nxhdate/MyDRMTools
1
0
Fork 0
forked from SuperUserek/MyDRMTools
Code Pull Requests Activity
2d3702e8fd
MyDRMTools/AutoKeyboxDecoder
History
SuperUserek 2d3702e8fd Update AutoKeyboxDecoder/Readme.md
2026-03-05 11:36:23 +00:00
..
autokeybox_decoder.py Update to cache keys, and download it once daily. 2026-03-05 11:19:39 +00:00
KnownKeys.txt Added KnownKeys to repo 2026-03-05 10:37:47 +00:00
Readme.md Update AutoKeyboxDecoder/Readme.md 2026-03-05 11:36:23 +00:00
screenshot.png Added Screenshot 2026-03-05 11:02:00 +00:00

Readme.md

🔐 SuperUserek Auto Keybox Decoding Tool

A Python tool that attempts to decrypt LG firmware / keybox / encrypted blobs by automatically testing known AES keys and AES modes.

The script downloads multiple public key lists, merges them, and stores them locally in keys.txt.
Keys are refreshed once per day unless forced.

If a valid payload is found, the decrypted payload is extracted and saved.

Features

  • 🔑 Automatically downloads known AES keys from multiple sources
  • 💾 Saves keys locally to keys.txt
  • 🔄 Key lists update once per day
  • --force-update-keys option to refresh keys immediately
  • 🧠 Supports AES-128 / AES-192 / AES-256
  • 🔍 Tests multiple AES modes automatically
  • 🧩 Supports custom user-provided AES keys
  • 📦 Extracts valid payload automatically
  • 📁 Supports custom output directories

📦 Key Sources

By default the script downloads keys from:

1 openlgtv AES keys

https://raw.githubusercontent.com/openlgtv/epk2extract/refs/heads/master/keys/AES.key

2 DRMLAB KnownKeys

(please contribute and add more working keys)

https://git.drmlab.io/SuperUserek/MyDRMTools/raw/branch/main/AutoKeyboxDecoder/KnownKeys.txt

These lists contain AES keys used in various LG firmware and DRM systems.

🔑 Key Cache (keys.txt)

Downloaded keys are stored locally in:

keys.txt

Behavior:

Condition Action
first run downloads keys
same day uses cached keys
next day automatically refreshes keys
--force-update-keys forces immediate refresh

⚙️ Requirements

Python 3.8+

Install dependencies:

pip install requests pycryptodome

🚀 Basic Usage

Try all known keys from both sources:

python3 autokeybox_decoder.py keybox_file.dat

The script will:

  1. Download key lists (if cache is outdated)
  2. Save them to keys.txt
  3. Parse AES keys
  4. Try AES modes automatically
  5. Save the decrypted payload if successful

🔄 Force Update Key Lists

Force re-download and rebuild the key cache:

python3 autokeybox_decoder.py keybox_file.dat --force-update-keys

🔑 Custom AES Key

Try a custom AES key along with known keys:

python3 autokeybox_decoder.py keybox_file.dat --key 00112233445566778899AABBCCDDEEFF

Supported key sizes:

AES Type Hex Length
AES-128 32
AES-192 48
AES-256 64

🔒 Only Use Custom Key

Skip downloading key lists and only try your key:

python3 autokeybox_decoder.py keybox_file.dat \
--key 00112233445566778899AABBCCDDEEFF \
--only-custom

📂 Specify Output Directory

python3 autokeybox_decoder.py keybox_file.dat --outdir ./output

Example output:

output/file_decrypted_CBC_IV_PREFIX16_0011223344556677.dat

🧪 Save All Matches

By default the script stops after the first successful decrypt.

To save all possible matches:

python3 autokeybox_decoder.py keybox_file.dat --all-matches

🌐 Add Additional Key Lists

You can add extra key sources:

python3 autokeybox_decoder.py keybox_file.dat \
--keys-url https://example.com/keys.txt

Multiple lists are supported:

python3 autokeybox_decoder.py keybox_file.dat \
--keys-url https://example.com/keys1.txt \
--keys-url https://example.com/keys2.txt

🧰 Full Example

Use known keys + custom key + save all matches:

python3 autokeybox_decoder.py keybox.dat \
--key BC1197CA30AA0FC84F7FE62E09FD3D9F \
--all-matches \
--outdir decrypted

🔐 AES Modes Tested

The script automatically tries:

  • AES ECB
  • AES CBC
  • AES CFB
  • AES OFB
  • AES CTR

IV strategies tested

  • zero IV
  • first 16 bytes of file
  • counter derived from prefix

🧠 Success Detection

A decryption is considered valid if the plaintext contains:

INNER_MSTAR

📄 Output Format

Successful decryptions are saved as:

<original>_decrypted_<mode>_<keyprefix>.dat

Example:

firmware_decrypted_CBC_IV_PREFIX16_1F1E1D1C1B1A1918.dat

🖥 Example Output

[*] Keys ready:
    AES-128: 72
    AES-192: 0
    AES-256: 18
    Total:   90

[+] MATCH: key=1F1E1D1C1B1A19180706050403020100 mode=CBC(IV_PREFIX16)
    Saved: firmware_decrypted_CBC_IV_PREFIX16_1F1E1D1C1B1A1918.dat

⚠️ Disclaimer

This tool is intended for:

  • firmware research
  • security analysis
  • reverse engineering

Use responsibly and only on data you are authorized to analyze.

👨‍💻 Author

SuperUserek