From 670743b9e65392e984f13b3dae6eda28786c3ec0 Mon Sep 17 00:00:00 2001
From: rsvt1973 <rsvt@hotbox.ru>
Date: Sun, 29 Mar 2020 12:03:02 +0300
Subject: [PATCH 1/3] Add HashDWORD function

---
 EncDecSim.c | 117 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 EncDecSim.h |   1 +
 USBKeyEmu.c |   2 +-
 3 files changed, 119 insertions(+), 1 deletion(-)

diff --git a/EncDecSim.c b/EncDecSim.c
index 3359873..d0c4503 100644
--- a/EncDecSim.c
+++ b/EncDecSim.c
@@ -289,3 +289,120 @@ void GetCode (uint16_t seed, uint32_t *bufPtr, uint8_t *secTable) {
         }
     }
 }
+
+#define TR_DIV 0x7E0
+#define SUBTRANSV(a,b) (a / 18 + b + 112 * (a % 18)) % TR_DIV
+#define TRANSV(a,b,c) (c + SUBTRANSV(a, b)) % TR_DIV
+
+uint32_t TransformDWORD(uint32_t in1, uint32_t in2)
+{
+
+    uint16_t lw = in1;
+    uint16_t hw = in1 >> 16;
+
+    return SUBTRANSV(TRANSV(TRANSV((in2 + lw) % TR_DIV, hw, lw), hw, lw), hw);
+
+}
+
+#define GET_FROM_EDS(a, edStruct) ((edStruct[a >> 3] >> (7 - (a & 7))) & 1)
+#define GET_FROM_EDS_XOR(a, b, edStruct) ((edStruct[a >> 3] >> (7 - (a & 7))) ^ (edStruct[b >> 3] >> (7 - (b & 7)))) & 1
+
+uint8_t TransformEdStruct(uint8_t in5Bit, uint8_t *edStruct, uint8_t index)
+{
+    uint32_t dw1;
+    uint32_t dw2;
+
+    in5Bit = in5Bit & 0x1F;
+    index  = index + 6;
+
+    uint8_t  tr5Bit = (245 * in5Bit ^ 5) & 0x1F;
+
+    uint32_t tr5Bit56  = 56 * in5Bit;
+    uint32_t tr5Bit145 = tr5Bit56 + 145;
+    uint32_t endEdStruct = ((uint32_t*)edStruct)[63];
+
+    for (int i = 4; i >= 0; i-- ) {
+        dw1 = TransformDWORD(endEdStruct, tr5Bit145);
+        tr5Bit ^= GET_FROM_EDS(dw1, edStruct) << i;
+        tr5Bit145++;
+    }
+
+    dw1 = TransformDWORD(endEdStruct, tr5Bit56 + 144);
+    uint8_t f1 = (edStruct[dw1 >> 3] >> (7 - (dw1 & 7))) & 1;
+    if ( tr5Bit != 0x1F )
+    {
+        dw1 = TransformDWORD(endEdStruct, tr5Bit56 + index + tr5Bit + 144);
+        dw2 = TransformDWORD(endEdStruct, tr5Bit56 + ((tr5Bit + index + in5Bit) & 7) + 192);
+        f1 ^= GET_FROM_EDS_XOR(dw2, dw1, edStruct);
+    }
+
+    uint32_t count = 0;
+    uint32_t scount = 0;
+    if ( (48 - index) > 0 )
+    {
+        uint8_t f2 = in5Bit & 1;
+        uint32_t index144 = index + 144;
+        uint32_t count143 = 143;
+        while ( count < (48 - index) )
+        {
+            uint8_t f3 = 0;
+
+            if ( f2 )
+            {
+                dw1 = TransformDWORD(endEdStruct, 2015 - count % 38);
+                dw2 = TransformDWORD(endEdStruct, count143);
+                f3 = GET_FROM_EDS_XOR(dw2, dw1, edStruct);
+            }
+
+            if ( f1 )
+            {
+                dw1 = TransformDWORD(endEdStruct, count % 38 + 64);
+                dw2 = TransformDWORD(endEdStruct, count + 1936);
+                f3 ^= GET_FROM_EDS_XOR(dw2, dw1, edStruct);
+            }
+
+            if ( f3 )
+            {
+                uint32_t v33 = index144;
+                for (int i = 0; i < 32; i++ ) {
+                    dw1 = TransformDWORD(endEdStruct, v33);
+                    edStruct[dw1 >> 3] = edStruct[dw1 >> 3] & ~(1 << (7 - (dw1 & 7))) | (((f3 ^ GET_FROM_EDS(dw1, edStruct)) & 1) << (7 - (dw1 & 7)));
+                    v33 += 56;
+                }
+                count = scount;
+            }
+            scount = ++count;
+            count143--; index144++;
+            f2 = in5Bit & 1;
+        }
+    }
+    dw1 = TransformDWORD(endEdStruct, tr5Bit56 + index + 144);
+    dw2 = TransformDWORD(endEdStruct, tr5Bit56 + (in5Bit + index) % 8 + 192);
+    return GET_FROM_EDS_XOR(dw2, dw1, edStruct);
+}
+
+
+void HashDWORD(uint32_t *Data, uint8_t *edStruct)
+{
+    uint8_t fodd;
+    uint8_t buf[256];
+
+    uint8_t *arrayData8 = (uint8_t *) Data;
+    uint8_t index = 0;
+
+    memcpy(buf, edStruct, 256);
+
+    for ( uint8_t i = 0; i < 39; i++ ) {
+        while ( 1 )
+        {
+            fodd = TransformEdStruct(arrayData8[index], buf, i);
+            index = (fodd | 2 * arrayData8[0]) & 3;
+            if ( (arrayData8[0] & 1) != fodd ) break;
+            *Data = *Data >> 1;
+            i++;
+            if ( i >= 39 ) return;
+        }
+        *Data = (*Data >> 1) ^ ROL((uint32_t) 0x14028003, 5);
+    }
+}
+
diff --git a/EncDecSim.h b/EncDecSim.h
index 55b6fa4..74869af 100644
--- a/EncDecSim.h
+++ b/EncDecSim.h
@@ -30,6 +30,7 @@ void Transform (uint32_t *Data, KEY_INFO *keyInfo);
 void Encode (uint32_t *bufPtr, uint32_t *nextBufPtr, KEY_INFO *keyInfo);
 void Decode (uint32_t *bufPtr, uint32_t *nextBufPtr, KEY_INFO *keyInfo);
 void GetCode (uint16_t seed, uint32_t *bufPtr, uint8_t *secTable);
+void HashDWORD(uint32_t *Data, uint8_t *edStruct);
 
 #endif
 
diff --git a/USBKeyEmu.c b/USBKeyEmu.c
index 8aec10e..50e92ad 100644
--- a/USBKeyEmu.c
+++ b/USBKeyEmu.c
@@ -281,7 +281,7 @@ void EmulateKey(PKEYDATA pKeyData, PKEY_REQUEST request, uint32_t *outBufLen, PK
         if ( pKeyData->isKeyOpened ) {
             keyResponse.status = KEY_OPERATION_STATUS_OK;
             memcpy (keyResponse.data, &request->param1, 4);
-            Transform ((uint32_t *)keyResponse.data, (KEY_INFO *)pKeyData->edStruct);
+            HashDWORD ((uint32_t *)keyResponse.data, pKeyData->edStruct);
             outDataLen = sizeof(uint32_t);
             encodeOutData = 1;
         }

From 7bb6b2cd008590f8d91c89b1d779858072e80bdf Mon Sep 17 00:00:00 2001
From: rsvt1973 <rsvt@hotbox.ru>
Date: Wed, 1 Apr 2020 19:27:46 +0300
Subject: [PATCH 2/3] Refactoring TransformEdStruct function

---
 EncDecSim.c | 70 ++++++++++++++++++++++-------------------------------
 1 file changed, 29 insertions(+), 41 deletions(-)

diff --git a/EncDecSim.c b/EncDecSim.c
index d0c4503..22bcd9a 100644
--- a/EncDecSim.c
+++ b/EncDecSim.c
@@ -312,76 +312,64 @@ uint8_t TransformEdStruct(uint8_t in5Bit, uint8_t *edStruct, uint8_t index)
     uint32_t dw1;
     uint32_t dw2;
 
-    in5Bit = in5Bit & 0x1F;
-    index  = index + 6;
+    in5Bit &= 0x1F;
+    index  += 6;
 
     uint8_t  tr5Bit = (245 * in5Bit ^ 5) & 0x1F;
-
-    uint32_t tr5Bit56  = 56 * in5Bit;
-    uint32_t tr5Bit145 = tr5Bit56 + 145;
+    uint32_t tr5Bit56  = 56 * in5Bit + 144;
     uint32_t endEdStruct = ((uint32_t*)edStruct)[63];
 
     for (int i = 4; i >= 0; i-- ) {
-        dw1 = TransformDWORD(endEdStruct, tr5Bit145);
+        dw1 = TransformDWORD(endEdStruct, tr5Bit56 + 5 - i);
         tr5Bit ^= GET_FROM_EDS(dw1, edStruct) << i;
-        tr5Bit145++;
     }
 
-    dw1 = TransformDWORD(endEdStruct, tr5Bit56 + 144);
+    dw1 = TransformDWORD(endEdStruct, tr5Bit56);
     uint8_t f1 = (edStruct[dw1 >> 3] >> (7 - (dw1 & 7))) & 1;
-    if ( tr5Bit != 0x1F )
-    {
-        dw1 = TransformDWORD(endEdStruct, tr5Bit56 + index + tr5Bit + 144);
-        dw2 = TransformDWORD(endEdStruct, tr5Bit56 + ((tr5Bit + index + in5Bit) & 7) + 192);
+
+    if ( tr5Bit != 0x1F ) {
+        dw1 = TransformDWORD(endEdStruct, tr5Bit56 + index + tr5Bit);
+        dw2 = TransformDWORD(endEdStruct, tr5Bit56 + ((tr5Bit + index + in5Bit) & 7) + 48);
         f1 ^= GET_FROM_EDS_XOR(dw2, dw1, edStruct);
     }
 
-    uint32_t count = 0;
-    uint32_t scount = 0;
-    if ( (48 - index) > 0 )
-    {
-        uint8_t f2 = in5Bit & 1;
-        uint32_t index144 = index + 144;
-        uint32_t count143 = 143;
-        while ( count < (48 - index) )
-        {
-            uint8_t f3 = 0;
+    if (index < 48) {
+
+        uint32_t scount = 0;
 
-            if ( f2 )
-            {
+        for (int count = 0; count + index < 48; count++ ) {
+
+            uint8_t f2 = 0;
+
+            if ( in5Bit & 1 ) {
                 dw1 = TransformDWORD(endEdStruct, 2015 - count % 38);
-                dw2 = TransformDWORD(endEdStruct, count143);
-                f3 = GET_FROM_EDS_XOR(dw2, dw1, edStruct);
+                dw2 = TransformDWORD(endEdStruct, 143 - count);
+                f2 = GET_FROM_EDS_XOR(dw2, dw1, edStruct);
             }
 
-            if ( f1 )
-            {
+            if ( f1 ) {
                 dw1 = TransformDWORD(endEdStruct, count % 38 + 64);
                 dw2 = TransformDWORD(endEdStruct, count + 1936);
-                f3 ^= GET_FROM_EDS_XOR(dw2, dw1, edStruct);
+                f2 ^= GET_FROM_EDS_XOR(dw2, dw1, edStruct);
             }
 
-            if ( f3 )
-            {
-                uint32_t v33 = index144;
+            if ( f2 ) {
                 for (int i = 0; i < 32; i++ ) {
-                    dw1 = TransformDWORD(endEdStruct, v33);
-                    edStruct[dw1 >> 3] = edStruct[dw1 >> 3] & ~(1 << (7 - (dw1 & 7))) | (((f3 ^ GET_FROM_EDS(dw1, edStruct)) & 1) << (7 - (dw1 & 7)));
-                    v33 += 56;
+                    dw1 = TransformDWORD(endEdStruct, 56 * i + count + index + 144);
+                    edStruct[dw1 >> 3] = edStruct[dw1 >> 3] & ~(1 << (7 - (dw1 & 7))) | (((f2 ^ GET_FROM_EDS(dw1, edStruct)) & 1) << (7 - (dw1 & 7)));
                 }
-                count = scount;
             }
-            scount = ++count;
-            count143--; index144++;
-            f2 = in5Bit & 1;
         }
     }
-    dw1 = TransformDWORD(endEdStruct, tr5Bit56 + index + 144);
-    dw2 = TransformDWORD(endEdStruct, tr5Bit56 + (in5Bit + index) % 8 + 192);
+
+    dw1 = TransformDWORD(endEdStruct, tr5Bit56 + index);
+    dw2 = TransformDWORD(endEdStruct, tr5Bit56 + (in5Bit + index) % 8 + 48);
     return GET_FROM_EDS_XOR(dw2, dw1, edStruct);
+
 }
 
 
+
 void HashDWORD(uint32_t *Data, uint8_t *edStruct)
 {
     uint8_t fodd;

From b2f6404c9803b2cdfc7fb08be0a010966d4996ff Mon Sep 17 00:00:00 2001
From: rsvt1973 <rsvt@hotbox.ru>
Date: Wed, 1 Apr 2020 19:31:18 +0300
Subject: [PATCH 3/3] Remove scount variable

---
 EncDecSim.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/EncDecSim.c b/EncDecSim.c
index 22bcd9a..1324837 100644
--- a/EncDecSim.c
+++ b/EncDecSim.c
@@ -335,8 +335,6 @@ uint8_t TransformEdStruct(uint8_t in5Bit, uint8_t *edStruct, uint8_t index)
 
     if (index < 48) {
 
-        uint32_t scount = 0;
-
         for (int count = 0; count + index < 48; count++ ) {
 
             uint8_t f2 = 0;