Vida CEM swapping

Post by **RickHaleParker** » 19 Jan 2022, 18:05

vtl wrote: ↑19 Jan 2022, 16:56 I did. I became a certified electrician in high school (the school was outsourcing professional courses to other educational institutions), allowed to work with voltages up to 380 V freely and 1000 V under supervision. It was very old school: soldering DIP chips was at its max competence. Breadboard, nails - yes...

Well dam! When I search the EasyEDA libraries I does not come up with the parts in the apparently assembled library but if I go to the JLCPCB website the part is listed. Don't know what to make of it.

PS: Apparently you need to buy some parts from JLCPCB then the symbols and footprints will be added to your library. Lot of extra work ... PIA. Try it out with part number PM254-1-13-Z-8.5 which are the 13 pin Female headers. You will see what I mean.

askrobek · Post by **askrobek** » 19 Jan 2022, 18:55

vtl wrote: ↑19 Jan 2022, 15:31 First two bytes are clearly 03 55. Third byte in your CEM is hard to crack (there was a theory why some CEMs have problems with the third bytes, lost somewhere in this rather long thread), but if you set CALC_BYTES to 2 and leave it overnight on a battery charger, you'll get it brute forced in under 18 hours (max wait time, usually much less).

Or you can work on a better hw implementation, it is chasing for the ~hundred nanoseconds jitter.

Sometimes it helps to run at full 600 MHz speed, remove "set_arm_clock (180000000);" line: https://github.com/vtl/volvo-cem-cracke ... .ino#L1002

Gentlemen! Success! BF on 4 bytes took ~2 hr (10% mark) and it found the pin! Thank you for all the help!

Adrian

Post by **RickHaleParker** » 19 Jan 2022, 19:03

askrobek wrote: ↑19 Jan 2022, 18:55 Gentlemen! Success! BF on 4 bytes took ~2 hr (10% mark) and it found the pin! Thank you for all the help!

B2 detection again.

What is the PIN number? I would like to see if the correct B2 was getting into the short list when CALC_BYTES = 3.

Notes: From his CALC_BYTES = 3 run.
shuffle order: 3 1 5 0 2 4
best candidates ordered by latency: ( B2, range 3)
0: 55 lat = 2623755
1: 73 lat = 2618088
2: 82 lat = 2618012

askrobek · Post by **askrobek** » 19 Jan 2022, 19:20

RickHaleParker wrote: ↑19 Jan 2022, 19:03
B2 detection again.

What is the PIN number? I would like to see if the Correct B2 was getting into the short list when CALC_BYTES = 3.

Notes: From his CALC_BYTES = 3 run.
shuffle order: 3 1 5 0 2 4
best candidates ordered by latency: ( B2, range 3)
0: 55 lat = 2623755
1: 73 lat = 2618088
2: 82 lat = 2618012

found PIN: 25 55 71 03 13 56
PIN is cracked in 9883.84 seconds
Validating PIN
PIN verified.

Post by **RickHaleParker** » 19 Jan 2022, 19:52

askrobek wrote: ↑19 Jan 2022, 19:20 found PIN: 25 55 71 03 13 56

Nope! B2 = 56. Dropped out of the short list at range 12.

Post by **vtl** » 19 Jan 2022, 23:01

RickHaleParker wrote: ↑19 Jan 2022, 19:52 Nope! B2 = 56. Dropped out of the short list at range 12.

I blew dust off of my cracker and wired it with CEM-L. Master branch still cracks reliably.

Out of curiosity, calculated a latency margin for the best candidate and the next best candidate, for the last round (where only two candidates are left). For positions 1 and 2 (starting from 1) the margin is 0.24%, for position 3 it was only 0.07%. In that last round the sw does 4 million pin unlock requests for each candidate and yet it registers only 0.07% of latency difference. Wow.

Guess, with such small latency deviation it is crucial to have the best hw setup possible.

Post by **RickHaleParker** » 19 Jan 2022, 23:58

vtl wrote: ↑19 Jan 2022, 23:01 Guess, with such small latency deviation it is crucial to have the best hw setup possible.

I am hoping my ODIN Shield will move things in that direction. If I can figure out how to deal with JLCPCB's idiocracies. May need to go with my original plan of building the shield complete then selling them. I do like the idea of posting it so anybody can order one assembled directly from JLCPCB lower investment and risk for me.

Give myself a rest from this for a few day. JLCPCB's marketing BS is pissing me off.

eltoro · Post by **eltoro** » 20 Jan 2022, 01:26

RickHaleParker wrote: ↑19 Jan 2022, 23:58
vtl wrote: ↑19 Jan 2022, 23:01 Guess, with such small latency deviation it is crucial to have the best hw setup possible.
I am hoping my ODIN Shield will move things in that direction. If I can figure out how to deal with JLCPCB's idiocracies. May need to go with my original plan of building the shield complete then selling them. I do like the idea of posting it so anybody can order one assembled directly from JLCPCB lower investment and risk for me.

Give myself a rest from this for a few day. JLCPCB's marketing BS is pissing me off.

I can feel you. I have tried to build something with EE and stumbled with the same issues. My project is still waiting for more motivation to continue

Did you publish the project as public, in case of someone wants to take a look and try to find components for that?

I did lookup components first from the JLCPB site search and checked the "basic components" and "on stock" components, but they do not have a big inventory to work with.

One option is always to populate all you can cheaply from basic inventory and leave some soldering as DIY.

Post by **RickHaleParker** » 20 Jan 2022, 02:05

eltoro wrote: ↑20 Jan 2022, 01:26 I can feel you. I have tried to build something with EE and stumbled with the same issues. My project is still waiting for more motivation to continue

Did you publish the project as public, in case of someone wants to take a look and try to find components for that?

I did lookup components first from the JLCPB site search and checked the "basic components" and "on stock" components, but they do not have a big inventory to work with.

One option is always to populate all you can cheaply from basic inventory and leave some soldering as DIY.

Right now the project is private. Want to learn the ropes first.

From what I can tell. To get some of the JLCPCB symbols, footprints, and parts into the schematic and BOM, then use them in a assembly. You got to buy the parts first. Creating a private inventory within JLCPCB's inventory. Then and only then will the symbols, footprints be in you library for use. It like paying a ransom for the privilege of using the parts they have. When you order an assembly, you draw the parts from the private inventory. I got no clear idea now that would work out for others if I publish the project as open source. It overly complicated and unnecessary. That why I think it is just marketing BS.

Some of it will need to be DIY. JLCPCB does not carry any J1962 ( OBD ) connectors. The

The 13 pin Female header connectors to mate the shield with the Teensy 4.0 would need to be put in a private inventory. Min quantity is 192 pcs and it is preorder parts not in stock part. Something like that might need to be DIY also. Same for the Transceivers I am planning to use ... you got to put it in private inventory first but the min quality is 1

Any insight?

eltoro · Post by **eltoro** » 20 Jan 2022, 02:21

RickHaleParker wrote: ↑20 Jan 2022, 02:05 Right now the project is private. Want to learn the ropes first.

From what I can tell. To get some of the JLCPCB symbols, footprints, and parts into the schematic and BOM, then use them in a assembly. You got to buy the parts first.

Any insight?

I am not an expert here not even beginner, but somehow that does not sound right.

I liked a lot their open source solution, have you seen that?

https://oshwlab.com/search?wd=teensy%20can

Where people can publish their schematics, board designs BOM's etc. (with various licenses). One can pickup some project as base and continue there or order boards etc.

Vida CEM swapping

Re: Vida CEM swapping