diff --git a/templates/pages/sega/software/security/alphadvd.html b/templates/pages/sega/software/security/alphadvd.html index ee38919..4989896 100644 --- a/templates/pages/sega/software/security/alphadvd.html +++ b/templates/pages/sega/software/security/alphadvd.html @@ -41,9 +41,10 @@ key is always 32768 (8000h) bytes, and is unmodified during this process.

- Keys are derrived based on a key expansion algorithm that takes as input an unsigned short (16 bit) seed. I'm not - totally sure what expansion algorithm this is, or if it's something totally custom, but for now here's a snippet of - python code that implements the expansion: + Keys are derrived based on a key expansion algorithm that takes as input an unsigned short (16 bit) seed. This + algorithm is fundamentally an LSFR-based PRNG, used to generate a stream of bytes, which becomes the key. The + & 0xffffffff is not strictly necessary but is convenient in python in order to avoid + seed blowing up in size. 

@@ -51,26 +52,17 @@
 def amAuthDiskInitKey(seed):
     key = bytearray(0x8000)
 
-    for i in range(0x8000):
-        uVar1 = (seed * 2 >> 4 ^ seed * 2) >> 10 & 2 | seed << 2
+    seed <<= 1
+    for i in range(len(key)):
+        x = seed
 
-        uVar2 = uVar1 * 2
-        uVar3 = ((seed << 2) >> 4 ^ uVar1) >> 10 & 2 | uVar2
-        uVar1 = uVar3 * 2
-        uVar3 = (uVar2 >> 4 ^ uVar3) >> 10 & 2 | uVar1
+        for _ in range(8):
+            x |= ((((seed >> 4) ^ x) >> 11) & 1)
+            seed <<= 1
+            x <<= 1
+        key[i] = (x >> 1) & 0xff
 
-        uVar2 = uVar3 * 2
-        uVar3 = (uVar1 >> 4 ^ uVar3) >> 10 & 2 | uVar2
-        uVar1 = uVar3 * 2
-        uVar3 = (uVar2 >> 4 ^ uVar3) >> 10 & 2 | uVar1
-
-        uVar2 = uVar3 * 2
-        uVar3 = (uVar1 >> 4 ^ uVar3) >> 10 & 2 | uVar2
-        uVar1 = uVar3 * 2
-        uVar2 = (uVar2 >> 4 ^ uVar3) >> 10 & 2 | uVar1
-
-        seed = uVar2 | (uVar1 >> 4 ^ uVar2) >> 11 & 1
-        key[i] = seed & 0xff
+        seed = x & 0xffffffff
 
     return key
 {% endhighlight %}