tags:

views:

302

answers:

4
+2  Q: 

Has there been any serious effort made to reverse engineer the Amazon MP3 store azn file format?

Since the Amazon MP3 store launched in the UK, I really want to write a downloader application for my phone so I can buy mp3s wherever I am and listen to them without hassle. However, first I need to reverse engineer the amazon .azn file format it supplies to the downloader app. The outer layer is obvious, it is simply base 64 encoded. However, the next layer in is a little more mysterious. It isn't deflated as far as I can tell, nor any other obvious compression algorithm.

I'm going to try a few tricks to see if I can use the downloader app itself to help me figure it out, but I wonder if I'm reproducing work someone else has done out there in an obscure corner of the internet? Anyone know of any work that has previously gone in to this?

A: 

Be careful here - I'm not sure what kind of laws are enforced in the UK, but in the US an attempt to circumvent copyright protection schemes (in this instance Digital Rights Management) is a violation of the DCMA.

That being said, if you are doing this solely for personal/academic use I doubt anyone would mind. Still, none of this should be construed as legal advice.

Jordan L. Walbesser  2008-12-17 03:45:36
It isn't copy protection, the MP3 files themselves aren't DRM encumbered. It's simply attempting to decode a file that specifies where to download the MP3s from. In any case, reverse engineering for the purposes of interoperability is protected under UK law.
 2008-12-17 04:27:46
Thanks for the info Dave, it's good to know!
Jordan L. Walbesser  2008-12-17 05:10:10
Dave - while I believe that you are correct on that legal point, I had vaguely heard that that had changed because of european directives on copyright. Not sure though, would check it if you were ever going to rely on it.
Marcin  2009-01-03 02:40:17
+2  A: 

I may well have answered my own question anyway. The software uses OpenSSL for various things, including BIO base 64 decode. I believe the inner layer is actually encrypted (wtf?) However, while the windows version of the downloader statically links to OpenSSL, the Linux version dynamically links to it. This should mean not only do I know which functions the binary imports from the import table, I should simply be able to throw an instrumented version of OpenSSL at it and have it print out all the parameters I need. MWAHAHAHA. Sorry, evil genius moment.

 2008-12-17 05:43:47
+1  A: 

it's not hard

base-64 encoded single-DES CBC

constant key 29ab9d18b2449e315e72

fixed IV 5e72d79a11b34fee

merry xmas

 2009-02-10 08:31:12
+1  A: 

There is an free software project to download mp3 albums from amazon. In playlist.c they decrypt the amz file: http://code.google.com/p/clamz/

Felix Schwarz  2009-12-06 11:36:25

related questions

Wrapping Visual C++ in C#
Open source ER diagramming tool for mysql
What are the best ways to understand an unfamiliar database?
Is reverse engineering evil?
Best way to inject functionality into a binary...
Good techniques for understanding someone else's code
How is the photoshop cutout filter implemented?
Best way to reverse-engineer a web service interface from a WSDL file?
How to reverse engineer undocumented legacy application?
Is there a C++ decompiler?
What's a good C decompiler?
Reverse engineering war stories
How do I decompile a .NET EXE into readable C# source code?
Creating a new rrd database based on an existing one
how are serial generators / cracks developed?
Is it legal to reverse engineer binary file formats
How would you go about reverse engineering a set of binary data pulled from a device?
Reverse Engineering C# code using StarUML
What are the best tools for reverse engineering z80 machine code?
Sequence Diagram Reverse Engineering
Stored procedures reverse engineering
How do I disassemble a VC++ application?
best tool to reverse-engineer a WinXP PS/2 touchpad driver?
Reverse engineer (oracle) schema to ERD
Annotating YouTube videos programatically