API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 27th, 2017
69
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.80 KB | None | 0 0
raw download clone embed print report
  1. #include <stdio.h>
  2. #include <string.h>
  3. #include <time.h>
  4.  
  5. #define mystr "Dell Bios Utility. Copyright (C) 2010 Miguel Veliz"
  6.  
  7. #define allow595B
  8. #define allowA95B
  9. #define allow2A7B
  10.  
  11. #define fSVCTAG 0
  12. #define fHDDSN 1
  13. #define fHDDold 2
  14. #define t595B 0
  15. #define tD35B 1
  16. #define tA95B 2
  17. #define t2A7B 3
  18.  
  19. #ifdef allow595B
  20. #define f595B
  21. #endif
  22. #ifdef allowA95B
  23. #define f595B
  24. #endif
  25. #ifdef allow2A7B
  26. #define f595B
  27. #endif
  28.  
  29. char bSuffix[]="595BD35BA95B2A7B";
  30.  
  31. char scancods[]="\00\0331234567890-=\010\011qwertyuiop[]\015\377asdfghjkl;'`\377\\zxcvbnm,./";
  32. char encscans[]={0x05,0x10,0x13,0x09,0x32,0x03,0x25,0x11,0x1F,0x17,0x06,0x15, \
  33. 0x30,0x19,0x26,0x22,0x0A,0x02,0x2C,0x2F,0x16,0x14,0x07,0x18, \
  34. 0x24,0x23,0x31,0x20,0x1E,0x08,0x2D,0x21,0x04,0x0B,0x12,0x2E};
  35.  
  36. #ifdef allow2A7B
  37. char chartabl2A7B[72]="012345679abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0";
  38. #endif
  39.  
  40. unsigned int MD5magic[64]={
  41. 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
  42. 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
  43. 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
  44. 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
  45. 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
  46. 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8,
  47. 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
  48. 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
  49. 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
  50. 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
  51. 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05,
  52. 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
  53. 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
  54. 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
  55. 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
  56. 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391};
  57.  
  58. unsigned char inData[23],outData[16];
  59. char buf1output[32], buf1input[20];
  60. char bug4;
  61.  
  62. void calcsuffix(char bfunc, char btype, char *outbuf);
  63.  
  64. void initData(void) {
  65. *(int *)(&outData[0]) =0x67452301;
  66. *(int *)(&outData[4]) =0xEFCDAB89;
  67. *(int *)(&outData[8]) =0x98BADCFE;
  68. *(int *)(&outData[12])=0x10325476;
  69. }
  70.  
  71. typedef int (encfuncT1) (int num1, int num2, int num3);
  72.  
  73. #ifdef f595B
  74. int enc0F2(int num1, int num2, int num3) {return (((~num3 ^ num2) & num1) ^ ~num3);}
  75. int enc0F4(int num1, int num2, int num3) {return (( ~num2 ^ num1) ^ num3); }
  76. int enc0F5(int num1, int num2, int num3) {return (( ~num1 | ~num3) ^ num2); }
  77. #endif
  78. int enc1F2(int num1, int num2, int num3) {return ((( num3 ^ num2) & num1) ^ num3);}
  79. int enc1F4(int num1, int num2, int num3) {return (( num2 ^ num1) ^ num3); }
  80. int enc1F5(int num1, int num2, int num3) {return (( num1 | ~num3) ^ num2); }
  81. int encF3 (int num1, int num2, int num3) {return ((( num1 ^ num2) & num3) ^ num2);}
  82.  
  83. typedef int (encfuncT2)(encfuncT1 func, int num1, int num2, int num3, int key);
  84.  
  85. int enc1F1 (encfuncT1 func, int num1, int num2, int num3, int key)
  86. {
  87. return func(num1,num2,num3)+key;
  88. }
  89.  
  90. #ifdef f595B
  91. int enc0F1 (encfuncT1 func, int num1, int num2, int num3, int key)
  92. {
  93. return func(num1,num2,num3)-key;
  94. }
  95. #endif
  96.  
  97. unsigned int rol(unsigned int t, int bitsrot)
  98. {
  99. return (t >> (32-bitsrot)) | (t << bitsrot);
  100. }
  101.  
  102. void blockEncodeF(int *outdata, int *encblock, encfuncT2 func1,
  103. encfuncT1 func2, encfuncT1 func3, encfuncT1 func4, encfuncT1 func5 )
  104. {
  105. char S[4][4] = {{ 7, 12, 17, 22 },{ 5, 9, 14, 20 },{ 4, 11, 16, 23 },{ 6, 10, 15, 21 }};
  106. int A,B,C,D,t,i;
  107.  
  108. A=outdata[0];
  109. B=outdata[1];
  110. C=outdata[2];
  111. D=outdata[3];
  112.  
  113. for (i=0;i<64;i++) {
  114. t=MD5magic[i];
  115. switch (i>>4) {
  116. case 0: t=A+func1(func2,B,C,D, t+encblock[(i) & 15]); break;
  117. case 1: t=A+func1(func3,B,C,D, t+encblock[(i*5+1) & 15]); break;
  118. case 2: t=A+func1(func4,B,C,D, t+encblock[(i*3+5) & 15]); break;
  119. case 3: t=A+func1(func5,B,C,D, t+encblock[(i*7) & 15]); break;
  120. }
  121. A=D; D=C; C=B; B+=rol(t,S[i>>4][i&3]);
  122. };
  123.  
  124. outdata[0]+=A;
  125. outdata[1]+=B;
  126. outdata[2]+=C;
  127. outdata[3]+=D;
  128. }
  129.  
  130. void blockEncode(char *outdata, int *encblock, char btype) {
  131. if (btype==tD35B)
  132. blockEncodeF((int *)outdata,encblock,enc1F1,enc1F2,encF3,enc1F4,enc1F5);
  133. #ifdef f595B
  134. else
  135. blockEncodeF((int *)outdata,encblock,enc0F1,enc0F2,encF3,enc0F4,enc0F5);
  136. #endif
  137. }
  138.  
  139. void encode(char *inbuf,int cnt,char btype) {
  140. int encBlock[16];
  141. char *ptr;
  142. initData();
  143. memcpy(encBlock,inbuf,cnt);
  144. ptr=&((char *)encBlock)[cnt];
  145. *ptr++=0x80;
  146. memset(ptr,0,64-1-cnt);
  147. encBlock[16-2]=((unsigned int)cnt << 3);
  148. blockEncode(outData,encBlock,btype);
  149. }
  150.  
  151. void psw(char bfunc, char btype, char *outbuf) {
  152. int cnt,lenpsw,r;
  153. if (bfunc==fHDDold) {
  154. memcpy(inData,buf1input,11);
  155. calcsuffix(bfunc,btype,outbuf);
  156. for (cnt=0;cnt<8;cnt++)
  157. outbuf[cnt]= scancods[ outbuf[cnt] ];
  158. } else {
  159. memset(inData,0,sizeof(inData));
  160.  
  161. if (bfunc==fSVCTAG) cnt=7;
  162. else cnt=11;
  163.  
  164. if ((bfunc==fHDDSN) && (btype==tA95B))
  165. memcpy(inData,&buf1input[3],cnt-3);
  166. else
  167. memcpy(inData,buf1input,cnt);
  168.  
  169. if (btype==t595B) memcpy(&inData[cnt],&bSuffix[0],4); else
  170. if (btype==tD35B) memcpy(&inData[cnt],&bSuffix[4],4); else
  171. if (btype==tA95B) memcpy(&inData[cnt],&bSuffix[0],4); else
  172. if (btype==t2A7B) memcpy(&inData[cnt],&bSuffix[12],4);
  173. calcsuffix(bfunc,btype,outbuf);
  174. memcpy(&inData[cnt+4],outbuf,8);
  175. encode(inData,23,btype);
  176. r = outData[0] % 9;
  177. lenpsw = 0;
  178. for (cnt=0;cnt<16;cnt++) {
  179. if ( (btype==t595B) || (btype==tD35B) || (btype==tA95B) ) {
  180. if ((r <= cnt) && (lenpsw<8)) {
  181. buf1output[lenpsw++] = scancods[encscans[outData[cnt] % sizeof(encscans)]];
  182. }
  183. } else if (btype==t2A7B) {
  184. buf1output[lenpsw++] = chartabl2A7B[outData[cnt] % sizeof(chartabl2A7B)];
  185. }
  186. }
  187. }
  188. }
  189.  
  190.  
  191. void calcsuffix(char bfunc, char btype, char* outbuf) {
  192. int i,r;
  193. if (bfunc==fSVCTAG) {
  194. outbuf[0] = inData[4];
  195. outbuf[1] = (inData[4] >> 5) | (((inData[3] >> 5) | (inData[3] << 3)) & 0xF1);
  196. outbuf[2] = (inData[3] >> 2);
  197. outbuf[3] = (inData[3] >> 7) | (inData[2] << 1);
  198. outbuf[4] = (inData[2] >> 4) | (inData[1] << 4);
  199. } else if (bfunc==fHDDSN) {
  200. outbuf[0] = inData[8];
  201. outbuf[1] = (inData[8] >> 5) | (((inData[9] >> 5) | (inData[9] << 3)) & 0xF1);
  202. outbuf[2] = (inData[9] >> 2);
  203. outbuf[3] = (inData[9] >> 7) | (inData[10] << 1);
  204. outbuf[4] = (inData[10] >> 4) | (inData[1] << 4);
  205. }
  206. outbuf[5] = (inData[1] >> 1);
  207. outbuf[6] = (inData[1] >> 6) | (inData[0] << 2);
  208. outbuf[7] = (inData[0] >> 3);
  209. for (i=0;i<8;i++) {
  210. r = 0xAA;
  211. if (outbuf[i] & 1)
  212. if (bfunc==fHDDSN) r ^= inData[8];
  213. else if (bfunc==fSVCTAG) r ^= inData[4];
  214. if (outbuf[i] & 2)
  215. if (bfunc==fHDDSN) r ^= inData[9];
  216. else if (bfunc==fSVCTAG) r ^= inData[3];
  217. if (outbuf[i] & 4)
  218. if (bfunc==fHDDSN) r ^= inData[10];
  219. else if (bfunc==fSVCTAG) r ^= inData[2];
  220. if (outbuf[i] & 8)
  221. r ^= inData[1];
  222. if (outbuf[i] & 16)
  223. r ^= inData[0];
  224. if ( (btype==t595B) || (btype==tD35B) || (btype==tA95B) ) {
  225. outbuf[i] = encscans[r % sizeof(encscans)];
  226. } else if (btype==t2A7B) {
  227. outbuf[i] = chartabl2A7B[r % sizeof(chartabl2A7B)];
  228. }
  229. }
  230. }
  231.  
  232. int main(int argc, char *argv[]) {
  233. unsigned char len,len1,bfunc,eol=1,echo=0, *minus,s2[20];
  234. signed char btype; int argn=0;
  235.  
  236. if (argc>1)
  237. echo=1;
  238.  
  239. if (!echo)
  240. fputs("" mystr "\n" \
  241. "Short service tag should be right padded with '*' up to length 7 chars\n" \
  242. "HDD serial number is right 11 chars from real HDDSerNum left padded with '*'\n" \
  243. "Some BIOSes has left pad HDD serial number with spaces instead '*'\n",stdout);
  244.  
  245. while (!feof(stdin)) {
  246. if ((argc<=1) && argn) break;
  247. fputs("Input: #",stdout);
  248. if (argc>1) {
  249. strncpy(buf1input,argv[++argn],sizeof(buf1input));argc--;
  250. }
  251. else {
  252. if (!eol) while (!feof(stdin) && (fgetc(stdin)!='\n')); eol=0;
  253. if (fgets(buf1input,16+1+1,stdin)==NULL) {
  254. if (echo) fputs("\n",stdout);
  255. break;
  256. }
  257. }
  258. len=strlen(buf1input);
  259. if (len && (buf1input[len-1]=='\n')) {len--;eol=1;buf1input[len]=0;}
  260. if (echo) {fputs(buf1input,stdout);fputs("\n",stdout);}
  261. minus=strchr(buf1input,'-');
  262. if (len==11) {
  263. if (minus!=NULL) {
  264. fputs("- Incorrect input\n",stdout);
  265. continue;
  266. }
  267. bfunc=fHDDold;
  268. fputs("By HDD serial number for older BIOS: ",stdout);
  269. } else {
  270. if (len==0) break;
  271. if (minus==NULL) {
  272. fputs("- No BIOS type found in input string, must be followed by -595B and other registered\n",stdout);
  273. continue;
  274. }
  275. len1=minus-(unsigned char*)buf1input;
  276.  
  277. btype=-1;
  278. #ifdef allow595B
  279. if (strncmp(&buf1input[len1+1],&bSuffix[0],4)==0) btype=t595B;
  280. else
  281. #endif
  282. if (strncmp(&buf1input[len1+1],&bSuffix[4],4)==0) btype=tD35B;
  283. else
  284. #ifdef allowA95B
  285. if (strncmp(&buf1input[len1+1],&bSuffix[8],4)==0) btype=tA95B;
  286. else
  287. #endif
  288. #ifdef allow2A7B
  289. if (strncmp(&buf1input[len1+1],&bSuffix[12],4)==0) btype=t2A7B;
  290. #endif
  291. if (btype<0) {
  292. fputs("- Invalid service tag in input string, allowed only -D35B and other registered\n",stdout);
  293. continue;
  294. }
  295. struct tm *time1; time_t timer1=time(NULL);
  296. time1=gmtime(&timer1);
  297. strftime(s2,sizeof(s2),"%d.%m.%Y %H:%M",time1);
  298. fputs(s2,stdout);
  299. fputs(" DELL ",stdout);
  300.  
  301. if (len1==7) {
  302. bfunc=fSVCTAG;
  303. fputs("service tag: ",stdout);
  304. fputs(buf1input,stdout);
  305. } else
  306. if (len1==11) {
  307. bfunc=fHDDSN;
  308. fputs("HDD serial number: ",stdout);
  309. fputs(buf1input,stdout);
  310. }
  311. else {
  312. fputs("- Incorrect input, must be 7 chars service tag or 11 chars HDD serial number\n",stdout);
  313. continue;
  314. }
  315. }
  316. psw(bfunc,btype,buf1output);
  317. fputs(" password: ",stdout);
  318. fputs(buf1output,stdout);
  319. if (bug4) fputs(" !bug4 warning - password may not work!",stdout);
  320.  
  321. if (btype==t595B) if (bfunc==fSVCTAG) { //to check if A95B bug
  322. char mpw1[20];
  323. strcpy(mpw1,buf1output);
  324. psw(bfunc,tA95B,buf1output);
  325. if (strcmp(mpw1,buf1output)!=0) {
  326. fputs(" passwordA95B: ",stdout);
  327. fputs(buf1output,stdout);
  328. }
  329. }
  330. fputs("\n",stdout);
  331. }
  332. return 0;
  333. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!