Commit graph

40 commits

Author SHA1 Message Date
Peter Wu
2d79e1565e Attempt to LG G4 compatibility
lsusb from @invisiblek, unfortunately it seems to hang when used in
VirtualBox (USB passthrough from Windows to Linux).

The second CD of exposes the endpoints over bInterfaceNumber 2, so this
patch simply activates the second CD.

LG G4 (1004:6298) has this device descriptor:

    ...
    idVendor           0x1004 LG Electronics, Inc.
    idProduct          0x6298
    bcdDevice            3.10
    iManufacturer           1 LG Electronics Inc.
    iProduct                2 LGE Android Phone
    iSerial                 3 VS986xxxxxxxx
    bNumConfigurations      2
    Configuration Descriptor:
      ...
      bNumInterfaces          1
      bConfigurationValue     1
      ...
      Interface Descriptor:
        ...
        bNumEndpoints           3
        bInterfaceClass         6 Imaging
        bInterfaceSubClass      1 Still Image Capture
        bInterfaceProtocol      1 Picture Transfer Protocol (PIMA 15470)
        iInterface              5 MTP
        ...
        (EP 1 IN  Bulk)
        (EP 1 OUT Bulk)
        (EP 2 IN  Intr)
        ...
    Configuration Descriptor:
      ...
      bNumInterfaces          4
      bConfigurationValue     2
      ...
      Interface Descriptor:
        ...
        bNumEndpoints           3
        bInterfaceClass         6 Imaging
        bInterfaceSubClass      1 Still Image Capture
        bInterfaceProtocol      1 Picture Transfer Protocol (PIMA 15470)
        iInterface              6 MTP
        ...
        (EP 1 IN  Bulk)
        (EP 1 OUT Bulk)
        (EP 2 IN  Intr)
        ...
      Interface Association:
        bLength                 8
        bDescriptorType        11
        bFirstInterface         1
        bInterfaceCount         2
        bFunctionClass          2 Communications
        bFunctionSubClass       2 Abstract (modem)
        bFunctionProtocol       1 AT-commands (v.25ter)
        iFunction               9 CDC Serial
      Interface Descriptor:
        ...
        bNumEndpoints           1
        bInterfaceClass         2 Communications
        bInterfaceSubClass      2 Abstract (modem)
        bInterfaceProtocol      1 AT-commands (v.25ter)
        iInterface              7 CDC Abstract Control Model (ACM)
        ...
        (EP 4 IN  Intr)
      Interface Descriptor:
        ...
        bNumEndpoints           2
        bInterfaceClass        10 CDC Data
        bInterfaceSubClass      0
        bInterfaceProtocol      0
        iInterface              8 CDC ACM Data
        (EP 3 IN  Bulk)
        (EP 2 Out Bulk)
      Interface Descriptor:
        ...
        bInterfaceNumber        2
        bAlternateSetting       0
        bNumEndpoints           2
        bInterfaceClass       255 Vendor Specific Class
        bInterfaceSubClass    255 Vendor Specific Subclass
        bInterfaceProtocol    255 Vendor Specific Protocol
        iInterface              0
        (EP 5 IN  Bulk)
        (EP 3 OUT Bulk)
        ...
2015-12-29 18:43:22 +01:00
Peter Wu
e71375d6cc lglaf.py: do not hang forever on reads
Use 5 second timeout for the initial hello and 60 seconds for other
cases. Maybe a --read-timeout option should be added in case you need
more time...
2015-12-29 18:40:46 +01:00
Peter Wu
fe75d2108f Compatibility with LG G4
According to @invisiblek, platform is gone from the LG G4 and bootdevice
also exists with the G2. So use that instead.
2015-12-29 18:26:07 +01:00
Peter Wu
94c0dc5ac2 parse-props.py: fix assert failure 2015-12-29 13:24:07 +01:00
Peter Wu
a1208e6723 Improve INFO GPRO field
Not just the first two bytes should match, it should be the expected
length. Found the hint in dmesg after failing to retrieve the properties
file. Setting all following bytes to 0xff does not seem to affect the
output, so let's keep it like this. The original software does send an
empty buffer though (with all zeroes).
2015-12-29 13:17:44 +01:00
Peter Wu
d26f0717a9 Add support for VS985 and others
The udev rules and Wireshark dissector still have idProduct hardcoded
for the time being, but lglaf.py detection logic is converted to use
heuristics instead.

Thanks to @invisiblek for testing and providing lsusb output.
2015-12-29 11:40:21 +01:00
Peter Wu
e7e9036fb9 protocol.md: Fix display of table 2015-12-29 00:59:17 +01:00
Peter Wu
f2137c1092 partitions.py: implement TRIM (--wipe) 2015-12-29 00:27:13 +01:00
Peter Wu
6e2089a12a protocol.md: poweroff
Props to
https://github.com/ghassani/openpst/blob/master/extra/lafshell/laf.h
(which seems to be reverse engineered from the lafd output).
2015-12-29 00:26:53 +01:00
Peter Wu
ab642bd7c0 protocol.md: update erase, read, exec
Thanks to hints from /proc/kmsg, I found the IOCTL_TRIM_CMD (0x1277)
hint. From the kmsg, the meaning of "LAF" was also found (which could be
discovered via the lafd binary too...).

The whence option for read was observed by putting 0xffffffff in the
argument and was tried because the DLL showed a fourth argument that was
always zero.
2015-12-28 23:59:21 +01:00
Peter Wu
01efff446d protocol: Document Unlink
Found in lafd binary.
2015-12-27 18:45:31 +01:00
Peter Wu
70ea7bf69b Move extract-partitions.py, add to README
Allows you to use it without having to set `PYTHONPATH=.` first.
2015-12-27 16:51:08 +01:00
Peter Wu
5e65f24aea extract-partitions.py: allow for disabling --max-size
Useful if you want to dump everything. For finer selection, use
partitions.py directly.
2015-12-27 16:37:56 +01:00
Peter Wu
b89f14c01f README: update with more usage examples 2015-12-27 12:55:27 +01:00
Peter Wu
1eaebefe87 lglaf.py: Avoid reading from stdin
stdin points to /dev/graphics/fb0, might not be the greatest source of
input...
2015-12-27 12:54:44 +01:00
Peter Wu
75091793be partitions: fix wrong offset
Results in failure in write verification (not dangerous, just fails
the response check while it should succeed).
2015-12-27 11:51:32 +01:00
Peter Wu
45cd6b5ff1 partitions: show name while dumping 2015-12-27 11:46:38 +01:00
Peter Wu
7663de0d6c partitions: allow filtering a single partition 2015-12-27 11:37:48 +01:00
Peter Wu
6f078543ca partitions: make partition_info faster 2015-12-27 11:25:04 +01:00
Peter Wu
c8e27d445d Allow partition lookup by label 2015-12-27 11:21:32 +01:00
Peter Wu
a27775129d extract-partitions.py: fix reading 512 bytes too short
/proc/partitions outputs blocks of 1 KiB, but the size can be aligned
at 512 bytes (as observed with the "grow" partition). Re-use the
partitions.py code for dumping partitions.

Previously every partition would be opened separately, now this
requests the partition offset and size for each partition, but the disk
is opened only once.

This takes about 32 seconds for 356 MiB.
2015-12-26 23:18:35 +01:00
Peter Wu
8f9c53b9eb Add script to dump/write partitions 2015-12-26 23:15:25 +01:00
Peter Wu
88fa55bbd5 lglaf.py: Python 2 compatibility 2015-12-26 22:03:49 +01:00
Peter Wu
e0f269128f extract-partitions.py: fix unaligned files
Seeking on a file open for appending does not really work. Also fix
offset in debug message.
2015-12-26 22:03:29 +01:00
Peter Wu
d9aa205b17 protocol.md: fix WRTE offset response
Unlike READ, WRTE does not have the same meanings for request/response.
2015-12-26 21:30:14 +01:00
Peter Wu
e89f3403db Add Wireshark LUA dissector 2015-12-26 20:38:47 +01:00
Peter Wu
c6b7bd465d extract-partitions.py: really close file on errors 2015-12-26 16:08:38 +01:00
Peter Wu
82174eaa6c protocol.md: update CTRL and READ 2015-12-26 14:52:26 +01:00
Peter Wu
85168bc5de extract-partitions.py: documentation update 2015-12-26 14:52:04 +01:00
Peter Wu
a8145a4a75 lglaf.py: allow skipping HELO
Just in case it causes interference, or to speed up things when you know
that the device is correct and in sync.
2015-12-26 14:51:28 +01:00
Peter Wu
495060d104 Add script to dump partitions
Dumped 384M in 34 seconds (D855, Linux, USB 2.0).
2015-12-26 01:09:45 +01:00
Peter Wu
e4544e50e5 lglaf.py: make device detection externally available
Useful for other scripts.
2015-12-26 01:09:07 +01:00
Peter Wu
13d0579db0 Try to make reset more robust
Implements message draining for serial devices and adds a HELO request
to ensure that the device is synchronized and speaks the protocol.
2015-12-25 15:55:15 +01:00
Peter Wu
0b38a8af0e lglaf.py: more helpful assertions 2015-12-25 15:48:30 +01:00
Peter Wu
8f35f2f5b5 More protocol details, add property parser
Example output for parse-props.py:

    download cable             = 'USER'
    battery level              = 100
    download type              = ' '
    download speed             = 0
    usb version                = ' '
    hardware revision          = 'rev_10'
    download sw version        = ' '
    device sw version          = 'D85520t'
    secure device              = 'S'
    laf sw version             = '1.1'
    device factory version     = 'LGD855AT-00-V20t-EUR-XX-AUG-18-2015-16G+0'
    device factory out version = 'LGD855AT-00-V20t-GLOBAL-COM-AUG-18-2015-16G+0'
    pid                        = 'YE01S151002002500'
    imei                       = (redacted)
    model name                 = 'LG-D855'
    device build type          = 'U'
    chipset platform           = 'msm8974'
    target_operator            = 'GLOBAL'
    target_country             = 'COM'
    ap_factory_reset_status    = 3
    cp_factory_reset_status    = 0
    isDownloadNotFinish        = 0
    qem                        = 0
    cupss swfv                 = 'A1439892730-M1439892730-C1439940554-U1439940554-0'
    is one binary dual plan    = 0
    memory size                = 30777344
    memory_id                  = 'SDW16G\n'
    bootloader_ver             = 'MiniOS 3.0'
2015-12-25 15:16:42 +01:00
Peter Wu
eed04da13f udev rules 2015-12-25 00:05:37 +01:00
Peter Wu
0871e23c06 Auto-detect serial port on Windows 2015-12-24 23:58:34 +01:00
Peter Wu
ad8977611f Add '-c' option, workaround Windows crash
Fixes "AttributeError: 'NoneType' object has no attribute 'isatty'" for

    echo ls | lglaf.py --serial com4

Adding "python" avoids the crash.
2015-12-24 22:19:47 +01:00
Peter Wu
d5b3ae382f lglaf.py: Initial commit
Tested on Linux only.
2015-12-24 20:03:07 +01:00
Peter Wu
c88a4289e7 Initial commit of docs 2015-12-24 20:03:03 +01:00