Insert Trumpets Here

Reverse Engineering Challenge

Note: As of Dec 17th, 2010, this challenge has been cracked, so the cash bounty is no longer valid.  You can still do this for fun!

Background: There are several publishers who offer their manga online on special sites.  Two of those sites are Yahoo! Comic and Club Sunday.  Together, they have well over 300 manga series freely available online.

Problem: However, unlike the much less secure site GanGan Online, the images on these sites are encrypted and can only be viewed through their special viewer.  Because I have no experience in ActionScript or cryptography, I ask upon you to help.

Goal: Code that can decrypt their images for viewing with the information available.  Preferably written in Java, or can be easily translated to Java.

Rewards:
  • Cash bounty is $30 as of this writing.  Yea, I'm cheap like that.
  • The ability to download hundreds of manga chapters legally and freely distributed online.

    Information:  The following information may only apply to Yahoo! Comic.  I will post information for Club Sunday if I find any differences.  Edit (Dec 16th, 1:44 AM):  Ok, they're really different.
    1. A usual page for a series in Yahoo! Comic looks like this.  There are blue buttons (all labeled "読む") for activating the reading applet (our example is the first chapter of this series):

      http://view.books.yahoo.co.jp/dor/drm/dor_main.php?key1=historia-dannsuma01-0001&sp=-1&ad=1&re=0&xmlurl=http%3A%2F%2Fstream01.books.yahoo.co.jp%3A8001%2F&shd=2cf7b9992d7a72ec5e18c35b710e7aa0115b407f

    2. Several useful parameters can be extracted here, such as key1, shd, and xmlurl.  We can then use them to construct the url to the contentinfo file.

      [xmlurl]      /content_dl.php?dtype=0&key1=[key1]&z=&x=0&shd=[shd]&re=0&ad=0&pre=&p=

      In this case:

      http://stream01.books.yahoo.co.jp:8001/content_dl.php?dtype=0&key1=historia-dannsuma01-0001&z=&x=0&shd=2cf7b9992d7a72ec5e18c35b710e7aa0115b407f&re=0&ad=0&pre=&p=

    3. A viewerinfo file can also be found, but it seems to be useless:

      http://stream01.books.yahoo.co.jp:8001/content_dl.php?dtype=4&key1=historia-dannsuma01-0001&ad=1&re=0&z=&x=&sp=-1&pre=&shd=2cf7b9992d7a72ec5e18c35b710e7aa0115b407f&p=

    4. Through the contentinfo file, we can find the value of the [DataFileFolder].  Now, we can find the url of each page.

      [xmlurl]      /content_dl.php?dtype=1&key1=[key1]&z=&x=0&shd=[shd]&re=0&ad=0&pre=&pno=[page number]&p=[DataFileFolder]

      Such as:

      http://stream01.books.yahoo.co.jp:8001/content_dl.php?dtype=1&key1=historia-dannsuma01-0001&z=&x=0&shd=2cf7b9992d7a72ec5e18c35b710e7aa0115b407f&re=0&ad=0&pre=&pno=1&p=free/historia/dannsuma01/0001/

    5. However, that gives us back an encrypted file that doesn't seem to be in any usual image format.  I conclude that the viewer must be decrypting the info in the file.  That's where you come in.  Backtracking to the very start, we can find that the viewer is PCViewer.swf (mirrors: MF, MU, 4SH).  The code to decrypt the images must be in PCViewer.swf; use a SWF decompiler of some kind and convert the code from ActionScript to Java.
      Please contact me through e-mail for questions, information, suggestions, etc.
    Subscribe to: Posts (Atom)