Hi everyone!

I'm trying to reverse an application (http://www.secure-ebook.com/).
I'm working on it since two week but still nothing, maybe It's too hard for me.

It is an application that can protect yours pdf. It crypts yours pdf and when you try to open it, it ask for a serial.
If you insert a wrong serial it opens a short/demo version of your pdf, otherwise should open a full version.

It checks your serial online, in four steps:
1.) Send a call to a server with id of the book and a serial based on your machine:
GET /activate.jsp?book=SECU-IDNH32-167&c=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.1

2.) The server responds with a long token.
3.) The application respond to server with another long token
4.) Finally the server, respond with a short token

I can't find the point where it take the decision to open the demo or the full version of the document.

I tried to check when it:
- opens the regkey with the registration
- changes the title of the application
- creates the temp file on disk (after that it open it with acrobat reader)

I discovered that it opens a local webserver on a random port and then downloads the book from there.
It's so crazy

I think it's a dynamic code, there are some functions that dont have xref until you call them. So I don't know how to procede.

If you want help me, tell what can I check.

Otherwise, if you want check the application by yourself, you can download a protected demo book from:
http://secure-ebook.com/ebook-sample.jsp?book=SECU-IDNH32-167
with Key:
BFEEC-85715-STVT-6524-JBCW


thanks
Promo

Oh the horror....

What is happening ? Whats with all this "I have this give me an answer shit"?
It seems like woodmann.com is being written on bathroom walls
in cracker shit houses.

Don Wooma

Woodmann: hahahah

Ahahah, yes I know, It was a shit question for a shit answer

I just expects that someone ask me for more specific details, if wants to spend some time to analyze this application.


Thanks
Promo

Let me ask you this,

Why would you waste time on this when all things can be found for free ?
Is it for some obscure texts ? Some reference manuals that only 10 people
on the planet care about ?

Or is it some other reason. I want to know why you need to do this.

Woodmann

For the same reason you can spend time on some crakmes: learn and make experience.

As you can see, I did't ask for a solution, I asked for a method.

Thanks
Promo

Ok, lets take a look at this and see what we can do.

I have been out of this game a long time but I am willing to
try and provide some clues.

Woodmann

Thank for your time

I took a cursory look at the protection scheme.
My theory is that the protected PDF has two encrypted versions. The demo version: has a universal decryption key, hardcoded inth app. Even without net access, the app manages to show the demo teaser.
The full version has a unique key that is stored on the server. Unless you have access to the server software and databases, you are SOL: nothing you do at the client side, short of guessing the key or breaking the cryptography, AES? Will recover the plaintext full PDF.

Why do you think so?