nxhdate/MyDRMTools
1
0
Fork 0
forked from SuperUserek/MyDRMTools
Code Pull Requests Activity
8e8025de5a
MyDRMTools/AutoKeyboxDecoder/Readme.md

255 lines
4.5 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 🔐 SuperUserek Auto Keybox Decoding Tool
A Python tool that attempts to decrypt **Any firmware / keybox / encrypted blobs** by automatically testing known AES keys and AES modes.
The script downloads multiple public key lists, merges them, and stores them locally in **keys.txt**.
Keys are refreshed **once per day** unless forced.
If a valid payload is found, the decrypted payload is extracted and saved.
---
# ✨ Features
* 🔑 Automatically downloads known AES keys from multiple sources
* 💾 Saves keys locally to **keys.txt**
* 🔄 Key lists update **once per day**
*`--force-update-keys` option to refresh keys immediately
* 🧠 Supports **AES-128 / AES-192 / AES-256**
* 🔍 Tests multiple AES modes automatically
* 🧩 Supports **custom user-provided AES keys**
* 📦 Extracts valid payload automatically
* 📁 Supports custom output directories
---
# 📦 Key Sources
By default the script downloads keys from:
### 1⃣ openlgtv AES keys
https://raw.githubusercontent.com/openlgtv/epk2extract/refs/heads/master/keys/AES.key
### 2⃣ DRMLAB KnownKeys
(please contribute and add more working keys)
https://git.drmlab.io/SuperUserek/MyDRMTools/raw/branch/main/AutoKeyboxDecoder/KnownKeys.txt
These lists contain AES keys used in various LG firmware and DRM systems.
---
# 🔑 Key Cache (keys.txt)
Downloaded keys are stored locally in:
```
keys.txt
```
Behavior:
| Condition | Action |
|--------|--------|
| first run | downloads keys |
| same day | uses cached keys |
| next day | automatically refreshes keys |
| `--force-update-keys` | forces immediate refresh |
---
# ⚙️ Requirements
Python **3.8+**
Install dependencies:
```bash
pip install requests pycryptodome
```
---
# 🚀 Basic Usage
Try all known keys from both sources:
```bash
python3 autokeybox_decoder.py keybox_file.dat
```
The script will:
1. Download key lists (if cache is outdated)
2. Save them to **keys.txt**
3. Parse AES keys
4. Try AES modes automatically
5. Save the decrypted payload if successful
---
# 🔄 Force Update Key Lists
Force re-download and rebuild the key cache:
```bash
python3 autokeybox_decoder.py keybox_file.dat --force-update-keys
```
---
# 🔑 Custom AES Key
Try a custom AES key **along with known keys**:
```bash
python3 autokeybox_decoder.py keybox_file.dat --key 00112233445566778899AABBCCDDEEFF
```
Supported key sizes:
| AES Type | Hex Length |
|--------|--------|
| AES-128 | 32 |
| AES-192 | 48 |
| AES-256 | 64 |
---
# 🔒 Only Use Custom Key
Skip downloading key lists and only try your key:
```bash
python3 autokeybox_decoder.py keybox_file.dat \
--key 00112233445566778899AABBCCDDEEFF \
--only-custom
```
---
# 📂 Specify Output Directory
```bash
python3 autokeybox_decoder.py keybox_file.dat --outdir ./output
```
Example output:
```
output/file_decrypted_CBC_IV_PREFIX16_0011223344556677.dat
```
---
# 🧪 Save All Matches
By default the script stops after the **first successful decrypt**.
To save **all possible matches**:
```bash
python3 autokeybox_decoder.py keybox_file.dat --all-matches
```
---
# 🌐 Add Additional Key Lists
You can add extra key sources:
```bash
python3 autokeybox_decoder.py keybox_file.dat \
--keys-url https://example.com/keys.txt
```
Multiple lists are supported:
```bash
python3 autokeybox_decoder.py keybox_file.dat \
--keys-url https://example.com/keys1.txt \
--keys-url https://example.com/keys2.txt
```
---
# 🧰 Full Example
Use known keys + custom key + save all matches:
```bash
python3 autokeybox_decoder.py keybox.dat \
--key BC1197CA30AA0FC84F7FE62E09FD3D9F \
--all-matches \
--outdir decrypted
```
---
# 🔐 AES Modes Tested
The script automatically tries:
* AES **ECB**
* AES **CBC**
* AES **CFB**
* AES **OFB**
* AES **CTR**
### IV strategies tested
* zero IV
* first 16 bytes of file
* counter derived from prefix
---
# 📄 Output Format
Successful decryptions are saved as:
```
<original>_decrypted_<mode>_<keyprefix>.dat
```
Example:
```
firmware_decrypted_CBC_IV_PREFIX16_1F1E1D1C1B1A1918.dat
```
---
# 🖥 Example Output
```
[*] Keys ready:
AES-128: 72
AES-192: 0
AES-256: 18
Total: 90
[+] MATCH: key=1F1E1D1C1B1A19180706050403020100 mode=CBC(IV_PREFIX16)
Saved: firmware_decrypted_CBC_IV_PREFIX16_1F1E1D1C1B1A1918.dat
```
---
# ⚠️ Disclaimer
This tool is intended for:
* firmware research
* security analysis
* reverse engineering
Use responsibly and only on data you are authorized to analyze.
---
# 👨‍💻 Author
**SuperUserek**
View Git Blame Copy Permalink