Pages: 1 [2]
Author Topic: Why is there NO discussion about component protection?  (Read 8198 times)

Karma: +2/-0
Offline Offline

Posts: 12

« Reply #15 on: September 10, 2021, 08:44:53 AM »

For what it's worth, the little information I have:

The Audi radio unit (4G1035053) has the component protection information at offsets 0x7A66-7AB5 and/or 0x7FB0-0x7FFF.
The eeprom is a standard 24c256 which should be readable by a CH341A usb programmer in-circuit if you can get the wires connected.

Supposedly, copying over that bit of information from one radio unit to the other is enough to make it work in a different car.
Full Member

Karma: +22/-1
Offline Offline

Posts: 235

« Reply #16 on: September 11, 2021, 03:35:58 PM »

For VW PQ platform I can say that units which are matched share the same key.
This shared key is stored in the eeprom of the unit but not in plain format but encrypted with a unique key for each unit.
So copying eeprom data (that area where the share key would be stored) will not work.

The handshake is initiated by the master (=cluster) and sends some encrypted data back and forth so both parties can verify if the use the same key.

I believe the VW MQB platform uses a similar (if not same) approach but there the gateway is the master.
(But I haven't studied this further though.)

Rgs H2Deetoo
Pages: 1 [2]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.014 seconds with 18 queries. (Pretty URLs adds 0s, 0q)