Add files via upload
This commit is contained in:
parent
f6f4d20e76
commit
6f27d5c73e
3 changed files with 2653 additions and 0 deletions
314
decrypt/decodeEPUB.py
Normal file
314
decrypt/decodeEPUB.py
Normal file
|
@ -0,0 +1,314 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# ineptepub.py
|
||||
# Copyright © 2009-2022 by i♥cabbages, Apprentice Harper et al.
|
||||
|
||||
# Released under the terms of the GNU General Public Licence, version 3
|
||||
# <http://www.gnu.org/licenses/>
|
||||
|
||||
"""
|
||||
Decrypt Adobe Digital Editions encrypted ePub books.
|
||||
"""
|
||||
|
||||
KEYPATH = "adobekey.der"
|
||||
__license__ = 'GPL v3'
|
||||
__version__ = "8.0"
|
||||
|
||||
import sys
|
||||
import os
|
||||
import traceback
|
||||
import base64
|
||||
import zlib
|
||||
import zipfile
|
||||
from zipfile import ZipInfo, ZipFile, ZIP_STORED, ZIP_DEFLATED
|
||||
from decrypt.zeroedzipinfo import ZeroedZipInfo
|
||||
from contextlib import closing
|
||||
from lxml import etree
|
||||
from uuid import UUID
|
||||
import hashlib
|
||||
|
||||
try:
|
||||
from Cryptodome.Cipher import AES, PKCS1_v1_5
|
||||
from Cryptodome.PublicKey import RSA
|
||||
except ImportError:
|
||||
from Crypto.Cipher import AES, PKCS1_v1_5
|
||||
from Crypto.PublicKey import RSA
|
||||
|
||||
|
||||
def unpad(data, padding=16):
|
||||
if sys.version_info[0] == 2:
|
||||
pad_len = ord(data[-1])
|
||||
else:
|
||||
pad_len = data[-1]
|
||||
|
||||
return data[:-pad_len]
|
||||
|
||||
|
||||
class ADEPTError(Exception):
|
||||
pass
|
||||
|
||||
class ADEPTNewVersionError(Exception):
|
||||
pass
|
||||
|
||||
META_NAMES = ('mimetype', 'META-INF/rights.xml')
|
||||
NSMAP = {'adept': 'http://ns.adobe.com/adept',
|
||||
'enc': 'http://www.w3.org/2001/04/xmlenc#'}
|
||||
|
||||
class Decryptor(object):
|
||||
def __init__(self, bookkey, encryption):
|
||||
enc = lambda tag: '{%s}%s' % (NSMAP['enc'], tag)
|
||||
self._aes = AES.new(bookkey, AES.MODE_CBC, b'\x00'*16)
|
||||
self._encryption = etree.fromstring(encryption)
|
||||
self._encrypted = encrypted = set()
|
||||
self._encryptedForceNoDecomp = encryptedForceNoDecomp = set()
|
||||
self._otherData = otherData = set()
|
||||
|
||||
self._json_elements_to_remove = json_elements_to_remove = set()
|
||||
self._has_remaining_xml = False
|
||||
expr = './%s/%s/%s' % (enc('EncryptedData'), enc('CipherData'),
|
||||
enc('CipherReference'))
|
||||
for elem in self._encryption.findall(expr):
|
||||
path = elem.get('URI', None)
|
||||
encryption_type_url = (elem.getparent().getparent().find("./%s" % (enc('EncryptionMethod'))).get('Algorithm', None))
|
||||
if path is not None:
|
||||
if (encryption_type_url == "http://www.w3.org/2001/04/xmlenc#aes128-cbc"):
|
||||
# Adobe
|
||||
path = path.encode('utf-8')
|
||||
encrypted.add(path)
|
||||
json_elements_to_remove.add(elem.getparent().getparent())
|
||||
elif (encryption_type_url == "http://ns.adobe.com/adept/xmlenc#aes128-cbc-uncompressed"):
|
||||
# Adobe uncompressed, for stuff like video files
|
||||
path = path.encode('utf-8')
|
||||
encryptedForceNoDecomp.add(path)
|
||||
json_elements_to_remove.add(elem.getparent().getparent())
|
||||
else:
|
||||
path = path.encode('utf-8')
|
||||
otherData.add(path)
|
||||
self._has_remaining_xml = True
|
||||
|
||||
for elem in json_elements_to_remove:
|
||||
elem.getparent().remove(elem)
|
||||
|
||||
def check_if_remaining(self):
|
||||
return self._has_remaining_xml
|
||||
|
||||
def get_xml(self):
|
||||
return "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + etree.tostring(self._encryption, encoding="utf-8", pretty_print=True, xml_declaration=False).decode("utf-8")
|
||||
|
||||
|
||||
def decompress(self, bytes):
|
||||
dc = zlib.decompressobj(-15)
|
||||
try:
|
||||
decompressed_bytes = dc.decompress(bytes)
|
||||
ex = dc.decompress(b'Z') + dc.flush()
|
||||
if ex:
|
||||
decompressed_bytes = decompressed_bytes + ex
|
||||
except:
|
||||
# possibly not compressed by zip - just return bytes
|
||||
return bytes
|
||||
return decompressed_bytes
|
||||
|
||||
def decrypt(self, path, data):
|
||||
if path.encode('utf-8') in self._encrypted or path.encode('utf-8') in self._encryptedForceNoDecomp:
|
||||
data = self._aes.decrypt(data)[16:]
|
||||
if type(data[-1]) != int:
|
||||
place = ord(data[-1])
|
||||
else:
|
||||
place = data[-1]
|
||||
data = data[:-place]
|
||||
if not path.encode('utf-8') in self._encryptedForceNoDecomp:
|
||||
data = self.decompress(data)
|
||||
return data
|
||||
|
||||
# check file to make check whether it's probably an Adobe Adept encrypted ePub
|
||||
def adeptBook(inpath):
|
||||
with closing(ZipFile(open(inpath, 'rb'))) as inf:
|
||||
namelist = set(inf.namelist())
|
||||
if 'META-INF/rights.xml' not in namelist or \
|
||||
'META-INF/encryption.xml' not in namelist:
|
||||
return False
|
||||
try:
|
||||
rights = etree.fromstring(inf.read('META-INF/rights.xml'))
|
||||
adept = lambda tag: '{%s}%s' % (NSMAP['adept'], tag)
|
||||
expr = './/%s' % (adept('encryptedKey'),)
|
||||
bookkey = ''.join(rights.findtext(expr))
|
||||
if len(bookkey) in [192, 172, 64]:
|
||||
return True
|
||||
except:
|
||||
# if we couldn't check, assume it is
|
||||
return True
|
||||
return False
|
||||
|
||||
def isPassHashBook(inpath):
|
||||
# If this is an Adobe book, check if it's a PassHash-encrypted book (B&N)
|
||||
with closing(ZipFile(open(inpath, 'rb'))) as inf:
|
||||
namelist = set(inf.namelist())
|
||||
if 'META-INF/rights.xml' not in namelist or \
|
||||
'META-INF/encryption.xml' not in namelist:
|
||||
return False
|
||||
try:
|
||||
rights = etree.fromstring(inf.read('META-INF/rights.xml'))
|
||||
adept = lambda tag: '{%s}%s' % (NSMAP['adept'], tag)
|
||||
expr = './/%s' % (adept('encryptedKey'),)
|
||||
bookkey = ''.join(rights.findtext(expr))
|
||||
if len(bookkey) == 64:
|
||||
return True
|
||||
except:
|
||||
pass
|
||||
|
||||
return False
|
||||
|
||||
# Checks the license file and returns the UUID the book is licensed for.
|
||||
# This is used so that the Calibre plugin can pick the correct decryption key
|
||||
# first try without having to loop through all possible keys.
|
||||
def adeptGetUserUUID(inpath):
|
||||
with closing(ZipFile(open(inpath, 'rb'))) as inf:
|
||||
try:
|
||||
rights = etree.fromstring(inf.read('META-INF/rights.xml'))
|
||||
adept = lambda tag: '{%s}%s' % (NSMAP['adept'], tag)
|
||||
expr = './/%s' % (adept('user'),)
|
||||
user_uuid = ''.join(rights.findtext(expr))
|
||||
if user_uuid[:9] != "urn:uuid:":
|
||||
return None
|
||||
return user_uuid[9:]
|
||||
except:
|
||||
return None
|
||||
|
||||
def removeHardening(rights, keytype, keydata):
|
||||
adept = lambda tag: '{%s}%s' % (NSMAP['adept'], tag)
|
||||
textGetter = lambda name: ''.join(rights.findtext('.//%s' % (adept(name),)))
|
||||
|
||||
# Gather what we need, and generate the IV
|
||||
resourceuuid = UUID(textGetter("resource"))
|
||||
deviceuuid = UUID(textGetter("device"))
|
||||
fullfillmentuuid = UUID(textGetter("fulfillment")[:36])
|
||||
kekiv = UUID(int=resourceuuid.int ^ deviceuuid.int ^ fullfillmentuuid.int).bytes
|
||||
|
||||
# Derive kek from just "keytype"
|
||||
rem = int(keytype, 10) % 16
|
||||
H = hashlib.sha256(keytype.encode("ascii")).digest()
|
||||
kek = H[2*rem : 16 + rem] + H[rem : 2*rem]
|
||||
|
||||
return unpad(AES.new(kek, AES.MODE_CBC, kekiv).decrypt(keydata), 16) # PKCS#7
|
||||
|
||||
def decryptBook(userkey, inpath, outpath):
|
||||
with closing(ZipFile(open(inpath, 'rb'))) as inf:
|
||||
namelist = inf.namelist()
|
||||
if 'META-INF/rights.xml' not in namelist or \
|
||||
'META-INF/encryption.xml' not in namelist:
|
||||
print("{0:s} is DRM-free.".format(os.path.basename(inpath)))
|
||||
return 1
|
||||
for name in META_NAMES:
|
||||
namelist.remove(name)
|
||||
try:
|
||||
rights = etree.fromstring(inf.read('META-INF/rights.xml'))
|
||||
adept = lambda tag: '{%s}%s' % (NSMAP['adept'], tag)
|
||||
expr = './/%s' % (adept('encryptedKey'),)
|
||||
bookkeyelem = rights.find(expr)
|
||||
bookkey = bookkeyelem.text
|
||||
keytype = bookkeyelem.attrib.get('keyType', '0')
|
||||
if len(bookkey) >= 172 and int(keytype, 10) > 2:
|
||||
print("{0:s} is a secure Adobe Adept ePub with hardening.".format(os.path.basename(inpath)))
|
||||
elif len(bookkey) == 172:
|
||||
print("{0:s} is a secure Adobe Adept ePub.".format(os.path.basename(inpath)))
|
||||
elif len(bookkey) == 64:
|
||||
print("{0:s} is a secure Adobe PassHash (B&N) ePub.".format(os.path.basename(inpath)))
|
||||
else:
|
||||
print("{0:s} is not an Adobe-protected ePub!".format(os.path.basename(inpath)))
|
||||
return 1
|
||||
|
||||
if len(bookkey) != 64:
|
||||
# Normal or "hardened" Adobe ADEPT
|
||||
rsakey = RSA.importKey(userkey) # parses the ASN1 structure
|
||||
bookkey = base64.b64decode(bookkey)
|
||||
if int(keytype, 10) > 2:
|
||||
bookkey = removeHardening(rights, keytype, bookkey)
|
||||
try:
|
||||
bookkey = PKCS1_v1_5.new(rsakey).decrypt(bookkey, None) # automatically unpads
|
||||
except ValueError:
|
||||
bookkey = None
|
||||
|
||||
if bookkey is None:
|
||||
print("Could not decrypt {0:s}. Wrong key".format(os.path.basename(inpath)))
|
||||
return 2
|
||||
else:
|
||||
# Adobe PassHash / B&N
|
||||
key = base64.b64decode(userkey)[:16]
|
||||
bookkey = base64.b64decode(bookkey)
|
||||
bookkey = unpad(AES.new(key, AES.MODE_CBC, b'\x00'*16).decrypt(bookkey), 16) # PKCS#7
|
||||
|
||||
if len(bookkey) > 16:
|
||||
bookkey = bookkey[-16:]
|
||||
|
||||
encryption = inf.read('META-INF/encryption.xml')
|
||||
decryptor = Decryptor(bookkey, encryption)
|
||||
kwds = dict(compression=ZIP_DEFLATED, allowZip64=False)
|
||||
with closing(ZipFile(open(outpath, 'wb'), 'w', **kwds)) as outf:
|
||||
|
||||
for path in (["mimetype"] + namelist):
|
||||
data = inf.read(path)
|
||||
zi = ZipInfo(path)
|
||||
zi.compress_type=ZIP_DEFLATED
|
||||
|
||||
if path == "mimetype":
|
||||
zi.compress_type = ZIP_STORED
|
||||
|
||||
elif path == "META-INF/encryption.xml":
|
||||
# Check if there's still something in there
|
||||
if (decryptor.check_if_remaining()):
|
||||
data = decryptor.get_xml()
|
||||
print("Adding encryption.xml for the remaining embedded files.")
|
||||
# We removed DRM, but there's still stuff like obfuscated fonts.
|
||||
else:
|
||||
continue
|
||||
|
||||
|
||||
try:
|
||||
# get the file info, including time-stamp
|
||||
oldzi = inf.getinfo(path)
|
||||
# copy across useful fields
|
||||
zi.date_time = oldzi.date_time
|
||||
zi.comment = oldzi.comment
|
||||
zi.extra = oldzi.extra
|
||||
zi.internal_attr = oldzi.internal_attr
|
||||
# external attributes are dependent on the create system, so copy both.
|
||||
zi.external_attr = oldzi.external_attr
|
||||
|
||||
zi.volume = oldzi.volume
|
||||
zi.create_system = oldzi.create_system
|
||||
zi.create_version = oldzi.create_version
|
||||
|
||||
if any(ord(c) >= 128 for c in path) or any(ord(c) >= 128 for c in zi.comment):
|
||||
# If the file name or the comment contains any non-ASCII char, set the UTF8-flag
|
||||
zi.flag_bits |= 0x800
|
||||
except:
|
||||
pass
|
||||
|
||||
# Python 3 has a bug where the external_attr is reset to `0o600 << 16`
|
||||
# if it's NULL, so we need a workaround:
|
||||
if zi.external_attr == 0:
|
||||
zi = ZeroedZipInfo(zi)
|
||||
|
||||
|
||||
if path == "META-INF/encryption.xml":
|
||||
outf.writestr(zi, data)
|
||||
else:
|
||||
outf.writestr(zi, decryptor.decrypt(path, data))
|
||||
except:
|
||||
print("Could not decrypt {0:s} because of an exception:\n{1:s}".format(os.path.basename(inpath), traceback.format_exc()))
|
||||
return 2
|
||||
return 0
|
||||
|
||||
|
||||
def decryptEPUB(inpath):
|
||||
keypath = KEYPATH
|
||||
outpath = os.path.basename(inpath).removesuffix(".epub") + "_decrypted.epub"
|
||||
userkey = open(keypath,'rb').read()
|
||||
result = decryptBook(userkey, inpath, outpath)
|
||||
if result == 0:
|
||||
print("Successfully decrypted")
|
||||
return outpath
|
||||
else:
|
||||
print("Decryption failed")
|
||||
return None
|
2309
decrypt/decodePDF.py
Normal file
2309
decrypt/decodePDF.py
Normal file
File diff suppressed because it is too large
Load diff
30
decrypt/zeroedzipinfo.py
Normal file
30
decrypt/zeroedzipinfo.py
Normal file
|
@ -0,0 +1,30 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
|
||||
"""
|
||||
Python 3's "zipfile" has an annoying bug where the `external_attr` field
|
||||
of a ZIP file cannot be set to 0. However, if the original DRMed ZIP has
|
||||
that set to 0 then we want the DRM-free ZIP to have that as 0, too.
|
||||
See https://github.com/python/cpython/issues/87713
|
||||
|
||||
We cannot just set the "external_attr" to 0 as the code to save the ZIP
|
||||
resets that variable.
|
||||
|
||||
So, here's a class that inherits from ZipInfo and ensures that EVERY
|
||||
read access to that variable will return a 0 ...
|
||||
|
||||
"""
|
||||
|
||||
import zipfile
|
||||
|
||||
class ZeroedZipInfo(zipfile.ZipInfo):
|
||||
def __init__(self, zinfo):
|
||||
for k in self.__slots__:
|
||||
if hasattr(zinfo, k):
|
||||
setattr(self, k, getattr(zinfo, k))
|
||||
|
||||
def __getattribute__(self, name):
|
||||
if name == "external_attr":
|
||||
return 0
|
||||
return object.__getattribute__(self, name)
|
Loading…
Reference in a new issue