Support Vital Source formats.

[ian5142]

Can Vital Source formats be supported in the future? Information on the format and other deDRM stuff: http://www.mobileread.com/forums/showthread.php?t=258568 http://www.mobileread.com/forums/showthread.php?t=247450 http://www.mobileread.com/forums/showthread.php?t=253258 https://www.reddit.com/r/HowToHack/comments/43k7tq/remove_drm_from_vbk_vitalsource_bookshelf_books/

[apprenticeharper]

It looks like the protection has been changed to stop those methods working.

[ian5142]

I was able to convert it using a free shareware program that added a watermark to every page, while using an old version of Vital Source Bookshelf, 6.2.0 I believe.

[apprenticeharper]

This isn't a high priority for me. If someone else comes up with something, I'll happily add it to the tool archive, but I won't be working on it myself at the moment.

[tmeza02]

Please consider working on this project. @GMMan any ideas?

[GMMan]

Well, I have my own tools to manipulate VBK files, but I do not wish to be sued by releasing them. The previous tools I've released were completely clean implementations that took advantage of oversight rather than operating on the format directly, and I don't think it's possible to work with the format without infringing on VitalSource's copyright and patents in some way.

[stevenbedrick]

+1 for adding VBK support... re: copyrights & patents, surely there's a solid Fair Use argument to be made?

[keoyeop]

Any news on this?

[apprenticeharper]

No news here, but I haven't been looking. As I said, I'll happily include a solution in the tools, but I have no interest in developing such a solution myself. All my spare time is currently spent on maintenance.

[ghost]

Well i had my own way to convert vitalsource book to pdf ebook .. but will be images instead of text so the size is big .. anyone who interested in converting a book on his account email me lopesta@mail2try.com .. and i will upload the file pdf for him . high quality images pdf is the output . unless its epub source which will be readable but not that so good layout pdf.

[ian5142]

Why doesn't lopesta send apprenticeharper the method he uses? At least then apprenticeharper can see if he can use the method.

[zeronullempty]

interested in this still

[GMMan]

Publicly releasing keys is a silly thing to do, IMO. They weren't that aggressive prior to the keys being put out in the open.

[GMMan]

Scroll up, and you may notice that I've posted two years ago. I had good reason not to release anything that works on the format directly, but instead work through side channels. I've been following the format since 2014, and they really only started changing keys over a year after I released my side channel tool. Keys generally lasted for a year or so, until you started releasing them, in which they went through three or four sets of keys in several months with increasingly paranoid protection implementations. Publicly releasing keys might have helped people at the moment, but doing so has made the future unnecessarily difficult. I would just release the format specs and some hints that allow interested people to figure things out themselves. VitalSource is (or has) been reactive. If you don't give reason for them to suspect their keys have been compromised, they generally won't change things. But it might be a bit too late for that now.

As for the keys, the public key you're talking about is the signing verification key, which does not need to be guarded very carefully. The license decryption key used to use the same obfuscation, but they added an additional layer of code obfuscation on top of that. Now it appears to be double encrypted with some colors system they're introducing.

As for your code, it wasn't really that good. Not sure whether you've figured out how to read NTrees and XTrees properly, and how to reconstruct the internal files back into a proper XML document so you can extract the correct key instead of trying each. It may have been the first public program (it's actually not, but I can give it to you on technicalities) to operate on the format, but it was quite lacking in understanding of the format.

I guess what I'm trying to say is, as much as it's nice to help others, sometimes you should be more prudent and not make things difficult for others in the future. You could have e.g. released a roving license file decryption service on Tor, but you chose to loudly announced at VitalSource telling them "hey we've got your keys, change them all now".

[GMMan]

I think a web service would have been feasible. You could impose daily limits on how many books decrypted, and file size wouldn't have been an issue because you'd only need the licence file. For individual books you could have a controlled load of the decryption routines written in JavaScript and done it locally on the browser. The copyright concerns are void considering you gave everyone the keys with your script.

BTW, if you want to get deeper into the format, I suggest reading VitalSource's patents and download a specific old version of the Mac client from archive.org.

[orazios98]

do you have some news?

[dkwo]

@GMMan @I1RtNTcmMPuY9XKL I have a license.vbk and a book from March 2019, which seem to use the 'win4' key (I had downloaded them using Windows 7 app). If that key and app are now obsolete, would you consider privately sharing the key? Otherwise, where can I find hints to extract it for the app?

[orazios98]

@GMMan @I1RtNTcmMPuY9XKL I have a license.vbk and a book from March 2019, which seem to use the 'win4' key (I had downloaded them using Windows 7 app). If that key and app are now obsolete, would you consider privately sharing the key? Otherwise, where can I find hints to extract it for the app?

I also have a license.vbk and a book, but my private key is 'win6', do you have some news about ypur win4 key?

[purplebooks962]

@GMMan @I1RtNTcmMPuY9XKL I have license.vbk and 9 books from October 2019 which seem to use win7 key. Would you mind manually assisting me to decrypt the eBooks please.

[GMMan]

Geez they've been booking it with the keys. I dunno who's keeping track of any of them, but FWIW I've moved on to publishers' own platform that have low or non-existent security.

[purplebooks962]

Any news?

[dedededrm]

If @I1RtNTcmMPuY9XKL (or @GMMan or anyone else) would like to leave some info about how format specs and/or any other hints I would be happy to spend time on looking at this. My immediate need is a "win6" private key...

[Nico1320]

I have a vbk3 from Bookshelf (Mac); I used an https decrypt to download it, is there any chance of decrypting it atm?

[jasii]

I just got a book from Jan 2020 needing a win11 private key. How do we retrieve the private keys?

[contracode]

@jasii I'm trying to figure out the same thing. Were you able to find out how to retrieve the PK?

[jasii]

@contracode I haven't, I've just been using my book with the VS software. The VS software is terribly slow and buggy. I would love to be able to convert to an actual PDF that I can actually use.

[Stargate2021]

I bought an ebook and I need a win8 private key. Has someone any hint how to retrieve it? Thanks in advance

[contracode]

I bought an ebook and I need a win8 private key. Has someone any hint how to retrieve it? Thanks in advance

@Stargate2021 - I think that the application binary needs to be decompiled and deobfuscated to retrieve the PK. I have not been able to do this, but this is where all of my research points to.

[lewis-tan]

BTW, if you want to get deeper into the format, I suggest reading VitalSource's patents and download a specific ol

@GMMan is there a way that I can private message you. I need help with understanding the you know what file to get the ... for the data. I just need a pointer. I will watch this channel everyday until I am sure there won't be any reply. Thanks.

[contracode]

@lewis-tan You need to decompile the VS reader application which will have a private key embedded within. It is a binary decompilation and deobfuscation exercise to get the private key.

That exercise is non-trivial. I have done research and have not been able to figure out even which tools to use to accomplish this.

[lewis-tan]

@contracode thanks so much for your reply.

[Seannyking]

Hello @I1RtNTcmMPuY9XKL What debugger/decompiler did you use? Just out interest is arxan /digital.ai on new UWP Bookshelf or the old windows 7/8 version? Thank you. Just to let you know I have Instructor account so can get any book. Would this make it worth decompiling to get the key, if you can share the key privately with me and script?

[choperlizer]

Any updated hints on this thing?

[multitrack-collector]

Nah