Sunday, May 29, 2011

Aldiko for Landscape Mode

Landscape in the Nook Color is broken. So is the BN DRM. The latter is so badly broken that it may actually be risky to purchase ebooks from BN.

BN knows, or should know, that many avid readers also have limited mobility and may need to prop their devices to use them comfortably. More than one such customer has explained the problem in the BN Nook Color forums. The Nook Color was marketed as a device that worked in landscape mode without qualification -- until the launch of the Nook, Second Edition. The marketing copy now says "for kids books and magazines."

The covers sold with the Nook Color almost all only support landscape display in their "standalone" or "easel" modes. The charger for the device is much less likely to be damaged if one reads and charges simultaneously in landscape mode -- in portrait mode, the Nook Color will rest its weight on the charging cable.

If you need landscape mode and night mode, BN continues to fail to deliver. If you're concerned about a vendor storing a hash of your live credit card info in multiple locations on your NC without mentioning that to you, you should read this post even if you like the BN Library app.

If you've already bought a lot of books from BN, and you'd like to or need to read them without using the BN software Aldiko is your fix. If you need landscape to work, for instance, with the expensive cover that BN sold you, or to safely charge your NC while you read.

Free or paid, Aldiko can read your BN books.

The current release of the manual nooter supports installing Aldiko. Aldiko can also sell you books.

Aldiko can open your BN content. Once you've opened any of your BN books, you can then do a bulk import of all of them.

Here's what you need to know:

- you need to copy your books to your SD Card and
- you need to know know the trick behind BN's "rights management." I'm sure everyone at BN was delighted that the DRM scheme came in so far ahead of schedule and so far under budget. It's too bad that, IMO, there are issues in terms of paying attention to the spirit as well as the letter of PCI compliance.

Your BN books (and newspapers, and magazines) are stored in the "B&N Downloads" folder on your NC. It's accessible via Root Explorer if you're on the new 7/1 partitioning, or available once you plug your NC into your PC if you're on the old partitioning.

Copy "B&N Downloads" to your SD card (if your SD card is in your NC when you plug it in, the SD card will be a generic removable disk, and the NC will be "MyNOOKcolor")

Root your Nook Color. Configure the Android Marketplace and download Aldiko. If you have trouble intalling Aldiko, check to see if your SD card is inserted. If it is not, put it in; if it is, remove it. (I forget which way you need to be set up to install.)

Aldiko can (for now) only browse the SD card, so after Aldiko is installed, remount your SD card.

In Aldiko, browse to the B&N Downloads folder you've copied to your SD card, browse to the books folder there, and open (not import) any one book.

You will be asked for your user name and password.

Your user name is the name on the credit card on file with BN. Case-sensitive and include any spaces. Your password is the card # without spaces. No, I'm not joking. BN uses your live credit data as their DRM key.

Your book will open.

Now, you can go back to the books folder in the Aldiko file browser now. Use the menu command to select all your books and folder. You can do a bulk import.

If you would prefer not to keep these files around in the state that BN delivers them, you can also copy the BN Digital folder out of your NC and use Calibre to remove the DRM outright.

That's a more complicated operation, but it's one I intend to make my next project now that I understand how comically bad the BN epub DRM is.

It turns out that the Nook app for PCs, at least, stores a hash of the user data - the bill-to name and the full credit card # - in clear text in an SQLite database stored on your computer.

Thus, the nook app represents a very soft target on a penetrated computer. If the nook app is present, retrieve its SQLite database as well as the email store. With that you can probably get a billing address for the card. AES 128 doesn't mean anything in a context where it's implemented wrong. Even without the email store, an attacker can simply brute force a retreival of the card # and name. With the email store, the terminal 4 digits of the card and its date of expiration may be available (they're supplied in receipts by many vendors) and the brute force retrieval is even easier.

With accurate billing name, billing address, credit card number and expiration date, an attacker can easily purchase goods in your name.

I am sure that the risks are present on the Android platform as well; the NC is in some ways less risky, because it is not as large a target of attack yet as PCs. This will be changing soon, as attackers come to appreciate the value of the data stored on Android devices. Here, though, the NC will probably be a bit safer than telephones for some time, because it does not have an always-on connection.

But I'll be blunt: my advice is to root the device, use Aldiko and strip DRM from your files if you can. If you have a card on file whith BN, when it expires, do not renew it. Between then and now, change the card on file to a gift card or one-time-use Visa or similar. Aldiko reader is very good - landscape support, solid night mode with a black, energy-conserving background.

Another obvious alternative for new purchases is the Android Kindle reader app. The app also supports landscape mode and excellent night mode and tracks reading accurately across devices. It has the disadvantage of not being able to read your existing BN files, but like Aldiko, will let you shop, um, Elsewhere. The Kindle app has the distinct advantage of a DRM scheme tied to an arbitrary unique device identifier. Not to your credit card number and name.

No comments:

Post a Comment