Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Books Censorship Hardware Hacking Build

Amazon Uses DMCA To Restrict Ebook Purchases 409

Posted by timothy
from the do-not-read-this-dept-line dept.
InlawBiker writes "Today, Amazon invoked the DMCA to force removal of a python script and instructions from the mobileread web site. The script is used to identify the Kindle's internal ID number, which can be used to enable non-Amazon purchased books to work on the Kindle. '...this week we received a DMCA take-down notice from Amazon requesting the removal of the tool kindlepid.py and instructions for it. Although we never hosted this tool (contrary to their claim), nor believe that this tool is used to remove technological measures (contrary to their claim), we decided, due to the vagueness of the DMCA law and our intention to remain in good relation with Amazon, to voluntarily follow their request and remove links and detailed instructions related to it.' Ironically, the purpose of the script is to make the Kindle more useful to its users."
This discussion has been archived. No new comments can be posted.

Amazon Uses DMCA To Restrict Ebook Purchases

Comments Filter:
  • by Anonymous Coward on Thursday March 12, 2009 @02:33PM (#27171613)

    Link to the author's reverse engineering blog and script description:

    Here [blogspot.com].

    Link to just the scripts Here [googlepages.com].

    Anonymous to avoid KarmaWhoring(TM)

  • by Anonymous Coward on Thursday March 12, 2009 @02:34PM (#27171629)

    I was considering buying a Kindle, but I didn't realize it could only read Amazon e-books. With such a restriction and Amazon taking legal steps to enforce it, I see no reason to buy the device.

    I'm kinda glad they did this. It saved me from making a bad purchase.

  • DMCA TAKEDOWN! (Score:5, Informative)

    by Philip K Dickhead (906971) <folderol@fancypants.org> on Thursday March 12, 2009 @02:47PM (#27171845) Journal

    Code is here:
    http://skochinsky.googlepages.com/azw-0.1.zip [googlepages.com]

    Mirror:
    http://rapidshare.com/files/76138900/azw-0.1.zip.html [rapidshare.com]

    Add your own!

  • by Anonymous Coward on Thursday March 12, 2009 @02:50PM (#27171889)
    Mirror of:
  • Re:Torrent? (Score:5, Informative)

    by QuoteMstr (55051) <dan.colascione@gmail.com> on Thursday March 12, 2009 @02:59PM (#27172053)

    kindlefix.py


    import prc, sys, struct
    from binascii import hexlify

    def strByte(s,off=0):
    return struct.unpack(">B",s[off])[0];

    def strSWord(s,off=0):
    return struct.unpack(">h",s[off:off+2])[0];

    def strWord(s,off=0):
    return struct.unpack(">H",s[off:off+2])[0];

    def strDWord(s,off=0):
    return struct.unpack(">L",s[off:off+4])[0];

    def strPutDWord(s,off,i):
    return s[:off]+struct.pack(">L",i)+s[off+4:];

    keyvec1 = "\x72\x38\x33\xB0\xB4\xF2\xE3\xCA\xDF\x09\x01\xD6\xE2\xE0\x3F\x96"

    #implementation of Pukall Cipher 1
    def PC1(key, src, decryption=True):
    sum1 = 0;
    sum2 = 0;
    keyXorVal = 0;
    if len(key)!=16:
    print "Bad key length!"
    return None
    wkey = []
    for i in xrange(8):
    wkey.append(ord(key[i*2])> 8)) ^ byteXorVal) & 0xFF
    if decryption:
    keyXorVal = curByte * 257;
    for j in xrange(8):
    wkey[j] ^= keyXorVal;

    dst+=chr(curByte)

    return dst

    def find_key(rec0, pid):
    off1 = strDWord(rec0, 0xA8)
    if off1==0xFFFFFFFF or off1==0:
    print "No DRM"
    return None
    size1 = strDWord(rec0, 0xB0)
    cnt = strDWord(rec0, 0xAC)
    flag = strDWord(rec0, 0xB4)

    temp_key = PC1(keyvec1, pid.ljust(16,'\0'), False)
    cksum = 0
    #print pid, "->", hexlify(temp_key)
    for i in xrange(len(temp_key)):
    cksum += ord(temp_key[i])
    cksum &= 0xFF
    temp_key = temp_key.ljust(16,'\0')
    #print "pid cksum: %02X"%cksum

    #print "Key records: %02X-%02X, count: %d, flag: %02X"%(off1, off1+size1, cnt, flag)
    iOff = off1
    drm_key = None
    for i in xrange(cnt):
    dwCheck = strDWord(rec0, iOff)
    dwSize = strDWord(rec0, iOff+4)
    dwType = strDWord(rec0, iOff+8)
    nCksum = strByte(rec0, iOff+0xC)
    #print "Key record %d: check=%08X, size=%d, type=%d, cksum=%02X"%(i, dwCheck, dwSize, dwType, nCksum)
    if nCksum==cksum:
    drmInfo = PC1(temp_key, rec0[iOff+0x10:iOff+0x30])
    dw0, dw4, dw18, dw1c = struct.unpack(">II16xII", drmInfo)
    #print "Decrypted drmInfo:", "%08X, %08X, %s, %08X, %08X"%(dw0, dw4, hexli

  • Re:Huh? (Score:5, Informative)

    by canajin56 (660655) on Thursday March 12, 2009 @03:03PM (#27172113)
    This has nothing to do with loading unprotected DRM-free content onto your Kindle. Kindle can load Amazons proprietary DRM'd format, MOBI format, and .txt. Anything else you have to ask Amazon to please convert it to their secret format. However, MOBI files can be DRM'd. The Kindle can read DRM'd MOBI files. However, only if they were encrypted with its public key! This script allows you to view your Kindle's MOBI ID, so you can give it to an eBook service and buy a DRM'd eBook from them that will work on your Kindle. This is very bad for Amazon, as it means you can buy eBook from somebody who isn't Amazon!
  • by belmolis (702863) <billposer AT alum DOT mit DOT edu> on Thursday March 12, 2009 @03:06PM (#27172141) Homepage

    Leaving aside the issue of users' rights, as far as I can see Amazon is just plain wrong on the law and lacks legal justification for the takedown notice. What the DMCA prohibits is the distribution of tools for overcoming technical measures for protecting copyrighted materials. The first program generates a MOBI ID from a kindle serial number. The second program rewrites a non-Amazon ebook so that it contains the id that will allow it to work on the Kindle with the given serial number. Neither program modifies or copies the Kindle's software. Since the ebooks in question are not produced by Amazon, no material whose copyright belongs to Amazon is affected in any way. In other words, this software does not defeat any technical measure of Amazon's for protecting copyrighted material since Amazon has no copyrighted material at stake here. The DMCA is inapplicable, and the takedown notice invalid. Indeed, it is so clear that this software does nothing to defeat protection of copyrighted material that I would say that the takedown notice was issued in bad faith.

    What this software actually does is allow for interoperability, which is explicitly protected by the DMCA.

  • Re:Exactly (Score:3, Informative)

    by rufus t firefly (35399) on Thursday March 12, 2009 @03:11PM (#27172217) Homepage

    I hate pdf. Is there anything that can prise the text out of them yet?

    Try PDFTOHTML [sourceforge.net].

  • Re:Huh? (Score:4, Informative)

    by QuoteMstr (55051) <dan.colascione@gmail.com> on Thursday March 12, 2009 @03:14PM (#27172243)

    IANAcryptographer, but public key cryptography is a no-brainer for this scenario. Amazon should have created an RSA keypair for each kindle sold. Amazon would keep the private key and put the public key on the Kindle. When selling an E-Book, Amazon would just encrypt the Mobi file with its private key. That way, it wouldn't matter if some third party obtained the RSA public key for a specific kindle --- all he could do with it pound sand, since Amazon would keep the private keys secure and internal.

    Granted, I think the DRM is vile. But I can't understand why Amazon also implemented DRM so poorly.

    (If you want to be able to let multiple people read the same Mobi file, do this: generate a random symmetric cypher key (K) and encrypt the E-Book with it, resulting in ciphertext B. For each Kindle you'd like to be able to read the E-Book, let its key be M1, M2, and so on. The file you send out contains K itself encrypted with M1, then K encrypted with M2, K encrypted with M3, etc., and then finally B. A kindle would try all the keys in the E-Book file and just use the first one that successfully decrypted B.)

  • Re:Exactly (Score:5, Informative)

    by nahdude812 (88157) * on Thursday March 12, 2009 @03:16PM (#27172283) Homepage

    Where did you hear that there is no native support for PDF's?

    You can easily load PDF's to the Kindle. Not only can you mount the Kindle as a drive and copy the file that way, but when you buy a kindle, you get a something@kindle.com email address which you can email txt, htm, and pdf files to (as long as it's from a From address which you have whitelisted) - they will load it automatically to your kindle over its built-in 3G connection.

    I loaded several Cory Doctorow books to mine this way.

    This python script creates a hash to make the Kindle think that .mobi files (Secure Mobipocket books, a competitor of Amazon's for this market) are native Amazon books. After you get a hash from kindlepid.py, you run kindlefix.py on your .mobi file with your hash, and it produces a .azw file which the Kindle then thinks is one of its own book formats.

    GP is almost certainly right, I find it unlikely that Amazon makes a profit on the Kindle device itself, they are relying on $10 books to cover the cost of the hardware and the contract with Sprint whereby they give you free 3G access. If you're buying your books elsewhere, Amazon's going to take a loss on the whole shebang, and that's most likely what they're trying to prevent (while counting on the fact that you can't get non-drm'd copies of most books such as in .txt, .pdf, or .htm format).

  • Re:First Sale My Ass (Score:5, Informative)

    by Shakrai (717556) on Thursday March 12, 2009 @03:17PM (#27172301) Journal

    I'm missing something. Cell phones are the biggie. People complain about the contracts required and early termination fees with their $20 phone. But they aren't willing to pay the $200 retail price of that phone

    Speak for yourself. When I was with a GSM carrier I paid full retail price for all my phones so I could get unlocked/unbranded ones directly from Motorola and/or Nokia. Do you think that my carrier gave me a discount or let me sign up without a contract because I did this? Pffft, fat chance. Nowadays I don't bother because I'm stuck in CDMA land (Verizon is the only carrier with decent coverage around these parts) and there's no such thing as an unbranded CDMA phone, so why pay full price for one if I'm gonna be locked into a contract anyway?

    The carriers claim that the contracts are all about the subsidy but fail to offer an explanation for why the termination fee is the same regardless of whether they subsidize a cheap candy bar phone or a $600 smart phone. They fail to offer an explanation for why they don't offer you a contract-less way to sign up for postpaid service if you are willing to bring your own phone or pay full retail for one.

    Fact it, the contracts are a ploy to lock you into their service. They stopped being about subsidies a long time ago.

  • by pvera (250260) <pedro.vera@gmail.com> on Thursday March 12, 2009 @03:22PM (#27172391) Homepage Journal

    The purpose of the tool is not to allow non-Amazon content into the Kindle. Instead, it is to allow non-Amazon eBook sellers to be able to sell content for the Kindle. It has NOTHING to do with your ability as a user to bring content into your Kindle without paying Amazon.

    I should know, I owned a Kindle 1 for 7 months and currently own two Kindle 2s (hint: if you only have one Kindle, don't show it to your wife and go LOOK HONEY, SEE HOW COOL THIS IS!!! because she'll immediately take over it and you'll end up buying a second one). I have had no issues bringing content into any of my Kindles:

    1. Any content that I can read with Stanza and/or Mobipocket Creator (both free) can be converted into formats that can be read by the Kindle.
    2. Amazon provides you with a unique email address to email content to be converted directly into your Kindle. 10 cents per conversion.
    3. Amazon provides you with a second unique email address to email content to be converted, then emailed back to you for free. Yes, free.
    4. Using the basic web browser, you can pick any web-based file that is compatible with the Kindle and it will download it just like if you purchased it from Amazon. There are plenty of websites that cater directly to the Kindle, and there is a huge drive to make Project Gutemberg and others fully compatible with the Kindle.
    5. Amazon charges you for subscribing to feeds. Or you can use the free tool at Feedbooks. These clever people figured out a way to package an RSS subscription as an eBook, and it has an auto-update link. Open the book from your Kindle, click on Update and it downloads a new version of the file. Tedious? Sure, but it is free.
    6. Annoyed about having to connect to your PC just so you can move your content into your Kindle? Don't feel like paying the 10-cent tax? Easy, simply dump your eBook files into a folder in your website, password protect it if you are paranoid, then open it from your basic browser. You can now download your own books from anywhere, which is great if you don't like clutter or in case you delete the wrong book by accident.

    Now, of course, it sucks if you are trying to make a buck selling eBooks for the Kindle outside of Amazon and you are using a format that requires the ID of your device. If all you want to do is sell the content, then you might as well go to http://dtp.amazon.com/ [amazon.com], list your books for free and let Amazon do all the work in exchange for a cut of the action. Amazon will not charge you for access to the DTP area, or for listing your books, they only take a cut of your sales.

    I emailed Amazon's Kindle Feedback address earlier this week to complain about not being able to upload my own files to the storage area (one of my favorite features is that I can re-download my content at will), expecting to get a canned response. I actually got a person to reply to me, so it looks like at least some of those emails are being read. The person that replied hinted that maybe I wanted to send my files through the 10-cent tax generator, but he would still pass my message to the powers-that-be.

    The one thing that is still completely unacceptable is that the Kindle client for the iPhone only works with purchased work, you can't add your own books (yet) unless you jailbrake your phone.

  • by SputnikPanic (927985) on Thursday March 12, 2009 @03:26PM (#27172455)

    Just to clarify: You are NOT locked into getting all of your reading material from Amazon. You can basically read ANY non-DRM'ed e-book on Kindle, regardless of where it comes from.

    There are probably a hundred thousand DRM-free books that you can get and load to your Kindle, if not more. Sure, a lot of it is public domain but there are publishers like O'Reilly that are putting e-books out there with no DRM. There are also DRM-free e-books you can get from Tor or Baen, some of which are "no cost" free as well.

    I've got a Kindle and I can count on one hand the number of books I've actually bought on Amazon.

  • by name_already_taken (540581) on Thursday March 12, 2009 @03:31PM (#27172539)

    Car companies often control the supply of replacement parts.

    Car parts for newer models are often only available from the Original Equipment Manufacturer for a limited time due to licensing agreements between the car maker and the parts makers and the fact that aftermarket parts manufacturers have to tool up to make the new parts.

    In the USA the Federal Magnusson-Moss Warranty Act of 1975 made tying of the parts to the warranty illegal. The car maker cannot require that you buy their parts or supplies (like Toyota-brand oil or wiper blades for example), and they cannot void your warranty because you used aftermarket parts or supplies unless they can prove that the aftermarket part caused the failure of the vehicle.

    What if I modified my car then release the notes on a web page. Could the manufacture DMCA it down?

    What part of your car is a technical measure intended to protect access to a copyrighted work? None. Plus, a car is real physical property - you can do whatever you want with it. If you do something with it that causes it to break, and you show other people how to do it, you'll just be left with a void warranty (if it was still in effect), but there's not much the car makers can do to make you stop showing others how to break their own cars.

  • Re:First Sale My Ass (Score:4, Informative)

    by DrLang21 (900992) on Thursday March 12, 2009 @03:36PM (#27172625)
    The firework manufacturer can't go after you for using the fireworks you buy contrary to the instructions. The State makes laws regarding the use of fireworks to prevent physical injury or death to innocent bystanders and damage to other people's property.
  • by Gizzmonic (412910) on Thursday March 12, 2009 @03:55PM (#27172943) Homepage Journal

    I'd leave it at -1 if I were you...sure, there's a bunch of racist and homophobic trolls, but there's also some insightful flamebait that Slashdot mods get too touchy about. Also plenty of hilarious random shit like cookie recipes and weird stories.

  • Re:Exactly (Score:4, Informative)

    by enrevanche (953125) on Thursday March 12, 2009 @03:57PM (#27172995)
    xpdf [foolabs.com] has a utility you can use called pdftotext
  • Re:First Sale My Ass (Score:3, Informative)

    by Americano (920576) on Thursday March 12, 2009 @04:00PM (#27173039)

    Amazon is using DRM to force people who purchase a Kindle from only obtaining content from them.

    100% wrong.

    Amazon is doing the exact same thing Apple did until just recently with the iTunes store and the iPod:

    • You buy from them, and the file you download is DRM'ed.
    • You want to load your own un-protected content in a supported format, you're welcome to.
    • You want to load protected content in an unsupported DRM format, you're going to be SOL.

    What this script does is address the third issue - it allows you to download content from elsewhere in a DRM-protected format, and load it on the Kindle. The script makes it slightly less restrictive than an iPod was (think download from Zune store, load on an iPod), but the essential model is the ipod / itunes store model.

    I'd love to see it all be unprotected, and available to any device that wants to load it, but this script doesn't address that issue at all: Buying DRM'ed books from a source other than Amazon is still buying DRM'ed books.

  • Re:Exactly (Score:4, Informative)

    by locoluis (69948) on Thursday March 12, 2009 @04:22PM (#27173429) Homepage Journal

    Oh, here's a catch.

    Some PDF creators link the character for each font to the internal representation in order of character appearance, not in Unicode order. This means that things like pdftohtml, screen reading or even plain copy/paste no longer work, as they yield gibberish instead.

    For example, the string:

    "This is a PDF test."

    Would get stored as something like:
    0,1,2,3,4,2,3,4,5,6,7,8,4,9,10,3,9,11

    And pdftohtml yields something like:
      !"#$"#$%&'($)*#)+

    Oh, and each typeface gets a distinct ordering, so the same string in different typefaces would probably get encoded differently...

    In order to decode this you have to both read the actual graphical characters AND know which typeface is used in each segment of text. Which is a PITA. Otherwise, you're lost.

    OCR may or may not be of any help, depending on the typeface used...

  • by westlake (615356) on Thursday March 12, 2009 @04:30PM (#27173565)
    But our personal right to do what we will with our property trumps Amazon's business model

    No it doesn't.

    Property rights are shaped by Criminal Law. Administrative Law. The Law of Contracts. The Law of Torts.

    There are many, many, things you can own but can't use or modify without restriction.

    If you crack open a sealed appliance your warranty goes poof. If you fry the neighbor's kid when he touches the stainless steel case, you go poof.

    You have a house to rent.

    What you don't have is a Certificate of Occupancy. Because you were too cheap to hire a plumber to fix the drains.

    Your car has a valid registration. It has been inspected. You have a driver's license. You have insurance. Your loan payments are up-to-date.

    Unless all of these things are true than your car is going nowhere but to the impound lot or the repro man.

  • by shutdown -p now (807394) on Thursday March 12, 2009 @04:32PM (#27173593) Journal

    Hardcovers will still be around: in fact, I suspect we'll see publishers start to include e-book copies of the text as a way to entice people to buy the very profitable hardcovers.

    They already do that to various degrees. For example, a "C# Programming Language (3rd edition)" hardbook I've purchased recently came with an access code for a free 2-month subscription to that particular book on O'Reilly Safari [safaribooksonline.com]. Sometimes it's the other way around - I recall purchasing a few technical ebooks where they give you a discount if you later purchase the printed version.

  • Re:DMCA TAKEDOWN! (Score:5, Informative)

    by xeoron (639412) on Thursday March 12, 2009 @04:33PM (#27173609) Homepage
    Updated version of the code, azw-0.2.zip, is here: http://skochinsky.googlepages.com/azw-0.2.zip [googlepages.com].
  • Re:Ah, Python! (Score:1, Informative)

    by Anonymous Coward on Thursday March 12, 2009 @04:38PM (#27173695)

    Thank you for demonstrating why whitespace-significant languages suck.

    I don't get it. All the whitespace came in fine over here.

  • Re:I love my Kindle (Score:4, Informative)

    by metamatic (202216) on Thursday March 12, 2009 @04:41PM (#27173731) Homepage Journal

    Yes, it ties me to only purchasing books for it from Amazon

    No it doesn't. You can buy DRM-free e-books from fictionwise.com in Kindle-compatible .mobi format that you can just copy onto your Kindle via USB.

  • by Oscar_Wilde (170568) on Thursday March 12, 2009 @05:37PM (#27174519) Homepage

    The iLiad Book Edition [irextechnologies.com] is a good choice. The hardware is nice and the firmware is open source. It's also very expensive.

    You could also look at the BeBook [mybebook.com]. It uses the same 6" panel as everyone else, has excellent wide and open format support and the firmware is open source. It's also sold under many other names, Hanlin V3 being the most common.

    I've bought a BeBook. It should last me long enough that a better and probably cheaper generation of devices will come out. There's no need to go for the top of the line models now, the technology is changing too fast.

    If your primary motivation is reading not fiddling then don't bother with wireless and touch panels yet. They cut the battery life from several weeks to a few days on every model that has them.

  • Re:Exactly (Score:2, Informative)

    by Jace Harker (814866) on Thursday March 12, 2009 @05:39PM (#27174555) Homepage

    Where did you hear that there is no native support for PDF's?

    You can easily load PDF's to the Kindle.

    These are not equivalent. "Native" support means that you could put a .pdf file directly on the Kindle (via USB), and the Kindle would be able to open it. What the Kindle actually does is, you can email a .pdf document to something@kindle.com, and Amazon's software will attempt to reflow and convert the .pdf document into .azw format. The Kindle does NOT support .pdf natively.

    This python script creates a hash to make the Kindle think that .mobi files (Secure Mobipocket books, a competitor of Amazon's for this market) are native Amazon books. After you get a hash from kindlepid.py, you run kindlefix.py on your .mobi file with your hash, and it produces a .azw file which the Kindle then thinks is one of its own book formats.

    This is incorrect in several ways. First, the non-DRMed .azw [mobileread.com] format is almost exactly the same as the non-DRMed .mobi [mobileread.com] format. It simply has a different extension. The encryption used for DRM may be different, but the Kindle is certainly capable of opening DRMed .mobi files natively. You can bet that Amazon is paying a licensing fee to Mobipocket.

    Now, here's how mobipocket DRM works. Your device (Kindle, Bookeen, etc.) has a unique ID number. When you buy an ebook from a site (ie. Fictionwise), you input this ID which is then incorporated into the encryption of the file. Thus, that device will be able to open that file. Any file can be viewed by up to 6 different devices. For most devices, the ID is known to the user. With the Kindle and Amazon, all of the above is handled automatically, so the user does not NEED to know the ID when buying from Amazon.

    The script in question, kindlepid.py, simply reads the ID number of the Kindle in question and prints it out for the user. It's worth noting that the official Mobipocket Desktop software version 6.0 could also do this, at least for the Kindle v1.

    Now, using the ID, it is possible to buy encrypted .mobi ebooks from other vendors (ie. Fictionwise) with the Kindle added as an "approved" device. The Kindle can read these files, but won't unless a "read-approval" bit is flipped in the file. This can be done by a second script, kindlefix.py.

    What's curious and kind of ridiculous about this situation is that if either of these scripts is circumventing DRM, it would be the second script, kindlefix. However, the DMCA takedown notice apparently targeted the FIRST script, kindlepid, which only prints information that you could already get using official Mobipocket software. That's why Amazon's whole approach in this case seems ridiculous at best.

    In any case, I think that from Mobileread's point of view this was probably the best response.

  • by pilot1 (610480) * on Thursday March 12, 2009 @05:59PM (#27174881)

    And THEN you go out of your way to piss off the purchasers by screwing them from using anything but your overpriced content AFTER they just handed you money? Yeah, good luck ith that.

    I haven't read TFA, of course, but I know for a fact that you can use any content on the kindle as long as it's in one of several formats. Something like html, txt, prc, and mobi, the latter both being ebook formats available from many places. What you can't do is use DRMed content from places other than Amazon, which is what you should expect anyway.

    What this script allows you to do is buy Mobipocket books with DRM from places other than Amazon.

"Consider a spherical bear, in simple harmonic motion..." -- Professor in the UCB physics department

Working...