Gm Seed key algorithms

User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: Gm Seed key algorithms

Post by antus »

I think your right, I also found this was a bug in pcmhammer. https://github.com/LegacyNsfw/PcmHacks/ ... b23243a7ee
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
User avatar
Gampy
Posts: 2331
Joined: Sat Dec 15, 2018 7:38 am

Re: Gm Seed key algorithms

Post by Gampy »

mattyjf01 wrote:I Only Have a GMLAN (Ve) to test on at the moment and none of the Algorithms have used the 2A Function
Test against the dll ...
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
mattyjf01
Posts: 282
Joined: Wed Sep 04, 2019 8:41 pm

Re: Gm Seed key algorithms

Post by mattyjf01 »

Found Some seed key pairs on here that used 2A That corroborated what i was thinking
Also the OBDII GM Seed/Key Tool app is wrong too
Noticed You Used Low and high byte the same way in PCMHammer 8-)
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: Gm Seed key algorithms

Post by antus »

yeah someone sent us a pull request with that code, I found it when I was looking in to adding support for reading E43 and LB7 PCMs and getting the wrong results, but I didnt realise the oops was likely copied from the document here. The fix is in the pcmhammer development branch, but as those algos are not used in any of the pcms 014 supports at this stage it hasnt warranted an update.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
RoninDusette
Posts: 23
Joined: Thu Oct 25, 2018 8:06 am
cars: 2015 Chevy Cruze LT (Trifecta, CAI, lowered)
1991 Honda CRX Si (gutted, waiting for love)
2004 Ford Focus SE
2015 Chevy Malibu
2002 Saturn SL

Re: Gm Seed key algorithms

Post by RoninDusette »

antus wrote:Mdi or mdi 2 is the newer tool but it'll get expensive. Keep thinking, there is no one and only way. Nobody can teach or tell you everything. You will find the more you know it keeps getting harder to go deeper.
Sorry. Family things took my attention since I posted that. And I agree. There are likely multiple ways to go about everything. Some graceful, some not so much. The problem is that I don't want to be taught everything, but that people are mostly unwilling to share or teach ANYTHING. I have figured out a few thing, but nothing that is leading to a full-blown solution to the issue. Part of that absolutely stems from my lack of experience/knowledge working with these computers, bitwise operations, and finding very little in terms of info on where I would even start. Like, for me, a good starting place from what I deduce would be a few tutorials on IDA. That would help a great deal (just primers, really. Once I understand the basics I should be good, but the stuff I find just doesn't grab me, again most likely because of my dearth of knowledge regarding this area. But yeah. Don't want fish. Don't want to be taught everything about fishing. Just helps to learn how to bait a hook from someone that knows how, if that makes any sense. :D
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: Gm Seed key algorithms

Post by antus »

There is plenty of info around the site if you search for it as you go. This is a starting point for ida, and there is also a lot of general information around the wider internet about the tool when using it on other architectures.

viewtopic.php?f=42&t=6734&hilit=ida
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
gmtech825
Posts: 186
Joined: Fri Feb 24, 2017 11:27 am

Re: Gm Seed key algorithms

Post by gmtech825 »

I know very little, but what I gather from this thread is if i have a seed and a corresponding key, Thats not enough to calculate a universal algo for all the 5 byte stuff is it?
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: Gm Seed key algorithms

Post by antus »

That is correct. I believe it involves AES encryption, so once you figure out the general algorithm you still need a way to get the keys. Unfortunately we cant and wont help obtaining these things.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
gmtech825
Posts: 186
Joined: Fri Feb 24, 2017 11:27 am

Re: Gm Seed key algorithms

Post by gmtech825 »

antus wrote:That is correct. I believe it involves AES encryption, so once you figure out the general algorithm you still need a way to get the keys. Unfortunately we cant and wont help obtaining these things.

yeah, I figured if it was that easy it would have been figured out by now. it wouldn't surprise me if these companies are "unlocking" these ECM's by obtaining the key the same way I did, and aren't actually opening them up.
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: Gm Seed key algorithms

Post by Tazzi »

gmtech825 wrote: yeah, I figured if it was that easy it would have been figured out by now. it wouldn't surprise me if these companies are "unlocking" these ECM's by obtaining the key the same way I did, and aren't actually opening them up.
Personally I emulate responses to auto generate keys on command with requests to/from my server to my customer software. I imagine this is how some tuning companies are doing this, especially with the new 32byte key rolling out and rolling seed/key options.

Considering 5byte key technically has trillion+ combinations..... you 'could' save every single combo for a single algo to 5.5terabyte harddrive :lol:
But even if you could generate 100,000keys per second (Which online method just cant do..).. it would still take 624days to generate every combo :shock:

Now... a 32byte key... thats just not even the slightest possibility.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
Post Reply