pcmhacking.net

I think your right, I also found this was a bug in pcmhammer. https://github.com/LegacyNsfw/PcmHacks/ ... b23243a7ee

mattyjf01 wrote:I Only Have a GMLAN (Ve) to test on at the moment and none of the Algorithms have used the 2A Function

Test against the dll ...

Found Some seed key pairs on here that used 2A That corroborated what i was thinking
Also the OBDII GM Seed/Key Tool app is wrong too
Noticed You Used Low and high byte the same way in PCMHammer

yeah someone sent us a pull request with that code, I found it when I was looking in to adding support for reading E43 and LB7 PCMs and getting the wrong results, but I didnt realise the oops was likely copied from the document here. The fix is in the pcmhammer development branch, but as those algos are not used in any of the pcms 014 supports at this stage it hasnt warranted an update.

antus wrote:Mdi or mdi 2 is the newer tool but it'll get expensive. Keep thinking, there is no one and only way. Nobody can teach or tell you everything. You will find the more you know it keeps getting harder to go deeper.

Sorry. Family things took my attention since I posted that. And I agree. There are likely multiple ways to go about everything. Some graceful, some not so much. The problem is that I don't want to be taught everything, but that people are mostly unwilling to share or teach ANYTHING. I have figured out a few thing, but nothing that is leading to a full-blown solution to the issue. Part of that absolutely stems from my lack of experience/knowledge working with these computers, bitwise operations, and finding very little in terms of info on where I would even start. Like, for me, a good starting place from what I deduce would be a few tutorials on IDA. That would help a great deal (just primers, really. Once I understand the basics I should be good, but the stuff I find just doesn't grab me, again most likely because of my dearth of knowledge regarding this area. But yeah. Don't want fish. Don't want to be taught everything about fishing. Just helps to learn how to bait a hook from someone that knows how, if that makes any sense.

There is plenty of info around the site if you search for it as you go. This is a starting point for ida, and there is also a lot of general information around the wider internet about the tool when using it on other architectures.

viewtopic.php?f=42&t=6734&hilit=ida

I know very little, but what I gather from this thread is if i have a seed and a corresponding key, Thats not enough to calculate a universal algo for all the 5 byte stuff is it?

That is correct. I believe it involves AES encryption, so once you figure out the general algorithm you still need a way to get the keys. Unfortunately we cant and wont help obtaining these things.

antus wrote:That is correct. I believe it involves AES encryption, so once you figure out the general algorithm you still need a way to get the keys. Unfortunately we cant and wont help obtaining these things.

yeah, I figured if it was that easy it would have been figured out by now. it wouldn't surprise me if these companies are "unlocking" these ECM's by obtaining the key the same way I did, and aren't actually opening them up.

gmtech825 wrote: yeah, I figured if it was that easy it would have been figured out by now. it wouldn't surprise me if these companies are "unlocking" these ECM's by obtaining the key the same way I did, and aren't actually opening them up.

Personally I emulate responses to auto generate keys on command with requests to/from my server to my customer software. I imagine this is how some tuning companies are doing this, especially with the new 32byte key rolling out and rolling seed/key options.

Considering 5byte key technically has trillion+ combinations..... you 'could' save every single combo for a single algo to 5.5terabyte harddrive
But even if you could generate 100,000keys per second (Which online method just cant do..).. it would still take 624days to generate every combo

Now... a 32byte key... thats just not even the slightest possibility.