Login Register

Vida CEM swapping

A mid-size luxury crossover SUV, the Volvo XC90 made its debut in 2002 at the Detroit Motor Show. Recognized for its safety, practicality, and comfort, the XC90 is a popular vehicle around the world. The XC90 proved to be very popular, and very good for Volvo's sales numbers, since its introduction in model year 2003 (North America).
Post Reply
forhike
Posts: 1
Joined: 21 Jun 2022, 10:04
Year and Model: v70
Location: Up North
Been thanked: 2 times

Re: Vida CEM swapping

Post by forhike »

Started playing with a gui for: https://github.com/vtl/volvo-cem-cracker

https://github.com/3Wings/Volvo-CEM-Gui
Its not working at the moment, its just a start, will try to fix so pin will be displayed in app later, at the moment it just a ide of a gui.
much work left before i could be used.

best regards

oscilloscope
Posts: 40
Joined: 20 May 2022, 16:12
Year and Model: 2005
Location: uk
Has thanked: 7 times
Been thanked: 2 times

Post by oscilloscope »

folks in the know , I am very intrigued and eager to learn how to reverse engineer this kind of stuff. reading through this thread really makes me want to learn it more .. so knowing what warez you use , and tools would be a great advantage to know so i can download or mess around with them to get a feel of what its like. , so I have had "some" programming experience but it is very very limited. (further studying is to come oct 2022 8wk course get in!)

cheers!

vtl
Posts: 3132
Joined: 16 Aug 2012, 13:35
Year and Model: 2005 XC70
Location: Boston
Has thanked: 26 times
Been thanked: 226 times

Post by vtl »

C compiler/toolchain - to program devices.

Some assembler - for which CPU it doesn't really matter, they are all alike, but you have to know how CPU operates on low level.

Disassembler for the target CPU. I lately use https://onlinedisassembler.com/odaweb/ for !x86.

PDF reader - to read datasheets :)

Unix tools, like grep, cut, sort, sed, awk - to consume logs from device(s), extract needed data and manipulate it.

Some high-level scripting language, Bash, Python or whatever - to automate boring/routine jobs.

Some plotting software, like gnuplot - to visualize data. Often it is not trivial to detect patterns by looking just at numbers, but drawing a chart makes it obvious.

Most importantly, write a lot of code and make it run to success. You'll be doing bugs in your code and would have to debug them. All system-level programmers are basically hackers.
05 XC70, 19 Tundra, 22 Sequoia, 16 XC60 (sold), 05 XC70 (crashed), 02 V70 (sold)
P1+P2+P3 CEM PIN-code retrieval DIY thread

oscilloscope
Posts: 40
Joined: 20 May 2022, 16:12
Year and Model: 2005
Location: uk
Has thanked: 7 times
Been thanked: 2 times

Post by oscilloscope »

vtl wrote: 23 Jun 2022, 12:42 C compiler/toolchain - to program devices.

Some assembler - for which CPU it doesn't really matter, they are all alike, but you have to know how CPU operates on low level.

Disassembler for the target CPU. I lately use https://onlinedisassembler.com/odaweb/ for !x86.

PDF reader - to read datasheets :)

Unix tools, like grep, cut, sort, sed, awk - to consume logs from device(s), extract needed data and manipulate it.

Some high-level scripting language, Bash, Python or whatever - to automate boring/routine jobs.

Some plotting software, like gnuplot - to visualize data. Often it is not trivial to detect patterns by looking just at numbers, but drawing a chart makes it obvious.

Most importantly, write a lot of code and make it run to success. You'll be doing bugs in your code and would have to debug them. All system-level programmers are basically hackers.
ok , thanks , i would need something to work on , something practical , something i can touch . lets say i purchased a white style CEM which carries the hc12 chip like one of this ------>>>>>> https://www.ebay.co.uk/itm/295027966064 ... media=COPY

so what can i do at the moment, i can extract the information from the respective chip within , but understanding what i am looking at is another thing. i have got by with things i have found and that's pretty much it. what i would like to be able to is look through the information and saying ahh that's that , and this is that... much like the developers I talk to regularly from the likes of scorpio.lk , some on iprog... and various other places that know what there looking at , but do not want to share what there looking at

so my thoughts are i need to put the BIN file thought a program such as this https://www.kanda.com/products/PEMicro/PROG-HL-12Z.html

then... doing something i am lost on.... , to add i don't have the programmer which that software works with. nor do i have the software.

Ijmorrison
Posts: 3
Joined: 05 Jul 2022, 12:50
Year and Model: Xc90 d5 2005
Location: Great Yarmouth
Has thanked: 1 time

Post by Ijmorrison »

Good evening gents ..just spent a couple of days reading through and a big congratulations to everyone.

I'm looking to build an "Odin" to play with ...quick question would a couple of MCP2562FD-E/P be suitable for the canbus transceivers ?

Been many years since doing electronics so will probably use veroboard ...I might even get my scope (old school 1GHZ analogue Tektronix) and signal generator out ;) )

Currently owner of a 2003 2.5t S80 (2004 manufacture) and a XC90 2005 D5 (2006 manufacture).

Many thanks

Iain

Ijmorrison
Posts: 3
Joined: 05 Jul 2022, 12:50
Year and Model: Xc90 d5 2005
Location: Great Yarmouth
Has thanked: 1 time

Post by Ijmorrison »

Oops double post good start
Last edited by Ijmorrison on 05 Jul 2022, 13:28, edited 1 time in total.

vtl
Posts: 3132
Joined: 16 Aug 2012, 13:35
Year and Model: 2005 XC70
Location: Boston
Has thanked: 26 times
Been thanked: 226 times

Post by vtl »

Ijmorrison wrote: 05 Jul 2022, 13:00 I'm looking to build an "Odin" to play with ...quick question would a couple of MCP2562FD-E/P be suitable for the canbus transceivers ?
Hello,

Most likely, yes. Keep in mind, it is a 5V device, you have to supply 5V to VDD and 3.3V to VIO.
Ijmorrison wrote: 05 Jul 2022, 13:00 Currently owner of a 2003 2.5t S80 (2004 manufacture) and a XC90 2005 D5 (2006 manufacture).
2004 (brick-shaped CEM) will not crack, 2005 (L-shaped) perhaps yes.
05 XC70, 19 Tundra, 22 Sequoia, 16 XC60 (sold), 05 XC70 (crashed), 02 V70 (sold)
P1+P2+P3 CEM PIN-code retrieval DIY thread

Ijmorrison
Posts: 3
Joined: 05 Jul 2022, 12:50
Year and Model: Xc90 d5 2005
Location: Great Yarmouth
Has thanked: 1 time

Post by Ijmorrison »

Lovely cheers.

I'll pull a 12v rail onto the board with signal ground and use a couple of linear regs with caps to keep the noise down and provide the requisite power.

Looks like there is plenty of headroom speed wise for a level convertor to sit between the teeny and the canbus transceiver.

Just deciding whether to put a k line in for the S80 just in case.

Iain

vtl
Posts: 3132
Joined: 16 Aug 2012, 13:35
Year and Model: 2005 XC70
Location: Boston
Has thanked: 26 times
Been thanked: 226 times

Post by vtl »

You can, the code is k-line ready, however the pin compare routine in this CEM is written in a way that defies our timing attack. I've spent a great deal of time looking at it, and failed to come up with anything.
05 XC70, 19 Tundra, 22 Sequoia, 16 XC60 (sold), 05 XC70 (crashed), 02 V70 (sold)
P1+P2+P3 CEM PIN-code retrieval DIY thread

User avatar
V702T5
Posts: 5
Joined: 15 Sep 2019, 03:28
Year and Model: 2004
Location: German
Been thanked: 2 times

Post by V702T5 »

Work in Progress
Attachments
ProfiCem.jpeg
ProfiCem.jpeg (173.43 KiB) Viewed 134 times

Post Reply
  • Similar Topics
    Replies
    Views
    Last post