B&N Changes Nook DRM Key, Further Proving That They Don’t Want Your Business

B&N Changes Nook DRM Key, Further Proving That They Don't Want Your Business Barnes & Noble DRM Hot on the heels of the news that B&N has cozied up to the vanity press Author Solutions comes a new report that the retailer has changed how it is implementing its DRM. A reader has informed me, and other sources confirm, that Barnes & Noble has changed how it generates  its encryption keys.

Ever since B&N launched Nook in 2009, the retailer has based the Nook DRM encryption keys on a customer's credit card number and name. That technical spec had been inherited from eReader.com (which B&N got when it bought Fictionwise in early 2009) and enabled users to load their ebooks on to any app or ereader which supported a certain type of Adobe DE DRM (Mantano, for example).

But now B&N is using a new method for generating its encryption keys. I can't yet tell you what the new method is (it looks to be random), but I can report that the actual DRM has not changed, just the method for generating the encryption key.

If you have a Nook app, you can still download and read your ebooks (for now). But if you want to protect your ebooks from B&N's future bungling by removing the DRM, that's going to require a little additional work.

To start, you'll need to download, install, and activate NookStudy (get it here). You have to use it to download Nook ebooks. After you've downloaded a Nook ebook, NookStudy will have a copy of the new encryption key. (And once you have the key, you can use the usual workaround to bypass B&N's block on downloading your Nook ebooks.)

You can find the key in one of NookStudy's log files, and get this: NookStudy stores the key in plain text.

Yes, B&N may lock up the Nook ebooks you buy but they also literally hand you the key so you can extract the ebooks and strip the DRM.

I know that the concept of DRM is flawed due to the fact that the end user has to be able to decrypt the DRMed content, but this is the first time that I have ever encountered a company giving me the encryption key in plain text.

For more detailed instructions on how to get the key and use it, read the help file for the Apprentice Alf DeDRM plugin. I uploaded a copy here.

Note: I've tested the help file as far as finding the key. It is accurate.

image by frankieleon

 

 

 

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

58 Comments

  1. Paul4 March, 2015

    Maybe its so they can pay lip service to the DRM while really saying, if you want to strip it you can?

    And you really shouldn’t use credit card numbers in any encryption scheme for security reasons….

    Reply
  2. Fbone4 March, 2015

    You were just made aware of this now? I noticed the change back in Sept 2014.

    Reply
    1. Nate Hoffelder4 March, 2015

      Yep. I saw a mention to that effect in the help file.

      The reason I hadn’t noticed was that I don’t shop at B&N. They’re dead to me.

      Reply
  3. Medium Punch4 March, 2015

    Better late than never. I have family who still use B&N ebooks but I’ve been taking my time with bothering to untie their purchases.

    Probably should start on that sometime soon before it becomes a little worse, perhaps.

    Reply
  4. DaveMich5 March, 2015

    sorry to nitpick, nate, but I can’t help myself – “Hot on the heals” should be “Hot on the heels”.

    Reply
    1. Nate Hoffelder5 March, 2015

      Fixed it, thanks.

      Reply
  5. Chris Meadows5 March, 2015

    Wow, NookStudy’s installer is brainless. I tried to install it to my D: program files directory, since my C is a SSD and I try to keep as few programs there as possible. So I changed the C: in the install-to to a D:…and then when I told it to install, it complained it couldn’t write files to the original C: directory. So I had to install it to my C drive instead. Bleah.

    Reply
    1. Nate Hoffelder5 March, 2015

      That is annoying, yes.

      Apple is worse. They let you choose an install location for iTunes and then they install files in a couple places they don’t tell you about.

      Reply
  6. Feda5 March, 2015

    There is a simpler solution to all of that. Don’t buy DRM infested books. There is plenty of quality DRM free literature out there.

    Reply
    1. Chris Meadows5 March, 2015

      Yeah, but if the specific literature you want has DRM on it, well, guess what?

      Reply
      1. trekk5 March, 2015

        You should pass on that book, even if you really want to read it, Chris. You simply should not buy it! That is the only way, to wake up the sellers. If you accept DRM, you will get DRM, now and in the future.

        Reply
        1. Chris Meadows5 March, 2015

          Sadly, enough consumers already accept (indeed, don’t even recognize the existence of) DRM that even if every tech-savvy e-book geek in the world boycotted it, nobody would notice. All the ordinary people who don’t care or know about it will keep right on buying, because they can do it by tapping once on their gizmo without even having to bestir their butts from their easy chairs. And in the meanwhile, I wouldn’t be able to read the book I want to read.

          So, yeah, thanks but no thanks. I’m not into nose-cutting for the sake of face-spiting.

          Reply
  7. Mark Ritchie5 March, 2015

    I don’t see the problem with NookStudy printing the DRM key in the log. Previously, every user knew their own key (it was the CC number that was in effect when you downloaded that copy of the book). Now, the same user still knows their own key by getting it out of the log file. And publishing that key won’t unlock the book for the world, because the book you have was encrypted with your own key when you downloaded it. Every other user’s copy of the same book would have their own key.

    Not that I agree with DRM, I just don’t think B&N seriously breached some kind of security by printing the key in their own log file.

    The biggest problem here is finding it. And then, it is a giant hash key, not very memorable, and thus not easy to type into Mantano. Users should use Calibre and DeDRM to strip the DRM permanently (using their key) before they add their books to Mantano.

    Reply
    1. Nate Hoffelder6 March, 2015

      The point of DRM is to secure the file. Handing someone the explicit key makes stripping the DRM a lot easier, and thus much less secure.

      Reply
    2. purple lady6 March, 2015

      Even if it is hard to type, I don’t think you can use this key in Mantano. What part do you use for the userid and what part for the password?

      Reply
      1. Mark Ritchie6 March, 2015

        I haven’t tried it yet, since I use DeDRM and Calibre. But back when I typed passwords directly into Mantano for Nook books, the user ID was your credit card name and the password was your credit card number. I assume now, it is still credit card name as user ID, and hash value as password, but I haven’t tried it.

        Reply
        1. purple lady6 March, 2015

          I already tried that and it didn’t work. I also used my email address as userid. Removing the ” / and = didn’t work either.

          Reply
          1. Mark Ritchie6 March, 2015

            Hmm, ok. I recommend installing Calibre and DeDRM, and importing the keyfile as they recommend in their Barnes & Noble help. Then you can create DRM free files which you can load into Mantano.

    3. Deb6 March, 2015

      OK, dumb question, but how do I extract the key from the log file and then turn it into a keyfile? I tried copying and pasting the hash key, and saving it in a .b64 file and using that for deDRM in calibre, but was unsuccessful. Any help?

      Reply
      1. Nate Hoffelder6 March, 2015

        That’s not a dumb question; I’m having trouble myself.

        Reply
      2. Fbone7 March, 2015

        Did you include the quotation marks?

        Reply
  8. Deb7 March, 2015

    Which file, exactly, are you getting the key from? I was looking at BNClientLog.txt, in NookStudy’s log folder, and I tried a few different things from that file. Any advice?

    Reply
    1. Nate Hoffelder7 March, 2015

      There are a couple different BNClientLog.txt files, but only the one in that log folder has the key.

      Reply
      1. Deb8 March, 2015

        I’m an idiot, I was still using tools.6.0.9, so I had a not-very-helpful help file. Who knew one version could make such a difference?
        Thanks for trying to help!

        Reply
  9. Laura10 March, 2015

    Has this already changed? I have tried on multiple devices and am unable to find the log file. On mac, no data for Nook appears in my application settings. On Windows, I get a folder, but no log file. The closest I have is an API file.

    Reply
    1. Nate Hoffelder10 March, 2015

      I found the log file after I downloaded the ebooks in the NookStudy app.

      Reply
    2. Annoyed Reader10 March, 2015

      Laura, for Windows — open the “About” window and check for a link/button there that will export the log file. That worked for me.

      I’ve begun to warm to Feda’s argument. There are are a few ebookstores out there that don’t use DRM. If they’ve got the book, I now go there instead of B&N even if the purchase price is a couple bucks higher.

      Reply
      1. Nate Hoffelder10 March, 2015

        That never worked for me, but it did work for others.

        Reply
      2. Deb14 March, 2015

        Which stores don’t have DRM? If you google DRM-free ebooks, you get a million sites, most of which I suspect are illegal and/or virus-infecting. Which *reliable* stores have DRM-free ebooks?

        Reply
        1. Nate Hoffelder14 March, 2015

          Baen Books
          O’Reilly
          Pottermore

          those are all I can think of off the top of my head while sitting in a airport terminal, but there are more.

          Reply
        2. fjtorres14 March, 2015

          The use of DRM is a publisher decision at Amazon, where there are hundreds of thousands of DRM-free titles.
          Some publishers, like BAEN, add a DRM-Free notice but for most you have to look lower in the listing. Check the book description for “number of simultaneous devices”. If the ebook says “unlimited” it is DRM-free.
          Generally, books from Baen and Tor will be DRM-Free and at least half the Indie titles at Amazon are DRM-free.

          Reply
  10. luffi22 March, 2015

    i want to download nook study for windows 7, anybody help?
    thanks

    Reply
    1. Nate Hoffelder22 March, 2015

      There’s a link in the post – which no longer works.

      Just a second.

      Reply
    2. Nate Hoffelder22 March, 2015

      Here’s a ZIP file with the Windows 7 version of NookStudy.

      In case anyone is wondering, I don’t have the OSX version.

      Reply
  11. Jennifer29 April, 2015

    I am also having difficulty finding the log file on a PC using windows 7. I tried following the install path. The only folders showing up are Dictionaries, JaveScriptCore.resources, Normalizer, Plugins, and WebKit.resources. I tried searching BNClientLog.txt and I also tried using the about tab in nookstudy – copy log info to clipboard. I still can’t find it. Any help would be appreciated. Oddly enough, of the books I bought from Barnes and Noble in the past month, only 3 of the 7 are getting the DRM stripped when I import them into Calibre using the plugin that was set up prior to the encryption change. They are not the last 3 books I bought either. One was about a month ago but several other books successfully had the DRM stripped before the next one didn’t work.

    Reply
    1. Jennifer12 May, 2015

      I just found out the latest tool kit from Apprentice Alf worked to find the missing BNClientLog.txt. I doubt I will buy Barnes and Noble ebooks again just in case this happens again. It’s very disappointing that they assume all customers are either clueless people that don’t know of care that their books are locked or thieves.

      Reply
      1. Nate Hoffelder12 May, 2015

        Thanks!

        Reply
      2. Alvaro23 May, 2015

        Thanks!

        Reply
  12. Robert June25 May, 2015

    I have a Nook reader, but I still want to have DRM free files. All of my ebooks are on my Nook so downloading isn’t a problem. (Located in

    I looked at the files on my Nook (It comes up as Drive D on my computer) and in D:\.adobe-digital-editions there is a file called activation.xml and part of it’s contents are:
    Ns1:passHash
    TOFJ2y7G5UpxtWSd/UTlbxlK9r46rhyRnmeV416ipsIAegahYT3NrxyCRtKAdCyQ
    KXE2uy6oHQ10RHMV19GZTaL5qx0PbJgPSEcpx3UX33pxdkhlNj0Xu8/pM0++Nhef

    Are these the keys needed to unlock the DRM? If so, what do I do next. I very concerned about the long term prospects for Barnes and Noble as they seem to have angered their biggest (ie those with the most ebooks) customers.

    Reply
  13. Barnes & Noble taps new CEO for Nook division as revamped B&N e-commerce site hinders access to e-books - TeleRead: News and views on e-books, libraries, publishing and related topics2 July, 2015

    […] for some reason it waited a half hour to install), as does the Nook Study app that Nate linked when Barnes & Noble changed the Nook’s DRM key in March. Likewise, the Nook Android app works fine on my phone. All of them are able to access my complete […]

    Reply
  14. Robert11 August, 2015

    The Nook Study is no longer working. At least on Windows 10. You get an internal error about not retrieving the adobe login. Using Nook PC, you can download the epubs from your library, but the DRE plugin will not remove the DRE.

    Reply
    1. Nate Hoffelder11 August, 2015

      Thanks for the heads up.

      Reply
      1. Rob14 August, 2015

        I’ve had the same issue. Tried to rectify it but I was constantly directed toward the new Barns & Noble program called Yuzu. Doesn’t seem to be a PC version. Any tips?

        Reply
        1. Nate Hoffelder30 September, 2016

          Don’t use it.

          Run Away!

          Run Away!

          Reply
  15. Robert11 August, 2015

    Just an update to my previous issue: I had to use Nook from the Windows App store on my Windows 10. Then used Calibre with the DeDRM Tools 6.3.2 plugin. I had to use my B&N email and credit card number instead of email and password.

    Reply
    1. Rob14 August, 2015

      but that worked?

      Reply
      1. Robert14 August, 2015

        It worked for may particular books. Some were purchased more than a year ago. One I purchased that night I did all this. None would let me strip the DRM using the current DeDRM Tools as per the instructions. I posted over on the DeDRM blog asking questions and trying suggestions before finding what worked for me. Which, actually surprised the author as he said B&N doesn’t work like that any more.

        I’m on Windows 10 so used the Nook App that came with Windows Store as part of my solution. I tried all other methods… downloading and old version of Nook Study, Adobe Digital, signing up for an Adobe account.

        In the end, I deleted all the programs and all my downloads. Then installed Nook App from Windows Store, logged in using my B&N email/pass, and downloaded the books (they show up in the Local State directory inside D:\Users\Your_Name\AppData\Local\Packages\Barnes_Noble…something).

        From there, I opened Calibre and configured the B&N key for the DeDRM plugin and used my B&N email and the credit card number I used to purchase the books… the same I had as my default payment when re-downloading as well… which I think the latter is important in my case.

        I had tried using my B&N email/pass in the plugin and it simply wouldn’t work. As a last ditch effort, I used the CC number and bingo. No issues with the import and DRM stripping.

        Reply
        1. Nate Hoffelder14 August, 2015

          Thanks for this.

          I wasn’t sure how to proceed. I’m still on Windows 7, so i could not test this myself.

          Reply
          1. Rob15 August, 2015

            I am on Windows 7 as well. It has worked for me. 🙂

        2. Rob15 August, 2015

          It’s worked for my books as well. Good work Robert and thanks for the heads up!

          Reply
        3. Barbara16 August, 2015

          Argh! Thanks for info Robert. I could not find files before. But I have been trying and it didn’t work for me. I have windows 8, reinstalled nook app from windows store, downloaded books. Opened Calibre, configured B and N key in DeDRM plugin using user name and tried with both current credit card and older one (used for most purchases). Still have DRM locks on many books. Very frustrating! Like others, I guess I have made my last BandN purchase.

          Reply
          1. Rob16 August, 2015

            I found that if you have to change the key, you have to uninstall and reinstall Calibre and all the plug ins. It’s a pain in the butt, but it worked for me with the exception of two books that were sent as gifts to another user or the same computer.

          2. Nate Hoffelder17 August, 2015

            Thanks, Rob!

          3. Rob19 August, 2015

            Anytime, Nate. I’m glad I could be of some help.

            I just want to update: The gifted books I mentioned in my previous post are STILL locked and I can’t seem to figure out a way to unlock them. I’ve tried every email, CC# I could think of, the older “password” version of the key, etc. It’s not working.

            Not sure what’s happening with the gifted book, but the books personally to my account an to my mother’s have all been unlocked.

          4. Rob19 August, 2015

            Sorry that should read: “but the books personally downloaded to my own account and to my mother’s have all been unlocked.”

  16. Howard Brazee15 August, 2015

    I updated and opened Nook Study no my Mac. When I went into the configuration and looked at the account, I got the spinner for several hours. So I logged off and tried logging on with the account I access B&N on my web. Nook Study says it is an invalid account. I can look at my credit card information by using that password in Nook for Mac (although I don’t know how it knew my UserID). I thought it might want my Adobe password, and entered it. I didn’t get the error, but I didn’t log on either, the logon screen looped without an error message.

    How do I log on to Nook Study?

    Reply
    1. Jon17 April, 2018

      I suspect that Barnes and Noble has since stopped supporting the Nook Study at all. Which means they probably shut down the authentication mechanism they use for logging you in. HOWEVER! It’s April 17, 2018 right now. While the login from the NOOK Study fails (it just spins for a long time, then brings me back to the login page), it still populates the relevant log file with the relevant keys(!) Weird! Note, I still had to “Import” the key into the DeDRM plugin for Calibre. The more detailed instructions about how to use Apprentice Alf’s DeDRM instructions are still relevant.

      Reply
  17. Paul20 May, 2018

    I was able to figure out the revised key generation technique on my second attempt! (Got to think like a programmer). Older keys are generated by typing in the name on the credit card using both upper and lower case (Jane Doe). Newer keys are generated by mapping the name to full upper case (JANE DOE).

    To generate the keys to use in Calibre, grab the file https://github.com/apprenticeharper/DeDRM_tools/blob/master/DeDRM_calibre_plugin/DeDRM_plugin/ignoblekeygen.py in “raw” (ASCII text) mode, and execute it (as explained in the comments in the file). It will prompt you for the “Account Name” and “CC#”. The account name is the name of the card holder, exactly as typed on the credit card; either all caps or mixed case, apparently depending on when the book was purchased. CC# is the credit card number without any punctuation or spaces. Write the key to a file, and then import the keys into Calibre’s DeDRM plugin.

    As of this writing, you can still retrieve your current key from B&N using the DeDRM menu. But if you have changed your name or credit card number, you’ll have to generate previous keys by yourself.

    The Nook Study program no longer works on macOS High Sierra. It throws up a blank screen and doesn’t create the necessary file.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top
%d bloggers like this: