GM 5 byte seed key generator

dmaxben
Posts: 16
Joined: Thu Feb 19, 2015 12:54 am
cars: Duramax

Re: GM 5 byte seed key generator

Post by dmaxben »

Gatecrasher wrote:You're not wrong about the lockouts, but that's not what DVT means.

https://www.corvettemuseum.org/demystif ... d-process/
“The first thing that happens is alignment. The car is driven over an alignment pit with operators under the car doing the work with about 30 individual checks. The next step is Dynamic Vehicle Test (‘DVT’). Over 8,000 checks are done in DVT. The car will check a lot of things itself. In here we communicate with the vehicle and are looking to find things like are the antennas working properly for OnStar.”
Check out the video at the bottom of the page. Skip to 16:30. They show the DVT process.
Thats something different. Apparently GM media and GM engineering use the same acronym, but for different things.....I guess they dont communicate much lol.

GM engineering, their "DVT" is Diagnostic Vehicle Tests. And its what I described, secret elevated permissions for mode AE crap that doesnt have the protections that are otherwise implemented in GDS to prevent dealer techs from doing something harmful. The engineering DVT stuff (device control) is only used by the engineers during development.

In GM media, their "DVT" is "dynamic vehicle test", and its just a catch-all term for what they do to every car as it rolls off the assembly line.
dmaxben
Posts: 16
Joined: Thu Feb 19, 2015 12:54 am
cars: Duramax

Re: GM 5 byte seed key generator

Post by dmaxben »

Tazzi wrote:
Gatecrasher wrote:DVT is dynamic vehicle test. It's a battery of automated tests that are run right after the car comes off the assembly line.

Does GDS2 make use of these secured device control modes? You'd think it would have to have the algos buried in a DLL or something.
Great thought, but seems GDS2 assumes the vehicle is in ideal conditions which are not moving as it doesn’t perform any security unlocks.
Tazzi, just wondering if you were able to try any of those other algorithms?
kur4o
Posts: 948
Joined: Sun Apr 10, 2016 9:20 pm

Re: GM 5 byte seed key generator

Post by kur4o »

dmaxben wrote: Tazzi, just wondering if you were able to try any of those other algorithms?
Why not unlock with regular key and than read eeprom memory and extract the dvt pairs from there.
dmaxben
Posts: 16
Joined: Thu Feb 19, 2015 12:54 am
cars: Duramax

Re: GM 5 byte seed key generator

Post by dmaxben »

kur4o wrote:
dmaxben wrote: Tazzi, just wondering if you were able to try any of those other algorithms?
Why not unlock with regular key and than read eeprom memory and extract the dvt pairs from there.
How do you read arbitrary locations of EEPROM via CAN?
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: GM 5 byte seed key generator

Post by Tazzi »

dmaxben wrote:Tazzi, just wondering if you were able to try any of those other algorithms?
Well none seemed to match your exact pair, although this could be GM trickery since I dont have a 5byte BCM on the bench currently, and am using an IOB radio but requesting different algos.. this could be the issue :lol:
kur4o wrote: Why not unlock with regular key and than read eeprom memory and extract the dvt pairs from there.
Thats a great idea.. although from my research, only way I can dump the eeprom is by generating a custom kernel for read/writing. I killed the last 5byte BCM attempting that :lol:
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
dmaxben
Posts: 16
Joined: Thu Feb 19, 2015 12:54 am
cars: Duramax

Re: GM 5 byte seed key generator

Post by dmaxben »

Tazzi wrote:
dmaxben wrote:Tazzi, just wondering if you were able to try any of those other algorithms?
Well none seemed to match your exact pair, although this could be GM trickery since I dont have a 5byte BCM on the bench currently, and am using an IOB radio but requesting different algos.. this could be the issue :lol:
kur4o wrote: Why not unlock with regular key and than read eeprom memory and extract the dvt pairs from there.
Thats a great idea.. although from my research, only way I can dump the eeprom is by generating a custom kernel for read/writing. I killed the last 5byte BCM attempting that :lol:
Correct, you'd need some custom bootloader or something to get the BCM to dump EEPROM contents via CAN.

Thats too bad that the 5 byte keys ending in 0C and 01 arent working... :cry:
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: GM 5 byte seed key generator

Post by Tazzi »

dmaxben wrote: Correct, you'd need some custom bootloader or something to get the BCM to dump EEPROM contents via CAN.

Thats too bad that the 5 byte keys ending in 0C and 01 arent working... :cry:
I believe its because Im not using a proper BCM on the bench. I might be able to validate in a few days.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
JandJSpeedShop
Posts: 4
Joined: Wed Aug 09, 2017 2:29 am
cars: Camaro & Corvette

Re: GM 5 byte seed key generator

Post by JandJSpeedShop »

VIN: 1GCNCNEH0HZ106335

PCM Service No: 12674052
PCM Traceability Code: 1116253017902Q8R
PCM Security Seed: F9EAB23206

Please & thank you
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: GM 5 byte seed key generator

Post by Tazzi »

JandJSpeedShop wrote:VIN: 1GCNCNEH0HZ106335

PCM Service No: 12674052
PCM Traceability Code: 1116253017902Q8R
PCM Security Seed: F9EAB23206

Please & thank you
Whats the PCM? E98... E92a... ect.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
gmtech825
Posts: 186
Joined: Fri Feb 24, 2017 11:27 am

Re: GM 5 byte seed key generator

Post by gmtech825 »

I would absolutely love elevated device control, GDS is extremely frustrating. There are so many times I want to control something but it won't allow it.
Post Reply