Kobopier

So you found a nice book to read, shelled out a few bucks for the ebook version from Kobo, and suddenly realise that your ebook reader won't recognise it. Upon examining the ePub you just downloaded, you find a) that the content is completely garbled and b) a file called encryption.xml.
Fortunately, Kobo offers readers for all popular mobile platforms. Excited, you open the client, only to realise that

• the Kobo reader sucks ass
• you are pretty much forced to use the Kobo reader because DRM cripples your ebooks
• you have to enter your login credentials every single time you start the app.

At this point, you decide that DRM can suck your balls and try to find the book in another format. Oh, what's this, many books aren't available in any DRM free format? Off to Rapidshare you go......where the quality of rips is beyond all comparison, and really, you just paid for some content and would like to enjoy it.

This is where Kobopier comes in. I found myself in the exact situation just described and got fed up. To paraphrase (and copy) a 27C3 console hacking talk:

Achievement unlocked!

Piss off hackers (you're fucked now)

Reverse engineering Android apps is rather easy (indicated by the fact that I suck at reversing and can still do it), so in the absolute worst case, I thought, I'd dump out every single page in that book from memory.

It took me five hours to break (as in, understand what I had to do) the system and three more to implement the first successful decryption. Someone more experienced in breaking DRM probably would've done it all in 2-3 hours.

Download

Compiled JAR: Kobopier-1.0.jar (SHA256)
Source: Kobopier-src-1.0.jar (SHA256)

Before you use it, please consider the following important note from the sources:

 * Important note: Kobopier is not made for piracy. It does not break any encryption,
 * it simply replicates a few steps the original Android Kobo reader does.
 * Please read the license below. Also, consider that it is YOUR responsibility to deal
 * with any legal issues that arise from YOU using this tool. 
 * If you buy one copy of an ebook, decrypt it with this tool and then give it away,
 * that's fine with me - but you alone are responsible if Kobo sues you.


Kobopier - a Kobo Android ePub DRM stripper

USAGE:
java -jar Kobopier <userID> <deviceID> <kobofolder> [<infofile> [<outfolder>]]


userID:		Your Kobo user ID. Can be found in 
		/data/data/com.kobobooks.android/shared_prefs/Kobo.xml,
		search for "UserID".
deviceID:	Your IMEI. Dial *#06# on your phone.
kobofolder:	Path to your local copy of /sdcard/Kobo. Simply
		copy the "Kobo/epubs/" folder from the SD card to your computer.
		DO NOT USE THE FOLDER ON YOUR SD CARD HERE!
infofile:	A file containing lines of the form <ContentID>|<Path>|<DecryptKey>
		You can retrieve those values from /data/data/com.kobobooks.android/databases/Kobo.
		(note: you might need to open your ebook on the Kobo Android reader, or keys might be missing)
		Use sqlite3 and execute "select ParentContentID, FullPath, DecryptKey from EPubItems;"
		It's probably easier to dump the output by using ".output /path/to/file" before that
		query (and ".output stdout" afterwards).
		If this parameter is omitted or "-", read from stdin.
outfolder:	The folder to store the decrypted files in.
		If omitted, the encrypted files in the source folder will be overwritten.


Kobopier can decrypt the ebooks you downloaded to your Kobo
Android reader, liberating you from the annoying restrictions
of DRM and the necessity of using the (shitty) reader.

Kobo stores downloaded (but encrypted) ePubs in /sdcard/Kobo/epubs/,
which you can (and should) copy to your disc.
You will also need your Kobo user ID and device ID, because
the decryption keys are encrypted to these values (actually, 
they are concatenated and hashed first, then used to encrypt).
See the documentation above to learn how to retrieve these values.

EXAMPLE:

adb pull /data/data/com.kobobooks.android/shared_prefs/Kobo.xml .
grep UserID Kobo.xml
adb pull /data/data/com.kobobooks.android/databases/Kobo .
sqlite3 Kobo 'select ParentContentID, FullPath, DecryptKey from EPubItems;' > /tmp/infofile
mount /mnt/android-sd/
cp -r /mnt/android-sd/Kobo/epubs/ /tmp/
umount /mnt/android-sd/
java -jar Kobopier.jar 0000-00-0a-0000 3640543425 /tmp/epubs/ /tmp/infofile
for book in /tmp/epubs/*;
do
	cd $book;
	zip -r  /tmp/epubs/`basename $book`".epub" *;
done

LICENSE:

GNU General Public License
This code uses the public domain Base64 library by Robert Harder
(http://iharder.net/base64) and gnu-crypto 2.1.0 (GPL, see 
http://www.gnu.org/software/gnu-crypto)


COMING SOON
A step-by-step guide on how I reversed the Kobo app. Maybe someone can learn from it, avoid the mistakes I made or even shoot me a hint!

Contact:
 kobopier at REMOVETHISPART acanthephyra dot net or @__sporkbomb on Twitter