From f0ee40b08ca728f2606f2994528e3c4c949b1a96 Mon Sep 17 00:00:00 2001
From: Bottersnike
- Keys are derrived based on a key expansion algorithm that takes as input an unsigned short (16 bit) seed. I'm not
- totally sure what expansion algorithm this is, or if it's something totally custom, but for now here's a snippet of
- python code that implements the expansion:
+ Keys are derrived based on a key expansion algorithm that takes as input an unsigned short (16 bit) seed. This
+ algorithm is fundamentally an LSFR-based PRNG, used to generate a stream of bytes, which becomes the key. The
+ & 0xffffffff
is not strictly necessary but is convenient in python in order to avoid
+ seed
blowing up in size.
@@ -51,26 +52,17 @@ def amAuthDiskInitKey(seed): key = bytearray(0x8000) - for i in range(0x8000): - uVar1 = (seed * 2 >> 4 ^ seed * 2) >> 10 & 2 | seed << 2 + seed <<= 1 + for i in range(len(key)): + x = seed - uVar2 = uVar1 * 2 - uVar3 = ((seed << 2) >> 4 ^ uVar1) >> 10 & 2 | uVar2 - uVar1 = uVar3 * 2 - uVar3 = (uVar2 >> 4 ^ uVar3) >> 10 & 2 | uVar1 + for _ in range(8): + x |= ((((seed >> 4) ^ x) >> 11) & 1) + seed <<= 1 + x <<= 1 + key[i] = (x >> 1) & 0xff - uVar2 = uVar3 * 2 - uVar3 = (uVar1 >> 4 ^ uVar3) >> 10 & 2 | uVar2 - uVar1 = uVar3 * 2 - uVar3 = (uVar2 >> 4 ^ uVar3) >> 10 & 2 | uVar1 - - uVar2 = uVar3 * 2 - uVar3 = (uVar1 >> 4 ^ uVar3) >> 10 & 2 | uVar2 - uVar1 = uVar3 * 2 - uVar2 = (uVar2 >> 4 ^ uVar3) >> 10 & 2 | uVar1 - - seed = uVar2 | (uVar1 >> 4 ^ uVar2) >> 11 & 1 - key[i] = seed & 0xff + seed = x & 0xffffffff return key {% endhighlight %}