福特蒙迪欧 ECM系统进入算法代码
2016-02-22 15:05
232 查看
福特蒙迪欧ecm以及pcm的系统进入算法,过掉系统进入算法我们就可以刷写ecu以及刷里程表等特殊功能了
#10 02
secret_keys = {
0x726: "3F 9E 78 C5 96",
0x727: "50 C8 6A 49 F1",
0x733: "AA BB CC DD EE",
0x736: "08 30 61 55 AA",
0x737: "52 6F 77 61 6E",
0x760: "5B 41 74 65 7D",
0x765: "96 A2 3B 83 9B",
0x7a6: "50 C8 6A 49 F1",
0x7e0: "08 30 61 A4 C5",}
#10 03
secret_keys2 = {
0x7e0: "44 49 4F 44 45",
0x737: "5A 89 E4 41 72",
0x720: "24 68 86 42 04",#IC
0x720: "DF 3A 14 69 C2"}#IC
def key_from_seed(seed, secret):
s1 = int(secret[0:2],16)
s2 = int(secret[3:5],16)
s3 = int(secret[6:8],16)
s4 = int(secret[9:11],16)
s5 = int(secret[12:14],16)
seed_int = (int(seed[0:2],16)<<16) + (int(seed[3:5],16)<<8) + (int(seed[6:8],16))
#print "Seed: %x" % seed_int
or_ed_seed = ((seed_int & 0xFF0000) >> 16) | (seed_int & 0xFF00) | (s1 << 24) | (seed_int & 0xff) << 16
#print "or_ed_seed: %x\n" % or_ed_seed
mucked_value = 0xc541a9
for i in range(0,32):
a_bit = ((or_ed_seed >> i) & 1 ^ mucked_value & 1) << 23
v9 = v10 = v8 = a_bit | (mucked_value >> 1);
mucked_value = v10 & 0xEF6FD7 | ((((v9 & 0x100000) >> 20) ^ ((v8 & 0x800000) >> 23)) << 20) | (((((mucked_value >> 1) & 0x8000) >> 15) ^ ((v8 & 0x800000) >> 23)) << 15) | (((((mucked_value >> 1) & 0x1000) >> 12) ^ ((v8 & 0x800000) >> 23)) << 12) | 32 * ((((mucked_value >> 1) & 0x20) >> 5) ^ ((v8 & 0x800000) >> 23)) | 8 * ((((mucked_value >> 1) & 8) >> 3) ^ ((v8 & 0x800000) >> 23));
# print "mucked: %x" % (mucked_value)
for j in range(0,32):
v11 = ((((s5 << 24) | (s4 << 16) | s2 | (s3 << 8)) >> j) & 1 ^ mucked_value & 1) << 23;
v12 = v11 | (mucked_value >> 1);
v13 = v11 | (mucked_value >> 1);
v14 = v11 | (mucked_value >> 1);
mucked_value = v14 & 0xEF6FD7 | ((((v13 & 0x100000) >> 20) ^ ((v12 & 0x800000) >> 23)) << 20) | (((((mucked_value >> 1) & 0x8000) >> 15) ^ ((v12 & 0x800000) >> 23)) << 15) | (((((mucked_value >> 1) & 0x1000) >> 12) ^ ((v12 & 0x800000) >> 23)) << 12) | 32 * ((((mucked_value >> 1) & 0x20) >> 5) ^ ((v12 & 0x800000) >> 23)) | 8 * ((((mucked_value >> 1) & 8) >> 3) ^ ((v12 & 0x800000) >> 23));
key = ((mucked_value & 0xF0000) >> 16) | 16 * (mucked_value & 0xF) | ((((mucked_value & 0xF00000) >> 20) | ((mucked_value & 0xF000) >> 8)) << 8) | ((mucked_value & 0xFF0) >> 4 << 16);
return "%02X %02X %02X" % ( (key & 0xff0000) >> 16, (key & 0xff00) >> 8, key & 0xff)
# return [(key & 0xff0000) >> 16, (key & 0xff00) >> 8, key & 0xff]
"""
def key_from_seed1(seed, secret):
return ((unsigned __int8)a1 ^ (a1 >> 8) ^ 0x9B) + 0xA932
"""
if __name__ == "__main__":
#print "key = "+ key_from_seed("7A 6B 61" , "3F 9E 78 C5 96")
realkey = "AB 4B FA"
#print key_from_seed("EC 49 0B" , "24 68 86 42 04")
secrets = []
with open("secret.list" , "rb") as f:
lst = f.read()
secrets = eval(lst)
for secret in secrets:
key = key_from_seed("F8 70 FB" , secret)
if key == realkey:
print secret
else:
pass
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- python一键打包
- 三:java中传统线程互斥
- php empty()与isset()
- 保持顺序的 Java Properties 类
- ThinkPHP3.2.3的URL重写时遇到No input file specified的解决方法,htaccess规则问题
- 学习 Spring-Cloud - 写一个微服务
- MATLAB R2015安装及破解
- Java读取Properties文件的六种方法
- java多线程—Thread.Join()和Thread.Sleep()
- Java Web应用中调优线程池的重要性
- 禁止网页右键查看源代码
- python学习笔记
- Spring策略模式
- php分享十八七:mysql基础
- java中判断字符串是否为数字的方法的几种方法
- 【Python】python读取文件操作mysql
- python string unicode字符串
- Java [Leetcode 165]Compare Version Numbers
- Spring注解
- Go如何实现枚举小实例分享