LG with encrypted and decrypted Versions of Firmware

adfree · **Joined:** Mon Sep 22, 2008 4:20 pm **Posts:** 643

Funny. I saw from KU990 an *.DZ FW... So I tried NoName® s unpacker.
Next AMSS is encrypted...

Maybe if Encryption is known. LG encrypt AMSS first, then pack into .DZ and then encrypt again... :lol:

NoName® · **Joined:** Wed Oct 01, 2008 11:39 pm **Posts:** 12

Our crew now have time to work with this 'craps' so algo for encoding/decoding amss are AES now searching for key ))). Also key for decrypt are differend for each model.

adfree · **Joined:** Mon Sep 22, 2008 4:20 pm **Posts:** 643

Thanx for info.

Which one?
AES-128, AES-192 or AES-256

I don't know. Maybe to collect "few old" PS3 and make an Cluster... Or Graficcards "Horse Power"... for example NVIDIA...
I need also solution for compute RSA1024 Private Keys...

I think to buy Hardware and run few months... is not the biggest problem. Special Software for such Action is needed.

Best Regards

NoName® · **Joined:** Wed Oct 01, 2008 11:39 pm **Posts:** 12

Simply AES with 16 bytes keylength ( 128 bits ) . It is no need to create clusters and made superhard calculations. The key are live inside of full ROM images. We are very near of it so unpaker will be published a bit later ;-)

viperbjk · **Joined:** Mon Sep 22, 2008 3:46 pm **Posts:** 1061

Well then it's no problem to add decryption to qmat's crypto toolbox, as aes is already implemented

Thanks for info, NoName ... if you need any aes source, let me know

NoName® · **Joined:** Wed Oct 01, 2008 11:39 pm **Posts:** 12

No need little time for dump key / and as you know U300 U890 etc not support any PEEK commans )))

viperbjk · **Joined:** Mon Sep 22, 2008 3:46 pm **Posts:** 1061

So I guess jtag or you desoldered nand

Or did you rewrite the bootloader ?

Cya

.:hack3r2k:. · **Joined:** Wed Feb 04, 2009 1:35 pm **Posts:** 16

viperbjk wrote:

So I guess jtag or you desoldered nand

Or did you rewrite the bootloader ?

Cya

Theres no need to do that. On LGs remained some few exploits opened. Also fix my registration pb

Br;)

viperbjk · **Joined:** Mon Sep 22, 2008 3:46 pm **Posts:** 1061

Hi and welcome

Could you please be more specific what exploits you mean ? In bootloader or in diag interface ?

Cya,

Viper BJK

.:hack3r2k:. · **Joined:** Wed Feb 04, 2009 1:35 pm **Posts:** 16

Well,

Lgs have in file system some executable modules called pxos that are java applications compiled to native arm code (and some of them havent any signature/checksum check). If you have the brains like we had you can use them to make some very nasty things to the mobile. Offcourse they are just a gate for enabling some exploits to diag interface. Anyway how to i preffer to keep secret same as NoName will do probably. Also congrats for ur tools. I used many times and saved my from doing own similar one

Br;)

PSAS Support Forum

LG with encrypted and decrypted Versions of Firmware

Who is online