USBoot-2.14-Keygen/USBoot-2.14-Keygen.py at main · shezik/USBoot-2.14-Keygen · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/usr/bin/env python3
import binascii
import random
import copy
import argparse

CHALLENGE_XOR_KEY = bytearray([0x00, 0x5A, 0x6B, 0x7C, 0x5A, 0x6B, 0x7C, 0x00])
RESPONSE_XOR_KEY = bytearray([0x00, 0xA5, 0xB6, 0xC7, 0xA5, 0xB6, 0xC7, 0x00])
RESPONSE_MAGIC_KEY = 0x47B2

def mangle(plaintext: bytearray):
    result = copy.deepcopy(plaintext)

    rand = random.randint(0, 0xFF)
    result[0] = rand

    checksum = 0
    for i in range(7):
        checksum ^= result[i]
    result[7] = checksum

    first_byte_val = result[0]
    for i in range(1, 8):
        result[i] ^= first_byte_val
        first_byte_val += 0xB7
        first_byte_val %= 256  # Simulate uint8_t overflow

    last_byte_val = result[7]
    for i in range(7):
        result[i] ^= last_byte_val
        last_byte_val += 0xB7
        last_byte_val %= 256

    for i in range(6, -1, -1):  # 6 ~ 0
        result[i] ^= result[i + 1]

    return result


def demangle(ciphertext: bytearray):
    result = copy.deepcopy(ciphertext)

    for i in range(7):
        result[i] ^= result[i + 1]

    last_byte_val = result[7]
    for i in range(7):
        result[i] ^= last_byte_val
        last_byte_val += 0xB7
        last_byte_val %= 256  # Simulate uint8_t overflow

    first_byte_val = result[0]
    for i in range(1, 8):
        result[i] ^= first_byte_val
        first_byte_val += 0xB7
        first_byte_val %= 256

    checksum = 0
    for i in range(7):
        checksum ^= result[i]
    success = result[7] == checksum
    if not success:
        raise AssertionError('Checksum validation failed')

    result[7] = 0
    result[0] = 0

    return result


def xor(src_a: bytearray, src_b: bytearray):
    if len(src_a) != len(src_b):
        raise AssertionError('Data being XOR\'d has different length')
    result = bytearray()
    for i in range(min(len(src_a), len(src_b))):
        result.append(src_a[i] ^ src_b[i])
    return result


def get_response_code(challenge: bytearray):
    response = bytearray([0x00] * 8)
    reg_time = xor(demangle(challenge), CHALLENGE_XOR_KEY)
    response = xor(response, reg_time)
    response = xor(response, bytearray((RESPONSE_MAGIC_KEY << 8).to_bytes(8, 'big')))
    response = xor(response, RESPONSE_XOR_KEY)
    response = mangle(response)
    return response


def main():
    parser = argparse.ArgumentParser(description='USBoot 2.14 Keygen', epilog='Brought to you with ❤️ by shezik')
    parser.add_argument('challengeCode', type=str, help='The code that USBoot prompts you to paste onto the website.')
    args = parser.parse_args()

    if len(args.challengeCode) != 16:
        print(f'Bad challenge code: Expected 16 characters, got {len(args.challengeCode)} instead')
        return

    try:
        challenge = bytearray(binascii.a2b_hex(args.challengeCode))
    except binascii.Error as e:
        print(f'Bad challenge code: {e}; are you sure this is a hex string?')
        return

    try:
        response = binascii.hexlify(get_response_code(challenge))
        print('Response code: ' + response.decode('ascii').upper())
    except AssertionError as e:
        print(f'Bad challenge code: {e}')
        return


if __name__ == '__main__':
    main()