[22494] in bugtraq
RE: Programmer claims MS eBook Reader Cracked
daemon@ATHENA.MIT.EDU (=?KOI8-R?Q?=F2=D1=C7=C9=CE_=ED=C9=)
Mon Sep 3 01:35:11 2001
Message-ID: <4BE72DE5E4DED21198CE00A0C9CEE4903065E3@blackstar.extrim.ru>
From: =?KOI8-R?Q?=F2=D1=C7=C9=CE_=ED=C9=C8=C1=C9=CC_=E0=D2=D8=C5=D7=C9=DE?= <ryagin@extrim.ru>
To: "'bugtraq@securityfocus.com'" <bugtraq@securityfocus.com>
Date: Mon, 3 Sep 2001 11:04:17 +0600
MIME-Version: 1.0
Content-Type: text/plain;
charset="KOI8-R"
There is also another technique to crack Microsoft eBook Reader, not related to any cryptographic issues.
At least with text of e-book, everything is easy. When reader displays current book page, this
page is stored in memory as decrypted string of text. In case of Microsoft eBook Reader, this is Unicode string.
The only thing you have to do is to scroll via all pages of the ebook and catch all the text.
Reader's memory is readable by convenient Win32 Debug APIs.
There will be relatively hard to find the text in heap memory, but this can be achieved, for example, by injecting
heap monitor dll (well-known DLL injecting method) and catching all memory allocations of sizes comparable with common
text page sizes.
I had no time to check it. Moreover, this can be not true. This information is only checked on one free-downloadable ebook file. On highly-protected book titles page could be protected by more encryption, I guess.
So, I ask someone to check this.
Mikhail Ryagin,
Extrim pro
Russia
