[FFmpeg-devel] libavformat patch that brute-forces aax encryption
William Shipley
willrandship at gmail.com
Wed Jan 25 04:48:00 EET 2017
I made a small modification of libavformat that bruteforces the 4-byte code
used in audible encrypted files. It automatically runs if an aax is passed
(always encrypted) without the code provided. Previously, it would tell the
user the code was needed and exit.
It takes between 5 and 10 minutes to crack it as currently implemented,
upon which it performs the specified task (conversion, content extraction,
etc) and outputs the decryption key on the console.
Is there any interest in including this upstream? If it's a code quality
issue, I'm open to suggestions, but if it's felt that this is outside the
scope of the project or legally risky then I understand.
I didn't do any kind of reverse engineering or anything legally gray as far
as I know, just noticed that it's literally a 32-bit key after the fixed
key is in place (which was already in ffmpeg code). I used a legally
obtained aax from my own audible account to test it, even.
The key it outputs is the same key you get from tools like
audible-activator. It's basically a user ID for a login.
I currently have a fork up on github here:
https://github.com/FFmpeg/FFmpeg/compare/master...willrandship:master
I'll generate a patch file if you're interested.
Thanks,
William Shipley
More information about the ffmpeg-devel
mailing list