Tag Archives: drm

Brute Force eReader Attack

First of all I totally do not suggest you do a Google Search for the Dark Reverser and ereader2html.

But if you do you might find a program used for decrypting your ereader files to a standard html format. Great I thought. What do I need to do?

python ereader2html.py

Gave me:

eReader2Html v0.03. Copyright (c) 2008 The Dark Reverser
Converts eReader books to HTML
  ereader2html infile.pdb outdir "your name" credit_card_number
  It's enough to enter the last 8 digits of the credit card number

Great I thought. Then I realised I purchased my books over two years ago and had long lost the credit card details. A quick scout on ereader found my books, the last four numbers of the credit card and my full name. Do assign the DRM to a new credit card key I would have to add a new credit card and then buy a new book to let me get access to my old ones. A search round the help section suggested the only way around this was to arrange to have a member of the help desk phone me and tell me my old number.

No thanks I though.

I just need to work out a way to try 1000 different numbers without my fingers falling off.

Here are the fruits of my labour, please remember I do not program.

# batch_check.sh
# Brute Forces eReader Files

while [  $COUNTER -lt 9999 ];
    python ereader2html.py /home/douglas/ereader/NameOfBook.pdb  \\
     /home/douglas/ereader "My Full Name"  ${COUNTER}1234

             echo The counter is $COUNTER
             COUNTER=$(( $COUNTER+1 ))

please note there is no actual line break in the line beginning “python ereader” have just shortened it to make life easier.

“My Full Name” In quotes, as from the ereader site.

1234 The last four numbers on my credit card as from ereader.

It took me about 15 minutes to write with a bit of googling and took about three minutes to crack my first book. Luckily it took a few seconds to crack so it was easy to identify which number was magic. After that I just did them each by hand.

If your missing digits are between 0 and 999 you will have to make some slight changes to the above.

Hope this helps someone.