image image DRM is a joke to smart hackers, using the cyber equivalent of lock-picking tools. And sure enough, an Israeli says that he’s cracked Kindle for PC.

So reports the Register. The word is that techies can turn encrypted Kindle files into unprotected Mobipocket, then get the files into whatever format they want for enjoyment on a number of devices. That’s the nicer scenario. A less rosy one is that Kindle books can go on P2P for freebie-loving readers everywhere, while honest customers struggle with DRM’s many hassles.

But wait! Can’t the P2P crowd scan paper books and avoid DRM all together? Exactly.  What’s more, the Boy Genius blog says that other hackers have been cracking Kindle files for a year. I wouldn’t be surprised, since the Kindle format is just a kissin’ cousin of the Mobi format, whether or not Kindle for PC is involved.

Tell that to stubborn DRM-lovin’ publishers, however. I wonder if some of them will use that as an argument not to do business with Amazon.

Meanwhile, back in the real world of e-books, we may well see widely distributed cracking tools, as well as countermeasures by Amazon, which the Israeli hacker, known as “Labba,” says he is already prepared to defeat. In the U.S. it’s illegal to circumvent DRM, but that’s not the case everywhere.

Look, Jeff, if you really want a sustainable business model for e-books, you should either skip DRM or think about a more realistic alternative such as social DRM—names and addresses embedded in plain English in e-book files to discourage copying. Yep, publishers will balk. But if nothing else, why not start a DRMless e-book stores for Baen and others smart enough to understand the futility of the usual “protection.”

(Big thanks to Gary Price for the Register link.)


  1. It’s fresh news, because now people who want to read ebooks from Amazon on other devices can finally do so on their own, without having to jump through lots of hoops. They don’t have to buy a Kindle or iPhone/iPod, and they don’t have to go to pirate sites or the like to get the content. It’s especially good news for international users, who have very limited access to ebooks due to regional restrictions. International Kindle accounts are still not possible using the iPhone for instance, and the cost of the Kindle 2 itself is rather expensive once you start factoring in shipping and VAT.

    That’s the big news IMO – it’s a crack that enables international users to easily get access to ebooks from Amazon. These can be Amazon exclusives, titles that other stores may have but can’t sell internationally, or even just content people want.

  2. The Register report has… issues…
    Not the least of which is the direct link to d/l the code for the subject script.
    Second, it confuses the authors of two separate Kindle For PC cracking approaches. The named author is not the creator of the linked script. The entire process is fully documented, btw, in a thread at the Kindle Mobileread Forums. All out in the open.
    Third, the Kindle for PC DRM was not *cracked*; as pointed out, it uses the same DRM as Mobipocket so its been cracked all along. All the new script does is extract the otherwise secret Mobipocket PID number from a specific Kindle for PC installation. When I ran into the Mobileread thread last week, it had not yet resulted in a reverse-engineering of the PID-generation algorthythm underlying Kindle for PC, so Amazon can easily change the code obscuring the PID without impacting anything else (the DRM code itself).

    The same discusion thread reported that the author had already cracked B&N’s new nook-exclusive ePUB DRM password scheme. Again, no actual DRM cracking involved as the “new” DRM is merely an incompatible, password-based, implementation of the already cracked Adobe proprietary Adept encryption.

    What I found most interesting in the thread in question is just how half-hearted the encryption used in *all* existing digital-media schemes actually is. All are vulnerable to the same attacks and none is using even vaguely resembling a modern assymetric encryption technique, much less a hardware-based one.

    Basically, all it means is the creators of these schemes don’t intend for their schemes to prevent piracy, but rather merely to limit it. And not too strongly at that.

    My expectation is Amazon might change their obfuscation code slightly in the next release of Kindle for PC but that they are just as likely to do nothing. After all, to use the subject script, you first have to buy an ebook from Amazon.

    All this script is likely to achieve is increase Amazon sales and profits.

  3. I more or less agree that “cracked” is a strong term for the existing circumvention scripts. However, both K4PC and passworded Adobe ePubs (currently only from B&N) are non-trivial upgrades to their underlying DRM approches. It also appears that more robust cracks of these schemes are in the works.

    The important point is that now anyone in the US can buy from the B&N ebook store, and anyone in many countries worldwide can buy from the Kindle Store (subject to geographic restrictions) – no matter what device they use to read ebooks. This is the case providing the purchaser is willing to circumvent the DRM – which is legal very nearly everywhere worldwide providing the circumvention is for personal non-commercial use only. This is probably true even in the US, which has perhaps the most comprehensive anti-circumvention regime, although there are no federal cases directly on this issue.

  4. Previous work on the Kindle DRM was by Igor at

    I believe what was new with this is that this software is targeted to the Kindle for PC.

    I’ve had to use Igor’s software because one of the metadata options for Kindle controls how much of the Kindle you can transfer to your clips file. Some publishers had set it at 10%. If you do research, you can legally copy much more. I’ve used the software to remove this restriction on my legally purchased copies. It was a pain, though.

  5. Update on DRM cracking:

    The B&N-specific DRM scheme has been fully cracked. In addition to a key-extraction script (as was done to MSReader, Mobipocket, and Adobe’s Adept) and a DRM removal script, the Reversing Engineer has also coded a script to generate the same key as the B&N servers (from the User Name and credit card number provided to B&N).

    This means that buyers accidentally stuck with B&N-DRM’ed ePubs instead of Adobe Adept DRM can now remove it and end up with DRM-free ePubs.

The TeleRead community values your civil and thoughtful comments. We use a cache, so expect a delay. Problems? E-mail