|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source |
GSM Programming & Reverse Engineering Here you can post all Kind of GSM Programming and Reverse Engineering tools and Secrets. |
| LinkBack | Thread Tools | Display Modes |
04-26-2017, 01:15 | #1 (permalink) |
Insane Poster Join Date: Jan 2017
Posts: 95
Member: 2674769 Status: Offline Thanks Meter: 17 | LG laf KILOMETER COMMAND encryption the encrypt depends on KILOCENT COMMAND RESPONSE example kilocent command 4b 49 4c 4f 43 45 4e 54 00 00 00 00 00 00 00 00 KILOCENT........ 00 00 00 00 00 00 00 00 e3 7b 00 00 b4 b6 b3 b0 ........م{..´¶³° phone answer 4b 49 4c 4f 43 45 4e 54 fe 1c d6 03 00 00 00 00 KILOCENT.ض..... 00 00 00 00 00 00 00 00 90 8e 00 00 b4 b6 b3 b0 ........گژ..´¶³° after that comes the kilometer comand 4b 49 4c 4f 4d 45 54 52 00 00 00 00 04 00 00 00 KILOMETR........ 00 00 00 00 10 00 00 00 d2 c2 00 00 b4 b6 b3 b0 ........زآ..´¶³° 00 24 b5 59 6f d1 db a3 af c6 00 37 03 df a4 78 .$µYoرغ£¯ئ.7.ك¤x {00 24 b5 59 6f d1 db a3 af c6 00 37 03 df a4 78} the above hex line was calculate thru { fe 1c d6 03 } that we get in kilocent respons any body no how to calcualte it |
04-26-2017, 23:14 | #4 (permalink) |
Insane Poster Join Date: Jan 2017
Posts: 95
Member: 2674769 Status: Offline Thanks Meter: 17 | in python from Crypto.Cipher import AES def key_transform(old_key): new_key = '' for x in range(32,0,-1): new_key += chr(ord(old_key[x-1]) - (x % 0x0C)) return new_key def key_xoring(key2_t, kilo_challenge): key2_t_xor = '' i = 0 while i <= 28: key2_t_xor += chr(ord(key2_t[i]) ^ ord(kilo_challenge[3])) key2_t_xor += chr(ord(key2_t[i+1]) ^ ord(kilo_challenge[2])) key2_t_xor += chr(ord(key2_t[i+2]) ^ ord(kilo_challenge[1])) key2_t_xor += chr(ord(key2_t[i+3]) ^ ord(kilo_challenge[0])) i = i + 4 return key2_t_xor def do_aes_encrypt(key2_t_xor): plaintext = b'' for k in range(0,16): plaintext += chr(k) obj = AES.new(key2_t_xor, AES.MODE_ECB) return obj.encrypt(plaintext) def do_challenge_response(comm): request_kilo = make_request(b'KILO', args=[b'CENT', b'\0\0\0\0', b'\0\0\0\0', b'\0\0\0\0']) kilo_header, kilo_response = comm.call(request_kilo) kilo_challenge = kilo_header[8:12] chalstring = ":".join("{:02x}".format(ord(k)) for k in kilo_challenge) _logger.debug("Challenge: %s" %chalstring) key2 = 'qndiakxxuiemdklseqid~a~niq,zjuxl' # if this doesnt work try 'lgowvqnltpvtgogwswqn~n~mtjjjqxro' kilo_response = do_aes_encrypt(key_xoring(key_transform(key2), kilo_challenge)) respstring = ":".join("{:02x}".format(ord(m)) for m in kilo_response) _logger.debug("Response: %s" %respstring) request_kilo_metr = make_request(b'KILO', args=[b'METR', b'\0\0\0\0', b'\x02\0\0\0', b'\0\0\0\0'], body=bytes(kilo_response)) metr_header, metr_response = comm.call(request_kilo_metr) it use AES MODE_ECB crypt can we use it in delphi |
05-22-2017, 16:38 | #6 (permalink) |
Insane Poster Join Date: Jan 2017
Posts: 95
Member: 2674769 Status: Offline Thanks Meter: 17 | lets translate the python code to delphi function key_transform (old_key:string): string; var x :integer; begin result:=''; for x := 32 downto 0 do result:= result + chr(ord(old_key[x-1])-( x mod $0C)) ; end; |
05-22-2017, 16:49 | #7 (permalink) |
Insane Poster Join Date: Jan 2017
Posts: 95
Member: 2674769 Status: Offline Thanks Meter: 17 | function key_xoring ( key2_t :string ; kilo_challenge :string) : string ; var i :integer; begin result := ''; i:=0 ; while i <= 28 do begin result := result + chr(ord(key2_t[i]) xor ord (kilo_challenge[3])) ; result := result + chr(ord(key2_t[i+1]) xor ord(kilo_challenge[2])); result := result + chr(ord(key2_t[i+2]) xor ord(kilo_challenge[1])) ; result := result + chr(ord(key2_t[i+3]) xor ord (kilo_challenge[0])) ; i := i + 4 ; end; that`s give me error on yellow line [DCC Error] Unit1.pas(8339): E2157 Element 0 inaccessible - use 'Length' or 'SetLength' |
Bookmarks |
| |
|