[FFmpeg-devel] libavformat patch that brute-forces aax encryption

wm4 nfxjfg at googlemail.com
Thu Jan 26 10:18:57 EET 2017

On Tue, 24 Jan 2017 19:48:00 -0700
William Shipley <willrandship at gmail.com> wrote:

> I made a small modification of libavformat that bruteforces the 4-byte code
> used in audible encrypted files. It automatically runs if an aax is passed
> (always encrypted) without the code provided. Previously, it would tell the
> user the code was needed and exit.
> It takes between 5 and 10 minutes to crack it as currently implemented,
> upon which it performs the specified task (conversion, content extraction,
> etc) and outputs the decryption key on the console.
> Is there any interest in including this upstream? If it's a code quality
> issue, I'm open to suggestions, but if it's felt that this is outside the
> scope of the project or legally risky then I understand.
> I didn't do any kind of reverse engineering or anything legally gray as far
> as I know, just noticed that it's literally a 32-bit key after the fixed
> key is in place (which was already in ffmpeg code). I used a legally
> obtained aax from my own audible account to test it, even.
> The key it outputs is the same key you get from tools like
> audible-activator. It's basically a user ID for a login.
> I currently have a fork up on github here:
> https://github.com/FFmpeg/FFmpeg/compare/master...willrandship:master
> I'll generate a patch file if you're interested.

I'm fairly sure this is not really appropriate to put into a demuxer.
Especially if it means that opening a file can hang for 5 to 10 minutes
eating 100% CPU.

It should probably be a separate file. (Could even be in FFmpeg's
tools/ directory, so I'm not necessarily rejecting it for this project.)

More information about the ffmpeg-devel mailing list