nxhdate/MyDRMTools
1
0
Fork 0
forked from SuperUserek/MyDRMTools
Code Pull Requests Activity
d837cad68a
MyDRMTools/AutoKeyboxDecoder
History
SuperUserek d837cad68a Added Screenshot
2026-03-05 11:02:00 +00:00
..
KnownKeys.txt Added KnownKeys to repo 2026-03-05 10:37:47 +00:00
Readme.md Added readme 2026-03-05 10:59:09 +00:00
screenshot.png Added Screenshot 2026-03-05 11:02:00 +00:00

Readme.md

🔐 SuperUserek Auto AES Decrypt Tool

A Python tool that attempts to decrypt LG firmware / keybox / encrypted blobs by automatically testing known AES keys and AES modes.

The script downloads multiple public key lists and tries them using several AES modes and IV strategies.

If a valid payload is found, the decrypted payload is extracted and saved.

Features

  • 🔑 Automatically downloads known AES keys from multiple sources
  • 🧠 Supports AES-128 / AES-192 / AES-256
  • 🔍 Tests multiple AES modes automatically
  • Fast key testing
  • 🧩 Supports custom user-provided AES keys
  • 📦 Extracts valid payload automatically
  • 📁 Supports custom output directories

📦 Key Sources

By default the script downloads keys from:

1 openlgtv AES keys

https://raw.githubusercontent.com/openlgtv/epk2extract/refs/heads/master/keys/AES.key

2 DRMLAB's KnownKeys ( please contribute and add more working keys to extract keyboxes )

https://git.drmlab.io/SuperUserek/MyDRMTools/AutoKeyboxDecoder/KnownKeys.txt

These lists contain AES keys used in various LG firmware and DRM systems.

⚙️ Requirements

Python 3.8+

Install dependencies:

pip install requests pycryptodome

🚀 Basic Usage

Try all known keys from both sources:

python3 autokeybox_decoder.py keybox_file.dat

The script will:

  1. Download key lists
  2. Parse AES keys
  3. Try AES modes automatically
  4. Save the decrypted payload if successful

🔑 Custom AES Key

Try a custom AES key along with known keys:

python3 autokeybox_decoder.py keybox_file.dat --key 00112233445566778899AABBCCDDEEFF

Supported key sizes:

AES Type Hex Length
AES-128 32
AES-192 48
AES-256 64

🔒 Only Use Custom Key

Skip downloading key lists:

python3 autokeybox_decoder.py keybox_file.dat \
--key 00112233445566778899AABBCCDDEEFF \
--only-custom

📂 Specify Output Directory

python3 autokeybox_decoder.py keybox_file.dat --outdir ./output

Example output:

output/file_decrypted_CBC_IV_PREFIX16_0011223344556677.dat

🧪 Save All Matches

By default the script stops after the first successful decrypt.

To save all possible matches:

python3 autokeybox_decoder.py keybox_file.dat --all-matches

🌐 Add Additional Key Lists

You can add extra key sources:

python3 autokeybox_decoder.py keybox_file.dat \
--keys-url https://example.com/keys.txt

Multiple lists are supported:

python3 autokeybox_decoder.py keybox_file.dat \
--keys-url https://example.com/keys1.txt \
--keys-url https://example.com/keys2.txt

🧰 Full Example

Use known keys + custom key + save all matches:

python3 autokeybox_decoder.py keybox.dat \
--key BC1197CA30AA0FC84F7FE62E09FD3D9F \
--all-matches \
--outdir decrypted

🔐 AES Modes Tested

The script automatically tries:

  • AES ECB
  • AES CBC
  • AES CFB
  • AES OFB
  • AES CTR

IV strategies tested

  • zero IV
  • first 16 bytes of file
  • counter derived from prefix

🧠 Success Detection

A decryption is considered valid if the plaintext contains:

INNER_MSTAR

📄 Output Format

Successful decryptions are saved as:

<original>_decrypted_<mode>_<keyprefix>.dat

Example:

firmware_decrypted_CBC_IV_PREFIX16_1F1E1D1C1B1A1918.dat

🖥 Example Output

[*] Keys ready:
    AES-128: 72
    AES-192: 0
    AES-256: 18
    Total:   90

[+] MATCH: key=1F1E1D1C1B1A19180706050403020100 mode=CBC(IV_PREFIX16)
    Saved: firmware_decrypted_CBC_IV_PREFIX16_1F1E1D1C1B1A1918.dat

⚠️ Disclaimer

This tool is intended for:

  • firmware research
  • security analysis
  • reverse engineering

Use responsibly and only on data you are authorized to analyze.