Google Print hacking history
DRM analysis and countermeasures
Cookie analysis, and the Cookie Oven
Essentially, it appears that Google Print uses the google.com PREF cookie both to track which book pages have been served, and to restrict use of the Google Print search facility. The PREF cookie is used has the following structure
PREF=ID=5cd3ff944d07b99a:TM=1113333801:LM=1113333801:S=x6wwvnYW8c8Yh_hi;domain=.google.com;path=/;expires=Sun, 17 Jan 2038 19:14:06 GMT;
Notice several things here:
- The ID field, presumably unique, allows Google to store arbitrary information associated with this cookie at the server end.
- The TM field records the time (in seconds since epoch) of creation of the cookie
- The LM field is another timestamp, irrelevant to Google Print.
- The S field appears to be a digital signature of the cookie.
The remaining information given above is meta information about the cookie. Notice that the cookie is provided to all Google sites, and it essentially never expires.
Greg reports that Google Print does not allow searching within books when presenting a cookie created less than 24 hours ago (enforced by the signed creation date). Further, the page limits Google Print imposes are enforced per cookie. If no cookie is presented, searching within books is disabled, and per book page limits are communal. (That is, if Google Print allows no more than 20% of a book to be read by a single user in a given time period, collectively, all users without cookies are limited to 20% of that book during that time period.)
Greg's suggestion was thus to construct a 'Cookie Oven', which first requests a large number of Google cookies, storing them locally, and then provides 'baked' cookies (that is, cookies over 24 hours old) on request. This could be used to circumvent Google's page limits, while still allowing searching on Google Print. Greg implemented such a Cookie Oven, in Java, and used it successfully in this manner, but is not releasing code. Scott Morrison has also implemented a Cookie Oven as a Firefox extension, but has not released it.
Greg also reported having constructed a tool for extracting complete books programmatically. Although it was broken at least once by changes made by Google, he claimed that, with slight modifications, it continued to work. Neither source nor binaries for the tool were distributed, but were provided to Google directly.
^ This is a real Google cookie; feel free to use it if you want a properly baked cookie other than your own to play with. ^ For example, Rudy Rucker's The Hacker and The Ants has a very low page per cookie limit. ^ Can anyone provide a more precise description?