福特蒙迪欧 ECM系统进入算法代码

福特蒙迪欧ecm以及pcm的系统进入算法,过掉系统进入算法我们就可以刷写ecu以及刷里程表等特殊功能了得意

#10 02
secret_keys = {
        0x726: "3F 9E 78 C5 96",
        0x727: "50 C8 6A 49 F1",
        0x733: "AA BB CC DD EE",
        0x736: "08 30 61 55 AA",
        0x737: "52 6F 77 61 6E",
        0x760: "5B 41 74 65 7D",
        0x765: "96 A2 3B 83 9B",
        0x7a6: "50 C8 6A 49 F1",
        0x7e0: "08 30 61 A4 C5",}

#10 03
secret_keys2 = {
                0x7e0: "44 49 4F 44 45",
                0x737: "5A 89 E4 41 72",
                0x720: "24 68 86 42 04",#IC
                0x720: "DF 3A 14 69 C2"}#IC


def key_from_seed(seed, secret):
    s1 = int(secret[0:2],16)
    s2 = int(secret[3:5],16)
    s3 = int(secret[6:8],16)
    s4 = int(secret[9:11],16)
    s5 = int(secret[12:14],16)

    seed_int = (int(seed[0:2],16)<<16) + (int(seed[3:5],16)<<8) + (int(seed[6:8],16))
    #print "Seed: %x" % seed_int

    or_ed_seed = ((seed_int & 0xFF0000) >> 16) | (seed_int & 0xFF00) | (s1 << 24) | (seed_int & 0xff) << 16
    #print "or_ed_seed: %x\n" % or_ed_seed

    mucked_value = 0xc541a9

    for i in range(0,32):
        a_bit = ((or_ed_seed >> i) & 1 ^ mucked_value & 1) << 23
        v9 = v10 = v8 = a_bit | (mucked_value >> 1);
        mucked_value = v10 & 0xEF6FD7 | ((((v9 & 0x100000) >> 20) ^ ((v8 & 0x800000) >> 23)) << 20) | (((((mucked_value >> 1) & 0x8000) >> 15) ^ ((v8 & 0x800000) >> 23)) << 15) | (((((mucked_value >> 1) & 0x1000) >> 12) ^ ((v8 & 0x800000) >> 23)) << 12) | 32 * ((((mucked_value >> 1) & 0x20) >> 5) ^ ((v8 & 0x800000) >> 23)) | 8 * ((((mucked_value >> 1) & 8) >> 3) ^ ((v8 & 0x800000) >> 23));
    #	print "mucked: %x" % (mucked_value)

    for j in range(0,32):
        v11 = ((((s5 << 24) | (s4 << 16) | s2 | (s3 << 8)) >> j) & 1 ^ mucked_value & 1) << 23;
        v12 = v11 | (mucked_value >> 1);
        v13 = v11 | (mucked_value >> 1);
        v14 = v11 | (mucked_value >> 1);
        mucked_value = v14 & 0xEF6FD7 | ((((v13 & 0x100000) >> 20) ^ ((v12 & 0x800000) >> 23)) << 20) | (((((mucked_value >> 1) & 0x8000) >> 15) ^ ((v12 & 0x800000) >> 23)) << 15) | (((((mucked_value >> 1) & 0x1000) >> 12) ^ ((v12 & 0x800000) >> 23)) << 12) | 32 * ((((mucked_value >> 1) & 0x20) >> 5) ^ ((v12 & 0x800000) >> 23)) | 8 * ((((mucked_value >> 1) & 8) >> 3) ^ ((v12 & 0x800000) >> 23));
    key = ((mucked_value & 0xF0000) >> 16) | 16 * (mucked_value & 0xF) | ((((mucked_value & 0xF00000) >> 20) | ((mucked_value & 0xF000) >> 8)) << 8) | ((mucked_value & 0xFF0) >> 4 << 16);
    return "%02X %02X %02X" % ( (key & 0xff0000) >> 16, (key & 0xff00) >> 8, key & 0xff) 
    #    return [(key & 0xff0000) >> 16, (key & 0xff00) >> 8, key & 0xff]

"""
def key_from_seed1(seed, secret):
    return ((unsigned __int8)a1 ^ (a1 >> 8) ^ 0x9B) + 0xA932
"""

if __name__ == "__main__":
    #print "key = "+ key_from_seed("7A 6B 61" , "3F 9E 78 C5 96")
    realkey = "AB 4B FA"
    #print key_from_seed("EC 49 0B" , "24 68 86 42 04")

    secrets = []
    with open("secret.list" , "rb") as f:
        lst = f.read()
        secrets = eval(lst)
    for secret in secrets:
        key = key_from_seed("F8 70 FB" , secret)
        if key == realkey:
            print secret
        else:
            pass


评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值