Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are Gemstar eBooks Crackable?

Posted by Cliff on from the tough-promises-to-live-up-to dept.

igaborf writes: "Last night on C-SPAN's BookTV (the only thing on TV Sunday nights worth watching other than The Simpsons -- sorry X-Files fans), Henry Yuen, chairman and CEO of Gemstar-TV Guide was touting the Gemstar eBook. In particular, he was telling the audience of publishers about the strong copy protection the product provides. But how strong is it? Briefly, each eBook reader unit has a unique embedded encryption key. When the reader is used to download a book, the book is sent in encrypted form and the key needed to decrypt the book is itself encrypted with the unit's own key. Clearly, if the decrypted book-encryption key is divulged and shared, copying the book would be fairly straightforward (albeit a violation of the DMCA). Of course, the decrypted book text itself could be shared. Their belief that neither scenario is likely seems to rest on the fact that the eBook is a closed system. I dunno, this doesn't seem like a particularly hard crack. Comments?"

5 of 13 comments (clear)

  1. yes by emc · · Score: 2

    Is it crackable?
    of course.

    How?

    try a 6 foot drop onto concrete.

    um, oh you probably didn't mean like that.

    sorry.

  2. Isn't this a defeatist question? by dmorin · · Score: 2
    Can it be cracked? I wouldn't be surprised. But ya know what? Why do you care? Of what benefit is it to make the publishers paranoid by continually telling them that their efforts to create eBooks are still crackable? I mean, do we want new technology like this or not? I do. I'm enjoying mine. I just downloaded a collection of Harlan Ellison stories I'd never read (yes I paid for them -- www.fictionwise.com). If these devices become either less available or more expensive because of knee-jerk reactions by the publishers over security holes, that'll be bad for us all.

    I don't think it's appropriate here to argue "white hat hacking". Is it your intent to look for holes in the device's security so that they can be patched? Or rather are you just trying to scare the publishers so that they don't put any security on their books at all?

    By the way, here's how the system works - you register your book and get back a userID. When you buy a book from powells.com, for example, they ask for that userID. Presumably they then go lookup your key on the RCA/Nuvomedia servers. I don't know whether they use symmetric (in which case just learning that key would be fine) or asymmetric (in which case that would be the public key and your private key stays on your device). Seems like the latter would be a bit more secure. There are free download places that don't encrypt their stuff, and at least one place makes you buy the stuff but never asks for your userID.

    There is a weakness in the model. Once I've bought a paperback, I can loan it to someone, or flat out resell it (although the latter is arguably legal). The idea being that once I shell out the money it should be mine to do whatever I want. eBooks do change this -- once I've bought a book it has to go on that device, and that's it.

    --
    www.HearMySoulSpeak.com
  3. I don't know anything about crypto by gmhowell · · Score: 2

    I don't know anything about crypto. But look at it this way: you have a stream coming into the reader. You should be able to set up a man in the middle routine. Intercept the streams going both ways. The stream going into the reader should be decryptable (crackable) because you can go into Borders, buy a book, or just copy a few pages.

    Unlike music, you should be able to get an exact copy of what the output should be (unless the display is like a pdf, instead of just parsing the raw text).

    Again, I'm no crypto expert, but, as they say in math, given the above, the proof is obvious (or, I think should be, given the amount of data you have to work with.)

    The real question about e-books (and the reason my mother rarely uses hers) is why does it cost so much more for an e-book than a hardcover? It's much more likely that I will loan my hardcover novel to 5 people than it is to send them a copy of an e-book. (Similar to e-music: why spend $3 a piece for a single, when I can spend $12 or so for the CD and have a transferrable medium?)

    --
    Jesus was all right but his disciples were thick and ordinary. -John Lennon
  4. Not quite like music by Cesium · · Score: 2
    E-Books are not quite the same as E-Music. The simple fact of the matter is, that if anyone wanted to spend the few hours it would take per book, it would be much much easier to simply scan a "real" book using a computer image scanner, and save the pages as jpeg's or gif's, and then tar/gzip them and distribute.

    The process would be made even faster with an auto-sheet feeder.

    The reason E-Book technology will stay unhacked for as long as it does is lack of incentive for anyone to spend the effort of hacking it.

    It's not like DeCSS, where some organization tells people they can read books, but only using their reader. The same book is available in other forms. Also, online books are popular with a slightly different demographic than online music... there's some overlap but reading a book is usually a slightly more cerebrally demanding task than listening to music.

    But this no-doubt will be hacked eventually, because some hackers out there will take it as a challenge when the backers of the technology say "this is hack-proof" to hack it. They may even do it just for fun, or because, as they say "it's there".

    The incentive to hack will also be reduced by the fact that most people still seem to prefer to have a real-live book in front of them when they read, than be staring at a computer screen, even if it's a TFT screen on an electronic book.

    But if anyone knows where I can get a copy of the sub-ethernet driven Hitchhiker's Guide to the Galaxy, I'd love to know! (I don't mean the book by Douglas Adams, I mean the Guide refered to in the book by Adams, of the same name. :)

    -Cesium

    --
    Have you hugged your consitiutionally guaranteed right to freedom of expression today?
  5. Answers by rjh · · Score: 4
    ObDisclosure: Last year I was employed by a San Francisco company which was competing with Gemstar for the ebook market. Specifically, my job was security and countersecurity--making sure that our ebook offerings were crack-resistant, and exposing weaknesses in other companies' offerings so as to give my firm competitive advantage. I am probably very biased here: take everything I'm saying with several (large) grains of salt.
    1. Is it crackable?

      The answer is an unqualified, unhesitant yes, it is. This shouldn't be a surprise, because any ebook on the market is crackable. The current state of the art in computer security allows two people, each of whom trusts the other to communicate in good faith, to communicate securely.
    2. What do you mean, "good faith"?

      If Alice and Bob want to talk privately, and Alice and Bob trust each other to respect the privacy of the conversation, there are wonderful tools (IPsec, OpenPGP, etc.) to facilitate secure communications. But if Alice and Bob don't trust each other to respect the privacy of the communication, there's no technology that will help. (Example: Alice suspects Bob is a shill for the NSA. Alice PGP-encrypts all of her emails to Bob. PGP won't help, though, because Bob will just decrypt the traffic and hand the plaintext to Fort Meade.)

      The good-faith assumption is at the heart of most cryptographic protocols nowadays. As soon as that goes away, so does security. Now, if you're selling ebooks, can you really possess any certainty that all the people who buy ebooks from you have proper, lawful motives at heart? Apparently not, because then you wouldn't need security, right? But if you can't trust your customers, what sort of security can you reasonably expect? -- These questions are equal parts rhetorical and realistic. There are no good, pat answers to them.
    3. So how can the Gemstar ebook be cracked?

      Given the DMCA's anticircumvention standards, I do not feel the political climate is safe to give specifics. (If any Congressional aides are reading this, take note of the chilling effect the DMCA has on frank discussion of technological issues.)
    4. In general, how can ebooks be cracked?

      1. Display drivers.

        If the signal gets sent to the PC screen at some point, that signal can be intercepted. Step through each page of the ebook, take a screenshot of each page, then run it through OCR to translate it into ASCII. Presto: you've stripped all watermarks from the book. There are some countermeasures, though--DVD decoder cards bypass the OS screen-drawing routines completely to render directly to the screen, precisely so that people can't take screenshots of DVD movies as they're being played.
      2. Pulling decryption keys

        It's really not very hard to do this. A computer program tends to possess very little real entropy. If you find a 16-byte block in a computer program which passes every statistical test for randomness, it's a decent bet that you've found a 128-bit key. Similar statistical analysis can find likely asymmetric keys. Once you've located likely places for the keys to be stored, it's pretty simple to pull the keys out.
      3. Reverse-engineering

        Once you reverse-engineer the reader, there typically no longer exists any security anywhere in the system. Reverse-engineering a Kerberos client doesn't get you very far in cracking Kerberos, because Kerberos access is controlled at the server level; but since nobody wants to connect their Palm Pilot to the Net every time they want to read Alice in Wonderland, ebook access is controlled at the client level. Reverse-engineering a client thus gives you control of the security mechanisms.
      4. Brute-force attacks

        Last year there were several ebook companies who were encrypting their text using severely broken cryptosystems. A 1024-bit RSA key provides no security when it's coupled with a 40-bit Blowfish implementation. 3DES provides minimal security when it's coupled with 512-bit RSA.

        The most critical problem with ebook security is that the security precautions must protect the content for the entire duration of copyright--which, at this point, is darn near eternal. Last year, one of our competitors (which was using a 40-bit key) announced that they were making their cipher "over sixteen million times more secure" by switching to a 64-bit key. Well, gee. Given Moore's Law, that means in twenty years 64 bits will be as easy to break as 40 bits today--hardly a good forward-looking security strategy.

    If anyone wants to talk to me further about this, feel free to email me. That's what my address is up there for. :)