Vida CEM swapping

[gnalan]

Algo can be shortened for finding the new mucked_value (as I usually see it called). I looked at your code and see that you've shortened it as well but using a different value.

[RickHaleParker]

The need on the SPA is a breakthrough to get around the security timeout, to not require sampling a successful seed/key, and even then if doing a crack over UDS whether CAN or DOIP speed to calculate key each try would likely never be an issue.

I found a flaw in what I was thinking. VTL's step hash will not help with beating the SPA timeout.

1. We are going be working with one set of ( BO, B1 ) to get the number of PIN candidates down to 256^3.
2. Each perpetuation of the 256^3 will produce a unique key for a given seed. That is why only one PIN for each ( B0, B1 ) set.
3. VTL's Step hash would find the PIN for a failed UDS but there will be only one in the ( B0. B1 ) set. The one that was used to produce the failed pair. That is already known so nothing is gained.

At this time our best hope for beating the SPA UDS timeout is a soft reset. Which we have not investigated yet.

[RickHaleParker]

P3 owners: Would you prefer a lower maximum crack time (10.5 hours ) or a chance of finding the PIN real fast?
With the chance finding the PIN real fast comes the risk that it will take real long time ( 63 hours ).

[RickHaleParker]

I think we should split the CEMs into two groups. ( P1, P2 ) & ( P3, P5, P6 ) P3 belongs with the CMA and the SPA. The tools being developed for the SPA will work for the P3 and vice versa.

[gnalan]

Looking at your code... I know what 'n' is but where did 'm' come from? Also what is 'k'?
n = 0xc541a9, m = 0x1212050

[vtl]

Looking at your code... I know what 'n' is but where did 'm' come from? Also what is 'k'?
n = 0xc541a9, m = 0x1212050

I took my time, disassembled one of P3 dumps, found the routine and actually understood what the hash is doing. And rewrote it in a clean, understandable C. The source code that is floating on the net, is clearly a compiler-optimized machine code decompiled back into C. My variation of the algo does the same bit manipulation (ends up with the same result), but looks nicer for humans.

'k' is input vector to hash function represented as a 64 bit integer.

[gnalan]

I took my time, disassembled one of P3 dumps, found the routine and actually understood what the hash is doing. And rewrote it in a clean, understandable C. The source code that is floating on the net, is clearly a compiler-optimized machine code decompiled back into C. My variation of the algo does the same bit manipulation (ends up with the same result), but looks nicer for humans.

'k' is input vector to hash function represented as a 64 bit integer.

This was what I came up with so far trying to optimize the Algo. v2 starts with 0xC541A9, and v1 is the 64 bit pin/seed combo. (Just showing my loop here.)

Code: Select all

for x in range(0,64):
    v3 = ((v2 & 1) ^ ((v1 >> x) & 1));
    v4 = (v2 >> 1);
    if v3==1:
        v2 = (v4 ^ 0x909028);
    else:
        v2 = v4;

[gnalan]

Screenshot_2022-04-25-12-32-26-01_3aea4af51f236e4932235fdada7d1643.jpg (488.87 KiB) Viewed 643 times

Source found here.
7f 27 35 (Invalid key.)

[gnalan]

I took my time, disassembled one of P3 dumps, found the routine and actually understood what the hash is doing. And rewrote it in a clean, understandable C.

Code: Select all

void p3_hash(unsigned char *pin, unsigned char *seed, unsigned char *hash)
{
  unsigned int n = 0xc541a9, m = 0x1212050;
  unsigned long long k;
  unsigned char *in = (unsigned char *)&k;
  struct foo {
    unsigned int n0: 4, n1: 4, n2: 4, n3: 4, n4: 4, n5: 4, n6: 4, n7: 4;
  } *out = (struct foo *)&n;
  int i;

  in[0] = seed[0];
  in[1] = seed[1];
  in[2] = seed[2];
  in[3] = pin[0];
  in[4] = pin[1];
  in[5] = pin[2];
  in[6] = pin[3];
  in[7] = pin[4];

  for (i = 0; i < 64; i++, n >>= 1, k >>= 1) {
      if ((n ^ k) & 0x1)
          n ^= m;
  }

Can you explain your code in a little more detail for me, please? Thank you, vtl.

The 'struct foo' and your 'if' statement have me a little stumped. Does 'n ^=m' take place for all 64 bits or only if the 'if' statement is 1? I'm still trying to figure out where 'm' came from also. In the 'struct foo' I'm not sure what all the '4' are doing.

[vtl]

The 'struct foo' and your 'if' statement have me a little stumped. Does 'n ^=m' take place for all 64 bits or only if the 'if' statement is 1?

'n' xor 'm' for all bits of 'n' if conditional statement is 1.

I'm still trying to figure out where 'm' came from also.

This is 0x109028 from your (internet) decompiled code. It is just shifted left and prepended with '1' to actually emit new data (otherwise the cycle will degrade into producing zeroes only - apparently).

In the 'struct foo' I'm not sure what all the '4' are doing.

':4' are bitfields: https://www.tutorialspoint.com/cprogram ... fields.htm 'struct foo' with 8 4-bit variables replaces a horde of hard to follow shifts and masks in the internet code. It is machine-specific, of course, as it depends on endianness, but I aimed it to run on commodity x86.