定位问题居然查到项目中引入的rc4 c算法中的一个bug,也算是大开眼界。
学习rc4 c实现,结合维基百科中的例子,修改网上的例子rc4 c example

/* RC4 Encrypt/Decrypt

   RC4 was developped by RSA labs, however this code may not be exact.

   Written in portable Micro-C by Tom St Denis.

   Notes:

        1.  I found the 'source' on a discussion website.  The user
        posting confirms that this matches the BSAFE2 algorithm.

        2.  The user key can be upto 256 bytes in length.

        3.  Yes the same algorithm is used for decryption.

        4.  I have optimized the code from the original post to work
        well without the modulus.  Also I use 16-bit pointers in the
        arrays since some C compilers don't handle char indexes well.

        5.  Originally RC4 was a stream cipher, but for reasons of speed
        it is a variable block cipher here.  You pass it the address of
        the buffer and length as the first to parameters to rc4() and the
        rc4_key as the second parameter.

        6.  As a side note this cipher runs at about 84.7KB/s on my
        AMD486 40mhz.


   Micro-C is Copyrighted Dave Dunfield.
   Tom St Denis, 1999
*/
/*rc4
https://en.wikipedia.org/wiki/RC4
https://zh.wikipedia.org/wiki/RC4
*/
#include <stdio.h>
#include <string.h>
#include <unistd.h>

/* a RC4 expanded key session */
struct rc4_key {
    unsigned char state[256];
    unsigned x, y;
};

static __inline void
swap_bytes(unsigned char *a, unsigned char *b)
{
    unsigned char temp;
    temp = *a;
    *a = *b;
    *b = temp;
}

/* expand a key (makes a rc4_key) */
void prepare_key(unsigned char *keydata, unsigned len, struct rc4_key *key)
{
    unsigned i = 0,j = 0;
    unsigned char *state = NULL;
    key->x = 0;
    key->y = 0;

    state = key->state;
    /*0到255的互不重复的元素写入state*/
    for (i = 0; i < 256; i++)
        state[i] = i;

    //根据秘钥打乱state
    for (i = 0; i < 256; i++) {
        j = (j + state[i] + keydata[i % len]) % 256;
        /* swap */
        swap_bytes(&state[i],&state[j]);
    }
}

/* reversible encryption, will encode a buffer updating the key */
void rc4(unsigned char *buffer, unsigned len, struct rc4_key *key)
{
    unsigned i = 0, j = 0, counter;
    unsigned char *state;

    /* get local copies */
    state = key->state;

    for (counter = 0; counter < len; counter++) {
        i = (i + 1) % 256;  
        j = (j + state[i]) % 256;

        /* swap */
        swap_bytes(&state[i],&state[j]);

        buffer[counter] ^= state[(state[i] + state[j]) % 256];
    }

}

/* user key, upto 256 bytes */
unsigned char user_key[8];          /* 8 bytes in our demo */
struct rc4_key key;                 /* key used during encryption/decryption */

unsigned char in[4], out[4], out2[4]; /* test data */

int main()
{
    /* test vector */
    memset(in, 2, sizeof(in));

    /* encrypt */
    memset(user_key, 0, sizeof(user_key));          /* build sesion key */
    prepare_key(user_key, sizeof(user_key), &key);
    memcpy(out, in, sizeof(in));
    rc4(out, 4, &key);

    /* decrypt */
    memset(user_key, 0, sizeof(user_key));          /* build session key */
    prepare_key(user_key, sizeof(user_key), &key);
    memcpy(out2, out, sizeof(out));
    rc4(out2, 4, &key);

    /* output */
    printf("Normal : %2x %2x %2x %2x\n", in[0], in[1], in[2], in[3]);
    printf("Encoded: %2x %2x %2x %2x\n", out[0], out[1], out[2], out[3]);
    printf("Decoded: %2x %2x %2x %2x\n", out2[0], out2[1], out2[2], out2[3]);
}

在苹果官网找到一个类似的加密算法
rc4.c
rc4.h