Vida CEM swapping

[vtl]

hash collision found
SEED b6 cb 58, PIN 00 00 ff ff ff, KEY 68 4d 50, 292 pins/s

No way!

[alevol]

pps is pins per second for your CEM.

Thanks for your help!

I have used it this exact way. I was thinking it is needed for accelerating computing of pin codes for given seed+key. But a little bit confusing for me is the fact, that for other seed+key pair from THE SAME cem other pin codes are generated. As far i see no coincidences.

[gnalan]

But a little bit confusing for me is the fact, that for other seed+key pair from THE SAME cem other pin codes are generated. As far i see no coincidences.

For a single CEM using just one working seed/key pair will give you 65536 pins that will work. (Assuming 5 byte hex, not BCD.)

[alevol]

Code computes BCD digits. For a different single pairs it gives different amounts of pins. I have tried two pairs, and results are 709 and 614 different passwords. Do all of them really work for P3 cem?
I am afraid i don't get the idea. If seed+key is timed out, the passwords will not work!? So i see, there must be passwords, that match many seed+key pairs, because they must match the one single password that is kept in flash memory of CEM's MCU.

[charlie13]

Code computes BCD digits. For a different single pairs it gives different amounts of pins. I have tried two pairs, and results are 709 and 614 different passwords. Do all of them really work for P3 cem?
I am afraid i don't get the idea. If seed+key is timed out, the passwords will not work!? So i see, there must be passwords, that match many seed+key pairs, because they must match the one single password that is kept in flash memory of CEM's MCU.

I only calculated 4 but they work on one P3 cem.
1844518461 original from file
00 00 ff ff ff
ff ff 81 86 c5
00 21 86 28 06

[gnalan]

Code computes BCD digits. For a different single pairs it gives different amounts of pins. I have tried two pairs, and results are 709 and 614 different passwords. Do all of them really work for P3 cem?
I am afraid i don't get the idea. If seed+key is timed out, the passwords will not work!? So i see, there must be passwords, that match many seed+key pairs, because they must match the one single password that is kept in flash memory of CEM's MCU.

Yes, for the P3 and SPA that use the same Algo. Seed in, pin is in the individual ECUs, and key out. The exact pin isn't necessary, just an exact key response. So any of the 65536 unique PINs can be used with a seed to come up with the same key using just the Algo.

[vtl]

Also because Volvo's hash function is sort of lame, it makes the same set of PINs valid despite of different SEEDs. It is easy enough to modify the hash function slightly in order to define a unique set of matching PINs for the SEED. Brute force would become impossible, at least not in a way like it is done today.

[gnalan]

On the CEM-B that uses a 6 byte BCD pin, do they also use an Algo or does the actual pin need to be read from flash?

[vtl]

On the CEM-B that uses a 6 byte BCD pin, do they also use an Algo or does the actual pin need to be read from flash?

Straight from flash. Some newer P1 CEMs have it encrypted, but the routine is still the "compare 6 bytes from CAN with the ones in FLASH".

Best CEM protection is in brick shaped ones, from P2 -04. It is the dumbest code, which is resistant to timing attacks because of how dumb is it

[gnalan]

Best CEM protection is in brick shaped ones, from P2 -04. It is the dumbest code, which is resistant to timing attacks because of how dumb is it

Mine is a 2001. In a way I'm glad the security is resistant to a timing attack since there's less chance of an outside attack on it. However, with it being so secure it makes modifications harder to accomplish.

I'm good with math, and having an Algo to work with makes things easier. It also makes newer models easier to hack.

Do you mind if I fork your code and do my own tweaks on it? (I have a working theory in my mind and I want to see if it works for the models that use the Algo I've been working with. P3, P5, and P6? Please correct me if I'm wrong.)