18 May 2019
I've been running a personal DNSCrypt server in Bangalore for the last 2 years. When I set it up, it was just a compiled version of dnscrypt-wrapper, which was the bare minimum setup I could do.
Supported eBook Formats Here is a list of supported eBook types. Adobe Digital Editions eBooks: even Kobo or Sony - (.ePuB,.PDF or ACSM) Barnes & Noble ePub eBooks: including nook study - (.ePuB) Secure eReader eBooks: those bought from Fictionwise - (.PDB) Amazon Kindle eBooks: examples of these are Kindle Mobipocket, Topaz or Print Replica - (.PRC,.MOBI,.AZW,.AZW1,.AZW4,.TPZ). Kindle Kids Edition Essentials Bundle including Screen Protector and Power Adapter. 4.7 out of 5 stars 163. 97 142.97 $142.97. FREE Shipping by Amazon. Expected to ship in 6 to 8 weeks. Amazon Kid-Proof Case for Fire HD 8 tablet (Only compatible with. In addition, on Windows and Mac, the default Kindle for Mac/PC key is added the first time the plugin is run. Continue reading for key generation and management instructions. Creating New Keys. Use this button to import existing ‘.k4i' key files. Key files might come from being exported from this plugin, or may have been generated using. The Kindle doesn't consume any power while asleep (if the wireless is off), and it will instantly awaken when turned back on. What's better — leaving the wireless on or off? Leaving the wireless on consumes power, so you have to charge your Kindle more often. Because most people don't have content being delivered continuously to the.
Since then, I've upgraded it to a distribution supported version, but recent changes in dnscrypt key rotation, I've been wanting to setup something automated as well.
The easiest way was to switch to the official DNSCrypt Docker image, which does both key generation and certificate rotation. Since my public key was already present in the DNSCrypt Server lists, I was not too keen to regenerate a new key.
The primary challenge was ensuring that the docker container picks up my existing keys without trying to generate new ones from scratch. It was basically 2 steps:
- Match the directory structure that the container expects.
- Invoke the container directly into
startmode while passing existing keys.
Directory Structure
I copied my keys (public.key, secret.key) to /etc/dnscrypt-keys and ran the following:
Then I ensured that the file permissions are matching what the container expects:
This is how the final permissions looked for the directory (/etc/dnscrypt-keys)
Running the Container
Then, I directly ran dnscrypt-wrapper container:
A 'Kindle sync' that works by having it mount itself as removable storage, so that you can simply copy files over, the same way you put your music on your Android phone. (Hell, maybe even a dedicated app would be good - one that looks like an orthodox file manager0, showing you your files on one side, Kindle on the other, and helpfully.
I pass a host path mount instead of creating a Docker Volume, since they can get deleted in regular docker prune.
Here, 10.47.0.5 is the 'Anchor IP', which Digital Ocean internally maps to my Floating IP.
The container comes up, generates new short-term keys and goes live:
Once the server was up, I verified connectivity with dnscrypt-proxy and it worked perfectly.
Future Scope
Right now, I have a single container that does 2 things:
- Certificate Rotation via a service that checks it every 30 minutes.
- DNSCrypt Service, which is accessible over the internet.
For (1) to work, it needs access to the Private Keys that are used to sign the temporary certificates that last 24 hours. Since both things are managed within the same container, the container ends up with both network and long-term keys access. This means, any RCE on the service can result in the long-term keys being compromised.
A simple fix for this would be to separate out the Certificate Rotation part into a separate 'mode' on the Docker Image, which can be called independently. This would allow someone to run certificate rotation on a second container using a scheduler, but with far more limitations (such as no network access). A common file-mount between both the containers can take care of sharing the temporary keys between the containers, and a simple unix socket on the shared-file-mount can be used to signal a certificate rotation (this triggers the dnscrypt service restart, so it picks the new cert).
Self-Guide for stripping the Audible DRM, in similar vain as my Kindle Self-Guide.
- Download the aax file from Audible website.
- Run the inAudible-NG Rainbrow crack table against the AAX file.
Easiest way is via docker:
The cool part about this is that the entire activation is done offline, and runs a Rainbow Table attack against the Audible DRM.
References
26 Mar 2019I run a non-standard Kindle configuration:
- Jailbroken (because I want to own the device, not rent it)
- Runs KOReader (because I want to read EPUBs and PDFs with reflow.)
- DRM Stripping (because I want to own the book, not rent it)
Since I don't do any of these often enough to automate it, this is a self guide to help me follow these steps the next time I have to do any of this. No guarantees of this being helpful to anyone else but me.
The lifehacker guide on how to jailbreak your kindle is a good starting point [archived]. The mobileread forums have the definitive guides. Also see this FAQ on the mobileread wiki.
Kindle K4i Location
(Most of these only cover modern paperwhite kindles)
Maintaining the Jailbreak
Sometimes, Kindle firmware updates will stop the Jailbreak. Search for your firmware on mobileread forums. See this link for the 5.8 series.
Kindle K4i Stored
Copy the .bin file to your kindle root directory and trigger a manual firmware update. That should reboot and re-affirm the jailbreak. To trigger a manual firmware update, go to the Kindle Menu and click 'Update'. If it is greyed out, check if the file was copied correctly, and try rebooting.
Once you have a jailbreak, the rest is mostly installing packages via MRPI. I keep a ready directory of packages I can copy as-is to my Kindle. The current listing is at https://paste.ubuntu.com/p/CXS5hYZdqc/ with most of it just being koreader.
koreader is a FOSS document viewer for E Ink devices that supports Kindle, Kobo, PocketBook, Ubuntu Touch and Android devices.
The primary 2 packages are:
Self-Guide for stripping the Audible DRM, in similar vain as my Kindle Self-Guide.
- Download the aax file from Audible website.
- Run the inAudible-NG Rainbrow crack table against the AAX file.
Easiest way is via docker:
The cool part about this is that the entire activation is done offline, and runs a Rainbow Table attack against the Audible DRM.
References
26 Mar 2019I run a non-standard Kindle configuration:
- Jailbroken (because I want to own the device, not rent it)
- Runs KOReader (because I want to read EPUBs and PDFs with reflow.)
- DRM Stripping (because I want to own the book, not rent it)
Since I don't do any of these often enough to automate it, this is a self guide to help me follow these steps the next time I have to do any of this. No guarantees of this being helpful to anyone else but me.
The lifehacker guide on how to jailbreak your kindle is a good starting point [archived]. The mobileread forums have the definitive guides. Also see this FAQ on the mobileread wiki.
Kindle K4i Location
(Most of these only cover modern paperwhite kindles)
Maintaining the Jailbreak
Sometimes, Kindle firmware updates will stop the Jailbreak. Search for your firmware on mobileread forums. See this link for the 5.8 series.
Kindle K4i Stored
Copy the .bin file to your kindle root directory and trigger a manual firmware update. That should reboot and re-affirm the jailbreak. To trigger a manual firmware update, go to the Kindle Menu and click 'Update'. If it is greyed out, check if the file was copied correctly, and try rebooting.
Once you have a jailbreak, the rest is mostly installing packages via MRPI. I keep a ready directory of packages I can copy as-is to my Kindle. The current listing is at https://paste.ubuntu.com/p/CXS5hYZdqc/ with most of it just being koreader.
koreader is a FOSS document viewer for E Ink devices that supports Kindle, Kobo, PocketBook, Ubuntu Touch and Android devices.
The primary 2 packages are:
Update_KUALBooklet_v2.7_install.binupdate_kpvbooklet_0.6.6_install.bin
Run ;log mrpi via search after copying them to re-install them if needed.
koreader
Hp w2207 lcd. Download the latest release from GitHub.
You should download the kindle5-linux-gnueabi package for modern Paperwhites. Unzip it to the copy directory mentioned above.
Aside: koreader has a linux appimage version for desktops, which I package for AUR.
DRM is inherently bad for users. If I switch my Ebook reader from Kindle (which are great as of today) toa Kobo tomorrow, I want my content to stay with me.
There are much better websites that explain the issues with DRM, so go visit: fckdrm.com, DefectiveByDesign.org, or EFF/drm.
Kindle K4i
The primary tool for stripping DRM from Kindle books is apprenticeharper's DeDRM Repo which works as a Calibre Plugin. If you are running calibre with Python 3 (such as via the calibre-python3 package on Arch Linux) - you should install the DeDRM plugin from the python3 fork. Compress the DeDRM_plugin directory into a flat-zip file and use that in Calibre.
Getting the Key
My current key is saved in pass:
pass show Keys/Kindle.k4i |jq
Save it in a file, which you can import to Calibre.
If you don't have the key or if the above isn't valid, see this comment on r/ebooks [archived].
Importing the Key
At the bottom-left of the plugin's customization dialog, you will see a button labeled 'Import Existing Keyfiles'. Use this button to import existing ‘.k4i' key files. Key files might come from being exported from this plugin, or may have been generated using the kindlekey.pyw script running under Wine on Linux systems.
I once did some trickery on the kindlekey.pyw application to get it working on my system, but I didn't take notes. If I ever do this again - AUTOMATE THIS.
Getting a copy of the encrypted book
There are multiple sources for you to try.
- Amazon website's My Content page is the easiest. It doesn't work for books with special typesetting - quite rare. Prefer this over everything else.
- Download via the Kindle for PC application (See next section).
- Get the KFX file from your Kindle device.
- Copy the KFX/AZW file from the Android/iOS application.
Kindle for PC
Stripping DRM for any medium is always a cat-and-mouse game. Amazon keeps changing the DRM format in every Kindle firmware update, which is why the recommended method is to use a known/older version of the Kindle for Mac/PC Application as your source. Matlab cracked version for windows 10.
Kindle Mac K4i
Note: The 1.24.3 release does not work on Linux. If you're on Linux, you must instead download the 1.17.0 release instead (sha256=14e0f0053f1276c0c7c446892dc170344f707fbfe99b6951762c120144163200).
- Install Kindle for PC. It does work on Wine. Make sure you download
1.24.3 (51068). I trust filehippo for this. The sha256sum for the installer isc7a1a93763d102bca0fed9c16799789ae18c3322b1b3bdfbe8c00422c32f83d7. - Install then launch it, and download the book.
- Go to
~/Documents/My Kindle Content - Find book by Last Modified Date.
- Run
calibredb add book.azw. If all goes well, the book should show up in your library, and you should be able to convert it.
I have a backup of my current Kindle files at http://ge.tt/75zk4Dv2 in case you need any of the files mentioned above. Checksums for the files are below, since ge.tt doesn't believe in HTTPS:
