Gm Seed key algorithms

Posts: 44
Joined: Wed Sep 04, 2019 8:41 pm

Re: Gm Seed key algorithms

Postby mattyjf01 » Fri Oct 02, 2020 10:14 pm

I think 0x2A is wrong "If HH<LL use 2's complement, else use 1's complement"

Has anyone got any seed key pairs to try on this
(Stepped through GM-Seed-key-Tester-master)

(LL and HH reversed because it was easier for me)
05 Byte swap
14 ADD LLHH
2A IF LL<HH use 2's complement, else use 1's complement
37 AND HHLL
4C Rotate Left by LL bits
52 OR HHLL
6B Rotate Right by HH bits
75 ADD HHLL
7E Byte Swap then IF LL>HH ADD LLHH ELSE ADD HHLL
98 SUB LLHH
F8 SUB HHLL
Attachments
GMSeedKey.exe
(37.5 KiB) Downloaded 88 times

Posts: 251
Joined: Thu Feb 13, 2020 11:32 pm

Re: Gm Seed key algorithms

Postby ironduke » Sat Oct 03, 2020 12:35 am

What algo are you working with that you have questions about?

Algo 2A for Class 2
Algorithm: 2a
Step : tempseed1 == seed << 0xA
Step : tempseed2 == seed >> 0x6
Step : seed == (tempseed1 | tempseed2)
Step : Seed += 0xD3C5
Step = Byte Swap seed
Step : seed+= 0xF863
Step : tempseed1 == seed >> 0xB
Step : tempseed2 == seed << 0x5
Step : key == (tempseed1 | tempseed2)

Algo for GMlan

Step : seed = ~seed
Step : Seed += 0xAA38
Step : tempseed1 == seed << 0x2
Step : tempseed2 == seed >> 0xE
Step : seed == (tempseed1 | tempseed2)
Step : key = Byte Swap Seed

Algo for GM other
Step : tempseed1 == seed >> 0x4
Step : tempseed2 == seed << 0xC
Step : seed == (tempseed1 | tempseed2)
Step : seed-= 0x7EBF
Step : seed = ~seed
Step : key = seed-= 0x7A7F

Posts: 44
Joined: Wed Sep 04, 2019 8:41 pm

Re: Gm Seed key algorithms

Postby mattyjf01 » Sat Oct 03, 2020 4:23 pm

First post gmseedkey.doc
I was wondering if 2a was backwards?

Posts: 44
Joined: Wed Sep 04, 2019 8:41 pm

Re: Gm Seed key algorithms

Postby mattyjf01 » Sat Oct 03, 2020 5:17 pm

What about algorithms for ALDL VZ Bcm?

User avatar
Posts: 1087
Joined: Sat Dec 15, 2018 7:38 am

Re: Gm Seed key algorithms

Postby Gampy » Sat Oct 03, 2020 5:49 pm

mattyjf01 wrote:First post gmseedkey.doc
I was wondering if 2a was backwards?

Flip it, regression test it ...
Improve Knowledge -=- Share Yours!

Posts: 44
Joined: Wed Sep 04, 2019 8:41 pm

Re: Gm Seed key algorithms

Postby mattyjf01 » Sat Oct 03, 2020 7:28 pm

Not the algo. The 2A function described in the document on the first post
"0x2A = Complement – if HH>LL use 2’s complement, else use 1’s complement"

In GM_s_k and the Vb.net version i wrote its
"0x2A = Complement – if HH<LL use 2’s complement, else use 1’s complement"

Posts: 251
Joined: Thu Feb 13, 2020 11:32 pm

Re: Gm Seed key algorithms

Postby ironduke » Sun Oct 04, 2020 2:09 am

Ok, I kinda started thinking that's what you meant/typed out and I just misunderstood..
So in order to test this we need to find an algo that uses the 2A function and then get some known seed-keys to test which way is correct, right??

It looks like algo 92 of glman for the E38 ecu uses the 2a function and what I have has been working for every single seed I've thrown at it..

you typed out that you reversed Hi and Low because it was easier for you? what does that mean? hi is low and low is hi?? That's going to confuse me.. sorry

your 2A function written as "2A IF LL<HH use 2's complement, else use 1's complement" matches mine..


Step : seed = ~seed
IF LL<HH use seed +1

actual 2a routine is below..

int sub_10001028(int a1, int a2) // a1 is the seed // a2 is dependent on data in the table for that algo.
{
__int16 v2;
int v4;
unsigned char low, high;
v4 = a2;
low = *(unsigned char *)v4; // this is 0xb8 for algo 0x92
high = *(unsigned char *)++v4; // this is 0x70 for algo 92
v2 = ~*(_WORD *)a1; // v2 = bitwise 1's compliment
if (debug) printf("Step : seed = ~seed\n");
*(_WORD *)a1 = v2; // push v2 to seed memory location
if (low < high) {
*(_WORD*)a1 = v2 + 1;
if (debug) printf("Step : seed += 1\n");
}
return 0;
}

in the 92 algo a1 is the seed and 0xb8 is low and 0x70 is hi.. lo(0xb8) is NOT lower than hi(0x70) so it's only 1's compliment



here's my short list of ecu to algo's feel free to add to my list, or correct me if I've got one wrong..

E38 is gmlan 0x92
E39 is gmlan 0xDC
E54 is Class2 0x36
E67 is GMlan 0xEB
e78 is gmlan 0xDB
E92 is GM_other 0x01

T43 is gmlan 0x84
T76 is gmlan 0xC5
T87 is GM_other 0x39

P01,P59 is class2? 0x28
P04 is class2 0x0e
Last edited by ironduke on Sun Oct 04, 2020 3:59 am, edited 2 times in total.

User avatar
Posts: 1087
Joined: Sat Dec 15, 2018 7:38 am

Re: Gm Seed key algorithms

Postby Gampy » Sun Oct 04, 2020 3:31 am

ironduke wrote:P01,P59 is class2? 0x40
P04 is class2 0x14
That is decimal 40 (0x28) and decimal 14 (0x0E)
Improve Knowledge -=- Share Yours!

Posts: 251
Joined: Thu Feb 13, 2020 11:32 pm

Re: Gm Seed key algorithms

Postby ironduke » Sun Oct 04, 2020 3:58 am

Gampy wrote:
ironduke wrote:P01,P59 is class2? 0x40
P04 is class2 0x14
That is decimal 40 (0x28) and decimal 14 (0x0E)


Doh!!! Thanks....

Posts: 44
Joined: Wed Sep 04, 2019 8:41 pm

Re: Gm Seed key algorithms

Postby mattyjf01 » Sun Oct 04, 2020 3:19 pm

Thanks Ironduke, That's Correct
I Only Have a GMLAN (Ve) to test on at the moment and none of the Algorithms have used the 2A Function

SWCAN
IPC = E8
EHU = B7
TDM = 71
Last edited by mattyjf01 on Sun Oct 04, 2020 3:28 pm, edited 1 time in total.

PreviousNext

Return to Tool Development

Who is online

Users browsing this forum: No registered users and 1 guest