Created
February 11, 2020 20:20
-
-
Save shinyquagsire23/0d6a5119ee7fb40de2fcfb9088168d63 to your computer and use it in GitHub Desktop.
LG Update Pulling
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from Crypto.Cipher import AES | |
from Crypto import Random | |
import base64 | |
import requests | |
import xml.etree.ElementTree as ET | |
block_size = AES.block_size | |
unpad = lambda s : s[0:-ord(s[-1])] | |
lg_deckey = "wleldpadptmdkdnt" | |
lg_enckey = "qlxnTldlsvntzl!#" | |
def pad(plain_text): | |
""" | |
func to pad cleartext to be multiples of 8-byte blocks. | |
If you want to encrypt a text message that is not multiples of 8-byte blocks, | |
the text message must be padded with additional bytes to make the text message to be multiples of 8-byte blocks. | |
""" | |
number_of_bytes_to_pad = block_size - len(plain_text) % block_size | |
ascii_string = chr(number_of_bytes_to_pad) | |
padding_str = number_of_bytes_to_pad * ascii_string | |
padded_plain_text = plain_text + padding_str | |
return padded_plain_text | |
def lg_encrypt(string): | |
key=lg_enckey | |
plain = pad(string) | |
iv = str("\x00"*AES.block_size) | |
cipher = AES.new(key, AES.MODE_CBC, iv) | |
encrypted_text = cipher.encrypt(plain) | |
return base64.b64encode(encrypted_text).replace("+", "m").replace("/", "f") | |
def lg_decrypt(string): | |
if len(string) == 0 or string == "\n": | |
return "" | |
key=lg_deckey | |
crypted = base64.b64decode(string) | |
iv = str("\x00"*AES.block_size) | |
cipher = AES.new(key, AES.MODE_ECB) | |
decrypted_text = cipher.decrypt(crypted) | |
return unpad(decrypted_text) | |
imei="lol" | |
esn = lg_encrypt(imei) | |
data = {'esn':esn} | |
r = requests.post(url = "https://csmg.lgmobile.com:49002/csmg/nb2c/gn_auth_model_check2.jsp", data = data) | |
def xml_recurse(node): | |
dec = lg_decrypt(node.text) | |
if (node.tag == "sw_url"): | |
dec = "http://tool.lime.gdms.lge.com/dn/downloader.dev?" + dec.split("?")[1] | |
print (node.tag, node.attrib, dec) | |
for child in node: | |
xml_recurse(child) | |
root = ET.fromstring(r.text) | |
xml_recurse(root) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
('response', {'status': 'OK', 'req_cmd': 'gn_auth_model_check'}, '') | |
('gn_auth_model_check', {}, '') | |
('result', {}, 'OK') | |
('esn', {}, 'lol') | |
('model', {}, 'LMQ710ULM') | |
('suffix', {}, 'AAMZOP') | |
('msn', {}, 'lol') | |
('esn_date', {}, '') | |
('sw_version', {}, 'Q710ULM20C_00') | |
('sw_url', {}, 'http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=FWDFOLF8C2O8AWU12A00FIQ/Q710ULM20c_00_AMZ_US_OP_1121.kdz&e=1581495520&h=9212c289d557d358ac925ba91358d014') | |
('sw_locale_url', {}, '') | |
('sw_recommand_uri', {}, '') | |
('app_version', {}, '') | |
('app_url', {}, '') | |
('cs_em_flag', {}, 'N') | |
('cs_em_uri', {}, 'N') | |
('chip_type', {}, 'EG') | |
('prod_type', {}, '2') | |
('buyer', {}, 'AMZ') | |
('file_name', {}, 'Q710ULM20c_00_AMZ_US_OP_1121.kdz') | |
('phone_os_version', {}, 'P') | |
('file_size', {}, '3062002529') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@kelisonbessa the thing with my phone is that it is hard brick, download mode doesn't work neither fastboot or ADB the only thing working is EDL mode and as far as I have understood the only way you can restore the software back is using the firehose of the phone with Qfil, but I might be wrong, maybe the software can be restored using other methods.