Huawei new algo V1+V2+V3 PHP source - Enjoy!

Fast Unlocking

Fast Unlocking

Administrator
Staff member
Country
Jordan
Offline
Country flag
Code: 
Code:
<?php

/*****************************************************
*                                                   *
*         HUAWEI CODE CALCULATOR "ALGO V1+V2+V3"    *
*                                                   *
*   PHP code by Sergey/MKL  2016                    *
*   (based on leaked Delphi source and Russian      *
*   source)                                         *
*                                                   *
*   http://entsperren.at/    http://unlocker.at/    *
*                                                   *
*****************************************************

V2.1 code
+ Fixed for 32 bit CPU integer overflow

Testdata
IMEI:   968480435684491
NCK V2: 23823444

V3.0 code
+ Added V3 (201) algo variations, Huawei custom fake CRC32

V3.1 code
+ Bugfix algo5 shift

V3.2 code
+ Bugfix algo 3  dfkdkfllekkodk hash

V3.3 code
+ Bugfix algo 201 Subtype 2016

*/


function calcv1($imei, $type)
{
$const = substr(md5($type ? "e630upgrade" : "hwe620datacard"), 8, 16);
$magic = pack("H*", md5($imei.$const));
$code = array();
for($i = 0; $i < 4; $i++)
$code[$i]=ord($magic[3-$i]^$magic[7-$i]^$magic[15-$i]^$magic[11-$i]);

$nck = (($code[3] << 0x18 | $code[2] << 0x10 | $code[1] << 0x08 | $code[0]) & 0x1FFFFFF) | 0x2000000;
return $nck;
}

function calcv2($imei)
{
$algo_id = algo_selector($imei);
switch ($algo_id)
{
case 0:
return algo0($imei);
case 1:
return algo1($imei);
case 2:
return algo2($imei);
case 3:
return algo3($imei);
case 4:
return algo4($imei);
case 5:
return algo5($imei);
case 6:
return algo6($imei);
default:
return 0;
}
}

function calcv3($imei)
{
$algo_id = algo_selector($imei, 201);
switch ($algo_id)
{
case 0:
return algo0($imei, 201);
case 1:
return algo1($imei, 201);
case 2:
return algo2($imei, 201);
case 3:
return algo3($imei, 201);
case 4:
return algo5($imei, 2015);
case 5:
return algo5($imei, 2016);
case 6:
return algo6($imei, 201);
default:
return 0;
}
}

function algo_selector($imei, $mode = 0)
{
$x = 0;
for ($i = 0; $i < 15; $i++)
if($mode == 201)
$x+= ((ord($imei[$i]) + $i + 1) * ord($imei[$i])) * (ord($imei[$i]) + 313);
else
$x+= (ord($imei[$i]) + $i + 1) * ($i + 1);
return ($x % 7);
}

function algo0($imei, $mode = 0)
{
$table_v2 = array(
0x001966A9, 0x0021058F, 0x002AEDA9, 0x0037CE91, 0x00488C9F, 0x005E507D,
0x007A9BE5, 0x009F644B, 0x00CF35A1, 0x010D5F55, 0x015E2F25, 0x01C73D6B,
0x024FCFDD, 0x03015B47, 0x03E829E9);

$table_201 = array(
0x006E9C2A, 0x03CA2B3C, 0x001080DC, 0x30855EE, 0x03D3283A, 0x02F4F85A,
0x01F8808E, 0x03147D10, 0x034BBBB5, 0x29EEADD, 0x02318616, 0x050F3ADC,
0x00D11F38, 0x02123BD2, 0x04276C86, 0x355CAAD);

$code = array();
$s = 0;
for ($i = 0; $i < 15; $i++)
$s+= ($imei[$i] + 0x30) * ($mode == 201 ? $table_201[$i] : $table_v2[$i]);
for ($i = 0; $i <= 7; $i++)
{
$code[$i] = ($s >> 4 * $i & 0x0F) % 10;
}
if ($code[0] == 0)
$code[0] = 1;
$nck = implode("", $code);
return $nck;
}

function fake_crc32_huawei($data)
{

$custom_table = array(
0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x196c3671, 0x6e6b06e7, 0xfed41b76,
0x89d32be0, 0x10da7a5a, 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541,
0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252,
0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60,
0xdf60efc3, 0xa867df55, 0x316e8eef, 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856, 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8,
0x4c69105e, 0xd56041e4, 0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x646ba8c0,
0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac,
0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0x706af48f, 0xe963a535,
0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07,
0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0xb8bda50f, 0x2802b89e, 0x5f058808,
0xc60cd9b2, 0xb10be924, 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x4969474d,
0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f,
0x30b5ffe9, 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0x03b6e20c, 0x74b1d29a,
0xead54739, 0x9dd277af, 0x04db2615, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457,
0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xe40ecf0b,
0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0,
0x5268e236, 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0x68ddb3f8, 0x1fda836e,
0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04,
0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a,
0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73,
0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010, 0x01db7106, 0x98d220bc,
0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e,
0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 0x5edef90e, 0x29d9c998, 0xb0d09822,
0xc7d7a8b4, 0x59b33d17, 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02,
0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320,
0x9abfb3b6, 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0x67dd4acc, 0xf9b9df6f,
0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21,
0x86d3d2d4, 0xf1d4e242, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, 0x2d02ef8d);

$p = 0;
$s = strlen($data);
$crc = 0xFFFFFFFF;

for($i = 0; $i < strlen($data); $i++)
$crc = ($custom_table[ ($crc ^ ord($data[$p++])) & 0xFF ] ^ (($crc >> 8) & 0xFFFFFF) );

return $crc ^ 0xFFFFFFFF;
}

function algo1($imei, $mode = 0)
{

$crc = ($mode == 201 ? fake_crc32_huawei($imei) : crc32($imei) );
if ($crc & 0x80000000)
{
$crc*= - 1;
$crc&= 0xFFFFFFFF;
}

$nck = str_pad(substr($crc, -8) , 8, "9", STR_PAD_LEFT);
if ($nck[0] == '0')
$nck[0] = '9';
return $nck;
}

function algo2($imei, $mode = 0)
{
$code = substr(pack("H*", md5($imei)), ($mode == 201 ? 5 : 0), 8);
$a = ord($code[0]) % 10;
$code[0] = ($a != 0) ? chr($a) : chr(5);
$nck = "";
for ($i = 0; $i < 8; $i++)
{
if ($code[$i] > 0 && $code[$i] < 9)
$nck.= $code[$i];
else
$nck.= chr((ord($code[$i]) % 10) + 0x30);
}

return $nck;
}

function algo3($imei, $mode)
{
$const = pack("H*", md5($mode == 201 ? "dfkdkfllekkodk" : "hwideadatacard"));
$md5bin = pack("H*", md5($imei . $const));
$code = array();
for ($i = 0; $i < 4; $i++)
$code[$i] = ord($md5bin[$i]) ^ ord($md5bin[$i + 4]) ^ ord($md5bin[$i + 8]) ^ ord($md5bin[$i + 12]);
$nck = (($code[0] << 0x18 | $code[1] << 0x10 | $code[2] << 0x08 | $code[3]) & 0x1FFFFFF) | 0x2000000;
return $nck;
}

function algo4($imei)
{
$nck = "";
$magic = "5739146280098765432112345678905";
$code = str_split($imei . "Z");
for ($i = 0; $i < 8; $i++)
$code[$i] = (ord($code[$i]) ^ ord($code[$i + 8]));
for ($i = 0; $i < 8; $i++)
$code[$i] = $magic[($code[$i] & 0x0F) + ($code[$i] >> 4) ];
if ($code[0] == 0)
{
for ($i = 0; $i < 8; $i++)
if ($code[$i] <> 0) break;

$code[0] = $i;
}

$nck = implode("", $code);
$nck = substr($nck, 0, 8);
return $nck;
}

function algo5($imei, $mode)
{
$sha1bin = pack("H*", sha1($imei));

$o = ($mode == 2015 ? 4 : 0);
$o = ($mode == 2016 ? 8 : 0);

$tmp = unpack('N', substr($sha1bin, $o, 4));        // Big endian
$a = $tmp[1];
$tmp = unpack('N', substr($sha1bin, $o + 4, 4));    // Big endian
$b = $tmp[1];

if ($a < 0)        // Raspberry PI fix
$a+= 0x100000000;
if ($b < 0)
$b+= 0x100000000;

$nck = substr($a . $b, 0, 8);
return $nck;
}


function algo6($imei, $mode = 0)
{
$magic =    array( 0x01, 0x01, 0x02, 0x03, 0x05, 0x08, 0x0D, 0x15, 0x22, 0x37, 0x59, 0x90);
$magic201 = array( 0x0B, 0x0D, 0x11, 0x13, 0x17, 0x1D, 0x1F, 0x25, 0x29, 0x2B, 0x3B, 0x61);
$buffer = array_fill(0, 0x7F, 0x00);
$dest_buf = array();
$code = array(); //dst_buf

for ($i = 0; $i < 15; $i++)
$buffer[$i] = ((ord($imei[$i]) >> ($i % 3 + 2)) | (ord($imei[$i]) << (6 - $i % 3))) & 0xFF;

$sum_1 = 0;

for ($i = 0; $i < 7; $i++)
$sum_1+= ($buffer[$i] << 8) + $buffer[14 - $i];

$sum_1+= $buffer[8];

for ($i = 0x0F, $j = 0; $i < 0x80; $i++, $j++)
{
$var_34 = intval($i / 12);
$var_38 = ($i + $var_34) % 12;

$R1 = $j % 0x0C;

if ($var_34 < 2)
$var_34+= $R1;
else
$var_34 = $R1 + ($var_34 * 13) - 24;

$R0 = (0xFFFFFFFF - $buffer[$j ? $sum_1 % $j : $sum_1 % $i + 1]);
$R0|= $buffer[$sum_1 % $i];
$a = (($R0) | ($buffer[$var_34]) & ($mode == 201 ? $magic201[$var_38] : $magic[$var_38])) & 0xFF;
$buffer[$i] = ($a & 0xFF);
}

$sum_2 = 0;

for ($i = 0; $i < 7; $i++)
$sum_2+= ((ord($imei[$i]) << 8) | ord($imei[$i + 1]));

$sum_2 += ord($imei[14]);

$tmp = implode("", array_map("chr", $buffer));
$md5bin = pack("H*", md5($tmp));
$idx = $sum_2 & 3;
$tmp = unpack('V', substr($md5bin, $idx * 4, 4));
$hash_unit = $tmp[1];

if ($hash_unit < 0)    // Raspberry PI fix
($hash_unit += 0x100000000) & 0xFFFFFFFF;

$nck_idx = 0;

for ($i = 0; $i < 16; $i++)
if (is_numeric($md5bin[$i]))
$dest_buf[$nck_idx++] = ($md5bin[$i]);

$j = 0;
while ($hash_unit)
{
$dest_buf[$nck_idx++] = substr($hash_unit, -1);
$hash_unit = intval($hash_unit / 10);

if ($hash_unit == 0 && $j == 0)
{
$j = 1;
$hash_unit = substr($md5bin, (3 - $idx) * 4, 4);
$tmp = unpack("V", $hash_unit);
$hash_unit = $tmp[1];

if ($hash_unit < 0)    // Raspberry PI fix
($hash_unit += 0x100000000) & 0xFFFFFFFF;
}

if ($nck_idx == 8)
{
if ($dest_buf[0] == 0) $dest_buf[0] = (($sum_2 ? ord($md5bin[1]) : ord($md5bin[0])) & 7) + 1;
return implode("", $dest_buf);
}
}
return 0;
}

error_reporting(0);

if(isset($_GET["imei"]))
$imei=trim($_GET["imei"]);
else
$imei="";

echo "<html><head><title>HWCALC V3.3 (V1 + V2 + V3 algo), fixed 201 bug</title></head><body><h3>HWCALC V3.3 (V1 + V2 + V3 algo), fixed 201 bug<hr></h3><pre>";
if(!$imei || !is_numeric($imei) || strlen($imei) != 15)
{
$myself = $_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"];
echo "IMEI: Wrong -> Please enter 15-digits IMEI without separator\n";
echo "Like:  http://".$myself."?imei=123456789012347\n\n";
echo '<form action="http://'.$myself.'" method="get"><tt>IMEI: </tt><input type="text" name="imei" maxlength="15">';
echo '<input type="submit" value="Calc ->"></form>';
echo "\n(c) SERGEY/MKL 2010 - 2014</pre>\n</body></html>";
die();
}

echo "IMEI: ".$imei."\n\n";

//echo "Algo V2:       ".algo_selector($imei)."\n";
//echo "Algo V3:       ".algo_selector($imei,201)."\n";
echo "Unlock (V1):     ".calcv1($imei, 0)."\n";
echo "Unlock (V2):     ".calcv2($imei)."   \n";
echo "Unlock (V3/201): ".calcv3($imei)."   \n";
echo "Flash:           ".calcv1($imei, 1)."\n";
echo "\n(c) SERGEY/MKL 2010 - 2014</pre></body></html>\n";


?>
Have fun!
 
You must log in or register to reply here.
Back
Top