Pages: 1 [2] 3 4
Author Topic: Seed Key algorithms  (Read 68617 times)
TheDECODER
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 22


« Reply #15 on: December 22, 2021, 02:39:52 PM »

tried replying to you via PM but it is not going thought. I could use a couple seedkeys, can you message me back?
Logged
jam
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 3


« Reply #16 on: January 15, 2022, 08:14:21 PM »

Hello ,  do you have algorithm for BMW modules?
Logged
obdhacker
Newbie
*

Karma: +0/-1
Offline Offline

Posts: 18


« Reply #17 on: January 15, 2022, 11:25:18 PM »

Hello ,  do you have algorithm for BMW modules?

Yes, tell me what you need
Logged
jam
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 3


« Reply #18 on: January 16, 2022, 05:55:20 AM »

Yes, tell me what you need

i sent PM
Logged
datshah
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 1


« Reply #19 on: January 23, 2022, 01:24:03 AM »

Can someone please help me find the Algorithm for this Seed-key pair:

27 03 (level 3)

Seed- A9 05 64 69,  Key- 76 D4 63 BE
seed- 5F F7 4B 5F,  key- 6A D7 93 88
seed- 90 34 EC EF,  key- C5 A7 EE 98





Logged
Vahid
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 2


« Reply #20 on: February 04, 2022, 05:44:21 AM »

Hi, I've been working on the Volvo D13. I already know that it uses the RSA algorithm.
Also, I have the secret key for level 7 and above and I was able to unlock the ECU on those levels.
But in order to reprogram the ECU I need the level 1 access, is there any chance you have the key for security access level 1?
MSW is 23036507
Part number is 21900553
The data I've got from spying the CAN (I'm sure the security level for this data is 1):
Seed (length=116):
0xdd, 0xc7, 0xe7, 0x2f, 0xe6, 0x0c, 0xff, 0x64, 0xf2, 0xb8, 0xb0, 0x15, 0x5a, 0xa3,
0xa7, 0x12, 0x0e, 0xf5, 0x17, 0xeb, 0x79, 0x26, 0x80, 0xf0, 0x5b, 0xfe, 0xac, 0x31,
0x1f, 0x95, 0xbc, 0x7e, 0x00, 0x53, 0xd6, 0x67, 0xa8, 0xf0, 0xb5, 0x3c, 0xcf, 0x74,
0x3c, 0x0d, 0x7d, 0x37, 0xd2, 0xaa, 0xb9, 0xe1, 0x1e, 0xa3, 0x61, 0x6a, 0x68, 0x48,
0xfd, 0x1a, 0xbb, 0xa9, 0x87, 0x89, 0x95, 0x96, 0x13, 0x9f, 0xac, 0x9f, 0x5e, 0x94,
0x26, 0x14, 0x64, 0xf0, 0x47, 0x05, 0x22, 0x8b, 0x71, 0x42, 0xb5, 0x8d, 0xfc, 0x5b,
0x2c, 0x6e, 0x3a, 0xa0, 0x56, 0xf6, 0xba, 0x21, 0x02, 0x3d, 0x91, 0xae, 0x17, 0xab,
0x49, 0xd7, 0x26, 0xf8, 0xb1, 0xec, 0xf3, 0x2c, 0xb0, 0xfd, 0xaa, 0x9f, 0xe2, 0xda,
0x81, 0xf9, 0x91, 0x13

Signed key using the RSA algorithm (length=128):
0x98, 0xe0, 0xa1, 0xf8, 0x1f, 0x5d, 0xd0, 0x81, 0xd3, 0x87, 0x8f, 0x5e, 0xb7, 0x89,
0x79, 0xc9, 0x45, 0x8c, 0xe4, 0x6f, 0x38, 0x9a, 0xe4, 0xe1, 0x8c, 0x2a, 0xc9, 0xf4,
0x00, 0xa3, 0xe3, 0x74, 0x9d, 0xdd, 0x51, 0xd6, 0x9d, 0xff, 0x5d, 0x2e, 0x66, 0x9f,
0xc5, 0x8f, 0x32, 0xb3, 0x23, 0x07, 0xae, 0x7f, 0x9d, 0x45, 0x00, 0x1e, 0x01, 0xd7,
0x3f, 0x2c, 0xe7, 0x7a, 0xf2, 0x97, 0x1c, 0xae, 0x38, 0x0d, 0x44, 0x0f, 0xe2, 0x51,
0x3d, 0x51, 0x2a, 0x46, 0x7b, 0xfe, 0x3f, 0x40, 0x2e, 0x31, 0xde, 0xfb, 0x0a, 0x7d,
0x8e, 0xe9, 0x0f, 0xe0, 0x4e, 0x4d, 0xeb, 0xa5, 0x42, 0xf5, 0x31, 0x9b, 0xcb, 0x6b,
0x31, 0xcc, 0x94, 0x0e, 0x99, 0xc2, 0xdc, 0x12, 0x1a, 0xb8, 0x24, 0x03, 0x50, 0x8d,
0x11, 0xfc, 0x59, 0xc3, 0x9a, 0xcd, 0x49, 0xf8, 0x51, 0xca, 0x5b, 0x73, 0x99, 0x35,
0xec, 0xc1
Logged
prj
Hero Member
*****

Karma: +1072/-480
Offline Offline

Posts: 6035


« Reply #21 on: February 04, 2022, 05:48:51 AM »

Why do you think that posting seed key responses is going to do anything?
It's useless. Anything but simple xor or addition is not possible to deduce from a seed key pair - that's the whole idea about it.

Certainly not RSA signatures.

Get the ASW (or bootloader) and start reversing it. Posting these pointless rows of hex is a waste of time.

In case the seed-key is actually RSA, then you're not getting in without some sort of RCE exploit, unless you can locate the private key in the tool that is generating the response.
« Last Edit: February 04, 2022, 05:50:23 AM by prj » Logged

PM's will not be answered, so don't even try.
Log your car properly - WinOLS database - Tools/patches
obdhacker
Newbie
*

Karma: +0/-1
Offline Offline

Posts: 18


« Reply #22 on: February 04, 2022, 07:06:44 AM »

Hi, I've been working on the Volvo D13. I already know that it uses the RSA algorithm.
Also, I have the secret key for level 7 and above and I was able to unlock the ECU on those levels.
But in order to reprogram the ECU I need the level 1 access, is there any chance you have the key for security access level 1?
MSW is 23036507
Part number is 21900553
The data I've got from spying the CAN (I'm sure the security level for this data is 1):
Seed (length=116):
0xdd, 0xc7, 0xe7, 0x2f, 0xe6, 0x0c, 0xff, 0x64, 0xf2, 0xb8, 0xb0, 0x15, 0x5a, 0xa3,
0xa7, 0x12, 0x0e, 0xf5, 0x17, 0xeb, 0x79, 0x26, 0x80, 0xf0, 0x5b, 0xfe, 0xac, 0x31,
0x1f, 0x95, 0xbc, 0x7e, 0x00, 0x53, 0xd6, 0x67, 0xa8, 0xf0, 0xb5, 0x3c, 0xcf, 0x74,
0x3c, 0x0d, 0x7d, 0x37, 0xd2, 0xaa, 0xb9, 0xe1, 0x1e, 0xa3, 0x61, 0x6a, 0x68, 0x48,
0xfd, 0x1a, 0xbb, 0xa9, 0x87, 0x89, 0x95, 0x96, 0x13, 0x9f, 0xac, 0x9f, 0x5e, 0x94,
0x26, 0x14, 0x64, 0xf0, 0x47, 0x05, 0x22, 0x8b, 0x71, 0x42, 0xb5, 0x8d, 0xfc, 0x5b,
0x2c, 0x6e, 0x3a, 0xa0, 0x56, 0xf6, 0xba, 0x21, 0x02, 0x3d, 0x91, 0xae, 0x17, 0xab,
0x49, 0xd7, 0x26, 0xf8, 0xb1, 0xec, 0xf3, 0x2c, 0xb0, 0xfd, 0xaa, 0x9f, 0xe2, 0xda,
0x81, 0xf9, 0x91, 0x13

Signed key using the RSA algorithm (length=128):
0x98, 0xe0, 0xa1, 0xf8, 0x1f, 0x5d, 0xd0, 0x81, 0xd3, 0x87, 0x8f, 0x5e, 0xb7, 0x89,
0x79, 0xc9, 0x45, 0x8c, 0xe4, 0x6f, 0x38, 0x9a, 0xe4, 0xe1, 0x8c, 0x2a, 0xc9, 0xf4,
0x00, 0xa3, 0xe3, 0x74, 0x9d, 0xdd, 0x51, 0xd6, 0x9d, 0xff, 0x5d, 0x2e, 0x66, 0x9f,
0xc5, 0x8f, 0x32, 0xb3, 0x23, 0x07, 0xae, 0x7f, 0x9d, 0x45, 0x00, 0x1e, 0x01, 0xd7,
0x3f, 0x2c, 0xe7, 0x7a, 0xf2, 0x97, 0x1c, 0xae, 0x38, 0x0d, 0x44, 0x0f, 0xe2, 0x51,
0x3d, 0x51, 0x2a, 0x46, 0x7b, 0xfe, 0x3f, 0x40, 0x2e, 0x31, 0xde, 0xfb, 0x0a, 0x7d,
0x8e, 0xe9, 0x0f, 0xe0, 0x4e, 0x4d, 0xeb, 0xa5, 0x42, 0xf5, 0x31, 0x9b, 0xcb, 0x6b,
0x31, 0xcc, 0x94, 0x0e, 0x99, 0xc2, 0xdc, 0x12, 0x1a, 0xb8, 0x24, 0x03, 0x50, 0x8d,
0x11, 0xfc, 0x59, 0xc3, 0x9a, 0xcd, 0x49, 0xf8, 0x51, 0xca, 0x5b, 0x73, 0x99, 0x35,
0xec, 0xc1

Hi. Yes, I know this algorithm.
Logged
d3irb
Full Member
***

Karma: +134/-1
Offline Offline

Posts: 195


« Reply #23 on: February 04, 2022, 08:30:01 AM »

In case the seed-key is actually RSA, then you're not getting in without some sort of RCE exploit, unless you can locate the private key in the tool that is generating the response.

I agree with you overall, I really don't like this thread, it's just people posting useless garbage and then salesmen looking at the garbage to see if it matches something in their sales database, not really a community collaboration or useful to anyone reading.

But, with respect to RSA, many RSA seed/keys use E=3 and don't check the padding correctly, meaning they are vulnerable to https://words.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/ . No RCE or private keys necessary, just some clever math.
Logged
Vahid
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 2


« Reply #24 on: February 04, 2022, 08:38:14 AM »

Thank you for answering guys, as I said I've found the algorithm via reverse engineering and I've already unlocked the ECU in level 7 and 11 on the extended session, which means the algorithm is correct and working fine. But, in order to be able to reprogram ECU, I need level 1 access in the programming session.
The reason I've mentioned RSA is because of the code I have, it's using a built-in dotnet class called "RSACryptoServiceProvider". These hexadecimal values are prerequisites to test the secret key and the algorithm. The input of the algorithm is a RsaKey which contains exponent and modulus (both have a length of 128 bytes) and the seed, so every time we give the same seed and the correct key we will get the same output. So these hexadecimal values can confirm the input and the output of the algorithm, the missing part of the puzzle here is the secret key for level 1 security access. by the way, the protocol we are using is ISO15765 (UDS). I'm only interested in level 1 security access exponent and modulus for the MSW I've mentioned here.
It will be a great help to me if anyone is willing to share that key.
Logged
prj
Hero Member
*****

Karma: +1072/-480
Offline Offline

Posts: 6035


« Reply #25 on: February 04, 2022, 08:53:55 AM »

Thank you for answering guys, as I said I've found the algorithm via reverse engineering and I've already unlocked the ECU in level 7 and 11 on the extended session, which means the algorithm is correct and working fine. But, in order to be able to reprogram ECU, I need level 1 access in the programming session.
The reason I've mentioned RSA is because of the code I have, it's using a built-in dotnet class called "RSACryptoServiceProvider". These hexadecimal values are prerequisites to test the secret key and the algorithm. The input of the algorithm is a RsaKey which contains exponent and modulus (both have a length of 128 bytes) and the seed, so every time we give the same seed and the correct key we will get the same output. So these hexadecimal values can confirm the input and the output of the algorithm, the missing part of the puzzle here is the secret key for level 1 security access. by the way, the protocol we are using is ISO15765 (UDS). I'm only interested in level 1 security access exponent and modulus for the MSW I've mentioned here.
It will be a great help to me if anyone is willing to share that key.
The ECU tests key, the tester generates the key based on seed.
Last I checked ECU's are not written in .NET, so there's a lot that does not match in this story.

If it is RSA, the ECU will contain only the public key, the private key will be known to the application generating key from seed.
To test whether an RSA signature is valid, you do not need the private key, this is the whole point of cyptography.

So, find the OEM tool that generates the key from seed, reverse it, find the relevant values (private key).
Alternatively exploit it, if not properly implemented or find an RCE exploit in the UDS stack.
Logged

PM's will not be answered, so don't even try.
Log your car properly - WinOLS database - Tools/patches
damino
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 1


« Reply #26 on: February 04, 2022, 01:04:05 PM »

The ECU tests key, the tester generates the key based on seed.
Last I checked ECU's are not written in .NET, so there's a lot that does not match in this story.

If it is RSA, the ECU will contain only the public key, the private key will be known to the application generating key from seed.
To test whether an RSA signature is valid, you do not need the private key, this is the whole point of cyptography.

So, find the OEM tool that generates the key from seed, reverse it, find the relevant values (private key).
Alternatively exploit it, if not properly implemented or find an RCE exploit in the UDS stack.

Hi We are in the same team, and we are stuck with this problem. Any help from your side will be much appreciated. Also we can pay for the services and helps if you have experience in the field. Looking forward for your recommendations.
Logged
jackylooo.tw
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 2


« Reply #27 on: June 12, 2022, 07:42:20 PM »

Hi,

Do you have algorithms for BMW , the captured working example as below:


54 07 17 B8 22 7F 23 21 ---> SEED
00 00 00 40 47 1E 43 88 ---> KEY

Thanks in advance!!
Logged
obdhacker
Newbie
*

Karma: +0/-1
Offline Offline

Posts: 18


« Reply #28 on: June 12, 2022, 09:17:06 PM »

Hi,

Do you have algorithms for BMW , the captured working example as below:


54 07 17 B8 22 7F 23 21 ---> SEED
00 00 00 40 47 1E 43 88 ---> KEY

Thanks in advance!!

Hi!
Which ecu? Which years? Without details it would be difficult to find out.
Logged
jackylooo.tw
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 2


« Reply #29 on: June 13, 2022, 12:51:25 AM »

It's for NBTEVO ecu manufactured after 2016, Thanks!
Logged
Pages: 1 [2] 3 4
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.028 seconds with 18 queries. (Pretty URLs adds 0s, 0q)