第一题:
       先解包，找到里面关键的check函数，在check.smali里面大概 3618x行，有如下指令:

    cmp-long v4, v4, v10

    if-nez v4, :cond_3

    const/4 v4, 0x1
        先插入log，打印cmp之前的v4和v10:
当输入为数字1时，v4 ,v10分别为：124751，520676
当输入为数字2时，v4 ,v10分别为：124752，520676

直接520676 - 124750 即为最终结果 395926

第二题:
         先解包，发现在apk端有签名校验，最终apk jni调用Libwbox.so中的check函数来检查结果
         check函数中又有cat /proc/xxx/status来反调试。
         修改内核代码，在./kernel/fs/proc/下找到task_status函数，修改TraceId返回值为0，之后就可以正常的调试了。
         调试可知，程序对输入一共做了三次运算，前两次的加密算法如下：
void encode1(unsigned  char * input)
{
        int n;
        for(n = 0; n < 0x10; n++) {
                input[n] += n;
        }
}

unsigned char * magic1 = "\x1F\xBC\xDA\xFF\xE6\x4C\xBC\x44\xF5\xB8\x13\xC8\xEC\xA8\xCD\xBD";
void encode2(unsigned char * input)
{
        int i;
        for(i = 0; i < 0x10; i ++) {
                input[i] += magic1[i];
        }
}
第三次用了一个类似aes的算法，最终计算后的字符串和字符串
5C DA 77 2F A3 C6 3E 39  B6 F0 F3 ED 51 5A 99 86  \.w/..>9....QZ..对比
实际上就是看什么输入可以得到这个输出字符串，输入字符串长度<16字节，但这么长的字符无法爆破。
分析第三步加密算法，最后可以归结为4层for循环 来穷举255长度的变量，也就是通过255^4*4*9层循环的数量级即可爆破出结果。最终通过10几分钟爆破出结果为: kboloy0.
破解代码如下：

#include <stdio.h>
#include <arpa/inet.h>
unsigned char c_const_array[] =
"\x63\xC6\x7C\xF8\x77\xEE\x7B\xF6\xF2\xFF\x6B\xD6\x6F\xDE\xC5\x91"
"\x30\x60\x01\x02\x67\xCE\x2B\x56\xFE\xE7\xD7\xB5\xAB\x4D\x76\xEC"
"\xCA\x8F\x82\x1F\xC9\x89\x7D\xFA\xFA\xEF\x59\xB2\x47\x8E\xF0\xFB"
"\xAD\x41\xD4\xB3\xA2\x5F\xAF\x45\x9C\x23\xA4\x53\x72\xE4\xC0\x9B"
"\xB7\x75\xFD\xE1\x93\x3D\x26\x4C\x36\x6C\x3F\x7E\xF7\xF5\xCC\x83"
"\x34\x68\xA5\x51\xE5\xD1\xF1\xF9\x71\xE2\xD8\xAB\x31\x62\x15\x2A"
"\x04\x08\xC7\x95\x23\x46\xC3\x9D\x18\x30\x96\x37\x05\x0A\x9A\x2F"
"\x07\x0E\x12\x24\x80\x1B\xE2\xDF\xEB\xCD\x27\x4E\xB2\x7F\x75\xEA"
"\x09\x12\x83\x1D\x2C\x58\x1A\x34\x1B\x36\x6E\xDC\x5A\xB4\xA0\x5B"
"\x52\xA4\x3B\x76\xD6\xB7\xB3\x7D\x29\x52\xE3\xDD\x2F\x5E\x84\x13"
"\x53\xA6\xD1\xB9\x00\x00\xED\xC1\x20\x40\xFC\xE3\xB1\x79\x5B\xB6"
"\x6A\xD4\xCB\x8D\xBE\x67\x39\x72\x4A\x94\x4C\x98\x58\xB0\xCF\x85"
"\xD0\xBB\xEF\xC5\xAA\x4F\xFB\xED\x43\x86\x4D\x9A\x33\x66\x85\x11"
"\x45\x8A\xF9\xE9\x02\x04\x7F\xFE\x50\xA0\x3C\x78\x9F\x25\xA8\x4B"
"\x51\xA2\xA3\x5D\x40\x80\x8F\x05\x92\x3F\x9D\x21\x38\x70\xF5\xF1"
"\xBC\x63\xB6\x77\xDA\xAF\x21\x42\x10\x20\xFF\xE5\xF3\xFD\xD2\xBF"
"\xCD\x81\x0C\x18\x13\x26\xEC\xC3\x5F\xBE\x97\x35\x44\x88\x17\x2E"
"\xC4\x93\xA7\x55\x7E\xFC\x3D\x7A\x64\xC8\x5D\xBA\x19\x32\x73\xE6"
"\x60\xC0\x81\x19\x4F\x9E\xDC\xA3\x22\x44\x2A\x54\x90\x3B\x88\x0B"
"\x46\x8C\xEE\xC7\xB8\x6B\x14\x28\xDE\xA7\x5E\xBC\x0B\x16\xDB\xAD"
"\xE0\xDB\x32\x64\x3A\x74\x0A\x14\x49\x92\x06\x0C\x24\x48\x5C\xB8"
"\xC2\x9F\xD3\xBD\xAC\x43\x62\xC4\x91\x39\x95\x31\xE4\xD3\x79\xF2"
"\xE7\xD5\xC8\x8B\x37\x6E\x6D\xDA\x8D\x01\xD5\xB1\x4E\x9C\xA9\x49"
"\x6C\xD8\x56\xAC\xF4\xF3\xEA\xCF\x65\xCA\x7A\xF4\xAE\x47\x08\x10"
"\xBA\x6F\x78\xF0\x25\x4A\x2E\x5C\x1C\x38\xA6\x57\xB4\x73\xC6\x97"
"\xE8\xCB\xDD\xA1\x74\xE8\x1F\x3E\x4B\x96\xBD\x61\x8B\x0D\x8A\x0F"
"\x70\xE0\x3E\x7C\xB5\x71\x66\xCC\x48\x90\x03\x06\xF6\xF7\x0E\x1C"
"\x61\xC2\x35\x6A\x57\xAE\xB9\x69\x86\x17\xC1\x99\x1D\x3A\x9E\x27"
"\xE1\xD9\xF8\xEB\x98\x2B\x11\x22\x69\xD2\xD9\xA9\x8E\x07\x94\x33"
"\x9B\x2D\x1E\x3C\x87\x15\xE9\xC9\xCE\x87\x55\xAA\x28\x50\xDF\xA5"
"\x8C\x03\xA1\x59\x89\x09\x0D\x1A\xBF\x65\xE6\xD7\x42\x84\x68\xD0"
"\x41\x82\x99\x29\x2D\x5A\x0F\x1E\xB0\x7B\x54\xA8\xBB\x6D\x16\x2C"
"\x0F\x00\xA0\xE1\x1E\xFF\x2F\xE1\x00\x00\x00\x01\x00\x00\x00\x02"
"\x00\x00\x00\x04\x00\x00\x00\x08\x00\x00\x00\x10\x00\x00\x00\x20"
"\x00\x00\x00\x40\x00\x00\x00\x80\x00\x00\x00\x1B\x00\x00\x00\x36"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";

unsigned char c_array[] =
"\x80\x06\x9D\xAB\x18\x0B\xA2\x34\x85\x77\x89\x5F\x34\x2E\x2D\xD2"
"\xB4\x28\xB0\x79\xAE\x86\x96\xD1\x2B\xF1\x1F\x8E\x1F\xDF\x32\x5C"
"\xAB\xF7\x82\x25\x91\xE4\xFE\xC6\xBA\x15\xE1\x48\xA5\xCA\xD3\x14"
"\x0E\x3D\x51\x31\x56\x4F\xD9\x1F\xEC\x5A\x38\x57\x49\x90\xEB\x43"
"\x47\xAD\xBA\x72\x16\xEF\x4C\xFB\xFA\xB5\x74\xAC\xB3\x25\x9F\xEF"
"\xF4\x88\x25\x9D\x48\x50\x88\xE4\xB2\xE5\xFC\x48\x01\xC0\x63\xA7"
"\xF5\x48\x46\x3A\xC8\xB6\xDA\xFE\x7A\x53\x26\xB6\x7B\x93\x45\x11"
"\x8E\xDB\x03\x2B\x39\xAF\x63\x05\x43\xFC\x45\xB3\x38\x6F\x00\xA2"
"\xB6\xB4\x03\x89\x9E\xE1\xEE\x65\xDD\x1D\xAB\xD6\xE5\x72\xAB\x74"
"\x53\xC6\xA8\xFD\xCA\x0C\x5A\x91\x17\x11\xF1\x47\xF2\x63\x5A\x33"
"\xA1\xA5\xF2\xCE\xDC\x7F\xFE\xB6\x01\x00\x00\x00\x2C\x39\x8B\xBE"
"\x74\x66\xFE\xB6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";

unsigned int * array = NULL;
unsigned int u1, u2, u3, u4;

void encode1(unsigned char * input)
{
int n;
for(n = 0; n < 0x10; n++) {
input[n] += n;
}
printf("%s\n", input);
}

unsigned char * magic1 = "\x1F\xBC\xDA\xFF\xE6\x4C\xBC\x44\xF5\xB8\x13\xC8\xEC\xA8\xCD\xBD";
void encode2(unsigned char * input)
{
int i;
for(i = 0; i < 0x10; i ++) {
input += magic1;
}
for(i=0;i<0x10;i++) {
printf("%02x ", input);
}
printf("\n");
}

void decode1( unsigned char * input)
{
int n;
for(n = 0; n < 0x10; n++) {
input[n] -= n;
}
printf("%s\n", input);
}

void decode2(unsigned char * input)
{
int i;
for(i = 0; i < 0x10; i ++) {
input -= magic1;
}
for(i=0;i<0x10;i++) {
printf("%02x ", input);
}
printf("\n");
}

int decode(){
unsigned int x1,x2,x3,x4;
unsigned int t1,t2,t3,t4;
unsigned short s1,s2,s3,s4;
unsigned int x,y;
unsigned char * pc_array = c_const_array;
unsigned int *p_array = c_array + 4*4*8;
//unsigned int *p_array = c_array;
//p_array += 4;
unsigned int out1,out2,out3,out4;
unsigned int out;
//out1,out2,out3,out4: b23d64f1,28321044,909d8e5d,b3cae741
//out1,out2,out3,out4: 404f3ed0,319150e4,586460be,10a8e669
//......
//last:
//out1,out2,out3,out4: 2b1f312b,d12b2d4f,96aa81bb,97f8ad1e
out1 = 0x806f96c3;
out2 = 0xae3a6dcb;
out3 = 0x67b2033d;
out4 = 0x6e624e2a;
/*
goto lalala;
out1 = 0x2b1f312b;
out2 = 0xd12b2d4f;
out3 = 0x96aa81bb;
out4 = 0x97f8ad1e;
*/
int aa = 0;
while(1) {
printf("array %08x\n", p_array[1]);
for(s1=0;s1<512;s1+=2){
for(s2=0;s2<512;s2+=2){
for(s3=0;s3<512;s3+=2){
for(s4=0;s4<512;s4+=2){
y = pc_array[s1]; x = pc_array[s1+1];
t1 = (x<<24) + (y <<16) + (y<<8) + x^y;
y = pc_array[s2]; x = pc_array[s2+1];
t2 = ((x^y)<<24) + (x<<16) + (y<<8) + y;
y = pc_array[s3]; x = pc_array[s3+1];
t3 = (y<<24) + ((x^y)<<16) + (x<<8) + y;
y = pc_array[s4]; x = pc_array[s4+1];
t4 = (y<<24) + (y<<16) + ((x^y)<<8) + x;
out = t1^t2^p_array[1]^t3^t4;
if(out == out1)
goto next1;
}
}
}
}
next1:
if(out != out1) { printf("error1\n"); return 0;}
else printf("get out1 %08x\n", out1);
x1 = ((unsigned int)s1) << 23;
x2 = ((unsigned int)s2) << 15;
x3 = ((unsigned int)s3) << 7;
x4 = ((unsigned int)s4) >> 1;

for(s1=0;s1<512;s1+=2){
for(s2=0;s2<512;s2+=2){
for(s3=0;s3<512;s3+=2){
for(s4=0;s4<512;s4+=2){
y = pc_array[s1]; x = pc_array[s1+1];
t1 = (x<<24) + (y <<16) + (y<<8) + x^y;
y = pc_array[s2]; x = pc_array[s2+1];
t2 = ((x^y)<<24) + (x<<16) + (y<<8) + y;
y = pc_array[s3]; x = pc_array[s3+1];
t3 = (y<<24) + ((x^y)<<16) + (x<<8) + y;
y = pc_array[s4]; x = pc_array[s4+1];
t4 = (y<<24) + (y<<16) + ((x^y)<<8) + x;
out = t1^t2^p_array[2]^t3^t4;
if(out == out2)
goto next2;
}
}
}
}
next2:
if(out != out2) { printf("error2\n"); return 0;}
else printf("get out2 %08x\n", out2);
x2 += ((unsigned int)s1) << 23;
x3 += ((unsigned int)s2) << 15;
x4 += ((unsigned int)s3) << 7;
x1 += ((unsigned int)s4) >> 1;

for(s1=0;s1<512;s1+=2){
for(s2=0;s2<512;s2+=2){
for(s3=0;s3<512;s3+=2){
for(s4=0;s4<512;s4+=2){
y = pc_array[s1]; x = pc_array[s1+1];
t1 = (x<<24) + (y <<16) + (y<<8) + x^y;
y = pc_array[s2]; x = pc_array[s2+1];
t2 = ((x^y)<<24) + (x<<16) + (y<<8) + y;
y = pc_array[s3]; x = pc_array[s3+1];
t3 = (y<<24) + ((x^y)<<16) + (x<<8) + y;
y = pc_array[s4]; x = pc_array[s4+1];
t4 = (y<<24) + (y<<16) + ((x^y)<<8) + x;
out = t1^t2^p_array[3]^t3^t4;
if(out == out3)
goto next3;
}
}
}
}
next3:
if(out != out3) { printf("error3\n"); return 0;}
else printf("get out3 %08x\n", out3);
x3 += ((unsigned int)s1) << 23;
x4 += ((unsigned int)s2) << 15;
x1 += ((unsigned int)s3) << 7;
x2 += ((unsigned int)s4) >> 1;

for(s1=0;s1<512;s1+=2){
for(s2=0;s2<512;s2+=2){
for(s3=0;s3<512;s3+=2){
for(s4=0;s4<512;s4+=2){
y = pc_array[s1]; x = pc_array[s1+1];
t1 = (x<<24) + (y <<16) + (y<<8) + x^y;
y = pc_array[s2]; x = pc_array[s2+1];
t2 = ((x^y)<<24) + (x<<16) + (y<<8) + y;
y = pc_array[s3]; x = pc_array[s3+1];
t3 = (y<<24) + ((x^y)<<16) + (x<<8) + y;
y = pc_array[s4]; x = pc_array[s4+1];
t4 = (y<<24) + (y<<16) + ((x^y)<<8) + x;
out = t1^t2^p_array[4]^t3^t4;
if(out == out4)
goto next4;
}
}
}
}
next4:
if(out != out4) { printf("error4\n"); return 0;}
else printf("get out4 %08x\n", out3);
x4 += ((unsigned int)s1) << 23;
x1 += ((unsigned int)s2) << 15;
x2 += ((unsigned int)s3) << 7;
x3 += ((unsigned int)s4) >> 1;

printf("x1,x2,x3,x4: %08x, %08x, %08x, %08x\n", x1,x2,x3,x4);
out1 = x1; out2 =x2; out3 = x3;out4 = x4;
aa ++;
p_array -= 4;
if(aa == 9 ) break;
};
lalala:
out4 = out4 ^ 0xAB9D0680;
out3 = out3 ^ 0x8DA459B1;
out2 = out2 ^ 0x6B2B7C9D;
out1 = out1 ^ 0x6BCDC67A;
printf("out1,out2,out3,out4: %08x,%08x,%08x,%08x\n",out1,out2,out3,out4);
//unsigned char input[0x11] = {0};
unsigned char input[0x11] = "1234567890123456";
*(unsigned int*)&input[0] = htonl(out1);
*(unsigned int*)&input[4] = htonl(out2);
*(unsigned int*)&input[8] = htonl(out3);
*(unsigned int*)&input[12] = htonl(out4);
int i;
for(i = 0; i< 0x10; i++){
printf("%02x ",input);
}
printf("\n");
decode2(input);
decode1(input);

}
void test()
{
unsigned int x1,x2,x3,x4;
unsigned int t1,t2,t3,t4;
unsigned short s1,s2,s3,s4;
unsigned int x,y;
unsigned char * pc_array = c_const_array;
unsigned int *p_array = c_array;

x1 = 0x2420CA48;
x2 = 0x71AA8EE6;
x3 = 0xA05514B2;
x4 = 0x827B0A7D;
unsigned int out1,out2,out3,out4;
int aa = 0;
while(1) {
s1 = (x1>>23)&0x1FE;
s2 = (x2>>15)&0x1FE;
s3 = (x3>>7)&0x1FE;
s4 = (x4<<1)&0x1FE;
printf("s1,s2,s3,s4: %x, %x, %x, %x\n", s1,s2,s3,s4);
y = pc_array[s1]; x = pc_array[s1+1];
t1 = (x<<24) + (y <<16) + (y<<8) + x^y;
printf("x,y: %x, %x\n", x,y);

y = pc_array[s2]; x = pc_array[s2+1];
t2 = ((x^y)<<24) + (x<<16) + (y<<8) + y;
printf("x,y: %x, %x\n", x,y);

y = pc_array[s3]; x = pc_array[s3+1];
t3 = (y<<24) + ((x^y)<<16) + (x<<8) + y;
printf("x,y: %x, %x\n", x,y);

y = pc_array[s4]; x = pc_array[s4+1];
t4 = (y<<24) + (y<<16) + ((x^y)<<8) + x;
printf("x,y: %x, %x\n", x,y);
printf("t1,t2,t3,t4: %x,%x,%x,%x\n",t1,t2,t3,t4);
out1 = t1^t2^p_array[1]^t3^t4;
printf("x1:%08x,array:%08x\n",out1,p_array[1]);

s1 = (x2>>23)&0x1FE;
s2 = (x3>>15)&0x1FE;
s3 = (x4>>7)&0x1FE;
s4 = (x1<<1)&0x1FE;
printf("s1,s2,s3,s4: %x, %x, %x, %x\n", s1,s2,s3,s4);
y = pc_array[s1]; x = pc_array[s1+1];
t1 = (x<<24) + (y <<16) + (y<<8) + x^y;
printf("x,y: %x, %x\n", x,y);

y = pc_array[s2]; x = pc_array[s2+1];
t2 = ((x^y)<<24) + (x<<16) + (y<<8) + y;
printf("x,y: %x, %x\n", x,y);

y = pc_array[s3]; x = pc_array[s3+1];
t3 = (y<<24) + ((x^y)<<16) + (x<<8) + y;
printf("x,y: %x, %x\n", x,y);

y = pc_array[s4]; x = pc_array[s4+1];
t4 = (y<<24) + (y<<16) + ((x^y)<<8) + x;
printf("x,y: %x, %x\n", x,y);
printf("t1,t2,t3,t4: %x,%x,%x,%x\n",t1,t2,t3,t4);
out2 = t1^t2^p_array[2]^t3^t4;
//printf("x1:%08x,array:%08x\n",out2,p_array[2]);


s1 = (x3>>23)&0x1FE;
s2 = (x4>>15)&0x1FE;
s3 = (x1>>7)&0x1FE;
s4 = (x2<<1)&0x1FE;
printf("s1,s2,s3,s4: %x, %x, %x, %x\n", s1,s2,s3,s4);
y = pc_array[s1]; x = pc_array[s1+1];
t1 = (x<<24) + (y <<16) + (y<<8) + x^y;
printf("x,y: %x, %x\n", x,y);

y = pc_array[s2]; x = pc_array[s2+1];
t2 = ((x^y)<<24) + (x<<16) + (y<<8) + y;
printf("x,y: %x, %x\n", x,y);

y = pc_array[s3]; x = pc_array[s3+1];
t3 = (y<<24) + ((x^y)<<16) + (x<<8) + y;
printf("x,y: %x, %x\n", x,y);

y = pc_array[s4]; x = pc_array[s4+1];
t4 = (y<<24) + (y<<16) + ((x^y)<<8) + x;
printf("x,y: %x, %x\n", x,y);
printf("t1,t2,t3,t4: %x,%x,%x,%x\n",t1,t2,t3,t4);
out3 = t1^t2^p_array[3]^t3^t4;
//printf("x1:%08x,array:%08x\n",out3,p_array[2]);


s1 = (x4>>23)&0x1FE;
s2 = (x1>>15)&0x1FE;
s3 = (x2>>7)&0x1FE;
s4 = (x3<<1)&0x1FE;
printf("s1,s2,s3,s4: %x, %x, %x, %x\n", s1,s2,s3,s4);
y = pc_array[s1]; x = pc_array[s1+1];
t1 = (x<<24) + (y <<16) + (y<<8) + x^y;
printf("x,y: %x, %x\n", x,y);

y = pc_array[s2]; x = pc_array[s2+1];
t2 = ((x^y)<<24) + (x<<16) + (y<<8) + y;
printf("x,y: %x, %x\n", x,y);

y = pc_array[s3]; x = pc_array[s3+1];
t3 = (y<<24) + ((x^y)<<16) + (x<<8) + y;
printf("x,y: %x, %x\n", x,y);

y = pc_array[s4]; x = pc_array[s4+1];
t4 = (y<<24) + (y<<16) + ((x^y)<<8) + x;
printf("x,y: %x, %x\n", x,y);
printf("t1,t2,t3,t4: %x,%x,%x,%x\n",t1,t2,t3,t4);
out4 = t1^t2^p_array[4]^t3^t4;
//printf("\nx1:%08x,array:%08x\n",out4,p_array[4]);
x1 = out1; x2 = out2; x3 = out3; x4 = out4;
printf("out1,out2,out3,out4: %08x,%08x,%08x,%08x\n",out1,out2,out3,out4);
aa ++;
p_array += 4;
if(aa == 9 ) break;
};
}
void main(){
//test();
decode();
return 0;
u1 = 0x2B1F312B;
u2 = 0xD12B2D4F;
u3 = 0x96AA81BB;
u4 = 0x97F8AD1E;
array = (unsigned int *)c_array;
array += 0x28;
printf("size: %08x, array[0] %08x\n", sizeof(c_array), array[0]);
unsigned int out,out1, out2, out3, out4;
out = (unsigned int )(c_const_array[((u1>>23)& 0x1FE)]<<24) + ((unsigned int )c_const_array[((u2>>15)&0x1FE)]<<16);
out += (unsigned int)(c_const_array[(u3>>7)&0x1Fe]<<8) + (unsigned int)(c_const_array[((unsigned char)u4<<1)]);
out = out ^ array[-3];
printf("%08x\n", out);
printf("%08x\n",(unsigned char) u4<<1);
unsigned short c1,c2,c3,c4;
//79,09,2f,54
c1 = ((u1>>23)& 0x1FE);
c2 = ((u2>>15)&0x1FE);
c3 = (u3>>7)&0x1Fe;
c4 = ((unsigned char)u4<<1);
out1 = ((unsigned int)c1) << 23;
out2 = ((unsigned int)c2) << 15;
out3 = ((unsigned int)c3) << 7;
out4 = ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
out = (unsigned int)(c_const_array[c1] <<24) + (unsigned int)(c_const_array[c2] <<16) + (unsigned int)(c_const_array[c3] <<8) + (unsigned int)(c_const_array[c4]) ^ array[-3];
printf("%08x\n", out);
printf("in: c1,c2,c3,c4:%02x,%02x,%02x,%02x\n", c1,c2,c3,c4);
/*
c1 = 0x79;
c2 = 0x09;
c3 = 0x2f;
c4 = 0x54;
out = (unsigned int)(c_const_array[c1] <<24) + (unsigned int)(c_const_array[c2] <<15) + (unsigned int)(c_const_array[c3] <<8) + (unsigned int)(c_const_array[c4]) ^ array[-3];
printf("%08x\n", out);
*/
c1 = ((u2>>23)& 0x1FE);
c2 = ((u3>>15)&0x1FE);
c3 = (u4>>7)&0x1Fe;
c4 = ((unsigned char)u1<<1);
out = (unsigned int)(c_const_array[c1] <<24) + (unsigned int)(c_const_array[c2] <<16) + (unsigned int)(c_const_array[c3] <<8) + (unsigned int)(c_const_array[c4]) ^ array[-2];
//printf("c1,c2,c3,c4:%02x,%02x,%02x,%02x\n", c1,c2,c3,c4);
out2 += ((unsigned int)c1) << 23;
out3 += ((unsigned int)c2) << 15;
out4 += ((unsigned int)c3) << 7;
out1 += ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
printf("in: c1,c2,c3,c4:%02x,%02x,%02x,%02x\n", c1,c2,c3,c4);
printf("%08x %08x\n", out, array[-2]);

c1 = ((u3>>23)& 0x1FE);
c2 = ((u4>>15)&0x1FE);
c3 = (u1>>7)&0x1Fe;
c4 = ((unsigned char)u2<<1);
out = (unsigned int)(c_const_array[c1] <<24) + (unsigned int)(c_const_array[c2] <<16) + (unsigned int)(c_const_array[c3] <<8) + (unsigned int)(c_const_array[c4]) ^ array[-1];
//printf("c1,c2,c3,c4:%02x,%02x,%02x,%02x\n", c1,c2,c3,c4);
out3 += ((unsigned int)c1) << 23;
out4 += ((unsigned int)c2) << 15;
out1 += ((unsigned int)c3) << 7;
out2 += ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
printf("in: c1,c2,c3,c4:%02x,%02x,%02x,%02x\n", c1,c2,c3,c4);
printf("%08x %08x\n", out, array[-1]);

c1 = ((u4>>23)& 0x1FE);
c2 = ((u1>>15)&0x1FE);
c3 = (u2>>7)&0x1Fe;
c4 = ((unsigned char)u3<<1);
out = (unsigned int)(c_const_array[c1] <<24) + (unsigned int)(c_const_array[c2] <<16) + (unsigned int)(c_const_array[c3] <<8) + (unsigned int)(c_const_array[c4]) ^ array[-0];
//printf("c1,c2,c3,c4:%02x,%02x,%02x,%02x\n", c1,c2,c3,c4);
out4 += ((unsigned int)c1) << 23;
out1 += ((unsigned int)c2) << 15;
out2 += ((unsigned int)c3) << 7;
out3 += ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
printf("in: c1,c2,c3,c4:%02x,%02x,%02x,%02x\n", c1,c2,c3,c4);
printf("%08x %08x\n", out, array[-0]);

if(count1(&c1,&c2,&c3,&c4,0x5cda772f, -3)){
out1 = ((unsigned int)c1) << 23;
out2 = ((unsigned int)c2) << 15;
out3 = ((unsigned int)c3) << 7;
out4 = ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
if(count1(&c1,&c2,&c3,&c4,0xa3c63e39, -2)){
out2 += ((unsigned int)c1) << 23;
out3 += ((unsigned int)c2) << 15;
out4 += ((unsigned int)c3) << 7;
out1 += ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
if(count1(&c1,&c2,&c3,&c4,0xb6f0f3ed, -1)){
out3 += ((unsigned int)c1) << 23;
out4 += ((unsigned int)c2) << 15;
out1 += ((unsigned int)c3) << 7;
out2 += ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
if(count1(&c1,&c2,&c3,&c4,0x515a9986, 0)){
out4 += ((unsigned int)c1) << 23;
out1 += ((unsigned int)c2) << 15;
out2 += ((unsigned int)c3) << 7;
out3 += ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
}
}
}

}
}

/*
*
if(count1(&c1,&c2,&c3,&c4,0x60ab00b8, -3)){
if(count1(&c1,&c2,&c3,&c4,0x60ab00b8, -3)){
out1 = ((unsigned int)c1) << 23;
out2 = ((unsigned int)c2) << 15;
out3 = ((unsigned int)c3) << 7;
out4 = ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
if(count1(&c1,&c2,&c3,&c4,0x795d84e6, -2)){
out2 += ((unsigned int)c1) << 23;
out3 += ((unsigned int)c2) << 15;
out4 += ((unsigned int)c3) << 7;
out1 += ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
if(count1(&c1,&c2,&c3,&c4,0xa31ba476, -1)){
out3 += ((unsigned int)c1) << 23;
out4 += ((unsigned int)c2) << 15;
out1 += ((unsigned int)c3) << 7;
out2 += ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
if(count1(&c1,&c2,&c3,&c4,0x46327d4b, 0)){
out4 += ((unsigned int)c1) << 23;
out1 += ((unsigned int)c2) << 15;
out2 += ((unsigned int)c3) << 7;
out3 += ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
}
}
}

}
out1 = ((unsigned int)c1) << 23;
out2 = ((unsigned int)c2) << 15;
out3 = ((unsigned int)c3) << 7;
out4 = ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
if(count1(&c1,&c2,&c3,&c4,0x795d84e6, -2)){
out2 += ((unsigned int)c1) << 23;
out3 += ((unsigned int)c2) << 15;
out4 += ((unsigned int)c3) << 7;
out1 += ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
if(count1(&c1,&c2,&c3,&c4,0xa31ba476, -1)){
out3 += ((unsigned int)c1) << 23;
out4 += ((unsigned int)c2) << 15;
out1 += ((unsigned int)c3) << 7;
out2 += ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
if(count1(&c1,&c2,&c3,&c4,0x46327d4b, 0)){
out4 += ((unsigned int)c1) << 23;
out1 += ((unsigned int)c2) << 15;
out2 += ((unsigned int)c3) << 7;
out3 += ((unsigned int)c4) >> 1;
printf("out1234: %08x %08x %08x %08x\n", out1, out2, out3, out4);
}
}
}

}
*/

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课