Vida CEM swapping

[3staar]

Ah I was under the impression the pin was all number based, thank you.

[dikidera]

It still is, back in 2012 as I was starting out writing software I was blown away of the realization that HEX, or say a 256-bit HASH was just a really big number represented in base16.

[rkam]

When using this seed/key security protocol there are 65536 pin codes that will give the same key for the received seed. The pin number found with the cracker is not the same as stored in the CEM, but will result in the same key and therefore unlock the CEM. The pin in the CEM is all numbers.

[vtl]

There's util/seed-gen.c in p3 branch:

Code: Select all

 * Finds all matching pins for a given seed+key match
 *
 * $ gcc -Ofast -o seed-gen seed-gen.c
 * $ ./seed-gen --seed "8f ca 96" --key "19 30 48" --pps 866
 *

For a given seed+key collision it finds 400-600 matching pins in decimal coding (numbers only). Hexadecimal pin, as rkey has mentioned, has 65536 collisions.

Code: Select all

$ ./seed-gen --seed "47 db 87" --key "ff ff cb db 0e" --pps 886
Searching all hash collisions for SEED 47 db 87, KEY ff ff cb at 886 tries per second
   2.69 hrs [      1] PIN 00 08 57 92 22
   5.81 hrs [      2] PIN 00 18 52 80 30
   8.40 hrs [      3] PIN 00 26 80 15 65
...
2116.97 hrs [    413] PIN 67 52 30 39 04
2125.48 hrs [    414] PIN 67 79 43 09 54
2126.72 hrs [    415] PIN 67 83 38 88 95

P3 (Ford's?) pin is a good example of what happens if you just throw advanced things in like hashes or cryptography, but do not do it properly. Compare it to P2 brick CEM linear pin compare routine that does not jump out on the first mismatch and continues matching the rest of the pin. Simple, if not straight dumb, yet fully resilient to timing attack.

P2 L-shaped CEM could have been done even more resilient if Volvo would use the same pin routine and lock the Renesas built-in flash, so it could not be read externally by soldering wires.

Now ask yourself how many security holes does a typical modern tablet on the wheels exposes to dear hackers...

[dikidera]

Modern cars are about as secure as leaving your wallet in the subway. And they can self-drive now.

[Volvisti]

Hello,
i am a bit confused, i build the cracker, have used twisted cables for can and the can high/low driver from the schematics, but i get everytime i run the program a different result, i also increased the sample rate, still every run a different result.

i tried to run with external power, off the car battery (battery was charged) also with battery charger, no luck.

any suggestions what i might do wrong?
thanks
V

[oscilloscope]

I may not have studied compiler theory, but I for sure can tell that whatever compiler emitted this...is terrible. I've seen similar such code in all SH2 binaries I've studied. So many redundant operations.

sub_30E60:

var_2= -2

add #-4, r15 //redundant?
mov.w #PADR_W, r2
mov.w @r2, r0
mov.w r0, @(2,r15) // redundant
mov.w @(2,r15), r0 //redundant
extu.w r0, r0
mov.l #off_8000, r3
and r3, r0
cmp/eq r3, r0
movt r0
add #4, r15 //why even use the stack in the first place?
rts
nop

This kinda reminds me of ARM mixed with z80 or possibly 6502 assembly routines afew of immediate addressing hashes # ? Zero page (if this is doing that)
Do you know what this assembly is from architecture etc ?

[TonyToronto]

Hi,
has anyone been able to get pin code from famous 8690720 CEM? I have one here that will not crack. i tried 4-5 times, always comes up with different first 3 sets, and than just fails to crack.
I have another one 30765015, cracked 1st try.

EDIT: was able to read it with P1 fork, quick too.

[TonyToronto]

Hello,
i am a bit confused, i build the cracker, have used twisted cables for can and the can high/low driver from the schematics, but i get everytime i run the program a different result, i also increased the sample rate, still every run a different result.

i tried to run with external power, off the car battery (battery was charged) also with battery charger, no luck.

any suggestions what i might do wrong?
thanks
V

What CAN transceivers are you using? There are lot of fake stuff out here. USB or 12V to power Teensy? And CEM part number?

[Volvisti]

Hi,

SN65HVD230, CEM 31254317, 12V to 5V converter via breadboard connected to (teensy) 5V and ground .
how can i figure if my parts are fake or not?
thanks!