# 🔐 SuperUserek Auto Keybox Decoding Tool

A Python tool that attempts to decrypt **Any firmware / keybox / encrypted blobs** by automatically testing known AES keys and AES modes.

The script downloads multiple public key lists, merges them, and stores them locally in **keys.txt**.  
Keys are refreshed **once per day** unless forced.

If a valid payload is found, the decrypted payload is extracted and saved.

---

# ✨ Features

* 🔑 Automatically downloads known AES keys from multiple sources
* 💾 Saves keys locally to **keys.txt**
* 🔄 Key lists update **once per day**
* ⚡ `--force-update-keys` option to refresh keys immediately
* 🧠 Supports **AES-128 / AES-192 / AES-256**
* 🔍 Tests multiple AES modes automatically
* 🧩 Supports **custom user-provided AES keys**
* 📦 Extracts valid payload automatically
* 📁 Supports custom output directories

---

# 📦 Key Sources

By default the script downloads keys from:

### 1️⃣ openlgtv AES keys

https://raw.githubusercontent.com/openlgtv/epk2extract/refs/heads/master/keys/AES.key

### 2️⃣ DRMLAB KnownKeys

(please contribute and add more working keys)

https://git.drmlab.io/SuperUserek/MyDRMTools/raw/branch/main/AutoKeyboxDecoder/KnownKeys.txt

These lists contain AES keys used in various LG firmware and DRM systems.

---

# 🔑 Key Cache (keys.txt)

Downloaded keys are stored locally in:

```
keys.txt
```

Behavior:

| Condition | Action |
|--------|--------|
| first run | downloads keys |
| same day | uses cached keys |
| next day | automatically refreshes keys |
| `--force-update-keys` | forces immediate refresh |

---

# ⚙️ Requirements

Python **3.8+**

Install dependencies:

```bash
pip install requests pycryptodome
```

---

# 🚀 Basic Usage

Try all known keys from both sources:

```bash
python3 autokeybox_decoder.py keybox_file.dat
```

The script will:

1. Download key lists (if cache is outdated)
2. Save them to **keys.txt**
3. Parse AES keys
4. Try AES modes automatically
5. Save the decrypted payload if successful

---

# 🔄 Force Update Key Lists

Force re-download and rebuild the key cache:

```bash
python3 autokeybox_decoder.py keybox_file.dat --force-update-keys
```

---

# 🔑 Custom AES Key

Try a custom AES key **along with known keys**:

```bash
python3 autokeybox_decoder.py keybox_file.dat --key 00112233445566778899AABBCCDDEEFF
```

Supported key sizes:

| AES Type | Hex Length |
|--------|--------|
| AES-128 | 32 |
| AES-192 | 48 |
| AES-256 | 64 |

---

# 🔒 Only Use Custom Key

Skip downloading key lists and only try your key:

```bash
python3 autokeybox_decoder.py keybox_file.dat \
--key 00112233445566778899AABBCCDDEEFF \
--only-custom
```

---

# 📂 Specify Output Directory

```bash
python3 autokeybox_decoder.py keybox_file.dat --outdir ./output
```

Example output:

```
output/file_decrypted_CBC_IV_PREFIX16_0011223344556677.dat
```

---

# 🧪 Save All Matches

By default the script stops after the **first successful decrypt**.

To save **all possible matches**:

```bash
python3 autokeybox_decoder.py keybox_file.dat --all-matches
```

---

# 🌐 Add Additional Key Lists

You can add extra key sources:

```bash
python3 autokeybox_decoder.py keybox_file.dat \
--keys-url https://example.com/keys.txt
```

Multiple lists are supported:

```bash
python3 autokeybox_decoder.py keybox_file.dat \
--keys-url https://example.com/keys1.txt \
--keys-url https://example.com/keys2.txt
```

---

# 🧰 Full Example

Use known keys + custom key + save all matches:

```bash
python3 autokeybox_decoder.py keybox.dat \
--key BC1197CA30AA0FC84F7FE62E09FD3D9F \
--all-matches \
--outdir decrypted
```

---

# 🔐 AES Modes Tested

The script automatically tries:

* AES **ECB**
* AES **CBC**
* AES **CFB**
* AES **OFB**
* AES **CTR**

### IV strategies tested

* zero IV
* first 16 bytes of file
* counter derived from prefix

---

# 📄 Output Format

Successful decryptions are saved as:

```
<original>_decrypted_<mode>_<keyprefix>.dat
```

Example:

```
firmware_decrypted_CBC_IV_PREFIX16_1F1E1D1C1B1A1918.dat
```

---

# 🖥 Example Output

```
[*] Keys ready:
    AES-128: 72
    AES-192: 0
    AES-256: 18
    Total:   90

[+] MATCH: key=1F1E1D1C1B1A19180706050403020100 mode=CBC(IV_PREFIX16)
    Saved: firmware_decrypted_CBC_IV_PREFIX16_1F1E1D1C1B1A1918.dat
```

---

# ⚠️ Disclaimer

This tool is intended for:

* firmware research
* security analysis
* reverse engineering

Use responsibly and only on data you are authorized to analyze.

---

# 👨‍💻 Author

**SuperUserek**