Vida CEM swapping

[RickHaleParker]

Do you know where EEPROM encryption key is located in the flash dump?

yes

Are you going to share that information ?

[aaivar]

Do you know where EEPROM encryption key is located in the flash dump?

yes

Are you going to share that information ?

vtl knows , i'm sended

[RickHaleParker]

P3
The probability that a wrong PIN will produce the correct hash one time in a row is 1\(1/100,000)^1 = 1:100,000
The probability that a wrong PIN will produce the correct hash two times in a row is 1\(1/100,000)^2 = 1:100^5

100^5 is the number of possible PINs. In other words if a PIN get the hash correct two time in row, it is the correct pin to a high degrees of probability. If you want more confidence you can test for 3,4, 5 - 1,000 times in a row.

Do a correct PIN test every time you get a correct hash. If it passes, you can declare success. If it fails, you can still use the seed and the hash to weed out incorrect PINs from the short list.

[RickHaleParker]

The key to the P3 crack is if the CEM challenge emulated in software can process sufficiently more then 500 pins per second. That the number I am waiting to hear. I can visualize the process and see the math, wish I could code it. Guess I'll need to accept nobody can be a know it all. That is why collective effort is more productive and creates more possibilities.

There is a theory that the reason Homo Sapiens still walk the earth and Neanderthals are extinct. Because Homo Sapiens are collectively cooperative and Neanderthals where not. Collective cooperation enabled Homo Sapiens to create tools and knowledge that improved their chances of surviving. They could adapt to new conditions because of that. It really does takes all kinds to make a world. At least most kinds, there are some kinds we could do better without, like Malignant narcissist.

[RickHaleParker]

vtl knows , i'm sended

Be nice if some other people that can code where to jump in and contribute. VTL is carrying almost if not all of the load now.

[vtl]

Be nice if some other people that can code where to jump in and contribute. VTL is carrying almost if not all of the load now.

I'm not sure DHA asks for the EEPROM crypto: it is rather long (64 bytes?) Also it needs to upload SBL first that will make it possible reading flash/EEPROM over CAN, and for that it needs to unlock the CEM by sending it the PIN - the one we crack here.

Once SBL is in place, anything can read anything, including that long EEPROM crypto key.

[vtl]

My cheap lab power supplied died a few days ago. After some negotiation w// financial control (wife) I'll be getting a better PSU next week. Until then I'm not doing anything.

[RickHaleParker]

My cheap lab power supplied died a few days ago. After some negotiation w// financial control (wife) I'll be getting a better PSU next week. Until then I'm not doing anything.

I bought a used Laboratory power supply for $75.00 with shipping. It is a GW Model: GPC- 3020. Triple output: Dual Tracking and 5V Fixed. The dual tracking is 0 - 30V 2A per channel Independent mode. 0 - 60V 2A in series mode. 0 - 30V 4A in parallel mode. The fixed 5V 3A comes in handy. I use it to power my 5V 8 Watt soldering iron more then anything else.

If it would help you out, I have a older Micronta Regulated "12V" Supply that is just collecting dust. It outputs 13.8 V when loaded with 1 amp of current. I don't have have a power resistor with the right resistance to test it's full 60W capacity ( 4.3A ). I rather somebody get some use out of it then it go to waste. This thing was build way back in 1982. I would not surprise me if it last another 40 years. It is your's if you PM a shipping address.

[vtl]

@RickHaleParker, thanks, that's very generous But I bought one already.

[aaivar]

vtl knows , i'm sended

Be nice if some other people that can code where to jump in and contribute. VTL is carrying almost if not all of the load now.

Key for crypto Eeprom