Vida CEM swapping

Post by **RickHaleParker** » 10 Oct 2021, 15:58

aaivar wrote: ↑10 Oct 2021, 14:17 Key for crypto Eeprom

Key is 64 Bytes at addresses 00ffff00 - 00ffff30.

CA = CAN Address
OC = OpCode(s)
What are the OpCode(s) ?
Format CA OC <64bit Key> ?

aaivar · Post by **aaivar** » 11 Oct 2021, 00:16

RickHaleParker wrote: ↑10 Oct 2021, 15:58
aaivar wrote: ↑10 Oct 2021, 14:17 Key for crypto Eeprom
Key is 64 Bytes at addresses 00ffff00 - 00ffff30.

CA = CAN Address
OC = OpCode(s)
What are the OpCode(s) ?
Format CA OC <64bit Key> ?

Manual Decrypt Eeptom need xor s flash+xor s 01 02 03 04 05 06 07 and so every seven bytes xor s 01...07

Xc90_2008_Example.rar: (116.75 KiB) Downloaded 236 times

aaivar · Post by **aaivar** » 11 Oct 2021, 00:53

Key in flash zone have 7ff00-7ff30

aaivar · Post by **aaivar** » 11 Oct 2021, 00:56

search vbf, sbl files for p2,p3 Platform

Post by **RickHaleParker** » 11 Oct 2021, 23:40

aaivar wrote: ↑11 Oct 2021, 00:16 Manual Decrypt Eeptom need xor s flash+xor s 01 02 03 04 05 06 07 and so every seven bytes xor s 01...07

I cannot make heads or tails out of this.

Lets start with what does the variable s represent?
My best guess is s is Byte 00 of the 8 byte string.
( For x = 01 -07, Bx = B0 xor Bx ) for the first half of a 16 byte address.
( For x = 09 - 0f, Bx = B8 xor Bx ) for the second half of a 16 byte address.

mikeak2001 · Post by **mikeak2001** » 12 Oct 2021, 16:33

RickHaleParker wrote: ↑11 Oct 2021, 23:40
aaivar wrote: ↑11 Oct 2021, 00:16 Manual Decrypt Eeptom need xor s flash+xor s 01 02 03 04 05 06 07 and so every seven bytes xor s 01...07
I cannot make heads or tails out of this.

Lets start with what does the variable s represent?
My best guess is s is Byte 00 of the 8 byte string.
( For x = 01 -07, Bx = B0 xor Bx ) for the first half of a 16 byte address.
( For x = 09 - 0f, Bx = B8 xor Bx ) for the second half of a 16 byte address.

From what I can work out it is as follows:

Code: Select all

03 95 7F D4 C9 7C 5E | BA CB 99 E0 E9 60 B4 | 3D 09  ---FLASH KEY FIRST 16 BYTES
FF FF FF FF FF FF FF | FF FF FF FF FF FF FF | FF FF  ---ENCRYPTED EEPROM FIRST 16 BYTES

        0                      1                2
FLASH XOR EEPROM
FC 6A 80 2B 36 83 A1 | 44 35 67 1E 17 9E 4A | C0 F4  ---FIRST 16 BYTES OF DECRYPTED EEPROM

First 7 bytes of the key are xor'd with the first 7 bytes of the eeprom.
Second 7 bytes of the key are xor'd with the second 7 bytes of the eeprom however the crytped byte needs reducing by 1 bit before xor.
for e.g BA^FF = 45
However BA^(FF-01) = 44

For the third set of 7 bytes subtract 2 dec or 02 hex.
e.g 3D^(FF-02) = C0

Seems to work as far as i've gone in the last 20 mins.
Haven't gone further than this yet though. Will continue when I have some more spare time.

Post by **RickHaleParker** » 12 Oct 2021, 21:16

mikeak2001 wrote: ↑12 Oct 2021, 16:33
From what I can work out it is as follows:

First 7 bytes of the key are xor'd with the first 7 bytes of the eeprom.
Second 7 bytes of the key are xor'd with the second 7 bytes of the eeprom however the crytped byte needs reducing by 1 bit before xor.
for e.g BA^FF = 45
However BA^(FF-01) = 44

For the third set of 7 bytes subtract 2 dec or 02 hex.
e.g 3D^(FF-02) = C0

Seems to work as far as i've gone in the last 20 mins.
Haven't gone further than this yet though. Will continue when I have some more spare time.

Notes: There are only 256 bytes of keys in the flash file but there are 2048 bytes in the Eeprom file. Recycle the keys?

Flash ( 7 Bytes ) xor Eeprom ( 7 bytes, each byte reduced by set number ) = Decrypted ( 7 Bytes )

That worked on the first 4 sets of seven bytes then failed in the 5th set of seven
( I started set count with 0x00 to sync the set number with the reduction ) .

First 35 bytes of eeprom grouped in set of 7 bytes.
Set E0: FF FF FF FF FF FF FF
Set E1: FF FF FF FF FF FF FF
Set E2: FF FF FF FF FF FF FF
Set E3: FF FF FF 46 0E AC 63
Set E4: 22 F9 1C 3A D5 F5 67

First 35 bytes of eeprom grouped in set of 7 bytes and reduced by set #.
Set R0: FF FF FF FF FF FF FF
Set R1: FE FE FE FE FE FE FE
Set R2: FD FD FD FD FD FD FD
Set R3: FC FC FC 43 0B A9 60
Set R4: 1E F5 18 36 D1 F1 63

35 bytes from flash starting at 7FF00. Grouped in sets of 7.
Set F0: 03 95 7F D4 C9 7C 5E
Set F1: BA CB 99 E0 E9 60 B4
Set F2: 3D 09 9E 61 49 EA 27
Set F3: 82 EE 23 45 0D DA F9
Set F4: 3A 0F 75 82 D1 F1 16

Flash xor reduced eeprom = Decripted.
Set F0: 03 95 7F D4 C9 7C 5E
Set R0: FF FF FF FF FF FF FF
Set D0: FC 6A 80 2B 36 83 A1 ; Matches decrypted file.

Set F1: BA CB 99 E0 E9 60 B4
Set R1: FE FE FE FE FE FE FE
Set D1: 44 35 67 1E 17 9E 4A ; Matches decrypted file.

Set F2: 3D 09 9E 61 49 EA 27
Set R2: FD FD FD FD FD FD FD
Set D2: C0 F4 63 9C B4 17 DA ; Matches decrypted file.

Set F3: 82 EE 23 45 0D DA F9
Set R3: FC FC FC 43 0B A9 60
Set D3: 7E 12 DF 00 00 75 99 ; Matches decrypted file.

Set F4: 3A 0F 75 82 D1 F1 16
Set R4: 1E F5 18 36 D1 F1 63
Set D4: 24 FA 6D B4 00 00 75; Does not match decrypted file. 1C F2 6D BC 00 00 75.

===============================================================

Calculated Set F4 from Set R4 & Set D4 in decrypted file :
Set F4: 02 07 75 8A D1 F1 16 ( Calculated )
Set R4: 1E F5 18 36 D1 F1 63
Set D4: 1C F2 6D BC 00 00 75 ( From decrypted file )

I double checked, I cannot find any errors in my data or calculations, can you?

Bug in aaivar's decrypt software or he changed the state of the eeprom ? That is the eeprom file and the decrypt file are not matched states.

Post by **vtl** » 13 Oct 2021, 06:47

They xor it with current eeprom byte offset divided by 7:

Code: Select all

FC665B C99B                             MOV.W:G     R3,R0
FC665D CFA801                           JSR.W       FC6806H
FC6660 F860                             MOV.B:Q     #0H,R1H
FC6662 C99B                             MOV.W:G     R3,R0
FC6664 F920                             MOV.W:Q     #0H,R2
FC6666 B0133D00                         DIVU.W      #003DH
FC666A C18B                             MOV.W:G     R2,A0
FC666C B08B00FFFF                       MOV.B:G     FFFF00H[A0],A0
FC6671 89E9                             XOR.W       A0,R1
FC6673 C99B                             MOV.W:G     R3,R0
FC6675 F920                             MOV.W:Q     #0H,R2
FC6677 B0130700                         DIVU.W      #0007H
FC667B C8E9                             XOR.B       R0L,R1L
FC667D 02                               MOV.B:Z     #0,R0L
FC667E BB0F                             JMP.B       FC668EH
FC6680 D6B0E90300                       BCLR        0,0003E9H
FC6685 D6BDE90300                       BSET        5,0003E9H
FC668A E8C0                             SHL.B       #1H,R1L
FC668C E8B1                             ADD.B:Q     #1H,R0L
FC668E 4608                             CMP.B:S     #08H,R0L
FC6690 CA11                             JGEU        FC66A2H
FC6692 D6B5E90300                       BCLR        5,0003E9H
FC6697 D8C7                             BTST:G      7,R1L
FC6699 DAE6                             JEQ         FC6680H
FC669B D6B8E90300                       BSET        0,0003E9H
FC66A0 BBE4                             JMP.B       FC6685H

Something like this (haven't verified):

Code: Select all

void eeprom_decrypt(unsigned char *eeprom, int len, unsigned char *crypto, unsigned char *decrypted)
{
	for (int i = 0; i < len; i++)
		decrypted[i] = eeprom[i] ^ crypto[i % 0x3d] ^ (i / 7);
}

aaivar · Post by **aaivar** » 13 Oct 2021, 09:11

I can send another example if necessary

Post by **RickHaleParker** » 13 Oct 2021, 13:25

aaivar wrote: ↑13 Oct 2021, 09:11 I can send another example if necessary

We need to figure out if you are getting read errors, have a bug in your decypher source code or something else like we don't have it figured out completely. How about posting the source code for your decypher.

Vida CEM swapping

Re: Vida CEM swapping