Pages: 1 ... 6 7 [8]
Author Topic: FRF and SGO - Differences?  (Read 106916 times)
d3irb
Full Member
***

Karma: +131/-1
Offline Offline

Posts: 185


« Reply #105 on: August 25, 2021, 03:48:34 PM »

This TCU use 256 bytes encryption table and LZZ-compression.

Here is the encryption algorithm for compression/encryption "0x11" for DQ250-MQB:

https://github.com/bri3d/VW_Flash/blob/master/lib/crypto/dsg.py

This one is interesting because it isn't a real accepted crypto algorithm (like AES) or an XOR keystream algorithm (like older Bosch) - it's a progressive substitution cipher.

Here's the substitution key data:

https://github.com/bri3d/VW_Flash/blob/master/data/mqb_dsg_key.bin

The compression algorithm is LZSS so my existing decompressor seems to work - I am not sure about the comments made elsewhere in this thread about the data stream looking different from Simos/"Audi" LZSS, maybe someone was looking at the encrypted data instead of the compressed data?

https://github.com/bri3d/VW_Flash/blob/master/extractodx.py now has a `--dsg` flag to extract MQB DSG ODXes - I tested on a few and it produced good looking binaries.

I think the algorithm is similar for some other DSG models but with different 256-byte cypher data.

To figure this out wasn't so bad, I downloaded a DSG bench read from this very thread and loaded it up in Ghidra (it's Tricore, so 0x80000000 base address). The DSG's UDS handler is a simple switch construct so it was pretty easy to find, and then inside of the 0x36 TransferData handler there's a call to a routine that both decrypts and decompresses a block, with a simple xref to the key data. I've attached a screenshot of the decryption method as Ghidra pseudocode for the curious, although the Python implementation linked above is probably easier to read.
« Last Edit: August 29, 2022, 11:46:25 AM by d3irb » Logged
prj
Hero Member
*****

Karma: +905/-420
Offline Offline

Posts: 5790


« Reply #106 on: August 26, 2021, 04:43:19 AM »

Since Python seems to be the name of the game, and we're posting old stuff.
Here's something I made a long time ago.

This just breaks all of the XOR faux security on the fly. As long as it's BCB + XOR encrypted, you don't need the key.

Remember to XOR by 0xFF first, before applying this algorithm, if you're dealing with SGO.

Code:
def deleterepeat(s):
s = binascii.hexlify(s)
i = (s+s).find(s, 1, -1)
return binascii.unhexlify(s) if i == -1 else binascii.unhexlify(s[:i])

def stripBCBHead(imgxor):
return imgxor[imgxor.index(b"\x1A\x01") + 2:]

def freqtable(data, klen):
freqtable = {}
for x in range (0, klen):
curfreq = {}
for y in range (0, 256):
curfreq[y] = 0
freqtable[x] = curfreq

for nr in range(len(data)):
freqtable[nr % klen][data[nr]] += 1

return freqtable

def findXORkeyfreq(bcbdata, byte, confidence, maxlen):
data = stripBCBHead(bcbdata)
keyFound = False
key = bytearray()
debug = config.getint("main", "debug", fallback=0)

for curlen in reversed(range(4, maxlen+1)):
fqtable = freqtable(data, curlen)
key = bytearray(curlen)

avgconf1 = 0
for fqpos in sorted(fqtable):
sortedlist = sorted(fqtable[fqpos].items(), key=lambda x: x[1], reverse=True)
avgconf1 += 100 - sortedlist[1][1]/sortedlist[0][1]*100
key[fqpos] = sortedlist[0][0] ^ byte

avgconf1 = avgconf1/curlen

if (avgconf1 >= confidence):
key = deleterepeat(key)
return key
return b""

Call like:
findXORkeyfreq(bcbdata, 0xFF, 50, 32)

Recommend calling it on the biggest section or just foreach all sections until a key is found, etc...
« Last Edit: August 26, 2021, 04:53:03 AM by prj » Logged

PM's will not be answered, so don't even try.
Log your car properly.
gremlin
Hero Member
*****

Karma: +179/-7
Offline Offline

Posts: 568


« Reply #107 on: August 26, 2021, 10:08:08 PM »

I think the algorithm is similar for some other DSG models but with different 256-byte cypher data.

You are right.
At least 20 variants of 256 encrypted data tables are used in DSG TCU control units.
Logged
dstar
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 7


« Reply #108 on: December 13, 2021, 05:34:39 AM »

Hello.
But what about other modules? For example I have one A6 dashboard also with encryption 11. It is Bosch with Fujitsu MCU, in the ODX there are RSA keys and data sectors:

              <SHORT-NAME>FD_1DATA</SHORT-NAME>
              <LONG-NAME>1 DATA</LONG-NAME>
              <DATAFORMAT SELECTION="BINARY"/>
              <ENCRYPT-COMPRESS-METHOD TYPE="A_BYTEFIELD">11</ENCRYPT-COMPRESS-METHOD>

Does any one knows the encryption algorithm 11 for Fujitsu?
Thanks.




 
« Last Edit: December 14, 2021, 04:40:16 PM by dstar » Logged
Pages: 1 ... 6 7 [8]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.027 seconds with 17 queries. (Pretty URLs adds 0s, 0q)