DeDRM_tools/DeDRM_calibre_plugin/DeDRM_plugin/androidkindlekey.py

#!/usr/bin/env python
#fileencoding: utf-8

import os
import sys
import zlib
import tarfile
from hashlib import md5
from cStringIO import StringIO
from binascii import a2b_hex, b2a_hex

STORAGE = 'AmazonSecureStorage.xml'
STORAGE2 = 'map_data_storage.db'

class AndroidObfuscation(object):
    '''AndroidObfuscation
    For the key, it's written in java, and run in android dalvikvm
    '''

    key = a2b_hex('0176e04c9408b1702d90be333fd53523')

    def encrypt(self, plaintext):
        cipher = self._get_cipher()
        padding = len(self.key) - len(plaintext) % len(self.key)
        plaintext += chr(padding) * padding
        return b2a_hex(cipher.encrypt(plaintext))

    def decrypt(self, ciphertext):
        cipher = self._get_cipher()
        plaintext = cipher.decrypt(a2b_hex(ciphertext))
        return plaintext[:-ord(plaintext[-1])]

    def _get_cipher(self):
        try:
            from Crypto.Cipher import AES
            return AES.new(self.key)
        except ImportError:
            from aescbc import AES, noPadding
            return AES(self.key, padding=noPadding())

class AndroidObfuscationV2(AndroidObfuscation):
    '''AndroidObfuscationV2
    '''

    count = 503
    password = 'Thomsun was here!'

    def __init__(self, salt):
        key = self.password + salt
        for _ in range(self.count):
            key = md5(key).digest()
        self.key = key[:8]
        self.iv = key[8:16]

    def _get_cipher(self):
        try :
            from Crypto.Cipher import DES
            return DES.new(self.key, DES.MODE_CBC, self.iv)
        except ImportError:
            from python_des import Des, CBC
            return Des(self.key, CBC, self.iv)

def parse_preference(path):
    ''' parse android's shared preference xml '''
    storage = {}
    read = open(path)
    for line in read:
        line = line.strip()
        # <string name="key">value</string>
        if line.startswith('<string name="'):
            index = line.find('"', 14)
            key = line[14:index]
            value = line[index+2:-9]
            storage[key] = value
    read.close()
    return storage

def get_serials(path=None):
    ''' get serials from android's shared preference xml '''
    if path is None and os.path.isfile("backup.ab"):
        return get_storage()

    if not os.path.isfile(path):
        return []

    storage = parse_preference(path)
    salt = storage.get('AmazonSaltKey')
    if salt and len(salt) == 16:
        sys.stdout.write('Using AndroidObfuscationV2\n')
        obfuscation = AndroidObfuscationV2(a2b_hex(salt))
    else:
        sys.stdout.write('Using AndroidObfuscation\n')
        obfuscation = AndroidObfuscation()

    def get_value(key):
        encrypted_key = obfuscation.encrypt(key)
        encrypted_value = storage.get(encrypted_key)
        if encrypted_value:
            return obfuscation.decrypt(encrypted_value)
        return ''

    # also see getK4Pids in kgenpids.py
    try:
        dsnid = get_value('DsnId')
    except:
        sys.stderr.write('cannot get DsnId\n')
        return []

    try:
        tokens = set(get_value('kindle.account.tokens').split(','))
    except:
        return []

    serials = []
    for token in tokens:
        if token:
            serials.append('%s%s' % (dsnid, token))
    return serials

def get_serials2(path=STORAGE2):
    import sqlite3
    connection = sqlite3.connect(path)
    cursor = connection.cursor()
    cursor.execute('''select userdata_value from userdata where userdata_key like '%/%token.device.deviceserialname%' ''')
    dsns = [x[0].encode('utf8') for x in cursor.fetchall()]

    cursor.execute('''select userdata_value from userdata where userdata_key like '%/%kindle.account.tokens%' ''')
    tokens = [x[0].encode('utf8') for x in cursor.fetchall()]
    serials = []
    for x in dsns:
        for y in tokens:
            serials.append('%s%s' % (x, y))
    return serials

def get_storage(path='backup.ab'):
    '''get AmazonSecureStorage.xml from android backup.ab
    backup.ab can be get using adb command:
    shell> adb backup com.amazon.kindle
    '''
    if not os.path.isfile(path):
        serials = []
        if os.path.isfile(STORAGE2):
            serials.extend(get_serials2(STORAGE2))
        if os.path.isfile(STORAGE):
            serials.extend(get_serials(STORAGE))
        return serials
    output = None
    read = open(path, 'rb')
    head = read.read(24)
    if head[:14] == 'ANDROID BACKUP':
        output = StringIO(zlib.decompress(read.read()))
    read.close()

    if not output:
        return []

    serials = []
    tar = tarfile.open(fileobj=output)
    for member in tar.getmembers():
        if member.name.strip().endswith(STORAGE2):
            write = open(STORAGE2, 'w')
            write.write(tar.extractfile(member).read())
            write.close()
            serials.extend(get_serials2(STORAGE2))
        elif member.name.strip().endswith(STORAGE):
            write = open(STORAGE, 'w')
            write.write(tar.extractfile(member).read())
            write.close()
            serials.extend(get_serials(STORAGE))

    return serials

__all__ = [ 'get_storage', 'get_serials', 'parse_preference',
            'AndroidObfuscation', 'AndroidObfuscationV2', 'STORAGE']

if __name__ == '__main__':
    print get_serials()
tools v6.0.8 2013-10-02 20:59:40 +02:00			`#!/usr/bin/env python`
			`#fileencoding: utf-8`

			`import os`
			`import sys`
			`import zlib`
			`import tarfile`
			`from hashlib import md5`
			`from cStringIO import StringIO`
			`from binascii import a2b_hex, b2a_hex`

			`STORAGE = 'AmazonSecureStorage.xml'`
tools v6.2.0 Updated for B&N new scheme, added obok plugin, and many minor fixes, 2015-03-09 08:38:31 +01:00			`STORAGE2 = 'map_data_storage.db'`
tools v6.0.8 2013-10-02 20:59:40 +02:00
			`class AndroidObfuscation(object):`
			`'''AndroidObfuscation`
			`For the key, it's written in java, and run in android dalvikvm`
			`'''`

			`key = a2b_hex('0176e04c9408b1702d90be333fd53523')`

			`def encrypt(self, plaintext):`
			`cipher = self._get_cipher()`
			`padding = len(self.key) - len(plaintext) % len(self.key)`
			`plaintext += chr(padding) * padding`
			`return b2a_hex(cipher.encrypt(plaintext))`

			`def decrypt(self, ciphertext):`
			`cipher = self._get_cipher()`
			`plaintext = cipher.decrypt(a2b_hex(ciphertext))`
			`return plaintext[:-ord(plaintext[-1])]`

			`def _get_cipher(self):`
			`try:`
			`from Crypto.Cipher import AES`
			`return AES.new(self.key)`
			`except ImportError:`
			`from aescbc import AES, noPadding`
			`return AES(self.key, padding=noPadding())`

			`class AndroidObfuscationV2(AndroidObfuscation):`
			`'''AndroidObfuscationV2`
			`'''`

			`count = 503`
			`password = 'Thomsun was here!'`

			`def __init__(self, salt):`
			`key = self.password + salt`
			`for _ in range(self.count):`
			`key = md5(key).digest()`
			`self.key = key[:8]`
			`self.iv = key[8:16]`

			`def _get_cipher(self):`
			`try :`
			`from Crypto.Cipher import DES`
			`return DES.new(self.key, DES.MODE_CBC, self.iv)`
			`except ImportError:`
			`from python_des import Des, CBC`
			`return Des(self.key, CBC, self.iv)`

			`def parse_preference(path):`
			`''' parse android's shared preference xml '''`
			`storage = {}`
			`read = open(path)`
			`for line in read:`
			`line = line.strip()`
			`# <string name="key">value</string>`
			`if line.startswith('<string name="'):`
			`index = line.find('"', 14)`
			`key = line[14:index]`
			`value = line[index+2:-9]`
			`storage[key] = value`
			`read.close()`
			`return storage`

			`def get_serials(path=None):`
			`''' get serials from android's shared preference xml '''`
tools v6.2.0 Updated for B&N new scheme, added obok plugin, and many minor fixes, 2015-03-09 08:38:31 +01:00			`if path is None and os.path.isfile("backup.ab"):`
			`return get_storage()`
tools v6.0.8 2013-10-02 20:59:40 +02:00
			`if not os.path.isfile(path):`
			`return []`

			`storage = parse_preference(path)`
			`salt = storage.get('AmazonSaltKey')`
			`if salt and len(salt) == 16:`
			`sys.stdout.write('Using AndroidObfuscationV2\n')`
			`obfuscation = AndroidObfuscationV2(a2b_hex(salt))`
			`else:`
			`sys.stdout.write('Using AndroidObfuscation\n')`
			`obfuscation = AndroidObfuscation()`

			`def get_value(key):`
			`encrypted_key = obfuscation.encrypt(key)`
			`encrypted_value = storage.get(encrypted_key)`
			`if encrypted_value:`
			`return obfuscation.decrypt(encrypted_value)`
			`return ''`

			`# also see getK4Pids in kgenpids.py`
			`try:`
			`dsnid = get_value('DsnId')`
			`except:`
			`sys.stderr.write('cannot get DsnId\n')`
			`return []`

			`try:`
			`tokens = set(get_value('kindle.account.tokens').split(','))`
			`except:`
tools v6.2.0 Updated for B&N new scheme, added obok plugin, and many minor fixes, 2015-03-09 08:38:31 +01:00			`return []`
tools v6.0.8 2013-10-02 20:59:40 +02:00
			`serials = []`
			`for token in tokens:`
			`if token:`
			`serials.append('%s%s' % (dsnid, token))`
tools v6.2.0 Updated for B&N new scheme, added obok plugin, and many minor fixes, 2015-03-09 08:38:31 +01:00			`return serials`

			`def get_serials2(path=STORAGE2):`
			`import sqlite3`
			`connection = sqlite3.connect(path)`
			`cursor = connection.cursor()`
			`cursor.execute('''select userdata_value from userdata where userdata_key like '%/%token.device.deviceserialname%' ''')`
			`dsns = [x[0].encode('utf8') for x in cursor.fetchall()]`

			`cursor.execute('''select userdata_value from userdata where userdata_key like '%/%kindle.account.tokens%' ''')`
			`tokens = [x[0].encode('utf8') for x in cursor.fetchall()]`
			`serials = []`
			`for x in dsns:`
			`for y in tokens:`
			`serials.append('%s%s' % (x, y))`
tools v6.0.8 2013-10-02 20:59:40 +02:00			`return serials`

			`def get_storage(path='backup.ab'):`
			`'''get AmazonSecureStorage.xml from android backup.ab`
			`backup.ab can be get using adb command:`
			`shell> adb backup com.amazon.kindle`
			`'''`
tools v6.2.0 Updated for B&N new scheme, added obok plugin, and many minor fixes, 2015-03-09 08:38:31 +01:00			`if not os.path.isfile(path):`
			`serials = []`
			`if os.path.isfile(STORAGE2):`
			`serials.extend(get_serials2(STORAGE2))`
			`if os.path.isfile(STORAGE):`
			`serials.extend(get_serials(STORAGE))`
			`return serials`
tools v6.0.8 2013-10-02 20:59:40 +02:00			`output = None`
			`read = open(path, 'rb')`
			`head = read.read(24)`
tools v6.2.0 Updated for B&N new scheme, added obok plugin, and many minor fixes, 2015-03-09 08:38:31 +01:00			`if head[:14] == 'ANDROID BACKUP':`
tools v6.0.8 2013-10-02 20:59:40 +02:00			`output = StringIO(zlib.decompress(read.read()))`
			`read.close()`

			`if not output:`
tools v6.2.0 Updated for B&N new scheme, added obok plugin, and many minor fixes, 2015-03-09 08:38:31 +01:00			`return []`
tools v6.0.8 2013-10-02 20:59:40 +02:00
tools v6.2.0 Updated for B&N new scheme, added obok plugin, and many minor fixes, 2015-03-09 08:38:31 +01:00			`serials = []`
tools v6.0.8 2013-10-02 20:59:40 +02:00			`tar = tarfile.open(fileobj=output)`
			`for member in tar.getmembers():`
tools v6.2.0 Updated for B&N new scheme, added obok plugin, and many minor fixes, 2015-03-09 08:38:31 +01:00			`if member.name.strip().endswith(STORAGE2):`
			`write = open(STORAGE2, 'w')`
			`write.write(tar.extractfile(member).read())`
			`write.close()`
			`serials.extend(get_serials2(STORAGE2))`
			`elif member.name.strip().endswith(STORAGE):`
tools v6.0.8 2013-10-02 20:59:40 +02:00			`write = open(STORAGE, 'w')`
			`write.write(tar.extractfile(member).read())`
			`write.close()`
tools v6.2.0 Updated for B&N new scheme, added obok plugin, and many minor fixes, 2015-03-09 08:38:31 +01:00			`serials.extend(get_serials(STORAGE))`
tools v6.0.8 2013-10-02 20:59:40 +02:00
tools v6.2.0 Updated for B&N new scheme, added obok plugin, and many minor fixes, 2015-03-09 08:38:31 +01:00			`return serials`
tools v6.0.8 2013-10-02 20:59:40 +02:00
			`__all__ = [ 'get_storage', 'get_serials', 'parse_preference',`
			`'AndroidObfuscation', 'AndroidObfuscationV2', 'STORAGE']`

			`if __name__ == '__main__':`
			`print get_serials()`