lglaf: [linux][H815] LGLAF.py: WARNING: Command failed with error code 0x8000010a
Hallo, I’m trying to use your tool, but once I gained the root shell in download mode, each commant ends up with “LGLAF.py: WARNING: Command failed with error code 0x8000010a”
# python lglaf.py
LGLAF.py by Peter Wu (https://lekensteyn.nl/lglaf)
Type a shell command to execute or "exit" to leave.
# ls
LGLAF.py: WARNING: Command failed with error code 0x8000010a
# dir
LGLAF.py: WARNING: Command failed with error code 0x8000010a
# pwd
LGLAF.py: WARNING: Command failed with error code 0x8000010a
and the same if I pipe the command
# echo mount | python lglaf.py
LGLAF.py: WARNING: Command failed with error code 0x8000010a
System specs: S.O.: Slackware linux “-current” Python: 2.7.11 PyUsb: 1.0.0rc1 /etc/udev/rules.d/42-usb-lglaf.rules: 42-usb-lgaf.rules.txt LG G4 (H815)
Any hint?
About this issue
- Original URL
- State: open
- Created 8 years ago
- Comments: 63 (13 by maintainers)
WRTE when used in official methods uses compression to send the data (given the correct args, typically it just feeds the raw/compressed dz/tot data which I’d assume is just lz or similarly compressed), which probably speeds it up quite a lot over sending just plain raw data.
Keep in mind too, there is an additional CENT METR “mode” issued before closing the flash handles, though hopefully rebooting via the laf commands would clean up any outstanding handles and related flushes.
I did solve and implement (in C, my python-ability sucks) the challenge response method before posting here previously, with even a basic shell for interactive exec then left it at that as its useless to me with a locked bootloader. The only real challenge I found was that my implementation of the crypto method was broken for that bit size and it took me a while to realize it. I prefer not to hoard, but to me this seems to be a beehive I’d rather not kick… making a standalone exe that just does the unlock would be trivial for one off private uses, or if the project maintainers want more info…
snoremaster3000: the 8994 dll is using the same method/magic bytes as the others I looked at, making me think this method is currently even more universal than I thought it would be on MM LG devices.
Wow, nevermind, I goofed. It works. Even got it working in Python 3, will submit a pull request soon.
Most likely, you need to authorize before using the commands. Take a look at https://github.com/Lekensteyn/lglaf/pull/12
@marioemp2k7 Yes I can use the laf protocol after authenticating, but the EXEC command is now more limited. It only executes ls and ps commands. However you can still use WRTE and READ so these limitations don’t do much for security since you can just overwrite the laf partition with a custom packed one with either an old laf binary or adb enabled, etc. Note WRTE using this tool was really slow. took about 8 hrs to overwrite the entire flash memory of my 16GB Nexus. READ is much faster not sure why this is.
I had set up quemu wm with USB-passthrough, and downloaded LG mobile support tool, the tool sees the device,and how can I record the USB communication?
EDIT: ok, I’ve “sniffed” it using USBPcap