Skip to main content

B&N Changes Nook DRM Key, Further Proving That They Don’t Want Your Business

5905784087_ebb825d0bf[1]Hot on the heels of the news that B&N has cozied up to the vanity press Author Solutions comes a new report that the retailer has changed how it is implementing its DRM. A reader has informed me, and other sources confirm, that Barnes & Noble has changed how it generates  its encryption keys.

Ever since B&N launched Nook in 2009, the retailer has based the Nook DRM encryption keys on a customer’s credit card number and name. That technical spec had been inherited from eReader.com (which B&N got when it bought Fictionwise in early 2009) and enabled users to load their ebooks on to any app or ereader which supported a certain type of Adobe DE DRM (Mantano, for example).

But now B&N is using a new method for generating its encryption keys. I can’t yet tell you what the new method is (it looks to be random), but I can report that the actual DRM has not changed, just the method for generating the encryption key.

If you have a Nook app, you can still download and read your ebooks (for now). But if you want to protect your ebooks from B&N’s future bungling by removing the DRM, that’s going to require a little additional work.

To start, you’ll need to download, install, and activate NookStudy (get it here). You have to use it to download Nook ebooks. After you’ve downloaded a Nook ebook, NookStudy will have a copy of the new encryption key. (And once you have the key, you can use the usual workaround to bypass B&N’s block on downloading your Nook ebooks.)

You can find the key in one of NookStudy’s log files, and get this: NookStudy stores the key in plain text.

Yes, B&N may lock up the Nook ebooks you buy but they also literally hand you the key so you can extract the ebooks and strip the DRM.

I know that the concept of DRM is flawed due to the fact that the end user has to be able to decrypt the DRMed content, but this is the first time that I have ever encountered a company giving me the encryption key in plain text.

For more detailed instructions on how to get the key and use it, read the help file for the Apprentice Alf DeDRM plugin. I uploaded a copy here.

Note: I’ve tested the help file as far as finding the key. It is accurate.

image by frankieleon

 

 

 

Similar Articles


Comments


Paul March 4, 2015 um 3:18 pm

Maybe its so they can pay lip service to the DRM while really saying, if you want to strip it you can?

And you really shouldn’t use credit card numbers in any encryption scheme for security reasons….


Fbone March 4, 2015 um 4:03 pm

You were just made aware of this now? I noticed the change back in Sept 2014.

Nate Hoffelder March 4, 2015 um 4:10 pm

Yep. I saw a mention to that effect in the help file.

The reason I hadn’t noticed was that I don’t shop at B&N. They’re dead to me.


Medium Punch March 4, 2015 um 10:58 pm

Better late than never. I have family who still use B&N ebooks but I’ve been taking my time with bothering to untie their purchases.

Probably should start on that sometime soon before it becomes a little worse, perhaps.


DaveMich March 5, 2015 um 12:28 am

sorry to nitpick, nate, but I can’t help myself – "Hot on the heals" should be "Hot on the heels".

Nate Hoffelder March 5, 2015 um 7:11 am

Fixed it, thanks.


Chris Meadows March 5, 2015 um 3:08 am

Wow, NookStudy’s installer is brainless. I tried to install it to my D: program files directory, since my C is a SSD and I try to keep as few programs there as possible. So I changed the C: in the install-to to a D:…and then when I told it to install, it complained it couldn’t write files to the original C: directory. So I had to install it to my C drive instead. Bleah.

Nate Hoffelder March 5, 2015 um 6:37 am

That is annoying, yes.

Apple is worse. They let you choose an install location for iTunes and then they install files in a couple places they don’t tell you about.


Feda March 5, 2015 um 7:06 am

There is a simpler solution to all of that. Don’t buy DRM infested books. There is plenty of quality DRM free literature out there.

Chris Meadows March 5, 2015 um 8:00 am

Yeah, but if the specific literature you want has DRM on it, well, guess what?

trekk March 5, 2015 um 8:22 am

You should pass on that book, even if you really want to read it, Chris. You simply should not buy it! That is the only way, to wake up the sellers. If you accept DRM, you will get DRM, now and in the future.

Chris Meadows March 5, 2015 um 8:42 am

Sadly, enough consumers already accept (indeed, don’t even recognize the existence of) DRM that even if every tech-savvy e-book geek in the world boycotted it, nobody would notice. All the ordinary people who don’t care or know about it will keep right on buying, because they can do it by tapping once on their gizmo without even having to bestir their butts from their easy chairs. And in the meanwhile, I wouldn’t be able to read the book I want to read.

So, yeah, thanks but no thanks. I’m not into nose-cutting for the sake of face-spiting.


Mark Ritchie March 5, 2015 um 3:18 pm

I don’t see the problem with NookStudy printing the DRM key in the log. Previously, every user knew their own key (it was the CC number that was in effect when you downloaded that copy of the book). Now, the same user still knows their own key by getting it out of the log file. And publishing that key won’t unlock the book for the world, because the book you have was encrypted with your own key when you downloaded it. Every other user’s copy of the same book would have their own key.

Not that I agree with DRM, I just don’t think B&N seriously breached some kind of security by printing the key in their own log file.

The biggest problem here is finding it. And then, it is a giant hash key, not very memorable, and thus not easy to type into Mantano. Users should use Calibre and DeDRM to strip the DRM permanently (using their key) before they add their books to Mantano.

Nate Hoffelder March 6, 2015 um 7:51 am

The point of DRM is to secure the file. Handing someone the explicit key makes stripping the DRM a lot easier, and thus much less secure.

purple lady March 6, 2015 um 1:30 pm

Even if it is hard to type, I don’t think you can use this key in Mantano. What part do you use for the userid and what part for the password?

Mark Ritchie March 6, 2015 um 2:48 pm

I haven’t tried it yet, since I use DeDRM and Calibre. But back when I typed passwords directly into Mantano for Nook books, the user ID was your credit card name and the password was your credit card number. I assume now, it is still credit card name as user ID, and hash value as password, but I haven’t tried it.

purple lady March 6, 2015 um 2:58 pm

I already tried that and it didn’t work. I also used my email address as userid. Removing the " / and = didn’t work either.

Mark Ritchie March 6, 2015 um 6:04 pm

Hmm, ok. I recommend installing Calibre and DeDRM, and importing the keyfile as they recommend in their Barnes & Noble help. Then you can create DRM free files which you can load into Mantano.

Deb March 6, 2015 um 9:41 pm

OK, dumb question, but how do I extract the key from the log file and then turn it into a keyfile? I tried copying and pasting the hash key, and saving it in a .b64 file and using that for deDRM in calibre, but was unsuccessful. Any help?

Nate Hoffelder March 6, 2015 um 10:15 pm

That’s not a dumb question; I’m having trouble myself.

Fbone March 7, 2015 um 1:26 pm

Did you include the quotation marks?


Deb March 7, 2015 um 9:21 pm

Which file, exactly, are you getting the key from? I was looking at BNClientLog.txt, in NookStudy’s log folder, and I tried a few different things from that file. Any advice?

Nate Hoffelder March 7, 2015 um 9:33 pm

There are a couple different BNClientLog.txt files, but only the one in that log folder has the key.

Deb March 8, 2015 um 12:12 pm

I’m an idiot, I was still using tools.6.0.9, so I had a not-very-helpful help file. Who knew one version could make such a difference?
Thanks for trying to help!


Laura March 10, 2015 um 5:13 pm

Has this already changed? I have tried on multiple devices and am unable to find the log file. On mac, no data for Nook appears in my application settings. On Windows, I get a folder, but no log file. The closest I have is an API file.

Nate Hoffelder March 10, 2015 um 5:43 pm

I found the log file after I downloaded the ebooks in the NookStudy app.

Annoyed Reader March 10, 2015 um 6:46 pm

Laura, for Windows — open the "About" window and check for a link/button there that will export the log file. That worked for me.

I’ve begun to warm to Feda’s argument. There are are a few ebookstores out there that don’t use DRM. If they’ve got the book, I now go there instead of B&N even if the purchase price is a couple bucks higher.

Nate Hoffelder March 10, 2015 um 8:37 pm

That never worked for me, but it did work for others.

Deb March 14, 2015 um 10:12 am

Which stores don’t have DRM? If you google DRM-free ebooks, you get a million sites, most of which I suspect are illegal and/or virus-infecting. Which *reliable* stores have DRM-free ebooks?

Nate Hoffelder March 14, 2015 um 12:18 pm

Baen Books
O’Reilly
Pottermore

those are all I can think of off the top of my head while sitting in a airport terminal, but there are more.

fjtorres March 14, 2015 um 12:49 pm

The use of DRM is a publisher decision at Amazon, where there are hundreds of thousands of DRM-free titles.
Some publishers, like BAEN, add a DRM-Free notice but for most you have to look lower in the listing. Check the book description for "number of simultaneous devices". If the ebook says "unlimited" it is DRM-free.
Generally, books from Baen and Tor will be DRM-Free and at least half the Indie titles at Amazon are DRM-free.


luffi March 22, 2015 um 7:52 pm

i want to download nook study for windows 7, anybody help?
thanks

Nate Hoffelder March 22, 2015 um 8:15 pm

There’s a link in the post – which no longer works.

Just a second.

Nate Hoffelder March 22, 2015 um 8:33 pm

Here’s a ZIP file with the Windows 7 version of NookStudy.

In case anyone is wondering, I don’t have the OSX version.


Jennifer April 29, 2015 um 9:42 am

I am also having difficulty finding the log file on a PC using windows 7. I tried following the install path. The only folders showing up are Dictionaries, JaveScriptCore.resources, Normalizer, Plugins, and WebKit.resources. I tried searching BNClientLog.txt and I also tried using the about tab in nookstudy – copy log info to clipboard. I still can’t find it. Any help would be appreciated. Oddly enough, of the books I bought from Barnes and Noble in the past month, only 3 of the 7 are getting the DRM stripped when I import them into Calibre using the plugin that was set up prior to the encryption change. They are not the last 3 books I bought either. One was about a month ago but several other books successfully had the DRM stripped before the next one didn’t work.

Jennifer May 12, 2015 um 12:52 pm

I just found out the latest tool kit from Apprentice Alf worked to find the missing BNClientLog.txt. I doubt I will buy Barnes and Noble ebooks again just in case this happens again. It’s very disappointing that they assume all customers are either clueless people that don’t know of care that their books are locked or thieves.

Nate Hoffelder May 12, 2015 um 12:57 pm

Thanks!

Alvaro May 23, 2015 um 11:13 am

Thanks!


Robert June May 25, 2015 um 2:48 pm

I have a Nook reader, but I still want to have DRM free files. All of my ebooks are on my Nook so downloading isn’t a problem. (Located in

I looked at the files on my Nook (It comes up as Drive D on my computer) and in D:\.adobe-digital-editions there is a file called activation.xml and part of it’s contents are:
Ns1:passHash
TOFJ2y7G5UpxtWSd/UTlbxlK9r46rhyRnmeV416ipsIAegahYT3NrxyCRtKAdCyQ
KXE2uy6oHQ10RHMV19GZTaL5qx0PbJgPSEcpx3UX33pxdkhlNj0Xu8/pM0++Nhef

Are these the keys needed to unlock the DRM? If so, what do I do next. I very concerned about the long term prospects for Barnes and Noble as they seem to have angered their biggest (ie those with the most ebooks) customers.


Barnes & Noble taps new CEO for Nook division as revamped B&N e-commerce site hinders access to e-books – TeleRead: News and views on e-books, libraries, publishing and related topics July 2, 2015 um 7:06 pm

[…] for some reason it waited a half hour to install), as does the Nook Study app that Nate linked when Barnes & Noble changed the Nook’s DRM key in March. Likewise, the Nook Android app works fine on my phone. All of them are able to access my complete […]


Robert August 11, 2015 um 12:37 pm

The Nook Study is no longer working. At least on Windows 10. You get an internal error about not retrieving the adobe login. Using Nook PC, you can download the epubs from your library, but the DRE plugin will not remove the DRE.

Nate Hoffelder August 11, 2015 um 8:10 pm

Thanks for the heads up.

Rob August 14, 2015 um 12:01 am

I’ve had the same issue. Tried to rectify it but I was constantly directed toward the new Barns & Noble program called Yuzu. Doesn’t seem to be a PC version. Any tips?

Nate Hoffelder September 30, 2016 um 1:53 pm

Don’t use it.

Run Away!

Run Away!


Robert August 11, 2015 um 11:31 pm

Just an update to my previous issue: I had to use Nook from the Windows App store on my Windows 10. Then used Calibre with the DeDRM Tools 6.3.2 plugin. I had to use my B&N email and credit card number instead of email and password.

Rob August 14, 2015 um 7:57 am

but that worked?

Robert August 14, 2015 um 10:16 am

It worked for may particular books. Some were purchased more than a year ago. One I purchased that night I did all this. None would let me strip the DRM using the current DeDRM Tools as per the instructions. I posted over on the DeDRM blog asking questions and trying suggestions before finding what worked for me. Which, actually surprised the author as he said B&N doesn’t work like that any more.

I’m on Windows 10 so used the Nook App that came with Windows Store as part of my solution. I tried all other methods… downloading and old version of Nook Study, Adobe Digital, signing up for an Adobe account.

In the end, I deleted all the programs and all my downloads. Then installed Nook App from Windows Store, logged in using my B&N email/pass, and downloaded the books (they show up in the Local State directory inside D:\Users\Your_Name\AppData\Local\Packages\Barnes_Noble…something).

From there, I opened Calibre and configured the B&N key for the DeDRM plugin and used my B&N email and the credit card number I used to purchase the books… the same I had as my default payment when re-downloading as well… which I think the latter is important in my case.

I had tried using my B&N email/pass in the plugin and it simply wouldn’t work. As a last ditch effort, I used the CC number and bingo. No issues with the import and DRM stripping.

Nate Hoffelder August 14, 2015 um 10:56 am

Thanks for this.

I wasn’t sure how to proceed. I’m still on Windows 7, so i could not test this myself.

Rob August 15, 2015 um 12:33 pm

I am on Windows 7 as well. It has worked for me. 🙂

Rob August 15, 2015 um 12:32 pm

It’s worked for my books as well. Good work Robert and thanks for the heads up!

Barbara August 16, 2015 um 3:22 am

Argh! Thanks for info Robert. I could not find files before. But I have been trying and it didn’t work for me. I have windows 8, reinstalled nook app from windows store, downloaded books. Opened Calibre, configured B and N key in DeDRM plugin using user name and tried with both current credit card and older one (used for most purchases). Still have DRM locks on many books. Very frustrating! Like others, I guess I have made my last BandN purchase.

Rob August 16, 2015 um 7:28 pm

I found that if you have to change the key, you have to uninstall and reinstall Calibre and all the plug ins. It’s a pain in the butt, but it worked for me with the exception of two books that were sent as gifts to another user or the same computer.

Nate Hoffelder August 17, 2015 um 6:51 am

Thanks, Rob!

Rob August 19, 2015 um 5:25 pm

Anytime, Nate. I’m glad I could be of some help.

I just want to update: The gifted books I mentioned in my previous post are STILL locked and I can’t seem to figure out a way to unlock them. I’ve tried every email, CC# I could think of, the older "password" version of the key, etc. It’s not working.

Not sure what’s happening with the gifted book, but the books personally to my account an to my mother’s have all been unlocked.

Rob August 19, 2015 um 5:26 pm

Sorry that should read: "but the books personally downloaded to my own account and to my mother’s have all been unlocked."


Howard Brazee August 15, 2015 um 9:13 pm

I updated and opened Nook Study no my Mac. When I went into the configuration and looked at the account, I got the spinner for several hours. So I logged off and tried logging on with the account I access B&N on my web. Nook Study says it is an invalid account. I can look at my credit card information by using that password in Nook for Mac (although I don’t know how it knew my UserID). I thought it might want my Adobe password, and entered it. I didn’t get the error, but I didn’t log on either, the logon screen looped without an error message.

How do I log on to Nook Study?

Jon April 17, 2018 um 9:25 am

I suspect that Barnes and Noble has since stopped supporting the Nook Study at all. Which means they probably shut down the authentication mechanism they use for logging you in. HOWEVER! It’s April 17, 2018 right now. While the login from the NOOK Study fails (it just spins for a long time, then brings me back to the login page), it still populates the relevant log file with the relevant keys(!) Weird! Note, I still had to "Import" the key into the DeDRM plugin for Calibre. The more detailed instructions about how to use Apprentice Alf’s DeDRM instructions are still relevant.


Paul May 20, 2018 um 9:53 pm

I was able to figure out the revised key generation technique on my second attempt! (Got to think like a programmer). Older keys are generated by typing in the name on the credit card using both upper and lower case (Jane Doe). Newer keys are generated by mapping the name to full upper case (JANE DOE).

To generate the keys to use in Calibre, grab the file https://github.com/apprenticeharper/DeDRM_tools/blob/master/DeDRM_calibre_plugin/DeDRM_plugin/ignoblekeygen.py in "raw" (ASCII text) mode, and execute it (as explained in the comments in the file). It will prompt you for the "Account Name" and "CC#". The account name is the name of the card holder, exactly as typed on the credit card; either all caps or mixed case, apparently depending on when the book was purchased. CC# is the credit card number without any punctuation or spaces. Write the key to a file, and then import the keys into Calibre’s DeDRM plugin.

As of this writing, you can still retrieve your current key from B&N using the DeDRM menu. But if you have changed your name or credit card number, you’ll have to generate previous keys by yourself.

The Nook Study program no longer works on macOS High Sierra. It throws up a blank screen and doesn’t create the necessary file.


Write a Comment