Commit graph

70 commits

Author SHA1 Message Date
Antoine Beaupré
ecf4c597a3
add USB dump for LG G3 D852 2017-11-28 21:47:55 -05:00
Antoine Beaupré
8f02dfc4be
add support for g3 d852 2017-11-28 21:47:54 -05:00
Peter Wu
427a397d2b
Merge pull request #27 from tuxuser/update/omit_shellcmd_parse_gpt
Dump file compatibility, read GPT from block device, py3 compatible KILO challenge/response
2017-11-27 21:21:42 +00:00
tuxuser
dd2fc9d54c Add KILO challenge/response
Credits:
  @joeblowma => Initial reverse engineering
  @snoremaster3000 => Porting the C code to python
  @steadfasterX => Pushing the code along to this repo
2017-11-26 00:00:28 +01:00
tuxuser
87ec43709a partitions: Read and parse info from GPT rather than executing shell commands, which is restricted on recent devices 2017-11-25 23:49:17 +01:00
tuxuser
47b3f41f5d dump_file: Switch from "stat" to "ls" for getting filesize - recent firmware prevents using "stat", "ls" however is supported on old and new firmware. 2017-11-25 23:45:05 +01:00
Peter Wu
8a5b0b9cbc
Merge pull request #29 from tuxuser/task/documentation
Added rudimentary description to some *new* commands
2017-11-25 22:29:15 +00:00
tuxuser
272531aed5 Added rudimentary description to some *new* commands 2017-11-25 23:05:34 +01:00
Peter Wu
af67dbde3f
Merge pull request #28 from tuxuser/feature/rawshell
Add rawshell switch => Don't prepend anything to shell command
2017-11-25 20:55:38 +00:00
Rena Kunisaki
89be7edab6 Update protocol.md
Add more commands and info

[Peter: typo fix and formatting]
Fixes https://github.com/Lekensteyn/lglaf/pull/18
2017-11-25 20:51:44 +00:00
tuxuser
1ef1741bff Printing stderr-redirection warning to user via --help for rawshell argument 2017-11-25 21:14:28 +01:00
tuxuser
61e59e2a27 Add rawshell switch, not prepending anything to sent command 2017-11-22 02:48:40 +01:00
Peter Wu
8dc96c2178 Merge pull request #21 from steadfasterX/pr_skiphello
added skip-hello to the partition handlers
2017-10-15 18:54:03 +01:00
steadfasterX
5af4d393a1 new: added skip-hello to partition handlers
skip-hello is sometimes needed / useful here.
2017-10-05 17:19:27 +02:00
Peter Wu
253b7a17fb Merge pull request #16 from RenaKunisaki/master
Add error code descriptions
2017-09-21 00:57:04 +01:00
RenaKunisaki
734c650cc4 fix some error codes 2017-07-20 15:53:13 -04:00
RenaKunisaki
0c7bdf2fa9 add error code descriptions 2017-07-20 15:48:51 -04:00
Peter Wu
62bb05679f Compatibility with Wireshark 2.3.x
Needed after https://code.wireshark.org/review/19200
2017-03-17 12:15:06 +01:00
Peter Wu
034e751d0b Merge pull request #8 from ehem/master
Documentation fix, addition of LG V10 (H962)
2016-05-19 23:24:34 +02:00
Elliott Mitchell
114f2b3cd8 Reading is a lossed art, be more consistent with existing stuff
Upon looking, it seems the H962 has idProduct identical to the D855.
Note in appropriate places the H962 is now supportted.
2016-05-19 14:20:24 -07:00
Elliott Mitchell
14df5335c3 Fix download mode instructions in README.md
What was written seemed to suggest the power button should also be held
down, but instead the power button only briefly needs to be pressed.
2016-05-19 11:40:19 -07:00
Elliott Mitchell
81998e1dde Add one varient of the LG V10 to the usb.rules file
Now we can talk to another LG device.  This device though does need the
protocol fix (issue #7) solved before becoming truly useful though.
2016-05-19 11:35:21 -07:00
Peter Wu
688e0f3d17 lglaf.py: Fix "Resource busy" error
Detach kernel driver (cdc_acm) to avoid this error:

    usb.core.USBError: [Errno 16] Resource busy

Deliberately do not call attach_kernel_driver for the detached devices,
it is likely that the user runs lglaf multiple times. The user can
unplug and re-insert their device if they want to re-attach the kernel
driver.
2016-03-15 22:24:49 +01:00
Peter Wu
f2792e6374 lglaf.py: dynamically query for endpoint numbers
The endpoint numbers are apparently not fixed. Use heuristics to
discover these (necessary for at least the D805).

Tested with D855.
2016-03-15 22:10:42 +01:00
Peter Wu
d12798f69f Add lsusb for D805
Rename lsusb.txt while at it.

Thanks to @dorianlangbeck for the D805 dump
(https://github.com/Lekensteyn/lglaf/pull/1#issuecomment-189764085)
2016-03-13 18:41:46 +01:00
Peter Wu
6aa18f3c8e partitions.py: rename --load to --restore
Slightly better name.
2016-01-04 23:03:01 +01:00
Peter Wu
396409d3fa Make shell execution a bit more reliable
Previously you would not get feedback when quotes are not terminated or
when the command is too long. Fix this by putting stderr redirection in
the shell command, before eval.
2016-01-04 13:03:30 +01:00
Peter Wu
7ef3448209 lglaf.py: fix default read timeout
Really apply default read timeout (5 seconds) even if Communication.read
passes None.
2016-01-03 22:46:15 +01:00
Peter Wu
6c1f8e78c9 dump-file.py: added
Also adds G2 and G4 from @invisiblek to the tested devices list.
2016-01-03 22:22:38 +01:00
Peter Wu
90d89bbe5f Add full LG4 (VS986) support
Add productId to the Wireshark dissector and udev rule, adjust the
serial path detection logic to find the right key
(`\Device\LGVZANDNETDIAG1`). Now you do not need to pass `--serial COM4`
anymore.

Reportedly fails in VirtualBox with USB passthrough, but works fine on
Linux. Thanks @invisiblek for testing!
2015-12-30 10:51:18 +01:00
Peter Wu
2d79e1565e Attempt to LG G4 compatibility
lsusb from @invisiblek, unfortunately it seems to hang when used in
VirtualBox (USB passthrough from Windows to Linux).

The second CD of exposes the endpoints over bInterfaceNumber 2, so this
patch simply activates the second CD.

LG G4 (1004:6298) has this device descriptor:

    ...
    idVendor           0x1004 LG Electronics, Inc.
    idProduct          0x6298
    bcdDevice            3.10
    iManufacturer           1 LG Electronics Inc.
    iProduct                2 LGE Android Phone
    iSerial                 3 VS986xxxxxxxx
    bNumConfigurations      2
    Configuration Descriptor:
      ...
      bNumInterfaces          1
      bConfigurationValue     1
      ...
      Interface Descriptor:
        ...
        bNumEndpoints           3
        bInterfaceClass         6 Imaging
        bInterfaceSubClass      1 Still Image Capture
        bInterfaceProtocol      1 Picture Transfer Protocol (PIMA 15470)
        iInterface              5 MTP
        ...
        (EP 1 IN  Bulk)
        (EP 1 OUT Bulk)
        (EP 2 IN  Intr)
        ...
    Configuration Descriptor:
      ...
      bNumInterfaces          4
      bConfigurationValue     2
      ...
      Interface Descriptor:
        ...
        bNumEndpoints           3
        bInterfaceClass         6 Imaging
        bInterfaceSubClass      1 Still Image Capture
        bInterfaceProtocol      1 Picture Transfer Protocol (PIMA 15470)
        iInterface              6 MTP
        ...
        (EP 1 IN  Bulk)
        (EP 1 OUT Bulk)
        (EP 2 IN  Intr)
        ...
      Interface Association:
        bLength                 8
        bDescriptorType        11
        bFirstInterface         1
        bInterfaceCount         2
        bFunctionClass          2 Communications
        bFunctionSubClass       2 Abstract (modem)
        bFunctionProtocol       1 AT-commands (v.25ter)
        iFunction               9 CDC Serial
      Interface Descriptor:
        ...
        bNumEndpoints           1
        bInterfaceClass         2 Communications
        bInterfaceSubClass      2 Abstract (modem)
        bInterfaceProtocol      1 AT-commands (v.25ter)
        iInterface              7 CDC Abstract Control Model (ACM)
        ...
        (EP 4 IN  Intr)
      Interface Descriptor:
        ...
        bNumEndpoints           2
        bInterfaceClass        10 CDC Data
        bInterfaceSubClass      0
        bInterfaceProtocol      0
        iInterface              8 CDC ACM Data
        (EP 3 IN  Bulk)
        (EP 2 Out Bulk)
      Interface Descriptor:
        ...
        bInterfaceNumber        2
        bAlternateSetting       0
        bNumEndpoints           2
        bInterfaceClass       255 Vendor Specific Class
        bInterfaceSubClass    255 Vendor Specific Subclass
        bInterfaceProtocol    255 Vendor Specific Protocol
        iInterface              0
        (EP 5 IN  Bulk)
        (EP 3 OUT Bulk)
        ...
2015-12-29 18:43:22 +01:00
Peter Wu
e71375d6cc lglaf.py: do not hang forever on reads
Use 5 second timeout for the initial hello and 60 seconds for other
cases. Maybe a --read-timeout option should be added in case you need
more time...
2015-12-29 18:40:46 +01:00
Peter Wu
fe75d2108f Compatibility with LG G4
According to @invisiblek, platform is gone from the LG G4 and bootdevice
also exists with the G2. So use that instead.
2015-12-29 18:26:07 +01:00
Peter Wu
94c0dc5ac2 parse-props.py: fix assert failure 2015-12-29 13:24:07 +01:00
Peter Wu
a1208e6723 Improve INFO GPRO field
Not just the first two bytes should match, it should be the expected
length. Found the hint in dmesg after failing to retrieve the properties
file. Setting all following bytes to 0xff does not seem to affect the
output, so let's keep it like this. The original software does send an
empty buffer though (with all zeroes).
2015-12-29 13:17:44 +01:00
Peter Wu
d26f0717a9 Add support for VS985 and others
The udev rules and Wireshark dissector still have idProduct hardcoded
for the time being, but lglaf.py detection logic is converted to use
heuristics instead.

Thanks to @invisiblek for testing and providing lsusb output.
2015-12-29 11:40:21 +01:00
Peter Wu
e7e9036fb9 protocol.md: Fix display of table 2015-12-29 00:59:17 +01:00
Peter Wu
f2137c1092 partitions.py: implement TRIM (--wipe) 2015-12-29 00:27:13 +01:00
Peter Wu
6e2089a12a protocol.md: poweroff
Props to
https://github.com/ghassani/openpst/blob/master/extra/lafshell/laf.h
(which seems to be reverse engineered from the lafd output).
2015-12-29 00:26:53 +01:00
Peter Wu
ab642bd7c0 protocol.md: update erase, read, exec
Thanks to hints from /proc/kmsg, I found the IOCTL_TRIM_CMD (0x1277)
hint. From the kmsg, the meaning of "LAF" was also found (which could be
discovered via the lafd binary too...).

The whence option for read was observed by putting 0xffffffff in the
argument and was tried because the DLL showed a fourth argument that was
always zero.
2015-12-28 23:59:21 +01:00
Peter Wu
01efff446d protocol: Document Unlink
Found in lafd binary.
2015-12-27 18:45:31 +01:00
Peter Wu
70ea7bf69b Move extract-partitions.py, add to README
Allows you to use it without having to set `PYTHONPATH=.` first.
2015-12-27 16:51:08 +01:00
Peter Wu
5e65f24aea extract-partitions.py: allow for disabling --max-size
Useful if you want to dump everything. For finer selection, use
partitions.py directly.
2015-12-27 16:37:56 +01:00
Peter Wu
b89f14c01f README: update with more usage examples 2015-12-27 12:55:27 +01:00
Peter Wu
1eaebefe87 lglaf.py: Avoid reading from stdin
stdin points to /dev/graphics/fb0, might not be the greatest source of
input...
2015-12-27 12:54:44 +01:00
Peter Wu
75091793be partitions: fix wrong offset
Results in failure in write verification (not dangerous, just fails
the response check while it should succeed).
2015-12-27 11:51:32 +01:00
Peter Wu
45cd6b5ff1 partitions: show name while dumping 2015-12-27 11:46:38 +01:00
Peter Wu
7663de0d6c partitions: allow filtering a single partition 2015-12-27 11:37:48 +01:00
Peter Wu
6f078543ca partitions: make partition_info faster 2015-12-27 11:25:04 +01:00
Peter Wu
c8e27d445d Allow partition lookup by label 2015-12-27 11:21:32 +01:00