GM 5 byte seed key generator

Posts: 16
Joined: Thu Feb 19, 2015 12:54 am

Re: GM 5 byte seed key generator

Postby dmaxben » Wed Feb 17, 2021 2:41 am

Gatecrasher wrote:You're not wrong about the lockouts, but that's not what DVT means.

https://www.corvettemuseum.org/demystif ... d-process/

“The first thing that happens is alignment. The car is driven over an alignment pit with operators under the car doing the work with about 30 individual checks. The next step is Dynamic Vehicle Test (‘DVT’). Over 8,000 checks are done in DVT. The car will check a lot of things itself. In here we communicate with the vehicle and are looking to find things like are the antennas working properly for OnStar.”


Check out the video at the bottom of the page. Skip to 16:30. They show the DVT process.


Thats something different. Apparently GM media and GM engineering use the same acronym, but for different things.....I guess they dont communicate much lol.

GM engineering, their "DVT" is Diagnostic Vehicle Tests. And its what I described, secret elevated permissions for mode AE crap that doesnt have the protections that are otherwise implemented in GDS to prevent dealer techs from doing something harmful. The engineering DVT stuff (device control) is only used by the engineers during development.

In GM media, their "DVT" is "dynamic vehicle test", and its just a catch-all term for what they do to every car as it rolls off the assembly line.

Posts: 16
Joined: Thu Feb 19, 2015 12:54 am

Re: GM 5 byte seed key generator

Postby dmaxben » Tue Feb 23, 2021 2:46 am

Tazzi wrote:
Gatecrasher wrote:DVT is dynamic vehicle test. It's a battery of automated tests that are run right after the car comes off the assembly line.

Does GDS2 make use of these secured device control modes? You'd think it would have to have the algos buried in a DLL or something.

Great thought, but seems GDS2 assumes the vehicle is in ideal conditions which are not moving as it doesn’t perform any security unlocks.


Tazzi, just wondering if you were able to try any of those other algorithms?

Posts: 328
Joined: Sun Apr 10, 2016 9:20 pm

Re: GM 5 byte seed key generator

Postby kur4o » Tue Feb 23, 2021 6:24 am

dmaxben wrote:Tazzi, just wondering if you were able to try any of those other algorithms?


Why not unlock with regular key and than read eeprom memory and extract the dvt pairs from there.

Posts: 16
Joined: Thu Feb 19, 2015 12:54 am

Re: GM 5 byte seed key generator

Postby dmaxben » Tue Feb 23, 2021 6:25 am

kur4o wrote:
dmaxben wrote:Tazzi, just wondering if you were able to try any of those other algorithms?


Why not unlock with regular key and than read eeprom memory and extract the dvt pairs from there.


How do you read arbitrary locations of EEPROM via CAN?

Online
User avatar
Posts: 2340
Joined: Thu May 17, 2012 8:53 pm
Location: WA

Re: GM 5 byte seed key generator

Postby Tazzi » Tue Feb 23, 2021 12:05 pm

dmaxben wrote:Tazzi, just wondering if you were able to try any of those other algorithms?


Well none seemed to match your exact pair, although this could be GM trickery since I dont have a 5byte BCM on the bench currently, and am using an IOB radio but requesting different algos.. this could be the issue :lol:

kur4o wrote:Why not unlock with regular key and than read eeprom memory and extract the dvt pairs from there.


Thats a great idea.. although from my research, only way I can dump the eeprom is by generating a custom kernel for read/writing. I killed the last 5byte BCM attempting that :lol:
Your Local Aussie Reverse Engineer
Site:www.envyouscustoms.com
Mob:+61406 140 726
Image

Posts: 16
Joined: Thu Feb 19, 2015 12:54 am

Re: GM 5 byte seed key generator

Postby dmaxben » Tue Feb 23, 2021 9:18 pm

Tazzi wrote:
dmaxben wrote:Tazzi, just wondering if you were able to try any of those other algorithms?


Well none seemed to match your exact pair, although this could be GM trickery since I dont have a 5byte BCM on the bench currently, and am using an IOB radio but requesting different algos.. this could be the issue :lol:

kur4o wrote:Why not unlock with regular key and than read eeprom memory and extract the dvt pairs from there.


Thats a great idea.. although from my research, only way I can dump the eeprom is by generating a custom kernel for read/writing. I killed the last 5byte BCM attempting that :lol:


Correct, you'd need some custom bootloader or something to get the BCM to dump EEPROM contents via CAN.

Thats too bad that the 5 byte keys ending in 0C and 01 arent working... :cry:

Online
User avatar
Posts: 2340
Joined: Thu May 17, 2012 8:53 pm
Location: WA

Re: GM 5 byte seed key generator

Postby Tazzi » Tue Feb 23, 2021 11:14 pm

dmaxben wrote:Correct, you'd need some custom bootloader or something to get the BCM to dump EEPROM contents via CAN.

Thats too bad that the 5 byte keys ending in 0C and 01 arent working... :cry:

I believe its because Im not using a proper BCM on the bench. I might be able to validate in a few days.
Your Local Aussie Reverse Engineer
Site:www.envyouscustoms.com
Mob:+61406 140 726
Image

Previous

Return to Tool Development

Who is online

Users browsing this forum: No registered users and 1 guest