I’m switching directions on my quest to understand OverDrive Media Console. I do know a bit more about how OverDrive on Android works and there is much learning to be had in the ‘activation.xml’ and the sqlite3 ‘omcDB’ file.
I wrote a Ruby script to extract that Abode Digital Editions (ADE) key from activation.xml and it’s identical to the what the Python script gets from Windows and ADE. It’s just a key. I’ve got a valid account at the Library and with Google and Adobe. I’m not breaking any laws to get the key. Using the key to remove DRM, that might be an ethical issue but the python scripts are all over the net. Distributing the cracked epub would be illegal and there is no personal gain to be had for that. I did write a Shoes (ruby) GUI script to help automate the download of the files from Android device and extract the key. I ran afoul of Shoe’s well known problems with gems and Shoes (net-ssh, net-sftp for my script). I thought about the problem I wanted to solve. It’s a pure Linux issue — it’s not a problem to solve on Windows or OSX.
So, I switched to green_shoes where it uses the ruby/gems in the system (or rvm) instead of the built in, self contained gems of Red Shoes (rvm can really confuse you about gems and (original Red) Shoes.) I made a few minor changes to the hash syntax. Success. As in GUI success! I didn’t finish debugging the sftp code against the android device because I realized it’s kind of silly to download obscure files from Android that basically haven’t changed (the activationkey will never change) if you use the same public library
There is no OverDrive Media Console program for Linux or a Linux ADE so I can’t download the epub that I checked out of the library from Linux. ODMC on Android doesn’t tell me that I’ve downloaded the book before although it does know (I’ve seen the DB) Why waste a library checkout if I’ve already read the book, let someone else have that digital slot. Ebooks can only be borrowed so many times.
The nearest Linux equivalent to Adobe Digital Digital Editions is Calibre. There is a $2.99 Android app that will talk to a Calibre server (free) when configured. So, with the vast tools at hand and half baked knowledge why couldn’t I write script to accept and decode the .acsm download like ODMC or ADE do and then I could pass the .epub file(s) into Calibre.
One reason that the folks at Adobe and OverDrive don’t write Linux versions of their programs is that there is no standard GUI or language. Python, Ruby, GTK, GTK++, GTK2, TK, Nothing is standard. Sadly, they miss the point with their Purity blinders. I’m going to use Green_Shoes and Ruby and if I’m successful, it would only take a day or two of Python/TK work to convert. There are many reasons to use Python (TK?) instead of Ruby and Shoes (green shoes) for this acsm downloader attempt. Many very good reasons to use Python instead of Ruby.
But, I like Ruby more when I don’t know what I’m doing and if you need a small GUI, Shoes (green or red) is so much simpler. IMO. It could be I’ll end up using Python (did I mention may reasons I should).
So, I did a wireshark capture of eth0 traffic when I used (hold on for bumpy ride) a Virtual Box VM of Windows/Xp/SP2+ running Firefox connected to my OverDrive Library account’s when I download the acsm file and passed it off to ADE. Thankfully, that seems to have captured the VM traffic along with all the DLNA chatting and the router chatting. I haven’t dug into the wireshark log very deep. Just enough to know that there are http PUTS and some SSL key exchanges with multiples website that claim to be your Library. Stuff you won’t see in a browser. I also see some odd (to me) google safesite traffic. I don’t remember asking for that help. So many discoveries ahead.
Looking at just the HTTP traffic from the wireshark capture, it’s about what you would expect. A series of xml exchanges, then the epub+zip download and then a confirmation (XML). There appears to be lots of ‘echo’ data in the XML passed around as in you have to pass back what was sent plus some other stuff more appropriate to the phase of the transaction. I strongly suspect that different users agents (ADE/flash vs Android ODMC) will get you different different interactions. For certain the ODMC will get you a differently locked file.
I’m leaking enthusiasm quickly. The SSL exchanges goes to akamai which I suspect is to verify certificate/keys/stuff and a magic token is returned. I don’t want to decode and duplicate all that nonsense. On the other hand, maybe the cert check is just some thing Adobe did because it seemed like a good idea and it doesn’t really matter. It probably matters.