Tuesday, February 16, 2010

Decrypting Adobe Digital Editions 1.7.2 eBooks on Windows


My original post, which is preserved below for historical purposes but has its text struck through, was wrong in certain important details and quickly outdated in others, for which I humbly apologize. It was an attempt to help you cope with the release of the 1.7.2 update to Adobe Digital Editions. ADE 1.7.2 changed the way a crucial decryption key is stored when the ADE activation takes place — when, that is, you "authorize" your computer to use your Adobe ID and password.

Here is the latest (hopefully correct) information, which is fleshed out in iPhone: Reading Adobe/EPUB eBooks:

There is now (see Step 4 in iPhone: Reading Adobe/EPUB eBooks) a new version (v.4.3) of the ineptkey Python script for Windows users, the purpose of which is to derive a key to decrypt Adobe eBooks, and also a brand new ineptkeymac Python script (v.1) for Mac users, the purpose of which is the same.

Either the ineptkey v.4.3 Python script for Windows users or the new ineptkeymac v.1 script for Mac users will produce an adeptkey.der output file that can be input to version 2 of the ineptepub script. v.2 has been the "standard" ineptepub version for a long time now, and it is again. The purpose of ineptepub is to use the key generated by either ineptkey or ineptkeymac to decrypt Adobe eBooks.

Windows or Mac users can alternatively use ineptepub_auto_version3.pyw (v.3 of ineptepub) or aineptepub.pyw (v.4.1 of ineptepub, which is different from v.4), both of which decrypt whole folders/directories of Adobe eBooks rather than just a single Adobe/EPUB file.

Version 4 of ineptepub does not
work with ineptkey v.4.3, the latest ineptkey version, but only with ineptkey v.4.2, which is already obsolete ... as ineptepub v.4 is likewise already obsolete.

While ineptkey v.4.2 was current, it generated an adeptkey4.der (not adeptkey.der) file in a different internal format than adeptkey.der. That file was intended for ineptepub v.4. When ineptkey v.4.3 came out, I mistakenly told readers in my original post below to input its output file to ineptepub v.4, which led to "index out of range" errors.

Any adeptkey.der file that was generated prior to ADE version 1.7.2 is no longer usable with eBooks downloaded with ADE 1.7.2. Even though it's the right format for ineptepub v.2, it will produce a "problem decrypting session key" error when used with ADE 1.7.2-downloaded books. It will work only with books downloaded with ADE 1.7.1 or earlier.

Users that have an old adeptkey.der file that was generated while ADE 1.7.1 was active can, if they wish, hold onto it and use it to decrypt books that they downloaded before the ADE 1.7.2 update. Or they can re-download those books in ADE 1.7.2 and use a newly generated adeptkey.der file, from ineptkey v.4.3 or ineptkeymac v.1, to decrypt the newly downloaded books in any version of ineptepub other than v.4. I recommend the latter course, as it avoids having to keep track of which books were downloaded with which ADE versions.

Again, sorry for all the mix-ups,


* * *

The original post:

Adobe Digital Editions 1.7.2 tosses a monkey wrench into the procedure for decrypting Adobe eBooks that I described in iPhone: Reading Adobe/EPUB eBooks. Using that procedure as originally described can produce

Error: problem decrypting session key

instead of decrypting an eBook.

First I'll give the remedy, then I'll explain.

This post applies, by the way, to Windows platforms, not Macs. Although ADE 1.7.2 can cause similar problems for Mac users, I will publish a general solution for them in a later post. Neither of the two new Python scripts I am about to discuss works on a Mac.

The remedy for Windows users is to download and use ineptkey.pyw version 4.3 and ineptepub.pyw version 4 instead of earlier versions of the Python scripts ineptkey.pyw and ineptepub.pyw, respectively. To get the new versions, just click on the two links just given. Each will download a zipped version that, if your browser doesn't unzip them, must be unzipped manually to yield the files ineptkey_v43.pyw and ineptepub_v4.pyw.

Version 4.3 of ineptkey can cope with the changes made by ADE 1.7.2 with respect to what cryptographic encryption/decryption keys are stored in the Windows registry, and how they are stored. Working in tandem with ineptkey version 4.3 is the new ineptepub version 4. These two new Python scripts allow you to decrypt Adobe eBooks that you have downloaded using either ADE 1.7.1 (the older version) or ADE 1.7.2 (the current version).

If you followed the instructions in my earlier iPhone: Reading Adobe/EPUB eBooks post, you already have Python 2.6 installed in C:\Python26\python.exe. You need to open ineptkey_v43.pyw in that app. It will produce a file called adeptkey.der in the same folder as ineptkey_v43.pyw. (An adeptkey.der file from an earlier version of ineptkey will not work with the new version of ineptepub.)

adeptkey.der contains more than one candidate decryption key for ineptepub_v4.pyw to try, any time you open ineptepub_v4.pyw in C:\Python26\python.exe to decrypt a particular eBook. The new version of ineptepub figures out which candidate key works, and uses that one.

Keep in mind that you need to run ineptkey_v43.pyw2 just once, to generate adeptkey.der. You then run ineptepub_v4.pyw every time you want to decrypt a new eBook.

* * *

Now for a more detailed explanation: On or about Feb. 1, 2010, Adobe Digital Editions 1.7.2 replaced 1.7.1 as the version that new users received. At the same time existing 1.7.1 users started to get dialog boxes warning that they had 44 days to upgrade. If they clicked "Upgrade Now," then tried to use ineptkey.pyw and then ineptepub.pyw, they got

Error: problem decrypting session key

from the latter. (If they already had saved an adeptkey.der output file from ineptkey version 3, ineptepub version 2 still worked with that saved adeptkey.der file. In fact, you can continue to use that saved adeptkey.der file indefinitely with any version of ineptepub prior to version 4.)

Existing ADE users could, of course, delay upgrading to 1.7.2, but they had no way of knowing not to upgrade if they had not previously tucked away a copy of the adeptkey.der file. New users had no choice but to get ADE 1.7.2 right off. (You can tell what version of ADE you have by launching ADE and, assuming you do not get a dialog box telling you that you need to upgrade, going into Library View and choosing the About Adobe Digital Editions menu item. In the box that appears you will see a version number such as 1.7.2.xxxx.)

Adding to the confusion, there were many reasons why the "problem decrypting session key" error could crop up. For instance, if you generated adeptkey.der and then re-authorized ADE using a different Adobe ID, your new eBooks would not decrypt using the existing adeptkey.der. Instead, ineptepub would produce the same "problem decrypting session key" error. Figuring out what was causing the "problem decrypting session key" error when ADE 1.7.2 arrived was tough.

Thanks to the anonymous author of the new Python script versions, the problem has now been solved. The problem has to do with the fact that in the Windows registry, there is a bunch of ADE activation data stored for each authorization of ADE that is done. Prior to ADE 1.7.2, a crucial key, privateLicenseKey, was itself encrypted a certain way. Earlier versions of ineptkey simply decrypted it the same way and stored that single result in adeptkey.der.

As of 1.7.2, privateLicenseKey is encrypted a different way. The anonymous author of the new ineptkey script didn't know how to modify how it is decrypted, but he found another key in the registry, pkcs12, that could be used as privateLicenseKey had originally been used. So he simply passed both keys into the adeptkey.der file. The first key is correct for ADE 1.7.1, while the second works for ADE 1.7.2. The new ineptepub script can tell which one is working, and uses that one.