Seed key brute force program.

Programs / Tools / Scripts
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: Seed key brute force program.

Post by ironduke »

Gampy wrote:Sorry, but that's just fudged up, why they make shit like that is beyond me, freaking control freaks.
The clones are hot glued in, genuine's are not.. I'm guessing they glue them in so they don't fall out when they get thrown in a shipping container and sent over here, lol..
User avatar
Gampy
Posts: 2330
Joined: Sat Dec 15, 2018 7:38 am

Re: Seed key brute force program.

Post by Gampy »

I don't mean the glue gun construction, I mean running off the SD ... I assume you have to be connected to the internet to do it.
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: Seed key brute force program.

Post by ironduke »

Gampy wrote:I don't mean the glue gun construction, I mean running off the SD ... I assume you have to be connected to the internet to do it.
Nope, just be running the MDI manager.. no internet required.. No license, just the software and you can get it straight from Bosch..

Honestly not sure what the card is used for. Back 2-3 years ago I found out you could modify a file in the SD card and get a different serial number.. The clones all have the same serial and if your in a shop with more than one it can be problematic since it's used wireless.. They had a firmware update later on that ended that, but you can still modify the serial # if you really want to, just no where as easy. It does have data and info on it, and the MDI doesn't like booting without it, but it does have on board memory so??
User avatar
Gatecrasher
Posts: 272
Joined: Sat Apr 25, 2020 6:09 am

Re: Seed key brute force program.

Post by Gatecrasher »

The SD card has the main MDI operating software. The onboard memory is only the initial bootloader and recovery kernel. It's like the difference between your BIOS and your main OS on your desktop.

I've been wondering something about these brute force programs. Pretty much all of the algorithms are known, right? So we do we need to do a brute force of the full key space? Why not just run the seed through the known algos and at least try those first before moving on to a true brute force attack? I had to do exactly this on a video processing module recently. The damn thing had to be allowed to go into a soft power off after every 2nd attempt, or else it would just keep throwing an 'exceeded number of attempts' error. I think it ended up working out to around 30 seconds per key. It would have taken a couple of weeks at that rate. So I ran the seed through the algos and came up with a list of ~512 possibilities. Had my key in a couple hours.
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: Seed key brute force program.

Post by ironduke »

Gatecrasher wrote:The SD card has the main MDI operating software. The onboard memory is only the initial bootloader and recovery kernel. It's like the difference between your BIOS and your main OS on your desktop.

I've been wondering something about these brute force programs. Pretty much all of the algorithms are known, right? So we do we need to do a brute force of the full key space? Why not just run the seed through the known algos and at least try those first before moving on to a true brute force attack? I had to do exactly this on a video processing module recently. The damn thing had to be allowed to go into a soft power off after every 2nd attempt, or else it would just keep throwing an 'exceeded number of attempts' error. I think it ended up working out to around 30 seconds per key. It would have taken a couple of weeks at that rate. So I ran the seed through the algos and came up with a list of ~512 possibilities. Had my key in a couple hours.
That could be something to try first.. but I have needed it because I borked writing the bin.. Key was nowhere near one of the known algo's.. And if it was locked with a key on purpose it wouldn't be one of the known algos..
User avatar
Gatecrasher
Posts: 272
Joined: Sat Apr 25, 2020 6:09 am

Re: Seed key brute force program.

Post by Gatecrasher »

I get that. I'm not saying there's no need for it. I just keep seeing these days-long attempts mentioned in discussions about otherwise stock ECUs. Nobody ever mentions trying the known keys before moving on to a full brute force attack.
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: Seed key brute force program.

Post by ironduke »

Gatecrasher wrote:I get that. I'm not saying there's no need for it. I just keep seeing these days-long attempts mentioned in discussions about otherwise stock ECUs. Nobody ever mentions trying the known keys before moving on to a full brute force attack.
Yeah, I pretty much know all the algos for the ecu's I'm working with but definitely get your point. I think I will work on adding a selection for unknown ecu, try all possible ago's.. would be a lot quicker and I could even have it point out the aglo.. Thanks for the idea..

I'm just posting this out since someone had asked for it and I'm trying to learn to code better, the more people to break it for me the better.. already finding out some shortcomings and working on error control and trying again instead of just quitting the program..
gmtech825
Posts: 186
Joined: Fri Feb 24, 2017 11:27 am

Re: Seed key brute force program.

Post by gmtech825 »

Gatecrasher wrote:The SD card has the main MDI operating software. The onboard memory is only the initial bootloader and recovery kernel. It's like the difference between your BIOS and your main OS on your desktop.

I've been wondering something about these brute force programs. Pretty much all of the algorithms are known, right? So we do we need to do a brute force of the full key space? Why not just run the seed through the known algos and at least try those first before moving on to a true brute force attack? I had to do exactly this on a video processing module recently. The damn thing had to be allowed to go into a soft power off after every 2nd attempt, or else it would just keep throwing an 'exceeded number of attempts' error. I think it ended up working out to around 30 seconds per key. It would have taken a couple of weeks at that rate. So I ran the seed through the algos and came up with a list of ~512 possibilities. Had my key in a couple hours.
Currently I'm trying to brute force a key from a tunerlocked ecm. Previous owner traded the truck in without removing the tune/lock.
User avatar
Gampy
Posts: 2330
Joined: Sat Dec 15, 2018 7:38 am

Re: Seed key brute force program.

Post by Gampy »

Gatecrasher wrote:I've been wondering something about these brute force programs. Pretty much all of the algorithms are known, right? So we do we need to do a brute force of the full key space? Why not just run the seed through the known algos and at least try those first before moving on to a true brute force attack? I had to do exactly this on a video processing module recently. The damn thing had to be allowed to go into a soft power off after every 2nd attempt, or else it would just keep throwing an 'exceeded number of attempts' error. I think it ended up working out to around 30 seconds per key. It would have taken a couple of weeks at that rate. So I ran the seed through the algos and came up with a list of ~512 possibilities. Had my key in a couple hours.
There is already a program out there that uses the known 2 byte algorithms and produces a key in seconds from a seed ... No need for another!

The need is for Tuner Locked (or unknowns), exactly what Ironduke has going on here ... I think it's also needed for VPW.

Unfortunately, At the moment I do not have a CAN setup, nor do I have a J-Tool ... Thus I cannot test!
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
gmtech825
Posts: 186
Joined: Fri Feb 24, 2017 11:27 am

Re: Seed key brute force program.

Post by gmtech825 »

Tested the latest version. It worked great, and only took about 5 days.
Post Reply