In the build prop the ro.build.user is geprgia.parkSo I've been looking at MM20B's aboot.img today. I was able to extract a number of keys and certificates, find them here. They're all in DER format (ie. binary). Unfortunately I'm not a crypto expert, but perhaps one it out there reading this.
Dump keys like this:
The rootca and one of the "LG attestation" certs are x509:
Here are some thoughts and observations I made:
Funniest one first, one x509 certificate has a CN id of "georgia.park" which seems really odd, perhaps even a hint to some pass-phrase?
The androidlk keys seems to be related to the Android Little Kernel boot loader code.
On of the keys is is named UNLOCK_RSA_02, I'll be damned if this doesn't have to do anything with unlock.bin
I could imagine that the unlock.bin is encrypted with a public key at LG's site. Then you flash it to a dedicated partition. aboot.img grabs unlock.bin, decrypts it with one of its private keys and checks it. I could imagine if we get to decrypt an existing unlock.bin, it just contains the device id and IMEI.
More generally, I think the process and keys is independent of the phone hardware. Every phone has to have identical boot loader and verification code. They will use the (unalterable) device id and IMEI to bind the process to devices
Next steps could be:
give those keys some more meaning and relate them to each other / other artifacts
most likely the unlock key is encrypted, so we'd need to find the pass phrase
some ARM guru could try to disassemble aboot.img to learn how those keys are used. Perhaps even find additional pass phrases embedded in the code
Spread the word. I'm new to the LG/LG4 community but I already learned that guy @autoprime is doing lots of gory work. Let's jailbreak this together and then donate the bounty to some noble cause!