Archive for May, 2009

Sated by Gene Wolfe

Some weeks ago I have started to read Gene Wolfe’s short stories that are in my possession. A progress report can be found on this special page.

Although I greatly enjoy them, the time is near when I have to drop them and read something different. Gene Wolfe has a special style and he has produced amazing stories, however, my mind is longing for something new and there is a rather long list of classic SF and Fantasy novels waiting for me. I will finish Starwater Strains first and then start with some other stuff. Just recently I have ordered the new book from China Mieville The City and the City, which sounds very intriguing. If you have some money to spare you should have a look at the limited edition from Subterranean Press. I am a great fan of this publisher but I can’t afford $75 (or $50 + shipping when ordering through Amazon + EC custom, which in total amounts to roughly €50). Or maybe I could afford it but I rather spend my money in ice cream. 0


Read Full Post »

eBooks and DRM (3) – eReader

Last time I looked at the DRM implementation of the secure MobiPocket format. Now it’s time to see how eReader has done the homework.

First of all kudos to the Dark Reverser who has written a python script that shows how the DRM protection works (google for eReader2Html). Without him this article wouldn’t have been possible.

For a brute-force attack to succeed, the number of tested combinations shouldn’t be higher than ~ 40 bit. Even this would require a lot of compute power but it’s manageable.

eReader requires that the user enters two information to unlock a protected book: his name as it appears on the credit card and his credit card number. After some preparation two CRC32 checksums are created and used as input (64 bit). Let’s stop here for a while. The first CRC32 checksum can’t be predicted. Even after some transformation, the possible combinations are endless. The second part is different, we are talking about a credit card number from which the last 8 digits are used. Instead of 2^32 different numbers, this results in less than 2^27 only, so in total there are ~ 2^59 combinations (59 bit).

The eReader file is encrypted using the DES algorithm. An encrpyted key (which is stored in the DRM section of the file) must be decrypted using the 64bit input from step 1. This provides the real key with which the file can be decrypted. Before the decryption starts, a sanity check is done using an SHA-1 message digest.

Different things could be done to attack the protection scheme:

1. Brute-force to find the correct decryption key

As mentioned, not the whole 64bit range is used but only 59bit. This is still a lot – for the Mobipocket DRM protection only 41bit had to be tested. The SHA-1 digest can’t be cheated due to the avalance effect. A slight change will cause the entire digest to change and not only parts of it. I did a test with a simple python script and could create ~ 400’000 digests in 1 second – a brute force test with today’s hardware is completely absurd, even when using a program optimized for speed instead of the python script. On top of the digest creation we have to include the time to decrypt the stored key, which has to be done first and needs time as well.

2. Brute force using knowledge about the encrypted file

As we have seen in point 1, a pure brute-force attack is useless. However, the files are in a markup lanuage called PML and each section is compressed with zlib. If a pattern could be found, it would be enough to decrypt the first bytes and test if the key is valid. Obiously the first character is always a backslash so that the first 2 bytes of the compressed file are 0x78 and 0x9C. Another check could be to look for invalid characters – only printable ASCII characters would be allowed in the file. This would require a decryption of the first part of the file (which takes time). Unfortunately, and that’s the decisive factor, it’s not possible with such an approach to reduce the number of combinations that have to be tested so in worst case 64bit combinations must be tested.

3. Attacking the SHA-1 algorithm

The SHA-1 digest stores a hashsum of the encryption key. The hashsum has 160 bits and no brute force attack is known that would bring down the number of combinations to a reasonable number.


The protection used in the eReader withstands brute-force attacks.

Read Full Post »

Last year one of my goals was to read the Bible starting with the New Testament – for whatever reason I didn’t make it and stopped with Romans. I felt it’s time to finish what I have started and this brought up two questions.

Which program to use for bible reading on the Pocket PC

A quick survey revealed three candidates.

  • Pocket e-Sword (homepage)
    This program is available for free together with many bible versions (commercial and free). The layout is great and it’s easy to use, however, I don’t like that the presentation is verse-by-verse. If you use a real bible, verses are joined together to form paragraphs, which improves the understanding of passages. Another thing I don’t like is that commentaries are only shown for one verse and not as continuous text covering multiple verses. This makes it difficult to scroll up and down to review things that have been said somewhere else.
    What I really like is the way how bible versions can be compared or read in parallel. Another advantage is that MANY versions are available, including the brand new International Standard Version.
  • OliveTree (homepage)
    To be honest, the GUI didn’t convince me. The idea with the buttons in the scrollbar is nice, but they haven’t been placed perfectly. Especially when one is used to Pocket e-Sword, the program feels awkward. Apart from that, the feature list is long and I am sure that many users will like it.
  • PocketBible (from Laridian)
    This program was the last I have tested and quickly jumped to the top of my list. The interface is fully customizable, especially the toolbars. Navigating through the bible texts is easy, although I sometimes got lost while switching from one window to another. Footnotes can be turned off to make reading easier. I really enjoyed the feature that allows to find a verse in all commentaries. This will show the first part of each commentary on the selected verse. I would love to see something like “prefered commentary” that allows to change quickly between the bible and the study notes. Maybe in the next version.
    The Gold package – if you can afford it – has everything you need to get started with serious study: different bible versions, the incredible Bible Knowledge Commentary and the Complete Word Study Dictionary (2 Volumes). If this is too expensive for you, choose the Bronze package (you WANT different bible versions, believe me) + the Bible Knowledge Commentary. Later, when you wish to understand the meaning of the original words, come back and order the Complete Word Study Dictionary (2 Volumes).

All three programs are available for free or as demo.

Which bible version to choose

After I have found the best program for the Pocket PC, the old question about the best bible version came up again. In my old blog entries I have finally choosen the ESV but after further studies I decided to reconsider. I was surprised how odd the English is and I have found the advise that the NASB would be the prefered edition for a literal translation although it is harder to read. betterbibles.com gives many examples and shows why literal translations can mislead the reader. As a starter it makes more sense to use a translation that reads fluently so it finally came down to:

The ISV is quite new and would probably be my first choice IF it would have been available for the PocketBible program. The TNIV and the HSBC seem to be on par but after browsing the internet I was surprised that the HSBC seems to enjoy a growing popularity and is respected for the un-biased translation. I glanced at some passages and I think I can’t go wrong with it. It’s good to have the other in the background though together with the bible commentaries to put everything into the right context.

Now starts the important task: to read the bible.

Read Full Post »