-
-
Save shinyquagsire23/0d6a5119ee7fb40de2fcfb9088168d63 to your computer and use it in GitHub Desktop.
from Crypto.Cipher import AES | |
from Crypto import Random | |
import base64 | |
import requests | |
import xml.etree.ElementTree as ET | |
block_size = AES.block_size | |
unpad = lambda s : s[0:-ord(s[-1])] | |
lg_deckey = "wleldpadptmdkdnt" | |
lg_enckey = "qlxnTldlsvntzl!#" | |
def pad(plain_text): | |
""" | |
func to pad cleartext to be multiples of 8-byte blocks. | |
If you want to encrypt a text message that is not multiples of 8-byte blocks, | |
the text message must be padded with additional bytes to make the text message to be multiples of 8-byte blocks. | |
""" | |
number_of_bytes_to_pad = block_size - len(plain_text) % block_size | |
ascii_string = chr(number_of_bytes_to_pad) | |
padding_str = number_of_bytes_to_pad * ascii_string | |
padded_plain_text = plain_text + padding_str | |
return padded_plain_text | |
def lg_encrypt(string): | |
key=lg_enckey | |
plain = pad(string) | |
iv = str("\x00"*AES.block_size) | |
cipher = AES.new(key, AES.MODE_CBC, iv) | |
encrypted_text = cipher.encrypt(plain) | |
return base64.b64encode(encrypted_text).replace("+", "m").replace("/", "f") | |
def lg_decrypt(string): | |
if len(string) == 0 or string == "\n": | |
return "" | |
key=lg_deckey | |
crypted = base64.b64decode(string) | |
iv = str("\x00"*AES.block_size) | |
cipher = AES.new(key, AES.MODE_ECB) | |
decrypted_text = cipher.decrypt(crypted) | |
return unpad(decrypted_text) | |
imei="lol" | |
esn = lg_encrypt(imei) | |
data = {'esn':esn} | |
r = requests.post(url = "https://csmg.lgmobile.com:49002/csmg/nb2c/gn_auth_model_check2.jsp", data = data) | |
def xml_recurse(node): | |
dec = lg_decrypt(node.text) | |
if (node.tag == "sw_url"): | |
dec = "http://tool.lime.gdms.lge.com/dn/downloader.dev?" + dec.split("?")[1] | |
print (node.tag, node.attrib, dec) | |
for child in node: | |
xml_recurse(child) | |
root = ET.fromstring(r.text) | |
xml_recurse(root) |
('response', {'status': 'OK', 'req_cmd': 'gn_auth_model_check'}, '') | |
('gn_auth_model_check', {}, '') | |
('result', {}, 'OK') | |
('esn', {}, 'lol') | |
('model', {}, 'LMQ710ULM') | |
('suffix', {}, 'AAMZOP') | |
('msn', {}, 'lol') | |
('esn_date', {}, '') | |
('sw_version', {}, 'Q710ULM20C_00') | |
('sw_url', {}, 'http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=FWDFOLF8C2O8AWU12A00FIQ/Q710ULM20c_00_AMZ_US_OP_1121.kdz&e=1581495520&h=9212c289d557d358ac925ba91358d014') | |
('sw_locale_url', {}, '') | |
('sw_recommand_uri', {}, '') | |
('app_version', {}, '') | |
('app_url', {}, '') | |
('cs_em_flag', {}, 'N') | |
('cs_em_uri', {}, 'N') | |
('chip_type', {}, 'EG') | |
('prod_type', {}, '2') | |
('buyer', {}, 'AMZ') | |
('file_name', {}, 'Q710ULM20c_00_AMZ_US_OP_1121.kdz') | |
('phone_os_version', {}, 'P') | |
('file_size', {}, '3062002529') |
@allaf2, it's been a hot minute since I did the RE for this but iirc I looked at LG's PC client for updating, specifically the MacOS version since it's a bit easier to parse the code in IDA Pro.
Nice to found your code bro, i finding this api for a month. Thank you so much. I will try now
You've helped with a great project that's in the works. :)
Thank you.
How can I use this, sorry I'm new to python and can I use this to debrick my hard brick LG V60?
How can I use this, sorry I'm new to python and can I use this to debrick my hard brick LG V60?
No - sorry. This would let you download the firmware file for your V60.
The extract utility is the only one working right now. I haven't ported my KDZ downloader to the python script quite yet.
If you want your firmware update file, you can let me know, but otherwise right now LGUP is your only way to flash a KDZ, and EDL mode would be the only way to flash the contents within it.
@haise0 ohh man, I've tried everything already but the problem is the firehose programmer for the v60 isn't available yet, I don't think LGUP would recognize my phone in EDL mode and unfortunately for me the phone is hard brick so that's the only way the PC recognizes it
What this python script does is access the LG api and return the firmware download URL based on the device's IMEI, but currently this script can't fetch the firmware of the latest models released by LG I created a page in PHP based in this python script.
https://kfhost.net/firmware-lg-tabela
Theprime02: which model exactly;
LG V60 ThinQ 5G LMV600TM https://kfhost.net/firmware/lg/model/LMV600TM
LG V60 ThinQ 5G LMV600EA https://kfhost.net/firmware/lg/model/LMV600EA
LG V60 ThinQ 5G LMV600VMLN https://kfhost.net/firmware/lg/model/LMV600VMLN
V60 ThinQ 5G LMV600VM https://kfhost.net/firmware/lg/model/LMV600VM
@kelisonbessa the thing with my phone is that it is hard brick, download mode doesn't work neither fastboot or ADB the only thing working is EDL mode and as far as I have understood the only way you can restore the software back is using the firehose of the phone with Qfil, but I might be wrong, maybe the software can be restored using other methods.
Hello Dear shinyquagsire23.
you are amazing.
i have looking for this code more than 2 years.
thanks man.
you are so pro.
i'm curious where did you find:
lg_deckey = "wleldpadptmdkdnt"
lg_enckey = "qlxnTldlsvntzl!#"
these two key always the same with no change?
thanks again.
with love.