On Tue, 24 Jan 2017 19:48:00 -0700 William Shipley <willrands...@gmail.com> wrote:
> I made a small modification of libavformat that bruteforces the 4-byte code > used in audible encrypted files. It automatically runs if an aax is passed > (always encrypted) without the code provided. Previously, it would tell the > user the code was needed and exit. > > It takes between 5 and 10 minutes to crack it as currently implemented, > upon which it performs the specified task (conversion, content extraction, > etc) and outputs the decryption key on the console. > > Is there any interest in including this upstream? If it's a code quality > issue, I'm open to suggestions, but if it's felt that this is outside the > scope of the project or legally risky then I understand. > > I didn't do any kind of reverse engineering or anything legally gray as far > as I know, just noticed that it's literally a 32-bit key after the fixed > key is in place (which was already in ffmpeg code). I used a legally > obtained aax from my own audible account to test it, even. > > The key it outputs is the same key you get from tools like > audible-activator. It's basically a user ID for a login. > > I currently have a fork up on github here: > https://github.com/FFmpeg/FFmpeg/compare/master...willrandship:master > I'll generate a patch file if you're interested. I'm fairly sure this is not really appropriate to put into a demuxer. Especially if it means that opening a file can hang for 5 to 10 minutes eating 100% CPU. It should probably be a separate file. (Could even be in FFmpeg's tools/ directory, so I'm not necessarily rejecting it for this project.) _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel