Amazon Uses DMCA To Restrict Ebook Purchases

InlawBiker writes "Today, Amazon invoked the DMCA to force removal of a python script and instructions from the mobileread web site. The script is used to identify the Kindle's internal ID number, which can be used to enable non-Amazon purchased books to work on the Kindle. '...this week we received a DMCA take-down notice from Amazon requesting the removal of the tool kindlepid.py and instructions for it. Although we never hosted this tool (contrary to their claim), nor believe that this tool is used to remove technological measures (contrary to their claim), we decided, due to the vagueness of the DMCA law and our intention to remain in good relation with Amazon, to voluntarily follow their request and remove links and detailed instructions related to it.' Ironically, the purpose of the script is to make the Kindle more useful to its users."

Link to Script in Question

Link to the author's reverse engineering blog and script description:

Here.

Link to just the scripts Here.

Anonymous to avoid KarmaWhoring(TM)

DMCA TAKEDOWN!

[Philip+K+Dickhead]

Code is here:
http://skochinsky.googlepages.com/azw-0.1.zip

Mirror:
http://rapidshare.com/files/76138900/azw-0.1.zip.html

Add your own!

Re:DMCA TAKEDOWN!

[xeoron]

Updated version of the code, azw-0.2.zip, is here: http://skochinsky.googlepages.com/azw-0.2.zip.

Re:Torrent?

[QuoteMstr]

kindlefix.py

import prc, sys, struct
from binascii import hexlify

def strByte(s,off=0):
return struct.unpack(">B",s[off])[0];

def strSWord(s,off=0):
return struct.unpack(">h",s[off:off+2])[0];

def strWord(s,off=0):
return struct.unpack(">H",s[off:off+2])[0];

def strDWord(s,off=0):
return struct.unpack(">L",s[off:off+4])[0];

def strPutDWord(s,off,i):
return s[:off]+struct.pack(">L",i)+s[off+4:];

keyvec1 = "\x72\x38\x33\xB0\xB4\xF2\xE3\xCA\xDF\x09\x01\xD6\xE2\xE0\x3F\x96"

#implementation of Pukall Cipher 1
def PC1(key, src, decryption=True):
sum1 = 0;
sum2 = 0;
keyXorVal = 0;
if len(key)!=16:
print "Bad key length!"
return None
wkey = []
for i in xrange(8):
wkey.append(ord(key[i*2])> 8)) ^ byteXorVal) & 0xFF
if decryption:
keyXorVal = curByte * 257;
for j in xrange(8):
wkey[j] ^= keyXorVal;

dst+=chr(curByte)

return dst

def find_key(rec0, pid):
off1 = strDWord(rec0, 0xA8)
if off1==0xFFFFFFFF or off1==0:
print "No DRM"
return None
size1 = strDWord(rec0, 0xB0)
cnt = strDWord(rec0, 0xAC)
flag = strDWord(rec0, 0xB4)

temp_key = PC1(keyvec1, pid.ljust(16,'\0'), False)
cksum = 0
#print pid, "->", hexlify(temp_key)
for i in xrange(len(temp_key)):
cksum += ord(temp_key[i])
cksum &= 0xFF
temp_key = temp_key.ljust(16,'\0')
#print "pid cksum: %02X"%cksum

#print "Key records: %02X-%02X, count: %d, flag: %02X"%(off1, off1+size1, cnt, flag)
iOff = off1
drm_key = None
for i in xrange(cnt):
dwCheck = strDWord(rec0, iOff)
dwSize = strDWord(rec0, iOff+4)
dwType = strDWord(rec0, iOff+8)
nCksum = strByte(rec0, iOff+0xC)
#print "Key record %d: check=%08X, size=%d, type=%d, cksum=%02X"%(i, dwCheck, dwSize, dwType, nCksum)
if nCksum==cksum:
drmInfo = PC1(temp_key, rec0[iOff+0x10:iOff+0x30])
dw0, dw4, dw18, dw1c = struct.unpack(">II16xII", drmInfo)
#print "Decrypted drmInfo:", "%08X, %08X, %s, %08X, %08X"%(dw0, dw4, hexli

Re:Huh?

[canajin56]

This has nothing to do with loading unprotected DRM-free content onto your Kindle. Kindle can load Amazons proprietary DRM'd format, MOBI format, and .txt. Anything else you have to ask Amazon to please convert it to their secret format. However, MOBI files can be DRM'd. The Kindle can read DRM'd MOBI files. However, only if they were encrypted with its public key! This script allows you to view your Kindle's MOBI ID, so you can give it to an eBook service and buy a DRM'd eBook from them that will work on your Kindle. This is very bad for Amazon, as it means you can buy eBook from somebody who isn't Amazon!

Amazon is wrong on the law

[belmolis]

Leaving aside the issue of users' rights, as far as I can see Amazon is just plain wrong on the law and lacks legal justification for the takedown notice. What the DMCA prohibits is the distribution of tools for overcoming technical measures for protecting copyrighted materials. The first program generates a MOBI ID from a kindle serial number. The second program rewrites a non-Amazon ebook so that it contains the id that will allow it to work on the Kindle with the given serial number. Neither program modifies or copies the Kindle's software. Since the ebooks in question are not produced by Amazon, no material whose copyright belongs to Amazon is affected in any way. In other words, this software does not defeat any technical measure of Amazon's for protecting copyrighted material since Amazon has no copyrighted material at stake here. The DMCA is inapplicable, and the takedown notice invalid. Indeed, it is so clear that this software does nothing to defeat protection of copyrighted material that I would say that the takedown notice was issued in bad faith.

What this software actually does is allow for interoperability, which is explicitly protected by the DMCA.

Re:Huh?

[QuoteMstr]

IANAcryptographer, but public key cryptography is a no-brainer for this scenario. Amazon should have created an RSA keypair for each kindle sold. Amazon would keep the private key and put the public key on the Kindle. When selling an E-Book, Amazon would just encrypt the Mobi file with its private key. That way, it wouldn't matter if some third party obtained the RSA public key for a specific kindle --- all he could do with it pound sand, since Amazon would keep the private keys secure and internal.

Granted, I think the DRM is vile. But I can't understand why Amazon also implemented DRM so poorly.

(If you want to be able to let multiple people read the same Mobi file, do this: generate a random symmetric cypher key (K) and encrypt the E-Book with it, resulting in ciphertext B. For each Kindle you'd like to be able to read the E-Book, let its key be M1, M2, and so on. The file you send out contains K itself encrypted with M1, then K encrypted with M2, K encrypted with M3, etc., and then finally B. A kindle would try all the keys in the E-Book file and just use the first one that successfully decrypted B.)

Re:Exactly

[nahdude812]

Where did you hear that there is no native support for PDF's?

You can easily load PDF's to the Kindle. Not only can you mount the Kindle as a drive and copy the file that way, but when you buy a kindle, you get a something@kindle.com email address which you can email txt, htm, and pdf files to (as long as it's from a From address which you have whitelisted) - they will load it automatically to your kindle over its built-in 3G connection.

I loaded several Cory Doctorow books to mine this way.

This python script creates a hash to make the Kindle think that .mobi files (Secure Mobipocket books, a competitor of Amazon's for this market) are native Amazon books. After you get a hash from kindlepid.py, you run kindlefix.py on your .mobi file with your hash, and it produces a .azw file which the Kindle then thinks is one of its own book formats.

GP is almost certainly right, I find it unlikely that Amazon makes a profit on the Kindle device itself, they are relying on $10 books to cover the cost of the hardware and the contract with Sprint whereby they give you free 3G access. If you're buying your books elsewhere, Amazon's going to take a loss on the whole shebang, and that's most likely what they're trying to prevent (while counting on the fact that you can't get non-drm'd copies of most books such as in .txt, .pdf, or .htm format).

Re:First Sale My Ass

[Shakrai]

I'm missing something. Cell phones are the biggie. People complain about the contracts required and early termination fees with their $20 phone. But they aren't willing to pay the $200 retail price of that phone

Speak for yourself. When I was with a GSM carrier I paid full retail price for all my phones so I could get unlocked/unbranded ones directly from Motorola and/or Nokia. Do you think that my carrier gave me a discount or let me sign up without a contract because I did this? Pffft, fat chance. Nowadays I don't bother because I'm stuck in CDMA land (Verizon is the only carrier with decent coverage around these parts) and there's no such thing as an unbranded CDMA phone, so why pay full price for one if I'm gonna be locked into a contract anyway?

The carriers claim that the contracts are all about the subsidy but fail to offer an explanation for why the termination fee is the same regardless of whether they subsidize a cheap candy bar phone or a $600 smart phone. They fail to offer an explanation for why they don't offer you a contract-less way to sign up for postpaid service if you are willing to bring your own phone or pay full retail for one.

Fact it, the contracts are a ploy to lock you into their service. They stopped being about subsidies a long time ago.

Big Ado About Nothing

[pvera]

The purpose of the tool is not to allow non-Amazon content into the Kindle. Instead, it is to allow non-Amazon eBook sellers to be able to sell content for the Kindle. It has NOTHING to do with your ability as a user to bring content into your Kindle without paying Amazon.

I should know, I owned a Kindle 1 for 7 months and currently own two Kindle 2s (hint: if you only have one Kindle, don't show it to your wife and go LOOK HONEY, SEE HOW COOL THIS IS!!! because she'll immediately take over it and you'll end up buying a second one). I have had no issues bringing content into any of my Kindles:

1. Any content that I can read with Stanza and/or Mobipocket Creator (both free) can be converted into formats that can be read by the Kindle.
2. Amazon provides you with a unique email address to email content to be converted directly into your Kindle. 10 cents per conversion.
3. Amazon provides you with a second unique email address to email content to be converted, then emailed back to you for free. Yes, free.
4. Using the basic web browser, you can pick any web-based file that is compatible with the Kindle and it will download it just like if you purchased it from Amazon. There are plenty of websites that cater directly to the Kindle, and there is a huge drive to make Project Gutemberg and others fully compatible with the Kindle.
5. Amazon charges you for subscribing to feeds. Or you can use the free tool at Feedbooks. These clever people figured out a way to package an RSS subscription as an eBook, and it has an auto-update link. Open the book from your Kindle, click on Update and it downloads a new version of the file. Tedious? Sure, but it is free.
6. Annoyed about having to connect to your PC just so you can move your content into your Kindle? Don't feel like paying the 10-cent tax? Easy, simply dump your eBook files into a folder in your website, password protect it if you are paranoid, then open it from your basic browser. You can now download your own books from anywhere, which is great if you don't like clutter or in case you delete the wrong book by accident.

Now, of course, it sucks if you are trying to make a buck selling eBooks for the Kindle outside of Amazon and you are using a format that requires the ID of your device. If all you want to do is sell the content, then you might as well go to http://dtp.amazon.com/, list your books for free and let Amazon do all the work in exchange for a cut of the action. Amazon will not charge you for access to the DTP area, or for listing your books, they only take a cut of your sales.

I emailed Amazon's Kindle Feedback address earlier this week to complain about not being able to upload my own files to the storage area (one of my favorite features is that I can re-download my content at will), expecting to get a canned response. I actually got a person to reply to me, so it looks like at least some of those emails are being read. The person that replied hinted that maybe I wanted to send my files through the 10-cent tax generator, but he would still pass my message to the powers-that-be.

The one thing that is still completely unacceptable is that the Kindle client for the iPhone only works with purchased work, you can't add your own books (yet) unless you jailbrake your phone.

Re:First Sale My Ass

[DrLang21]

The firework manufacturer can't go after you for using the fireworks you buy contrary to the instructions. The State makes laws regarding the use of fireworks to prevent physical injury or death to innocent bystanders and damage to other people's property.

Re:Kindle is a piece of shit

[Gizzmonic]

I'd leave it at -1 if I were you...sure, there's a bunch of racist and homophobic trolls, but there's also some insightful flamebait that Slashdot mods get too touchy about. Also plenty of hilarious random shit like cookie recipes and weird stories.

Re:Exactly

[enrevanche]

xpdf has a utility you can use called pdftotext

Re:Exactly

[locoluis]

Oh, here's a catch.

Some PDF creators link the character for each font to the internal representation in order of character appearance, not in Unicode order. This means that things like pdftohtml, screen reading or even plain copy/paste no longer work, as they yield gibberish instead.

For example, the string:

"This is a PDF test."

Would get stored as something like:
0,1,2,3,4,2,3,4,5,6,7,8,4,9,10,3,9,11

And pdftohtml yields something like:
  !"#$"#$%&'($)*#)+

Oh, and each typeface gets a distinct ordering, so the same string in different typefaces would probably get encoded differently...

In order to decode this you have to both read the actual graphical characters AND know which typeface is used in each segment of text. Which is a PITA. Otherwise, you're lost.

OCR may or may not be of any help, depending on the typeface used...

Re:I love my Kindle

[metamatic]

Yes, it ties me to only purchasing books for it from Amazon

No it doesn't. You can buy DRM-free e-books from fictionwise.com in Kindle-compatible .mobi format that you can just copy onto your Kindle via USB.

Re:Kindle is a piece of shit

[pilot1]

And THEN you go out of your way to piss off the purchasers by screwing them from using anything but your overpriced content AFTER they just handed you money? Yeah, good luck ith that.

I haven't read TFA, of course, but I know for a fact that you can use any content on the kindle as long as it's in one of several formats. Something like html, txt, prc, and mobi, the latter both being ebook formats available from many places. What you can't do is use DRMed content from places other than Amazon, which is what you should expect anyway.

What this script allows you to do is buy Mobipocket books with DRM from places other than Amazon.