pcmhacking.net

I think 0x2A is wrong "If HH<LL use 2's complement, else use 1's complement"

Has anyone got any seed key pairs to try on this
(Stepped through GM-Seed-key-Tester-master)

(LL and HH reversed because it was easier for me)
05 Byte swap
14 ADD LLHH
2A IF LL<HH use 2's complement, else use 1's complement
37 AND HHLL
4C Rotate Left by LL bits
52 OR HHLL
6B Rotate Right by HH bits
75 ADD HHLL
7E Byte Swap then IF LL>HH ADD LLHH ELSE ADD HHLL
98 SUB LLHH
F8 SUB HHLL

What algo are you working with that you have questions about?

Algo 2A for Class 2
Algorithm: 2a
Step : tempseed1 == seed << 0xA
Step : tempseed2 == seed >> 0x6
Step : seed == (tempseed1 | tempseed2)
Step : Seed += 0xD3C5
Step = Byte Swap seed
Step : seed+= 0xF863
Step : tempseed1 == seed >> 0xB
Step : tempseed2 == seed << 0x5
Step : key == (tempseed1 | tempseed2)

Algo for GMlan

Step : seed = ~seed
Step : Seed += 0xAA38
Step : tempseed1 == seed << 0x2
Step : tempseed2 == seed >> 0xE
Step : seed == (tempseed1 | tempseed2)
Step : key = Byte Swap Seed

Algo for GM other
Step : tempseed1 == seed >> 0x4
Step : tempseed2 == seed << 0xC
Step : seed == (tempseed1 | tempseed2)
Step : seed-= 0x7EBF
Step : seed = ~seed
Step : key = seed-= 0x7A7F

First post gmseedkey.doc
I was wondering if 2a was backwards?

What about algorithms for ALDL VZ Bcm?

mattyjf01 wrote:First post gmseedkey.doc
I was wondering if 2a was backwards?

Flip it, regression test it ...

Not the algo. The 2A function described in the document on the first post
"0x2A = Complement – if HH>LL use 2’s complement, else use 1’s complement"

In GM_s_k and the Vb.net version i wrote its
"0x2A = Complement – if HH<LL use 2’s complement, else use 1’s complement"

Ok, I kinda started thinking that's what you meant/typed out and I just misunderstood..
So in order to test this we need to find an algo that uses the 2A function and then get some known seed-keys to test which way is correct, right??

It looks like algo 92 of glman for the E38 ecu uses the 2a function and what I have has been working for every single seed I've thrown at it..

you typed out that you reversed Hi and Low because it was easier for you? what does that mean? hi is low and low is hi?? That's going to confuse me.. sorry

your 2A function written as "2A IF LL<HH use 2's complement, else use 1's complement" matches mine..


Step : seed = ~seed
IF LL<HH use seed +1

actual 2a routine is below..

int sub_10001028(int a1, int a2) // a1 is the seed // a2 is dependent on data in the table for that algo.
{
__int16 v2;
int v4;
unsigned char low, high;
v4 = a2;
low = *(unsigned char *)v4; // this is 0xb8 for algo 0x92
high = *(unsigned char *)++v4; // this is 0x70 for algo 92
v2 = ~*(_WORD *)a1; // v2 = bitwise 1's compliment
if (debug) printf("Step : seed = ~seed\n");
*(_WORD *)a1 = v2; // push v2 to seed memory location
if (low < high) {
*(_WORD*)a1 = v2 + 1;
if (debug) printf("Step : seed += 1\n");
}
return 0;
}

in the 92 algo a1 is the seed and 0xb8 is low and 0x70 is hi.. lo(0xb8) is NOT lower than hi(0x70) so it's only 1's compliment



here's my short list of ecu to algo's feel free to add to my list, or correct me if I've got one wrong..

E38 is gmlan 0x92
E39 is gmlan 0xDC
E54 is Class2 0x36
E67 is GMlan 0xEB
e78 is gmlan 0xDB
E92 is GM_other 0x01

T43 is gmlan 0x84
T76 is gmlan 0xC5
T87 is GM_other 0x39

P01,P59 is class2? 0x28
P04 is class2 0x0e

ironduke wrote:P01,P59 is class2? 0x40
P04 is class2 0x14

That is decimal 40 (0x28) and decimal 14 (0x0E)

Gampy wrote:

ironduke wrote:P01,P59 is class2? 0x40
P04 is class2 0x14

That is decimal 40 (0x28) and decimal 14 (0x0E)

Doh!!! Thanks....

Thanks Ironduke, That's Correct
I Only Have a GMLAN (Ve) to test on at the moment and none of the Algorithms have used the 2A Function

SWCAN
IPC = E8
EHU = B7
TDM = 71