EESE_Common_Security_Algorithm,_V_100070 Do you have a link to this? Hi, I've been working with x119 and a few others, we are trying to figure this out. We are techy, but not devs or EE. The basis we have is that VDash, is able to get the CEM pin thus: If you run VIDA (online legit version), on a l...

Hey VTL, on P3 with seed/key, this is similar to SPA, how many PINs are you checking in the possible set? The SPA isn't limited to only BCD values within 5 bytes, but I've worked it down to only 3 bytes of unique PINs that are a single match for any possible seed/key. I implemented in the brute forc...

Any real world examples of SPA pin + seed + key? The algorithm is the same yes. How many examples do you need, I got plenty ;-) What would you like to see? I've figured out the algorithm has some properties useful for security hashing that make the result always unique, the set of possible results ...

Couple of example of the real pin from flash and seed/key from the real session. Got you. One thing I don't have is the PIN from flash, have not read the CEM, not a hardware guy ;-) So what I don't know is what Volvo has set the CEM 01 PIN to. I've been using the cracked PINs to test and program th...

That's something like what I said to Rick when he didn't buy the "3-bytes of PIN" theory. But we are in agreement after testing it out. I don't see anything that proves anything, not that you are required to share it! I guess if you start with 100 million PINs, it's true some are more like...

I have updated PINMagic to deal with the DiCE session log files, this should work for P3 now since DOIP is not an option with VIDA. If you have a VIDA log file with a CEM unlock in it, you can get your PIN in seconds. If anyone tries it out let me know if you have problems, I had an extremely limite...