superglitch
Jr. Member
Karma: +4/-0
 Offline
Posts: 45
|
 |
« Reply #15 on: September 27, 2017, 04:18:06 PM »
|
|
|
So does anyone have any idea on how to decrypt and restore these .DB and .KEY files that are stored in the Projects folders of ODIS?
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #16 on: September 28, 2017, 01:24:12 AM »
|
|
|
ODIS uses HSQLDB for databases.
They are usually passworded, but you can easily modify the HSQLDB jdbc driver to dump the password for you. The check is quite naive.
|
|
|
|
|
Logged
|
|
|
|
fastboatster
Full Member
Karma: +3/-0
Offline
Posts: 70
|
|
« Reply #17 on: July 04, 2018, 04:44:20 PM »
|
|
|
I'm interested in how to get these ODIS db files.
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #18 on: July 05, 2018, 12:08:08 AM »
|
|
|
Download ODIS and dump them.
|
|
|
|
|
Logged
|
|
|
|
fastboatster
Full Member
Karma: +3/-0
Offline
Posts: 70
|
|
« Reply #19 on: July 05, 2018, 10:47:23 AM »
|
|
|
This might sound like a stupid question, but where can it be downloaded? I thought it's not available to the general public and provided to VW dealerships only.
|
|
|
|
|
Logged
|
|
|
|
ZZottel
Newbie
Karma: +5/-0
Offline
Posts: 12
|
|
« Reply #20 on: July 10, 2018, 03:27:02 PM »
|
|
|
Normally I'm able to figure things like that out myself. But this time...
Can someone give a hint how to throw the .db/.key files on a HSQLDB?
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #21 on: July 10, 2018, 04:03:17 PM »
|
|
|
...
|
|
|
|
« Last Edit: June 26, 2024, 10:54:30 PM by prj »
|
Logged
|
|
|
|
ZZottel
Newbie
Karma: +5/-0
Offline
Posts: 12
|
|
« Reply #22 on: July 11, 2018, 01:13:15 AM »
|
|
|
Hm, I think there should be some useful data inside the .db files. Maybe not in a useful format.
The .db files consist of many zlib compressed streams. After extracting them, you get some binary packets. Maybe this is already the binary MCD data you are mentioning.
Maybe there is a way to convert the binary MCD back to ODX.
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #23 on: July 11, 2018, 02:06:10 AM »
|
|
|
As I said, I have dumped all of it  |
|
|
|
|
Logged
|
|
|
|
seraf91
Newbie
Karma: +0/-0
Offline
Posts: 1
|
|
« Reply #24 on: July 19, 2019, 05:47:36 AM »
|
|
|
Hi Can someone explain/help me with understanding *.db and *.key files. Is there any option to get *.odx files from them ? Regards |
|
|
|
|
Logged
|
|
|
|
kfs1260
Newbie
Karma: +0/-0
Offline
Posts: 1
|
 |
« Reply #25 on: July 06, 2023, 09:51:02 PM »
|
|
|
I can if you pay me to, but those db/key don't contain anything very useful, all the data is in binary mcd and getting data out of there is interesting to say the least  Hi, I find you can decrypt HSQL db of ODIS. Can I request it to you? If so, how much cost I have to pay? I also wish to know which version of ODIS you can do. Latest version is ODIS-S 11. Thanks in advance, Chris |
|
|
|
« Last Edit: July 08, 2023, 04:22:16 AM by kfs1260 »
|
Logged
|
|
|
|
kartoffelpflanze
Newbie
Karma: +1/-0
Offline
Posts: 7
|
|
« Reply #26 on: June 26, 2024, 09:10:02 AM »
|
|
|
Quite an interesting topic. I am here with some info.
First off, if you want UDS data, best place to look is VCDS. Their obfuscation, compression and encryption procedure for ROD files is admirable, but not particularly secure once you understand it. A very similar algorithm is used for the Codes.dat file in the root folder, that one holds fault code text and other strings for tables. Now that I'm writing this, they will probably change the algorithm for the next version. But in any case, their files for modules newer than ~2019 also include the dongle itself in the decryption process. A separate cryptography IC on the STM32-based dongles provides some bytes which are necessary for decoding those files. There is nothing special about the new dongles that the old ones couldn't do, they just locked functions behind the new version. But I understand them, considering how much effort they have poured into this program.
In any case, VCDS' databases are definitely much nicer to work with than ODIS'.
I have not investigated ODIS all too much, except for what other users already pointed out, but here are my findings so far.
The /DIDB/db folder in the ODIS installation contains many such pairs: .data, .inf, .script, .properties. Exactly like user @prj hinted, these are HSQLDB databases. But they are created with an ancient version, 1.8.0. If you try to open them with the latest version, you will get an error. So I downloaded the source code for that version, installed a very ancient Java JDK 1.4 and modified the file UserManager.java, function createUser, to print out name and password.
For future reference, the username is VAUDASISTSUPER and password ENMGZIRN (lol, I think the username means "Vaudas ist super"; I have seen that name throughout the files, if someone knows what it means, please let me know).
These databases contain text and module file associations and stuff like that, strings which you can also find in VCDS which might mean this is also the source of their data. But not everything is present here unfortunately.
Now about the .db and .key file pairs. I suspect these files contain the most important data, as their names suggest they hold individual data for a very large list of modules.
The .db file presents ZLIB streams in succession. Decompressing them reveals binary data, and every decompressed stream ends in the characters "#>" and a NUL.
The .key file has data which can be accessed using the "PBL" C library by Peter Graf. It looks like this file contains as many "records" as there are ZLIB streams in the other file, so there must be a correspondence. Each "record" contains a "key" (4 byte value) and a "data" field (6 to 8 bytes).
Edit: now that I look more closely, it seems that you can find every "key" value with a hex editor somewhere in the .db file after decompressing. It seems they appear in those larger streams, not the ones which only take one line.
Unfortunately, this is the dead end.
I know for certain that people have gained access to this data. Anyone who has ideas is free to share them.
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #27 on: June 26, 2024, 11:32:02 AM »
|
|
|
The HSQLDB does not contain much of value. Some translations mostly.
The data is in the db/key files.
I don't have any motivation to tell anyone how to dump that.
But at least OBD11, Ross-Tech and myself have done that. Probably others as well.
I am not sure that the method used by everyone is the same, there are a few ways to approach it.
But that's all I can say, as I have a commercial interest in this.
|
|
|
|
|
Logged
|
|
|
|
kartoffelpflanze
Newbie
Karma: +1/-0
Offline
Posts: 7
|
|
« Reply #28 on: June 26, 2024, 11:37:35 AM »
|
|
|
@prj I understand you completely, I am not here to beg.
I think I should take a closer look at the VW MCD PDX converter. I found the strings "pblKfOpen", "pblKfRead" etc in one of the .dll files, which are exactly the names of the functions from that PBL library used on the .key files. Once I figure out how to reverse engineer this...
|
|
|
|
|
Logged
|
|
|
|
d3irb
Full Member
Karma: +131/-1
Offline
Posts: 190
|
|
« Reply #29 on: June 26, 2024, 01:49:50 PM »
|
|
|
I know for certain that people have gained access to this data. Anyone who has ideas is free to share them.
Instead of looking at the actual file binary formats and trying to reverse them, look at the higher levels in ODIS (or somewhat easier, iDEX) and see how they are using the provided libraries to load the data. VW already gave you the abstractions you need, you can just iteratively open and request all of the data from the native ASAP2 libraries provided. Way easier than dealing with the horrendous file formats. But at least OBD11, Ross-Tech and myself have done that. Probably others as well.
I always figured that modern-day Ross-Tech and OBD11 were buying diagnostic data rather than reversing it, given that for example OBD11 also license SFD access and have their own keys issued to the VW servers. Certainly Ross-Tech started by reversing but these days I'm not so sure? Anyway just banter either way. |
|
|
|
|
Logged
|
|
|
|
|
