added challenge response algo #12
Conversation
| key2_t_xor = '' | ||
| i = 0 | ||
| while i <= 28: | ||
| key2_t_xor += chr(ord(key2_t[i]) ^ ord(kilo_challenge[3])) |
There was a problem hiding this comment.
For Python 3 compatibility, consider using b'' as empty byte string and using the struct module. Untested, but should give an idea:
key2_t_xor = b''
challenge_word = struct.unpack("<I", kilo_challenge)[0]
for i in range(0, 28 + 1, 4):
word = struct.unpack_from("!I", key2_t, i)
key2_t_xor += struct.pack("!I", word ^ challenge_word)
return key2_t_xor
| def do_aes_encrypt(key2_t_xor): | ||
| plaintext = b'' | ||
| for k in range(0,16): | ||
| plaintext += chr(k) |
There was a problem hiding this comment.
Try int_as_byte instead of chr in order to handle Python 2/3
| request_kilo = make_request(b'KILO', args=[b'CENT', b'\0\0\0\0', b'\0\0\0\0', b'\0\0\0\0']) | ||
| kilo_header, kilo_response = comm.call(request_kilo) | ||
| kilo_challenge = kilo_header[8:12] | ||
| chalstring = ":".join("{:02x}".format(ord(k)) for k in kilo_challenge) |
There was a problem hiding this comment.
This does not work with Python 3, can you change it to:
..format(k for k in bytearray(kilo_challenge))
similar comment for respstring below
| kilo_challenge = kilo_header[8:12] | ||
| chalstring = ":".join("{:02x}".format(ord(k)) for k in kilo_challenge) | ||
| _logger.debug("Challenge: %s" %chalstring) | ||
| key2 = 'qndiakxxuiemdklseqid~a~niq,zjuxl' # if this doesnt work try 'lgowvqnltpvtgogwswqn~n~mtjjjqxro' |
There was a problem hiding this comment.
Probably needs key2 = b'qn...' for Python 3 compat
|
What exactly is the meaning of using --unlock? will it unlock a locked device or what? |
|
@steadfasterX I think it "unlocks" some commands in the current session which would otherwise be disallowed (and this would probably not persist after a reboot). |
|
True when i do not use the unlock option i cant do anything in the shell! Even ls or pwd failing with an error but when I use the unlock option it works! OK the name is misleading then I think --auth would be better if that's all it does.. EDIT |
|
using this, i get a little further in rooting this LG G3 D852 phone. Unfortunately, it doesn't actually works: Nice to meet you too... I guess they know we're out here eh? |
this is based on PR #12 with the following difference: instead of adding a --unlock option to lglaf.py I use an own executable. The reason is that within download mode you need to authenticate only ONCE ( - IF you need to) and afterwards you're able to exec every other action like partitions.py etc without doing it again (until you reboot into download mode again ofc).
this is based on PR Lekensteyn#12 with the following difference: instead of adding a --unlock option to lglaf.py I use an own executable. The reason is that within download mode you need to authenticate only ONCE ( - IF you need to) and afterwards you're able to exec every other action like partitions.py etc without doing it again (until you reboot into download mode again ofc).
|
This was merged into #27, thank you for the proposal (you got acknowledged in the commit message)! |
added --unlock option to do challenge/response on newer LGs