|
Title: Posting flash and eeprom bins Post by: walt on August 15, 2015, 05:31:17 AM Hello, I was wondering about security when posting flash and eeprom bin files,
especially if the car is very valuable, and even worse, you do not own it. Masking out all the security information (assuming you know where it is), would greatly reduce it's value for learning and reverse engineering. So what is the best compromise, or maybe there isn't one if the car is not yours? Thanks! Title: Re: Posting flash and eeprom bins Post by: turboat on August 16, 2015, 01:39:13 AM I've thought about this in the past, but decided it's fairly low risk.
If someone had the skc they could match a key to a car, and start it. However, if they have physical access to the odb port they could read the eeprom for the ecu or cluster and pull the skc anyway (this is for me7.x, I haven't considered later ecus). Finding the specific eeprom for a specific car a thief was targeting on here would be unlikely, but defence in depth is a sensible approach, and if it's a high risk car then don't post the data. Fwiw none of the EPROMs I've posted are in use in my cars. Title: Re: Posting flash and eeprom bins Post by: walt on August 16, 2015, 04:31:25 PM Thanks turboat. I got a bit concerned when I tried googling for information based
on Vin numbers. It looks like, with not too much trouble, you might be able to find the car's current address. If I need to post a bin file, I'll just 00h out the vin. Title: Re: Posting flash and eeprom bins Post by: ddillenger on August 16, 2015, 05:39:27 PM Don't 00 out the bin unless you correct the checksums. Posting a file like that with bad sums could cause actual harm if someone uses it.
Everyone is so sensitive these days, hiding license plates for pictures, blurring out vins. You might better just leave your car parked indoors. With a dollar and a license plate number someone can track you down. Title: Re: Posting flash and eeprom bins Post by: walt on August 16, 2015, 06:32:32 PM Got it, thanks. I posted a couple of eeprom bin files with the vin set
to 00h, and corrected checksums at the end of the lines. Forgot that I would not be able to do the same on the flash eprom bin. I have not tried the eeprom modified in this way, to see if something really bad happens. Title: Re: Posting flash and eeprom bins Post by: ddillenger on August 16, 2015, 07:37:44 PM You will DEF the cluster. Unless you desolder, and were smart enough to make a backup directly from the chip (Encrypted at this stage) or have access to one with the same crypto mask, you'll have a non-recoverable cluster on your hands.
I guess I'm saying, please don't post the modified files unless you are POSITIVE they can't negatively impact anyone that uses them. I think you are making a mountain out of a molehill here. There are much faster and easier ways to steal a car. Title: Re: Posting flash and eeprom bins Post by: walt on August 16, 2015, 09:07:49 PM Ok, I updated the affected posts with eeprom bins that include Vin number.
Apologies! Title: Re: Posting flash and eeprom bins Post by: turboat on August 17, 2015, 02:32:10 AM Re-reading my post, I should clarify 'don't post the data' I mean 'don't upload the files'. There's plenty of files up here already, if it's a car that matters or is high risk, don't upload.
Title: Re: Posting flash and eeprom bins Post by: nyet on August 17, 2015, 10:08:54 AM There aren't exactly high dollar value cars being discussed here.
Title: Re: Posting flash and eeprom bins Post by: turboat on August 17, 2015, 03:10:11 PM Lol no. I think my audi is the cheapest thing on the driveway. Ironic considering it was the most expensive new.
|