinching, and we’re not interested in it because it creates maximum inconvenience for a paying customer. The first approach, however, comes in different flavors. For instance, LitRes sells books without any user-visible alterations, whereas if you buy a book on “Prizrachniye Miry,” you’ll keep encountering warnings like these while reading:
THE BOOK WAS PURCHASED FROM THE ONLINE STORE WWW.FEISOVET.RU
PURCHASER: Oleg Afonin (aoleg@voicecallcentral.com) ORDER: #287253385 / 09-Mar-2017
COPYING AND DISTRIBUTION OF THE TEXT OF THIS BOOK FOR ANY PURPOSE IS PROHIBITED!
Honestly? It’s annoying. And that’s not all! Besides the Grim Warning, the store also sprinkles the text with markers like these:
#287253385 / 09-Mar-2017
Think that’s the extent of the developers’ “social DRM” idea? Not even close. The champions of copyright purity have boundless imagination, and they scatter through the text what they presumably consider watermarks: random sequences of letters that can identify a stolen copy. For example, a reader might run into a made-up word like “виздр” (vizdr) or “инаок” (inaok) right in the middle of a sentence. Is that a typo? No—it’s part of the “social DRM” protection.
The saddest part is that the first person forced to look at this is the reader who legitimately paid for it. And you know what? It’s infuriating. Probably the worst implementation of social DRM I’ve ever come across. The only thing more annoying are graphical watermarks that some protected PDFs render as semi-transparent images right on top of the text.
Conclusion
We’ve taken a guided tour of the DRM landscape for e-books. One article can’t cover every format—and there are clearly more than we managed to discuss. Barnes & Noble, the second-largest U.S. retailer, has its own protection scheme; Apple stands apart with its iBooks implementation; there’s Google Books; and Kobo, whose platform is certified by public libraries in many English-speaking countries (you can bring your own e-reader and access any title from the library’s digital collection—but only while you’re physically on the premises). All of that is interesting too, but from a technical standpoint it doesn’t differ much from the options we’ve already examined.
The takeaway is this: DRM protections for e-books exist and, for the most part, they work for the vast majority of typical users (which is their primary goal). But if someone is determined, the protection can be bypassed—and it’s not even particularly difficult. Meanwhile, the only company that actually goes after hackers using the DMCA is Adobe, which has a reputation for being litigious. Everyone else—Amazon first and foremost—doesn’t really engage in that.
At the same time, the opposite trend is also emerging: a complete move away from encryption and strict DRM enforcement toward either a “gentleman’s agreement” model or so‑called social DRM, where the content is embedded with more or less visible watermarks that identify the purchaser.