A hacker claims he or she has cracked the code and can remove the encryption on e-books in the RocketBook format, allowing the extraction of the content as plain text.
At the end of March, the hacker started making this information available publicly, and posted one URL to Gemstar's forums and the code and instructions to other Web forums.
"My goal was, and continues to be, to point out the weaknesses of DRM (digital rights management) systems, in the hope that these systems will either grow so much to collapse under their own weight or be abandoned as futile," the poster said.
Now the same information is being circulated in a letter that is making the rounds on the Internet. The original hacker said in e-mail that this new letter was written by someone else.
Gemstar has tried to address the problem. In order to download any e-books for the REB, consumers must download from Gemstar’s server. In the process, Gemstar upgrades the operating system of the REB device -- and in effect stops the ability to hack into the book.
But the e-mail circulating on the Net includes instructions for how the old operating system can be reinstalled into the reading devices and basically wipe out the fix.
Experts who have studied the letter have confirmed that the instructions do appear to be legitimate and operable.
Gemstar did not return phone calls requesting comment.
The e-mail also states that while the hacker was figuring this all out, he or she discovered three more potential holes in the encryption protection that can't be fixed with a simple firmware upgrade.
The only way to fix those, according to the letter writer, is to basically build a new reading device, file format and encryption scheme. This means the hardware in the stores now, and older readers people own, would not work anymore with future books released in this new format. Books in the old file format won't work on the new readers.
The hacker states he or she is releasing all the hardware and software specifications so REB owners can at least take documents and turn them into readable files on their old hardware.
Included in the letter is a threat: "If Gemstar takes the following steps, we will not distribute the information on the weaknesses that we are aware of. Even if Gemstar does not commit to the following, we will most likely still not release our exploits. However, we will reserve the option to do so in the future."
The writer makes several additional requests: that Gemstar release documentation that allows end users to create unencrypted files, and the hardware documentation and hardware specific code for the obsolete RocketBook hardware by Nuvomedia.
The revelation was first posted in March as an announcement on TeBC listserv as an executable file uploaded to the TeBC files area, and then again earlier this week as a post describing the specific details of the crack.
But sometime in the past two weeks post No. 6933 was deleted from the files of the listserve at Yahoogroups.com. The manager of the list has declined comment.
