Reversing Seed & Key Exchange Harley Davidson

Disassembly, Reassembly, Tools and devleopment. Going deep with Hardware and Software.
Post Reply
jakka
Posts: 53
Joined: Mon Dec 11, 2023 11:51 am
cars: 6FPAAAJGSW9E86101
Location: Aus
Contact:
Contact jakka

Reversing Seed & Key Exchange Harley Davidson

Post by jakka »

I am making a flash tool for Harley Davidson ECU's (tricore TC265), and have been looking for the algorithm and secret keys online with no success. So it looks like I am going to have to reverse them out of a binary file with Ghidra. Any pointers for a Ghidra n00bie?

So far I have:
- Sniffed the Security Access Seed and Key exchange
- Read a binary file from the ECU
- Opened the binary in the ghidra code explorer, setting language to Tricore
- Started to disassemble the binary.

Note that the seed and key appear to be static, so you always get the exact same 8 byte seed in response to a security access request, to which with the same key you get a positive response and unlock the controller. My concern is that while this may be excellent in terms of unlocking the controller, I fear that other ECU'S of the same make each have their own individual seed and key, which would require the algorithm and secret keys to figure out, as this seed and key pair is only good for unlocking this particular ECU.

Code: Select all

	
		Seed: 69 4A CB 35 5B 18 50 2A
		Key:  94 0E 61 53 aC 5F E6 F1

Any advice would be much appreciated Thanks.
Top
User avatar
antus
Site Admin
Posts: 8988
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:
Contact antus

Re: Reversing Seed & Key Exchange Harley Davidson

Post by antus »

Generally speaking its different per manufacturer. Thus even if its a Delphi PCM, the algo will be completely different to anything Delphi GM for Delphi Harley Davidson. 8 byte seed and key to start with, is quite different.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
Top
User avatar
Gatecrasher
Posts: 352
Joined: Sat Apr 25, 2020 6:09 am

Re: Reversing Seed & Key Exchange Harley Davidson

Post by Gatecrasher »

If there's no actual calculation on the ECU, then I wouldn't even waste my time with the code. I'd try to find a copy of the diagnostic software and start picking that apart.

The only other thing I could suggest is trying to figure out if there's any sort of correlation between the S/K data and some other unique variable like the ECU serial number or traceability code or something.
Top
Deuce
Posts: 63
Joined: Mon Feb 01, 2021 1:03 pm
cars: TUF355

Re: Reversing Seed & Key Exchange Harley Davidson

Post by Deuce »

The codes are on key fobs and the ECU can be programmed to accept 2 different (16-digit) key codes.
I've programmed dozens of them before with Harley digital technician.
Also, the number inside the fob has no relationship (that I can see) to the 16 digit code.
Top
User avatar
Tazzi
Posts: 3546
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:
Contact Tazzi

Re: Reversing Seed & Key Exchange Harley Davidson

Post by Tazzi »

Would have to look into reverse engineering the dealership files to understand the algorithm. Thats how most companies figure it out if the seed/keys are static. :thumbup:
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
Top
Post Reply

Return to “Engineering and Reverse Engineering”