福特蒙迪欧 ECM系统进入算法代码
2016-02-22 15:05
232 查看
福特蒙迪欧ecm以及pcm的系统进入算法,过掉系统进入算法我们就可以刷写ecu以及刷里程表等特殊功能了
#10 02 secret_keys = { 0x726: "3F 9E 78 C5 96", 0x727: "50 C8 6A 49 F1", 0x733: "AA BB CC DD EE", 0x736: "08 30 61 55 AA", 0x737: "52 6F 77 61 6E", 0x760: "5B 41 74 65 7D", 0x765: "96 A2 3B 83 9B", 0x7a6: "50 C8 6A 49 F1", 0x7e0: "08 30 61 A4 C5",} #10 03 secret_keys2 = { 0x7e0: "44 49 4F 44 45", 0x737: "5A 89 E4 41 72", 0x720: "24 68 86 42 04",#IC 0x720: "DF 3A 14 69 C2"}#IC def key_from_seed(seed, secret): s1 = int(secret[0:2],16) s2 = int(secret[3:5],16) s3 = int(secret[6:8],16) s4 = int(secret[9:11],16) s5 = int(secret[12:14],16) seed_int = (int(seed[0:2],16)<<16) + (int(seed[3:5],16)<<8) + (int(seed[6:8],16)) #print "Seed: %x" % seed_int or_ed_seed = ((seed_int & 0xFF0000) >> 16) | (seed_int & 0xFF00) | (s1 << 24) | (seed_int & 0xff) << 16 #print "or_ed_seed: %x\n" % or_ed_seed mucked_value = 0xc541a9 for i in range(0,32): a_bit = ((or_ed_seed >> i) & 1 ^ mucked_value & 1) << 23 v9 = v10 = v8 = a_bit | (mucked_value >> 1); mucked_value = v10 & 0xEF6FD7 | ((((v9 & 0x100000) >> 20) ^ ((v8 & 0x800000) >> 23)) << 20) | (((((mucked_value >> 1) & 0x8000) >> 15) ^ ((v8 & 0x800000) >> 23)) << 15) | (((((mucked_value >> 1) & 0x1000) >> 12) ^ ((v8 & 0x800000) >> 23)) << 12) | 32 * ((((mucked_value >> 1) & 0x20) >> 5) ^ ((v8 & 0x800000) >> 23)) | 8 * ((((mucked_value >> 1) & 8) >> 3) ^ ((v8 & 0x800000) >> 23)); # print "mucked: %x" % (mucked_value) for j in range(0,32): v11 = ((((s5 << 24) | (s4 << 16) | s2 | (s3 << 8)) >> j) & 1 ^ mucked_value & 1) << 23; v12 = v11 | (mucked_value >> 1); v13 = v11 | (mucked_value >> 1); v14 = v11 | (mucked_value >> 1); mucked_value = v14 & 0xEF6FD7 | ((((v13 & 0x100000) >> 20) ^ ((v12 & 0x800000) >> 23)) << 20) | (((((mucked_value >> 1) & 0x8000) >> 15) ^ ((v12 & 0x800000) >> 23)) << 15) | (((((mucked_value >> 1) & 0x1000) >> 12) ^ ((v12 & 0x800000) >> 23)) << 12) | 32 * ((((mucked_value >> 1) & 0x20) >> 5) ^ ((v12 & 0x800000) >> 23)) | 8 * ((((mucked_value >> 1) & 8) >> 3) ^ ((v12 & 0x800000) >> 23)); key = ((mucked_value & 0xF0000) >> 16) | 16 * (mucked_value & 0xF) | ((((mucked_value & 0xF00000) >> 20) | ((mucked_value & 0xF000) >> 8)) << 8) | ((mucked_value & 0xFF0) >> 4 << 16); return "%02X %02X %02X" % ( (key & 0xff0000) >> 16, (key & 0xff00) >> 8, key & 0xff) # return [(key & 0xff0000) >> 16, (key & 0xff00) >> 8, key & 0xff] """ def key_from_seed1(seed, secret): return ((unsigned __int8)a1 ^ (a1 >> 8) ^ 0x9B) + 0xA932 """ if __name__ == "__main__": #print "key = "+ key_from_seed("7A 6B 61" , "3F 9E 78 C5 96") realkey = "AB 4B FA" #print key_from_seed("EC 49 0B" , "24 68 86 42 04") secrets = [] with open("secret.list" , "rb") as f: lst = f.read() secrets = eval(lst) for secret in secrets: key = key_from_seed("F8 70 FB" , secret) if key == realkey: print secret else: pass
相关文章推荐
- python一键打包
- 三:java中传统线程互斥
- php empty()与isset()
- 保持顺序的 Java Properties 类
- ThinkPHP3.2.3的URL重写时遇到No input file specified的解决方法,htaccess规则问题
- 学习 Spring-Cloud - 写一个微服务
- MATLAB R2015安装及破解
- Java读取Properties文件的六种方法
- java多线程—Thread.Join()和Thread.Sleep()
- Java Web应用中调优线程池的重要性
- 禁止网页右键查看源代码
- python学习笔记
- Spring策略模式
- php分享十八七:mysql基础
- java中判断字符串是否为数字的方法的几种方法
- 【Python】python读取文件操作mysql
- python string unicode字符串
- Java [Leetcode 165]Compare Version Numbers
- Spring注解
- Go如何实现枚举小实例分享