UDS Security Access
Original IDA Pro decompile:
int __fastcall uds_calcKey(_BYTE *a1) { int v1; // r4 int v2; // r6 unsigned int v3; // r5 signed int v4; // r0 unsigned __int8 *v5; // r0 unsigned int v6; // r2 unsigned int v7; // r2 unsigned int v8; // r1 int v9; // r1 char v10; // r0 char v11; // r2 int result; // r0 _BYTE *v13; // [sp+0h] [bp-18h] v13 = a1; v1 = 1; v2 = 0; byte_400017F3 = 8; #0 byte_400017F4 = 0x30; #1 byte_400017F5 = 0x61; #2 byte_400017F6 = 0x55; #3 byte_400017F7 = 0xAAu; #4 byte_400017ED = 0xA9u; #5 byte_400017EE = 0x41; #6 byte_400017EF = 0xC5u; #7 v3 = 0; do { sub_4538(); v4 = 1; if ( !((unsigned __int8)seedByte1[v2] & (unsigned __int8)v1) ) v4 = 0; v5 = (unsigned __int8 *)(v4 ^ byte_400017ED & 1); if ( v1 == 128 ) { v1 = 1; v2 = (v2 + 1) & 0xFF; } else { v1 = 2 * v1 & 0xFF; } v6 = (unsigned int)(unsigned __int8)byte_400017ED >> 1; byte_400017ED = (unsigned __int8)byte_400017ED >> 1; if ( (unsigned __int8)byte_400017EE << 31 ) byte_400017ED = v6 | 0x80; v7 = (unsigned int)(unsigned __int8)byte_400017EE >> 1; byte_400017EE = (unsigned __int8)byte_400017EE >> 1; if ( (unsigned __int8)byte_400017EF << 31 ) byte_400017EE = v7 | 0x80; v8 = ((unsigned int)(unsigned __int8)byte_400017EF >> 1) | v5[0x4615]; byte_400017ED ^= v5[0x461B]; byte_400017EE ^= v5[0x4619]; byte_400017EF = v8 ^ v5[0x4617]; v3 = (v3 + 1) & 0xFF; } while ( v3 < 0x40 ); v9 = (unsigned __int8)byte_400017ED; v10 = byte_400017EE; *v13 = ((unsigned __int8)byte_400017ED >> 4) | 16 * byte_400017EE; v11 = byte_400017EF; v13[1] = v10 & 0xF0 | ((unsigned __int8)byte_400017EF >> 4); result = v11 & 0xF | 16 * v9; v13[2] = result; return result; }
Bereinigte Funktion:
void uds_calcKey(char* seed) { char entropy[8] = { 0x08, 0x30, 0x61, 0x55, 0xAA, 0xA9, 0x41, 0xC5 }; int seedIndex = 0; char v1 = 1; char v2 = 0; char v4; char v5; char v6; char v7; char v8; for (int i=0; i<0x40; i++) { if ( ! (seed[seedIndex] & v1)) { v4 = 0; } else { v4 = 1; } v5 = v4 ^ entropy[5] & 1; if (v1 == 0x80) { v1 = 1; v2 = (v2 + 1) & 0xFF; } else { v1 = 2 * v1 & 0xFF; } v6 = entropy[5] >> 1; entropy[5] = entropy[5] >> 1; if (entropy[6] << 31) { entropy[5] = v6 | 0x80; } v7 = entropy[6] >> 1; entropy[6] = entropy[6] >> 1; if (entropy[7] << 31) { entropy[6] = v7 | 0x80; } v8 = (entropy[7] >> 1) | v5[0x4615]; entropy[5] ^= v5[0x461B]; entropy[6] ^= v5[0x4619]; entropy[7] = v8 ^ v5[0x4617]; } v9 = entropy[5]; v10 = entropy[6]; *v13 = ((unsigned __int8)byte_400017ED >> 4) | 16 * byte_400017EE; v11 = entropy[7]; seed[1] = v10 & 0xF0 | (entropy[7] >> 4); result = v11 & 0x0F | 16 * v9; seed[2] = result; return result; }