Audible Downloader Browser conversion · open source

Your Audible library,
converted on your device.

Sign in to Audible, load your library, and save the titles you own as plain M4B files with chapters, cover art and tags intact. The conversion runs in your browser; the small backend only carries the bytes Audible refuses to hand directly to a web page.

How it works
AAXC decryption, in detail
  • Each AAXC file carries its own AES-128 key + IV pair. The browser requests the licence from api.audible.<tld>/1.0/content/<asin>/licenserequest, then decrypts the returned voucher locally with an AES-256-CBC key derived from SHA-256(deviceType ‖ deviceSerial ‖ amazonAccountId ‖ asin). The plaintext yields the per-book key and iv.
  • Those bytes feed straight into ffmpeg via -audible_key / -audible_iv. The mov demuxer recognises the aaxc brand and decrypts on the fly while stream-copying into MP4. No second pass, no temporary plaintext file, no helper binary like aaxclean — it is all one WebAssembly worker.
  • The trimmed core ships only what this job needs: mov demuxer with the audible decryption hook, mp4/ipod muxers, aac parser, and mjpeg parser/decoder so the cover art survives the round-trip.
In your browser
  • Holds one or more signed-in Audible identities in localStorage and IndexedDB, keyed by Amazon account ID. The RSA private key stays here and is used to sign every Audible API call via WebCrypto.
  • Streams the encrypted AAXC source into the Origin Private File System, mounts that file into ffmpeg as a WORKERFS read, and writes the finished M4B straight to the location you picked in the save dialogue.
  • Multiple downloads queue and run one at a time so a single ffmpeg worker handles the run end-to-end, with cancel, progress, ETA and resume across reloads.
On Cloudflare Pages
  • functions/auth/login drives Amazon's mobile-device OpenID flow with a PKCE challenge and exchanges the returned code at api.amazon.<tld>/auth/register for the ADP token your browser keeps. The Function never sees a credential.
  • functions/library and functions/license/[asin] take the headers your browser signed, attach them to a fetch against api.audible.<tld>, and forward the response. They produce nothing they could not regenerate from your next request.
  • functions/source is a byte relay for the Audible CloudFront audio host (the CDN will not serve a browser directly). Each relayed URL is HMAC-signed by the licence Function with a secret you set on the project, and verified on every range request before any bytes are fetched.
What this app doesn't do
  • No database, KV, or R2. Cloudflare keeps nothing about you between requests, and the source proxy reads no body before passing it on.
  • No analytics, telemetry, third-party fonts or tracking pixels. Outbound calls from the browser go to Audible, Amazon, and Amazon's cover-image CDN. That is the entire list.
  • No DRM bypass for content you do not own. The flow only converts titles already in the signed-in Audible library, using the licence Amazon returns to the registered device.

Source on GitHub. The Pages Functions, the ffmpeg build script and the small test suite are all there to read.

Step one

Connect Audible

Not signed in
Step two

Your library

Not loaded
Export