Closed tuxuser closed 6 years ago
Thank you for this PR. For PR #24 LG Q6: additional limitations from LG? , it fix point 1 but only partially point 3. With this PR I can now list the partitions and dump without the dirty hack of using preregistered informations about partitions. There is still an error when listing partitions and dumping a partition but that's working. However, writing to a partition is still broken. For dumping (file test.img is correctly writen):
python partitions.py --debug --dump recovery.img recovery
2017-11-25 17:35:37,661 LGLAF.py: DEBUG: Using endpoints 83 (IN), 02 (OUT)
2017-11-25 17:35:38,212 partitions: DEBUG: # Flags From(#s) To(#s) GUID/UID Type/Name
49 0 606208 671743 9D72D4E4-9958-42DA-AC26-BEA7A90B0434 Unknown
FF67A2D4-A7F1-2089-0C1F-96D838622AD1 recovery
2017-11-25 17:35:38,212 partitions: DEBUG: Opened fd 46 for disk
2017-11-25 17:35:38,213 partitions: DEBUG: Will read 33553920 bytes at disk offset 310378496
2017-11-25 17:35:40,867 partitions: INFO: Wrote 33553920 bytes to recovery.img
Traceback (most recent call last):
File "partitions.py", line 279, in <module>
main()
File "partitions.py", line 275, in main
wipe_partition(comm, disk_fd, part_offset, part_size)
File "/usr/lib/python3.6/contextlib.py", line 88, in __exit__
next(self.gen)
File "partitions.py", line 67, in laf_open_disk
comm.call(close_cmd)
File "/home/alex/lglaf2/lglaf.py", line 249, in call
raise RuntimeError('Command failed with error code %#x (%s)' % (errCode, msg))
RuntimeError: Command failed with error code 0x8000010a (LAF_ERROR_ACCESS_DENIED)
For writing (nothing is changed on the disk):
python partitions.py --debug --restore custom.img recovery
2017-11-25 17:37:15,241 LGLAF.py: DEBUG: Using endpoints 83 (IN), 02 (OUT)
2017-11-25 17:37:15,793 partitions: DEBUG: # Flags From(#s) To(#s) GUID/UID Type/Name
49 0 606208 671743 9D72D4E4-9958-42DA-AC26-BEA7A90B0434 Unknown
FF67A2D4-A7F1-2089-0C1F-96D838622AD1 recovery
2017-11-25 17:37:15,793 partitions: DEBUG: Opened fd 47 for disk
2017-11-25 17:37:15,794 partitions: DEBUG: Will write 22439936 bytes
2017-11-25 17:37:59,063 partitions: INFO: Done after writing 22439936 bytes from custom.img
Traceback (most recent call last):
File "partitions.py", line 279, in <module>
main()
File "partitions.py", line 275, in main
wipe_partition(comm, disk_fd, part_offset, part_size)
File "/usr/lib/python3.6/contextlib.py", line 88, in __exit__
next(self.gen)
File "partitions.py", line 67, in laf_open_disk
comm.call(close_cmd)
File "/home/alex/lglaf2/lglaf.py", line 249, in call
raise RuntimeError('Command failed with error code %#x (%s)' % (errCode, msg))
RuntimeError: Command failed with error code 0x8000010a (LAF_ERROR_ACCESS_DENIED)
In each case I did a lglaf.py --cr before to initiate a KILO chalenge/response but that seems to only allow commands but nothing changed for partitions. But it's still a realy good step, thank you !
Requested changes pushed
Done
Looks good, can you rebase and squash some fixup commits and acknowledge the authors (e.g. those from #19) in the commit message?
Done ;)
this still doesn't succeed in giving a working shell on ght LG G3 D852 - i reported this in #31.
Both changes target compatibility with more recent devices and are more reliable than parsing shell cmd output.
UPDATE: Adding py3 compatible KILO challenge/response via --cr switch: Added mode argument to specify on function call, mode 2 is currently used afaik. Made the key switchable via field _USE_MFGKEY - Normally we use the production key so there is no need to expose this switch on cmdline. PS: I did not go for the mentioned struct pack/unpack changes on purpose, it decreases readability imho.
Credits to: @joeblowma => Initial reverse engineering - most difficult part, easy for joeblowma tho ;) @snoremaster3000 => Porting the C code to python @steadfasterX => Pushing the code along to this repo
dump_file: Rather than using "stat -t" for enumerating the size of a file, use "ls -l". After removing the multiple whitespaces aka. tabs it gives the filesize in it's 3rd column.
partitions / extract_partitions: Instead of reading partition info by parsing shell output, GPT is read directly from mmcblk0 block device (LBA length: 34). For parsing the GPT a library from @jrd is used (jrd's Github Repo, also MIT licensed). I removed the call to ioctl for local disk as we are working with a remote device. The library is also utilized for pretty-printing.
Further, the parameter "partition" in partitions.py is set to type "int" to use it more safely, without additional conversion.Fixes issues:
9 partitions.py --list gives "AssertionError: Expected arrow in ls output"
24 LG Q6: additional limitations from LG? (Point 1 and 3)
26 offset partition download
Obsolete Pull Requests:
12 added challenge response algo
19 add challenge/response
22 fix: Expected arrow in ls output