Chriull Posted December 10, 2015 Share Posted December 10, 2015 6 minutes ago, fearedbliss said: The value for the last pair can't be above 255 though so you also have that lol. The checksum is the sum of the first five anded with 255, so the value cannot be above 255? Edit: Or is this exactly what you said? Link to comment Share on other sites More sharing options...
esaj Posted December 10, 2015 Share Posted December 10, 2015 @fearedbliss If I understood the checking right, this should be able to create working codes (roughly at the rate of generating valid serial numbers and solving the code for them at a rate of 10000 ISNs in 0.65 seconds on my machine ) : EDIT: Meh, still had it wrong, the last value was supposed to be the 1st through 5th summed and then the lowest byte extracted, fixed here: http://pastebin.com/yWa7zBng Do these examples look right (from the program output): ISN:4E:F2:A8:8E:C3:39; CODE:B1:00:0D:00:57:15 ISN:72:B9:D1:FE:0D:07; CODE:8D:00:46:00:2E:01 ISN:0E:B6:4C:37:D8:1F; CODE:F1:00:49:00:B3:ED ISN:1B:64:75:41:79:AE; CODE:E4:00:9B:00:8A:09 ISN:D1:36:9C:41:0C:F0; CODE:2E:00:C9:00:63:5A ISN:11:2A:81:68:0A:2E; CODE:EE:00:D5:00:7E:41 ISN:ED:ED:9B:3D:F8:AA; CODE:12:00:12:00:64:88 ISN:25:0B:8E:08:FB:C1; CODE:DA:00:F4:00:71:3F Link to comment Share on other sites More sharing options...
Chriull Posted December 10, 2015 Share Posted December 10, 2015 @esaj: in Line 35 the code[5] = 255 - ((code[0] + code[1] + code[2] + code[3] + code[4] + code[5]) & 0xFF); the "255 -" should be removed? The checksum is only the sum and then the and? Link to comment Share on other sites More sharing options...
esaj Posted December 10, 2015 Share Posted December 10, 2015 Just now, Chriull said: @esaj: in Line 35 the code[5] = 255 - ((code[0] + code[1] + code[2] + code[3] + code[4] + code[5]) & 0xFF); the "255 -" should be removed? The checksum is only the sum and then the and? Yeah, see my edit above Link to comment Share on other sites More sharing options...
fearedbliss Posted December 10, 2015 Author Share Posted December 10, 2015 @Chriull LOL yea you are right ;D @esajThis won't work, just tested. All of your checksums are failing lol. Device Serial: D4:D6:C3:84:1E:64 Mac Address: 64:1E:84:C3:D6:D4 Serial Number: 212-214-195-132-30-100 Processing Key: 9B:00:E1:00:7B:08 Checksum Failed. Invalid Key! ISN:64:1E:84:C3:D6:D4; CODE:9B:00:E1:00:7B:08 I'll look at optimizations later. You can test all of this with this online java compiler: http://www.tutorialspoint.com/compile_java_online.php Test your codes with my verify function: https://github.com/fearedbliss/KingSongISNKeyGenerator/blob/master/bonus/Verify.java Link to comment Share on other sites More sharing options...
esaj Posted December 10, 2015 Share Posted December 10, 2015 16 minutes ago, fearedbliss said: @Chriull LOL yea you are right ;D @esajThis won't work, just tested. All of your checksums are failing lol. Device Serial: D4:D6:C3:84:1E:64 Mac Address: 64:1E:84:C3:D6:D4 Serial Number: 212-214-195-132-30-100 Processing Key: 9B:00:E1:00:7B:08 Checksum Failed. Invalid Key! ISN:64:1E:84:C3:D6:D4; CODE:9B:00:E1:00:7B:08 I'll look at optimizations later. You can test all of this with this online java compiler: http://www.tutorialspoint.com/compile_java_online.php Test your codes with my verify function: https://github.com/fearedbliss/KingSongISNKeyGenerator/blob/master/bonus/Verify.java Yeah, I first put the checksum to calculate it as 0xFF - (sums of values & 0xFF), so it was wrong... did you try the version I edited in the post a good 10 minutes ago? EDIT: Just ran 10000 serials & generated codes through your verify function, all valid Link to comment Share on other sites More sharing options...
fearedbliss Posted December 10, 2015 Author Share Posted December 10, 2015 @esajAh nice, just tested and it is working. Mind if I use your implementation? I'll give you credit as well. Just let me know your name, email address or w/e info you want me to put in the code/CREDITS file. Link to comment Share on other sites More sharing options...
esaj Posted December 10, 2015 Share Posted December 10, 2015 2 minutes ago, fearedbliss said: @esajAh nice, just tested and it is working. Mind if I use your implementation? I'll give you credit as well. Just let me know your name, email address or w/e info you want me to put in the code/CREDITS file. Sure, "esaj" as credit is just fine. I like these kinds of "puzzles" Link to comment Share on other sites More sharing options...
fearedbliss Posted December 10, 2015 Author Share Posted December 10, 2015 Great. Will get a new version with this implemented. It just from O(n^6) to pretty much instant. That seems like an improvement to me LOL. Link to comment Share on other sites More sharing options...
fearedbliss Posted December 10, 2015 Author Share Posted December 10, 2015 @esaj, @Chriull So I tried to do the math that I was originally trying to do yesterday before I went with brute force and yea it's basically similar to the one you guys came up with, there aren't many other ways to do this considering it's pretty straight forward. Modifying the function I originally had I came up with this. Quote for (value5 = 0; value5 < 255; value5++) { for(value3 = 0; value3 < 255; value3++) { for(value1 = 0; value1 < 255; value1++) { checksum = (value1 + value3 + value5) & 0xFF; int test = doesValueMatchCorrectlyWithAnyInDeviceSerial(value1); if (test == -1) continue; test = doesValueMatchCorrectlyWithAnyInDeviceSerial(value3); if (test == -1) continue; test = doesValueMatchCorrectlyWithAnyInDeviceSerial(value5); if (test == -1) continue; return getIntegersToHexAsString(value1,value2,value3,value4,value5,checksum); } } } Seems to be the same as with @esaj came up with but his is more compact since the each for loop and inner tests are compressed in your implementation :D. So not really O(1) times but still it went down from O(n^6) to O(n^3). Still way faster and it only loops through the values that are important. Calculating key for 77:1B:EF:84:BE:C4 ... Solution: 10:00:10:00:10:30 Solution: 3B:00:10:00:10:5B Solution: 41:00:10:00:10:61 Solution: 7B:00:10:00:10:9B Solution: 88:00:10:00:10:A8 Solution: E4:00:10:00:10:04 .. More solutions Solution: 10:00:88:00:E4:7C Solution: 3B:00:88:00:E4:A7 Solution: 41:00:88:00:E4:AD Solution: 7B:00:88:00:E4:E7 Solution: 88:00:88:00:E4:F4 Solution: E4:00:88:00:E4:50 Solution: 10:00:E4:00:E4:D8 Solution: 3B:00:E4:00:E4:03 Solution: 41:00:E4:00:E4:09 Solution: 7B:00:E4:00:E4:43 Solution: 88:00:E4:00:E4:50 Solution: E4:00:E4:00:E4:AC There are 216 solutions for 77,1B,EF,84,BE,C4 Hah! Link to comment Share on other sites More sharing options...
Chriull Posted December 10, 2015 Share Posted December 10, 2015 10 minutes ago, fearedbliss said: @esaj, @Chriull So I tried to do the math that I was originally trying to do yesterday before I went with brute force and yea it's basically similar to the one you guys came up with, there aren't many other ways to do this considering it's pretty straight forward. Modifying the function I originally had I came up with this. Seems to be the same as with @esaj came up with but his is more compact since the each for loop and inner tests are compressed in your implementation :D. So not really O(1) times but still it went down from O(n^6) to O(n^3). Still way faster and it only loops through the values that are important. You have the serial number given? So why you don't just set value1=255-Serial1, value3=255-serial3, value5=255-serial5 instead of looping through all the values? Would be O(1) then again... Link to comment Share on other sites More sharing options...
esaj Posted December 10, 2015 Share Posted December 10, 2015 9 minutes ago, fearedbliss said: @esaj, @Chriull So I tried to do the math that I was originally trying to do yesterday before I went with brute force and yea it's basically similar to the one you guys came up with, there aren't many other ways to do this considering it's pretty straight forward. Modifying the function I originally had I came up with this. Seems to be the same as with @esaj came up with but his is more compact since the each for loop and inner tests are compressed in your implementation :D. So not really O(1) times but still it went down from O(n^6) to O(n^3). Still way faster and it only loops through the values that are important. There's no need to loop, the code can be calculated directly from the serial: int[] code = new int[6]; code[0] = 255 - serialNumber[0]; code[2] = 255 - serialNumber[1]; code[4] = 255 - serialNumber[2]; //Calculate checksum from other values code[5] = ((code[0] + code[1] + code[2] + code[3] + code[4]) & 0xFF); That's it, the rest around it is just testing code. I only added loops in the test-code to generate bogus serials (with valid checksums) and for checking the result (and of repeating the process for 10000 different bogus serials). So it should be O(1). Link to comment Share on other sites More sharing options...
fearedbliss Posted December 10, 2015 Author Share Posted December 10, 2015 @Chriull @esaj Yea you guys are right, but isn't it cool to see that there are 216 possible solutions Muahahahha. Link to comment Share on other sites More sharing options...
esaj Posted December 10, 2015 Share Posted December 10, 2015 1 hour ago, fearedbliss said: @Chriull @esaj Yea you guys are right, but isn't it cool to see that there are 216 possible solutions Muahahahha. True dat, it's a bit peculiar way of doing checksumming... if you still want to squeeze computing all the combinations much faster, you could just build an algorithm to calculate all the possible combinations of the serial-bytes, including using the same "position" (=index) multiple times, and then just calculate the code + checksum from those... Another thing might be making a web-page that uses javascript to calculate the code, then it would work in mobiles too out-of-the-box (as long as there's an internet connection to load the page in the first place). I was expecting they'd have implemented the code-checking in hardware instead of just in the app. Link to comment Share on other sites More sharing options...
fearedbliss Posted December 10, 2015 Author Share Posted December 10, 2015 @esaj I'll leave that up to the web programmers . I've released the new version 1.0.1 that includes this O(1) solution. Thanks @esaj, @Chriull https://github.com/fearedbliss/KingSongISNKeyGenerator Link to comment Share on other sites More sharing options...
Chriull Posted December 10, 2015 Share Posted December 10, 2015 3 hours ago, fearedbliss said: @Chriull @esaj Yea you guys are right, but isn't it cool to see that there are 216 possible solutions Muahahahha. You ought to have 256*256 solutions for each serial number, since one can choose 2 bytes freely. Link to comment Share on other sites More sharing options...
edwin_rm Posted January 22, 2016 Share Posted January 22, 2016 Btw, I take it this great stuff will work with the upcoming King Song 16", correct? Link to comment Share on other sites More sharing options...
esaj Posted January 22, 2016 Share Posted January 22, 2016 51 minutes ago, edwin_rm said: Btw, I take it this great stuff will work with the upcoming King Song 16", correct? Depends whether they change the code generation or not. Link to comment Share on other sites More sharing options...
Teb Posted January 25, 2016 Share Posted January 25, 2016 Hi Freaedbliss and other guys, thank you so much for contributing this genius solution for King Song owners to unlock their wheels. I have had mine for a few weeks and the beeping at slow speeds is really starting to s%#$ me. Problem is ({problems}).. a) the app solution i cant get going (i think its because i have v1), and "b: I havn't a clue how to run a .jav file on my macbook. i have tried a whole bunch of things and even made some file in terminal using vin (i really did not know what i was doing), trying to "add my java bin directory" to my "environment variables". I really tried as hard as i could to figure this out but i just cant. I am not a programmer in any way. Is there a way to get a key for my wheel that doesn't involve programming skills? could someone out there run my wheel number for me maybe...? it comes up in bluetooth on my computer as 20-15-05-13-52-65 thanks T Link to comment Share on other sites More sharing options...
Chriull Posted January 25, 2016 Share Posted January 25, 2016 Could be df:00:fa:00:ad:86 if not wait for @esaj or @fearedbliss to start up the number generator Link to comment Share on other sites More sharing options...
fearedbliss Posted January 25, 2016 Author Share Posted January 25, 2016 @Teb, I don't think new versions of OS X come with Java installed anymore (for security reasons). You shouldn't need to add anything to your path though, all you would need to do is install Java and the installer should automatically do that for you. You can download the JRE from Oracle's website: http://www.oracle.com/technetwork/java/javase/downloads/index.html Link to comment Share on other sites More sharing options...
esaj Posted January 26, 2016 Share Posted January 26, 2016 I quickly made a small Javascript-version so people don't need to download the program and fight with Java (in case they haven't got it installed): Link to comment Share on other sites More sharing options...
Sweet M Posted January 30, 2016 Share Posted January 30, 2016 @esaj is it possible to have more than one working result? I was just curious, so I typed in the ISN for my KS 18A already knowing my authorization code and the result did not match the code that I was given to unlock it. I also realize that my level of understanding re: this stuff is far below (what I consider) the genius of those on this forum, so maybe I'm missing something? :-) Link to comment Share on other sites More sharing options...
esaj Posted January 30, 2016 Share Posted January 30, 2016 14 minutes ago, Sweet M said: @esaj is it possible to have more than one working result? I was just curious, so I typed in the ISN for my KS 18A already knowing my authorization code and the result did not match the code that I was given to unlock it. I also realize that my level of understanding re: this stuff is far below (what I consider) the genius of those on this forum, so maybe I'm missing something? :-) Yes, due to the way the calculation & checksum works, there are lots of options. Out of the 6 hex-values of the ISN, only three are used in the actual code, out of the remaining three, two can be anything and the last one acts as a checksum. Calculating quickly from that off the top of my head, that gives at least 2^16 possibilities (2 random bytes), so about 65536 options or more? @Sweet M: You could actually help to check that this is working correctly, if you give me your ISN and 2nd and 4th value of the code, I should be able to calculate the code you've received Or just give the entire code, then I won't have to ask you whether it matches. Link to comment Share on other sites More sharing options...
Sweet M Posted January 30, 2016 Share Posted January 30, 2016 @esaj Interesting!!! Here is my info and, of course, I'd still like to here if it matches....... ISN is 6A:3A:EF:84:BE:C4 and my authorization code was 95:63:C5:8E:7B:C6. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.