4.6 KiB
🔐 SuperUserek Auto AES Decrypt Tool
A Python tool that attempts to decrypt LG firmware / keybox / encrypted blobs by automatically testing known AES keys and AES modes.
The script downloads multiple public key lists, merges them, and stores them locally in keys.txt.
Keys are refreshed once per day unless forced.
If a valid payload is found, the decrypted payload is extracted and saved.
✨ Features
- 🔑 Automatically downloads known AES keys from multiple sources
- 💾 Saves keys locally to keys.txt
- 🔄 Key lists update once per day
- ⚡
--force-update-keysoption to refresh keys immediately - 🧠 Supports AES-128 / AES-192 / AES-256
- 🔍 Tests multiple AES modes automatically
- 🧩 Supports custom user-provided AES keys
- 📦 Extracts valid payload automatically
- 📁 Supports custom output directories
📦 Key Sources
By default the script downloads keys from:
1️⃣ openlgtv AES keys
https://raw.githubusercontent.com/openlgtv/epk2extract/refs/heads/master/keys/AES.key
2️⃣ DRMLAB KnownKeys
(please contribute and add more working keys)
https://git.drmlab.io/SuperUserek/MyDRMTools/raw/branch/main/AutoKeyboxDecoder/KnownKeys.txt
These lists contain AES keys used in various LG firmware and DRM systems.
🔑 Key Cache (keys.txt)
Downloaded keys are stored locally in:
keys.txt
Behavior:
| Condition | Action |
|---|---|
| first run | downloads keys |
| same day | uses cached keys |
| next day | automatically refreshes keys |
--force-update-keys |
forces immediate refresh |
⚙️ Requirements
Python 3.8+
Install dependencies:
pip install requests pycryptodome
🚀 Basic Usage
Try all known keys from both sources:
python3 autokeybox_decoder.py keybox_file.dat
The script will:
- Download key lists (if cache is outdated)
- Save them to keys.txt
- Parse AES keys
- Try AES modes automatically
- Save the decrypted payload if successful
🔄 Force Update Key Lists
Force re-download and rebuild the key cache:
python3 autokeybox_decoder.py keybox_file.dat --force-update-keys
🔑 Custom AES Key
Try a custom AES key along with known keys:
python3 autokeybox_decoder.py keybox_file.dat --key 00112233445566778899AABBCCDDEEFF
Supported key sizes:
| AES Type | Hex Length |
|---|---|
| AES-128 | 32 |
| AES-192 | 48 |
| AES-256 | 64 |
🔒 Only Use Custom Key
Skip downloading key lists and only try your key:
python3 autokeybox_decoder.py keybox_file.dat \
--key 00112233445566778899AABBCCDDEEFF \
--only-custom
📂 Specify Output Directory
python3 autokeybox_decoder.py keybox_file.dat --outdir ./output
Example output:
output/file_decrypted_CBC_IV_PREFIX16_0011223344556677.dat
🧪 Save All Matches
By default the script stops after the first successful decrypt.
To save all possible matches:
python3 autokeybox_decoder.py keybox_file.dat --all-matches
🌐 Add Additional Key Lists
You can add extra key sources:
python3 autokeybox_decoder.py keybox_file.dat \
--keys-url https://example.com/keys.txt
Multiple lists are supported:
python3 autokeybox_decoder.py keybox_file.dat \
--keys-url https://example.com/keys1.txt \
--keys-url https://example.com/keys2.txt
🧰 Full Example
Use known keys + custom key + save all matches:
python3 autokeybox_decoder.py keybox.dat \
--key BC1197CA30AA0FC84F7FE62E09FD3D9F \
--all-matches \
--outdir decrypted
🔐 AES Modes Tested
The script automatically tries:
- AES ECB
- AES CBC
- AES CFB
- AES OFB
- AES CTR
IV strategies tested
- zero IV
- first 16 bytes of file
- counter derived from prefix
🧠 Success Detection
A decryption is considered valid if the plaintext contains:
INNER_MSTAR
📄 Output Format
Successful decryptions are saved as:
<original>_decrypted_<mode>_<keyprefix>.dat
Example:
firmware_decrypted_CBC_IV_PREFIX16_1F1E1D1C1B1A1918.dat
🖥 Example Output
[*] Keys ready:
AES-128: 72
AES-192: 0
AES-256: 18
Total: 90
[+] MATCH: key=1F1E1D1C1B1A19180706050403020100 mode=CBC(IV_PREFIX16)
Saved: firmware_decrypted_CBC_IV_PREFIX16_1F1E1D1C1B1A1918.dat
⚠️ Disclaimer
This tool is intended for:
- firmware research
- security analysis
- reverse engineering
Use responsibly and only on data you are authorized to analyze.
👨💻 Author
SuperUserek