Extracting DRM-restricted epub from my Android
There are many reasons that motivate me to obtain “my” ebooks (instead of breaking DRM, which seems to be scary at first glance). By the way, I like Aladin, a Korean online book store, because as far as I know this is only place that I can purchase a book without installing ActiveX in my linux machine though I can’t pay with my VISA credit card issued outside of Korea.
The very first reason is that I can’t read ‘my’ ebook without Internet connection when opening a stupid Aladin ebook reader. I love reading books out of my office, in subway, and on air. Initially I tried figuring out a way to workaround this. What I found is that when opening a downloaed epub file in Aladin, they initiate an ‘activity’ to open this epub. Without initiating this Aladin app, we can directly request the ‘activity’ — surely embedded epub reader itself isn’t designed by Aladin but by Haansoft.
I think I don’t have to motivate you further by telling many other reasons other than above. That is a big thing. Let’s start carving my epub to read without Aladin involved. Then, what are the plans? Very first hypothesis is that Aladin app fully decrypts my epub when I open, and keep them into memory while reading. It is a very reasonable assumption if you see how Aladin app behaves. If I disconnect Internet while reading, I am still able to display all pages even though they enforce Internet connection at start. Standard procedures are like this:
1. Dump memory before/after opening epub
2. Compare them in Java object level
3. Carve decrypted memory of epub into a standard epub format

There are many ways to dump memory. Among many different trials with my rooted gtab, it is the east way to use ddms with emulator, and convert them into standard memory analyzer format (hprof). But bad news is that we have to install eclipse … anyway.

You can convert ddms’s hprof to mat’s hprof with below commands:
1 2 | hprof-conv mem1.hprof mat1.hprof hprof-conv mem2.hprof mat2.hprof |
What we are interested in is the ‘difference’ of two dumps. As you can see, there is the ‘biggest’ byte string in the second dump (mat2.hprof after opening the epub file). Here is command to extract that byte object from dumped memory file.
1 | dd if=mat2.hprof skip=16677160 bs=1 count=1572344 of=my.epub |
Ok, it seems we are in the right track. If you open ‘my.epub’ with archive manager, you can see all content files are decrypted already! Let’s see the difference between carved my.epub and original epub file.

Awesome right? we got the decrypted epub file as it is. Unfortunately trying this decrypted epub in gtab doesn’t work. Thus I compare DRM-free epub with carved epub file. Interestingly, there is NO META-INFO/encryption.xml file in the DRM-free file, even though contents of all files are decrypted already. Ah! after uncompressing carved epub and deleting this encryption file, I just re-compress all files into a single epub (it’s simply zip, and 1/2 smaller size!). Here we go. I finally obtain DRM-free epub and can read them in different ebook reader!
To Aladin: did you try reading ebooks? or do you like reading? .. please think of what users like to do.