16.07.2015, 03:58, "Vesselin Bontchev" <vesselin.bontc...@yandex.com>:
> Hi,
>
> A sample Audible .aax file can be downloaded from the following link,
>
> https://gitlab.com/vesselin.bontchev/audible-samples/tree/master
>
> Usage,
>
> ffmpeg -activation_bytes 62689101 -i Audible_AAX_sample_62689101.aax -vn -c:a 
> copy -v debug output.mp4

Hi,

I am attaching a Python script to fetch the "activation bytes" from Audible 
servers (as an alternative to doing offline attacks on the AAX files).

Vesselin

#!/usr/bin/env python

import traceback
try:
    import requests
except ImportError:
    print("Please install the missing python-requests package.")
import hashlib
import binascii
import sys
import base64
import time


def password_encoder(password):
    shift = 8
    output = "8"

    # rot(8)
    for c in password:
        t = ord(c) - shift
        output = output + "{:02x}".format(t)

    return output

payload = {'action': 'register', 'user_alias': '', 'epassword':
           '', 'domain': 'www.audible.com', 'player_type': 'software',
           'license_type': 'individual', 'license_name': '', 'player_slots': 8,
           'player_manuf': 'Audible', 'client_code': 'generic', 'player_model':
           'Desktop', 'time_unused': int(time.time()), 'player_id': ''}

if __name__ == "__main__":
    if len(sys.argv) < 3:
        sys.stderr.write("Usage: %s <email> <password>\n" % sys.argv[0])
        sys.exit(-1)

    payload["user_alias"] = sys.argv[1]
    payload["epassword"] = password_encoder(sys.argv[2])

    # generate base64 digest of a random 20 byte string ;)
    fake_hash = hashlib.sha1(b"").digest()
    payload["player_id"] = base64.encodestring(fake_hash).rstrip()
    # sys.stderr.write("[+] Player ID is %s\n\n" % (payload["player_id"]))

    url = "http://www.audible.com/cgi-bin/licensemgr.cgi";

    headers = {
        'User-Agent': "AudibleActivation",
        'Host': 'www.audible.com',
        'Cache-Control': 'no-cache',
        'Cookie': 'AM=5.5.0.5; ADM=6.6.0.15; download_audio='
    }

    # print(headers, payload)

    try:
        response = requests.get(url, headers=headers, params=payload)
        data = response.content
        if b"BAD_LOGIN" in data or b"Whoops" in data:
            print(data)
            print("\nActivation failed! ;(")
            sys.exit(-1)
        k = data.rfind(b"group_id")
        l = data[k:].find(b")")
        keys = data[k + l + 1 + 1:]
        output_keys = []
        # each key is of 70 bytes
        for i in range(0, 8):
            key = keys[i * 70 + i:(i + 1) * 70 + i]
            h = binascii.hexlify(bytes(key))
            h = [h[i:i+2] for i in range(0, len(h), 2)]
            h = b",".join(h)
            output_keys.append(h)
    except SystemExit as e:
            sys.exit(e)
    except:
        traceback.print_exc()

    # only 4 bytes of output_keys[0] are necessary for decryption! ;)
    print(output_keys[0].replace(b",", b"")[0:8])

    # de-register!
    payload["action"] = "de-register"
    response = requests.get(url, headers=headers, params=payload)
    # print(response.text)
    # print(password_decoder(payload["epassword"]))
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to