Pages: [1] 2
Author Topic: DimSport MyGenius FPF File Format XOR Cipher  (Read 18185 times)
jamesconway
Newbie
*

Karma: +0/-5
Offline Offline

Posts: 17


« on: July 03, 2019, 07:47:38 PM »

Every MyGenius has a private + public key store on it (License.lic)

Their client uses `polarcrypto.dll` to derive keys from your key + other passwords, as well as decrypt your data. I think the method used is Blowfish.

Once you decrypt your FPF/MYG file, you get `GEN_FILE`, a magic number + header length + maybe some kind of file type + checksum.

I was able to reverse the header XOR cipher that they do. However, they do a special kind of XOR cipher encryption for the rest of the file. From what I can tell, they do not have the handheld device encryption/decryption/cipher algorithm in any DLL related to the MyGenius client.

I can't get my hands on a working copy of Race Evo or DSManager to know for sure (and they sometimes pack their DLLs/apps with Themida...), but I do have some files that seem to line up pretty much 99%.

I was wondering if anybody had any ideas. If we could figure out how to encode/decode the files, we could share tunes and never need to be charged $3k for a tune again...
Logged
jamesconway
Newbie
*

Karma: +0/-5
Offline Offline

Posts: 17


« Reply #1 on: July 03, 2019, 07:48:38 PM »

Stage 1 on left, stage 2 on right. Most likely not any form of encryption other than clever bit shifting with a seed/key with XOR.
Logged
k0mpresd
Hero Member
*****

Karma: +146/-54
Offline Offline

Posts: 1655


« Reply #2 on: July 03, 2019, 08:06:12 PM »

smart enough to try to crack, copy, and steal someone else's work, not smart or dedicated enough to apply that time and effort to something worthwhile?

i have an idea for you but i will not share it publicly.
Logged
Blazius
Hero Member
*****

Karma: +89/-40
Offline Offline

Posts: 1282



« Reply #3 on: July 04, 2019, 04:27:38 AM »

If we could figure out how to encode/decode the files, we could share tunes and never need to be charged $3k for a tune again...

That is the most scummy way to go about it man. They make their living by selling tunes, and they will as not all people are like us, who would try to flash their own car DIY, there are people who just want a tune for slight perfomance increase and thats it.
Logged
jamesconway
Newbie
*

Karma: +0/-5
Offline Offline

Posts: 17


« Reply #4 on: July 04, 2019, 08:03:47 AM »

smart enough to try to crack, copy, and steal someone else's work, not smart or dedicated enough to apply that time and effort to something worthwhile?

i have an idea for you but i will not share it publicly.

Is the idea that I should go blank myself, or do you have an FPF file format idea? I am in no way trying to redistribute other people's work/steal it.
Logged
IamwhoIam
Hero Member
*****

Karma: +52/-115
Offline Offline

Posts: 1070


« Reply #5 on: July 04, 2019, 08:07:32 AM »

Is the idea that I should go blank myself, or do you have an FPF file format idea? I am in no way trying to redistribute other people's work/steal it.

we could share tunes and never need to be charged $3k for a tune again...

LOL you just contradicted your first post here
Logged

I have no logs because I have a boost gauge (makes things easier)
focalpoint519
Full Member
***

Karma: +29/-65
Offline Offline

Posts: 148



« Reply #6 on: July 04, 2019, 11:57:18 AM »

no need to "steal" anyone's work Huh, you can buy a master tool, legit or otherwise, then work in openBIN format with your file guy/service. If you want to UNLOCK the mygenius for more then one VIN; PM me, I have many workarounds, but this FPF extracting makes you sound pretty ignorant to the basics, ever consider starting with real software and using the included commercial tune database. I offer API for this exact service PM to get started buying OPEN files
Logged
IamwhoIam
Hero Member
*****

Karma: +52/-115
Offline Offline

Posts: 1070


« Reply #7 on: July 05, 2019, 03:03:13 AM »

it just makes him sound like a thief. People who sell open files usually sell them for more money than locked ones, but hey it's 3k for a tune, that is a bit much, unless we're talking cars that are worth a few hundred grand
Logged

I have no logs because I have a boost gauge (makes things easier)
k0mpresd
Hero Member
*****

Karma: +146/-54
Offline Offline

Posts: 1655


« Reply #8 on: July 05, 2019, 04:16:15 AM »

it just makes him sound like a thief. People who sell open files usually sell them for more money than locked ones, but hey it's 3k for a tune, that is a bit much, unless we're talking cars that are worth a few hundred grand

it seems like what has happened here is:

guy bought what he thought was the hookup on a random dimsport flash tool with about zero other clues for anything else and discovered it was mostly useless.
exhibit A: http://nefariousmotorsports.com/forum/index.php?topic=15385

then we end up here, exhibit B: http://nefariousmotorsports.com/forum/index.php?topic=16037

i am guessing at this point he is about $3200 poorer from A and B combined.

now we end up here, with a $3200 lighter wallet and feeling upset, he wants to stick it to "the man" (whatever that means but it seems to involve trying to crack his $3000 encrypted tuned file).

when in reality, he could have bought the pcmflash MB, bsl, or bench modules. the MB being the cheapest option, all in for maybe $350 maximum including random j2534 cable. with the baller bench set up costing what, $650 or $700 with the scanmatik hardware and been able to make a full 100% backup of his original ecu.

then he could have trolled the internet to find someone to tune it for him, at a cost for much less than $3000.

all in, probably $1000 maximum out of pocket depending on the options picked and tuner of choice.

but sure, lets pretend we are not trying to crack, copy, and steal, when it was literally just typed it was an attempt to crack, copy, and steal.
Logged
jamesconway
Newbie
*

Karma: +0/-5
Offline Offline

Posts: 17


« Reply #9 on: July 05, 2019, 08:16:03 AM »

it seems like what has happened here is:

guy bought what he thought was the hookup on a random dimsport flash tool with about zero other clues for anything else and discovered it was mostly useless.
exhibit A: http://nefariousmotorsports.com/forum/index.php?topic=15385

then we end up here, exhibit B: http://nefariousmotorsports.com/forum/index.php?topic=16037

i am guessing at this point he is about $3200 poorer from A and B combined.

now we end up here, with a $3200 lighter wallet and feeling upset, he wants to stick it to "the man" (whatever that means but it seems to involve trying to crack his $3000 encrypted tuned file).

when in reality, he could have bought the pcmflash MB, bsl, or bench modules. the MB being the cheapest option, all in for maybe $350 maximum including random j2534 cable. with the baller bench set up costing what, $650 or $700 with the scanmatik hardware and been able to make a full 100% backup of his original ecu.

then he could have trolled the internet to find someone to tune it for him, at a cost for much less than $3000.

all in, probably $1000 maximum out of pocket depending on the options picked and tuner of choice.

but sure, lets pretend we are not trying to crack, copy, and steal, when it was literally just typed it was an attempt to crack, copy, and steal.

What?... I'm a consumer who bought a tune with a handheld MyGenius who just so happens to have an interest in reverse engineering. I'm a software engineer for 10+ years, I'm naturally curious.

Why is this forum so hell bent on shitting on my idea to crack some XOR encryption? You guys feast and rejoice on the fact that you have access/resources that let you crack UDS seed/key challenge requests, but as soon as somebody mentions cracking the cipher that keeps companies who literally charge based on THE PRICE OF YOUR CAR, everybody is a vigilante and I'm a criminal.

I can't prove it, but I have a wild suspicion that you can pay between $1k and $3k for a tune that is 100% the same. That's what I'm out to prove. I could start listing brand names, but I don't want to get in any trouble and you guys 100% seem like the type of trolls to take this offline.

Being called a noob/kiddie/being assumed I don't have the talent to reverse engineer is only making me want to be one of the first people to reverse this format even harder...
Logged
jamesconway
Newbie
*

Karma: +0/-5
Offline Offline

Posts: 17


« Reply #10 on: July 05, 2019, 08:29:09 AM »

I'll go one step further. WinOLS developers make money by selling their software, yet a huge majority of people on this forum are accepted and even encouraged (there's a link to a torrent on here...) to pirate it.

So, you guys are all saints and geniuses and morally perfect for stealing money from WinOLS developers, but somebody who wants to charge you $3k for a tune when bootmod3 has them for $99 doesn't get a raised eyebrow.

Is this a moral police forum or a reverse engineering forum? Get the f*ck outta here.
Logged
nyet
Administrator
Hero Member
*****

Karma: +608/-168
Offline Offline

Posts: 12271


WWW
« Reply #11 on: July 05, 2019, 10:06:51 AM »

That isn't the reason I don't use other people's tunes. The reason I don't use other people's tunes is because they are usually shit.
Logged

ME7.1 tuning guide
ECUx Plot
ME7Sum checksum
Trim heatmap tool

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your ex
IamwhoIam
Hero Member
*****

Karma: +52/-115
Offline Offline

Posts: 1070


« Reply #12 on: July 05, 2019, 11:40:33 AM »

What a jackass!
Logged

I have no logs because I have a boost gauge (makes things easier)
vwaudiguy
Hero Member
*****

Karma: +53/-37
Offline Offline

Posts: 2024



« Reply #13 on: July 05, 2019, 11:48:05 AM »

What a jackass!

This made me laugh. Not for the reason one might expect.
Logged

"If you have a chinese turbo, that you are worried is going to blow up when you floor it, then LOL."
focalpoint519
Full Member
***

Karma: +29/-65
Offline Offline

Posts: 148



« Reply #14 on: July 05, 2019, 01:32:31 PM »

try asking how to fuck the big guy (dimsport) by unlocking the mygenius for multiple uses, result: extra wealth to yourself at the same time equalizing with a pole smoker company)

the way I see it: you replied to my PM offering unlock crack help,  insisted your objective is hell-bent on FPF/mygMOD - BIN, this will not really hurt dimsport, only the calibrators who spent 10 000+ USD on dimsport master accounts to work with this encrypted system.

your alternative is clear and basic, bench read the PCM with much cheaper tools as explained above, or perhaps cheapest option:  ask tell your tuner for a mod with hardLC or something that requires a full bench write and BIN format. ANY tuner charging 3k for a tune will send BIN format (maybe at some extra cost..fully knowing, if you refuse it tweakers will just BDM/BSL it (always better to keep customer happy)
Logged
Pages: [1] 2
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.025 seconds with 18 queries. (Pretty URLs adds 0s, 0q)