Kamis, 25 Maret 2010

huawei unlocking algo

// a tiny self made program to understand how the code generated for huawei card.
// compiled with lazarus.
// friday, march 26, 2010 - xvrsfrnssks

unit Unit1;

{$mode objfpc}{$H+}

interface

uses
Classes, SysUtils, FileUtil, LResources, Forms, Controls, Graphics, Dialogs,
StdCtrls, md5;

type

{ TForm1 }

TForm1 = class(TForm)
Button1: TButton;
Edit1: TEdit;
Edit2: TEdit;
Edit3: TEdit;
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
procedure Button1Click(Sender: TObject);
private
{ private declarations }
public
{ public declarations }
end;

var
Form1: TForm1;

implementation

function kn(a:string):string;
var
i:integer;
begin
result:='';
for i:=1 to length(a) div 2 do
result:=result+chr(strtoint('$'+a[i*2-1]+a[i*2]));
end;

{ TForm1 }

procedure TForm1.Button1Click(Sender: TObject);
var
s:string;
i:int64;
j:longword;
begin
// unlock const (hwe620datacard) = a32fe72c 5e8dd316726b0335 d5513ba0
// flash const (e630upgrade) = aa91cee2 97b7bc6be525ab44 cdc63be0
if (length(edit1.text)=15) and trystrtoint64(edit1.text,i) then begin
s:=kn(md5print(md5string(edit1.text+'5e8dd316726b0335')));
j:=(((ord(s[1]) xor ord(s[5]) xor ord(s[9]) xor ord(s[13])) and 1) or 2) shl 24+
(ord(s[2]) xor ord(s[6]) xor ord(s[10]) xor ord(s[14])) shl 16+
(ord(s[3]) xor ord(s[7]) xor ord(s[11]) xor ord(s[15])) shl 8+
(ord(s[4]) xor ord(s[8]) xor ord(s[12]) xor ord(s[16]));
edit2.text:=inttostr(j);
s:=kn(md5print(md5string(edit1.text+'97b7bc6be525ab44')));
j:=(((ord(s[1]) xor ord(s[5]) xor ord(s[9]) xor ord(s[13])) and 1) or 2) shl 24+
(ord(s[2]) xor ord(s[6]) xor ord(s[10]) xor ord(s[14])) shl 16+
(ord(s[3]) xor ord(s[7]) xor ord(s[11]) xor ord(s[15])) shl 8+
(ord(s[4]) xor ord(s[8]) xor ord(s[12]) xor ord(s[16]));
edit3.text:=inttostr(j);
end;
end;

initialization
{$I unit1.lrs}

end.

// http://hotfile.com/dl/54871974/2ae81b0/project1.exe.html (uploaded july 15, 2010)