Vida CEM swapping

coormis · Post by **coormis** » 10 Mar 2023, 12:01

[/quote]
By the way, the latency numbers in your log are totally off, they make no sense. That's why I suspected the hw implementation.
[/quote]

I will check tomorrow, thanks for the advice.

dikidera · Post by **dikidera** » 10 Mar 2023, 13:18

@vtl, can you rephrase your previous post? To me synchronization can be described more as a mismatch of some timing, like a peripheral clock and you need to sync the two endpoints.
Perhaps you meant that the immobilizer key is to be updated in the ECU or maybe it's a hashed value of the immobilizer key? Or maybe you meant something entirely different?

Thank you.

matija0610 · Post by **matija0610** » 11 Mar 2023, 01:03

dikidera wrote: ↑10 Mar 2023, 13:18 @vtl, can you rephrase your previous post? To me synchronization can be described more as a mismatch of some timing, like a peripheral clock and you need to sync the two endpoints.
Perhaps you meant that the immobilizer key is to be updated in the ECU or maybe it's a hashed value of the immobilizer key? Or maybe you meant something entirely different?

Thank you.

look at the picture, everything will be clear to you.

: Screenshot_2.png (615.97 KiB) Viewed 901 times

as the oscilloscope said.. reverse engineering from some programs available on the internet.
This one for synchronization, I sent you recently, you have it.
Try to play with the combinations and see the addresses..
this is an example for CEM-B. It is synchronized in CEM flash and ECU eeprom.
depending on which CEM-ECU combination you will have, you have to do your research in that direction. and maybe the CODECARD software will be enough for you, if your ECU-CEM combination exists

oscilloscope · Post by **oscilloscope** » 11 Mar 2023, 04:04

matija0610 wrote: ↑11 Mar 2023, 01:03
dikidera wrote: ↑10 Mar 2023, 13:18 @vtl, can you rephrase your previous post? To me synchronization can be described more as a mismatch of some timing, like a peripheral clock and you need to sync the two endpoints.
Perhaps you meant that the immobilizer key is to be updated in the ECU or maybe it's a hashed value of the immobilizer key? Or maybe you meant something entirely different?

Thank you.
look at the picture, everything will be clear to you.

Screenshot_2.png

as the oscilloscope said.. reverse engineering from some programs available on the internet.
This one for synchronization, I sent you recently, you have it.
Try to play with the combinations and see the addresses..
this is an example for CEM-B. It is synchronized in CEM flash and ECU eeprom.
depending on which CEM-ECU combination you will have, you have to do your research in that direction. and maybe the CODECARD software will be enough for you, if your ECU-CEM combination exists

I have slowly been making my own software which attempts to cover pretty much all modules variants , using the iprog programming IDE , . , i'm doing this is by buying my own second hand ecu set. And take dumps from them , and also perform the exact same thing I get paid to do on customers jobs. I can pretty much cover all variants so far even the sid807evo which so far ( from many searches) no one can do.
The codecard software that has been cracked by someone from mhhauto some years ago. Which cover some of the ecu & cem combinations. This Is ok although i rarely use it , but I think it has some sort of virus inbedded within as it seems to always carry a virus in the pen drive when i perform the file transfer from computer to computer. (Yes the software is on another laptop less risk of infection) with the adjusted eeprom file which its destination is for the ecu.
I unfortunately do not understand enough about thr encryption method which is implemented on the mcu's to be able to decode the file for editing also knowing the structure for what is being changed, as the synchro code isn't the only thing being adjusted from what I can tell. , my goal is to release my software for free on the iprogpro programmer. It won't be perfect and I'm sure it'll need changes along the way.

brobert · Post by **brobert** » 11 Mar 2023, 10:19

Greetings.

A newbie question about ignition keys:

I want to activate a 2nd ignition key for my 2006 V70 P2.
I have my new Volvo flip-key engraved and ready to be added to the CEM and ECU.
I also have my CEM PIN decoded but wonder if a second PIN for the ECU also required?
I ask because when registering my car on the d5t5 site, there are two PIN entry fields (CEM and ECU).
Thanks for the wisdom.

oscilloscope · Post by **oscilloscope** » 11 Mar 2023, 13:45

i have been attempting to see if i can make a independent program which can utilise the decrypt function script using AI , but i am failing miserably.

unfortunailty I do not know enough about cryptography or enough about coding to what is going wrong. , i have attempted to make a small python app which can search the areas of 7FFF0-7FF30 using the :-

void eeprom_decrypt(unsigned char *eeprom, int len, unsigned char *crypto, unsigned char *decrypted)
{
for (int i = 0; i < len; i++)
decrypted = .bin file ^ crypto[i % 0x3d] ^ (i / 7);
}

but it doesn't like the code , so my only theory is it doesn't know what its looking for. in the python script , i did remove the void section and changed the eeprom to .bin file , for the python code. , so my next question is , what am i doing wrong?

dikidera · Post by **dikidera** » 11 Mar 2023, 14:36

@oscilloscope it depends on what you are trying to do. I doubt chatGPT can program, though Github CoPilot certainly can help. However nothing will of course beat the human programmer(for now).

oscilloscope · Post by **oscilloscope** » 11 Mar 2023, 15:35

dikidera wrote: ↑11 Mar 2023, 14:36 @oscilloscope it depends on what you are trying to do. I doubt chatGPT can program, though Github CoPilot certainly can help. However nothing will of course beat the human programmer(for now).

i am trying to see if can make an independent python program which can decode the CEM bin files i have , i already have software that can do it which is great but i don't know how its done. i have searched many a time on github regarding a XOR cipher , decoder etc. volvo cem , its possible i am putting in the wrong thing who knows

, i have asked on here , and i did get directed too some code which i have been using , well i "attempting to use " but its not working.. currently. unfortunately i do not know enough about coding to really understand what is happening so the best thing i can do is get a rough idea of what it could potentially look like and then learn the really hard annoying way , but its grabbing my attention still so it much be working.

dikidera · Post by **dikidera** » 11 Mar 2023, 16:12

You are taking the hard approach to learning programming, I've been there waaay way back in 2007 and then later on in 2011 with C then with Java(Android flavor).

I also very long ago, wrote an Android program...on my phone when I had no access to a PC. https://bitcointalk.org/index.php?topic=101612.0 it was one of my more ambitious projects at the time but with enough patience the code will, one way or another, start making sense.

My most recent ambitious project was writing my own control flow graph generator in Java(in order to re-learn java as I had not used it for over 8 years!), it worked semi-ok. But semi-ok because I tested it on obfuscated code.

Point is, trial&error on some things. It's not efficient, but everyone has a way of learning things.

Post by **vtl** » 11 Mar 2023, 16:43

dikidera wrote: ↑11 Mar 2023, 16:12 I also very long ago, wrote an Android program...on my phone when I had no access to a PC.

Conscript?

Vida CEM swapping

Re: Vida CEM swapping