#include <stdio.h>
#include <stdlib.h>

bool g_verbose= false;

// this program finds what seed was used for generating a cid block
// and prints the areas containing data.
//
// this works for the htc typhoon cid blocks

void fillbuf(unsigned char *buf, int size, unsigned long seed)
{
    while (size--) {
        seed = 2531011+214013*seed;
        *buf++ = seed>>16;
    }
}
void dumprand(int size, unsigned long seed)
{
    printf("%08lx: ", seed);
    unsigned char c;
    while (size--) {
        seed = 2531011+214013*seed;
        c = seed>>16;
        printf(" %02x", c);
    }
    printf("\n");
}
bool testseed(unsigned long seed, int skip, const unsigned char *buf, int size)
{
    while (skip--)
        seed = 2531011+214013*seed;

    while (size--) {
        seed = 2531011+214013*seed;
        if ( ((unsigned char)(seed>>16)) != *buf++) return false;
    }
    return true;
}
unsigned long findvalue2(const unsigned char *databuf)
{
    for (unsigned long seed=0 ; seed<0x80000000 ; seed++)
    {
        if (testseed(seed, 4, databuf+4, 8))
            return seed;
    }
    return 0;
}

struct range {
    bool exact;
    int recsize;
    int start;
    int length;
    const char *desc;
} ranges[]= {
    {true , 0x00, 0x0000, 4, "version"},
    {true , 0x00, 0x0140, 8, "imei"},
    {true , 0x00, 0x0160, 0x20, "cid"},
    {true , 0x00, 0x01a0, 8, "keyindex"},
    {false, 0x08, 0x1200, 0x800, "cidcryptkey"},
    {true , 0x00, 0x1c80, 8, "lockflag"},
    {false, 0x10, 0x1d00, 0x200, "lockcodes"},
    {true , 0x00, 0x4000, 0x10, "mccmnc"},
    {true , 0x00, 0x4000, 0x400, "long mccmnc block"},
    {true , 0x00, 0xfff8, 8, "checksum"},
};
#define N_RANGES (sizeof(ranges)/sizeof(struct range))

bool is_in_range(struct range *r, int ofs)
{
    return (r->start<=ofs) && (ofs<r->start+r->length);
}
void writerange(int start, int end)
{
    if (!g_verbose) {
        printf(" %08x-%08x", start, end);
        return;
    }

    struct range *r= ranges;
    for (size_t i=0 ; i<N_RANGES ; i++, r++)
    {
        if (r->exact && r->start==start && r->start+r->length-1 == end) {
            printf("%08x-%08x : %s\n", start, end, r->desc);
            return;
        }
        else if (!r->exact && is_in_range(r, start) && is_in_range(r, end)) {
            printf("%08x-%08x : %s ( entry 0x%02x )\n", start, end, r->desc, (start-r->start)/r->recsize);
            return;
        }
    }
    printf("%08x-%08x : ????\n", start, end);
}
int main(int argc, char **argv)
{
    int i;

    for (i=1 ; i<argc ; i++)
    {
        if (argv[i][0]=='-') switch(argv[i][1])
        {
            case 'v': g_verbose= true; break;
        }
    }

    unsigned char *databuf= (unsigned char *)malloc(65536);
    unsigned char *rndbuf= (unsigned char *)malloc(65536);

    for (i= 1 ; i<argc ; i++)
    {
        if (argv[i][0]=='-') continue;

        FILE *f= fopen(argv[i], "rb");
        if (f==NULL) {
            perror(argv[i]);
            continue;
        }
        fread(databuf, 1, 65536, f);
        fclose(f);

        //unsigned long seed= findvalue(*(unsigned long*)(databuf+4), *(unsigned long*)(databuf+8));
        unsigned long seed= findvalue2(databuf);
        printf("seed=%08lx : ", seed);
        if (g_verbose)
            printf("%s\n", argv[i]);
        
        fillbuf(rndbuf, 65536, seed);

        int start=-1;
        int last=-1;
        for (int ofs= 0 ; ofs<0x10000 ; ofs+=4) {
            if (*(unsigned long*)(rndbuf+ofs)!=*(unsigned long*)(databuf+ofs)) {
                if (start==-1) {
                    start= ofs;
                }
                last= ofs;
            }
            else if (start>=0) {
                writerange(start, last+3);
                last= -1;
                start= -1;
            }
        }
        if (start>=0)
            writerange(start, last+3);
        if (!g_verbose)
            printf("  %s\n", argv[i]);
    }
}