Pages: 1 ... 113 114 [115] 116 117 ... 182
Author Topic: The Volvo ME7 thread:  (Read 1086909 times)
SparkyR
Full Member
***

Karma: +18/-21
Offline Offline

Posts: 77



« Reply #1710 on: October 20, 2022, 02:34:07 PM »




might look into adding hiltons check sum correction tool that he has posted up here
« Last Edit: October 20, 2022, 05:35:23 PM by SparkyR » Logged

2005 S60R m66, Xona Rotor 7864, turbosmart 45mm wastegate, id1700cc injectors
thedrill
Full Member
***

Karma: +12/-3
Offline Offline

Posts: 139



« Reply #1711 on: October 20, 2022, 08:16:09 PM »

I'm also interested in reading the Denso Ecu on my XC90 V8, I want to convert to E85 and would like to find the Injector scaling and some warm up maps.
I have Tactrix openport 2 and PCMflash, it looks like I can purchase a module to read and write for $160.
Has anyone here looked into the XC90 V8 ecu?
Logged
dikidera
Full Member
***

Karma: +8/-8
Offline Offline

Posts: 149


« Reply #1712 on: October 21, 2022, 02:06:41 PM »

I'm also interested in reading the Denso Ecu on my XC90 V8, I want to convert to E85 and would like to find the Injector scaling and some warm up maps.
I have Tactrix openport 2 and PCMflash, it looks like I can purchase a module to read and write for $160.
Has anyone here looked into the XC90 V8 ecu?
You are in luck I think, now I do not know if anyone of you have seen it, but there is a tool called I/O Terminal that can read our Volvo Denso ECUs, its free I believe, but beware its packed with Themida, unsure what nastiness it may hide or if it even works. And yes it can read via OBD or so they claim.
« Last Edit: October 21, 2022, 02:09:31 PM by dikidera » Logged
dikidera
Full Member
***

Karma: +8/-8
Offline Offline

Posts: 149


« Reply #1713 on: October 22, 2022, 01:53:00 PM »

I think I may have some luck and wanted to ask if you guys think I am right. After looking at some videos I deduced my map may not be able angles, but percentages(could still be angles though). The vida dice software measures throttle position in percentages rather than degrees, so maybe my map is percentages? But it also has a special ETM test that shows the position in degrees.

After playing with the factors, only 0.05 produced a map whose numbers end neatly in 0 or 5 like so https://imgur.com/iMgN4x0 and are constrained within the hypothetical limits of 0-100% and 0-86 degree angles.
« Last Edit: October 22, 2022, 02:25:36 PM by dikidera » Logged
rlinewiz
Jr. Member
**

Karma: +12/-1
Offline Offline

Posts: 42


« Reply #1714 on: October 23, 2022, 07:36:53 AM »


The source to Hiltons software is fascinating, though whoever decompiled it didn't reverse the dotfuscator. I've been looking through the code (I'm a highly experienced programmer but I don't know csharp and the function names are wiped out so it's slow going), most of it revolves around encryption and licensing, which was pretty easy to bypass, all I want is to be able to read+write my own bins using DICE.

also I agree with vollmer on everything he said, and for sure whatever I come up with will be shared freely with everyone in the community. its an aging platform, no sense keeping everything proprietary this long
« Last Edit: October 23, 2022, 07:40:18 AM by rlinewiz » Logged

2005 S60R M66-Swapped // Self-tuned @ 22psi
[[forever coding for the OpenMoose project]]
s60rawr
Full Member
***

Karma: +19/-1088
Offline Offline

Posts: 170



« Reply #1715 on: October 23, 2022, 09:34:37 AM »

The source to Hiltons software is fascinating, though whoever decompiled it didn't reverse the dotfuscator. I've been looking through the code (I'm a highly experienced programmer but I don't know csharp and the function names are wiped out so it's slow going), most of it revolves around encryption and licensing, which was pretty easy to bypass, all I want is to be able to read+write my own bins using DICE.

also I agree with vollmer on everything he said, and for sure whatever I come up with will be shared freely with everyone in the community. its an aging platform, no sense keeping everything proprietary this long

yea i have a fork someone slapped their own logo on of the hiltons with a license for my car but it encrypts it  Sad if
it was written in framework 3.5. i fucked with it even with a live debugger while i had it reading my car n shit.. that shits over my head tho. im sure someone could  do it easy. im just an idiot
Logged


There is a free flash suite in progres

-Karma Sponge
rlinewiz
Jr. Member
**

Karma: +12/-1
Offline Offline

Posts: 42


« Reply #1716 on: October 23, 2022, 11:21:02 AM »

yea i have a fork someone slapped their own logo on of the hiltons with a license for my car but it encrypts it  Sad if
it was written in framework 3.5. i fucked with it even with a live debugger while i had it reading my car n shit.. that shits over my head tho. im sure someone could  do it easy. im just an idiot

its relatively simple to just roll your own license file, its just an xml file with your user data, the license key is just your name and VIN mixed together and then base64'd, i can provide the specific functions i found in the source. still working on figuring out the bin encryption, so annoying

[edit] also want to note that hiltons flasher program is worthless, the real magic is inside dicedotnet.dll which isn't even obfuscated and can be modified easily. this dll contains everything for reading, writing, logging, and encrypting/decrypting licenses and bins
« Last Edit: October 23, 2022, 02:06:04 PM by rlinewiz » Logged

2005 S60R M66-Swapped // Self-tuned @ 22psi
[[forever coding for the OpenMoose project]]
prometey1982
Sr. Member
****

Karma: +70/-60
Offline Offline

Posts: 323



WWW
« Reply #1717 on: October 23, 2022, 12:22:14 PM »

yea i have a fork someone slapped their own logo on of the hiltons with a license for my car but it encrypts it  Sad if
it was written in framework 3.5. i fucked with it even with a live debugger while i had it reading my car n shit.. that shits over my head tho. im sure someone could  do it easy. im just an idiot
Where did Vollmer go?
Logged

Россия - Великая страна!
https://youtu.be/fup5GzIFdXk
s60rawr
Full Member
***

Karma: +19/-1088
Offline Offline

Posts: 170



« Reply #1718 on: October 23, 2022, 03:54:50 PM »

its relatively simple to just roll your own license file, its just an xml file with your user data, the license key is just your name and VIN mixed together and then base64'd, i can provide the specific functions i found in the source. still working on figuring out the bin encryption, so annoying

[edit] also want to note that hiltons flasher program is worthless, the real magic is inside dicedotnet.dll which isn't even obfuscated and can be modified easily. this dll contains everything for reading, writing, logging, and encrypting/decrypting licenses and bins

i thought the same combing through the dll myself... i was like... all the commands are here.....i just dont have the understanding to do so lol.. ive given it to multiple "fiver" framework reverse engineers and either they didnt understand my goal.... or couldnt do it
Logged


There is a free flash suite in progres

-Karma Sponge
s60rawr
Full Member
***

Karma: +19/-1088
Offline Offline

Posts: 170



« Reply #1719 on: October 23, 2022, 03:57:13 PM »

Where did Vollmer go?

hes around, i talk to em few times  a week. when we're not complaining on here we have irl things Cheesy
you miss em? ahahha
Logged


There is a free flash suite in progres

-Karma Sponge
s60rawr
Full Member
***

Karma: +19/-1088
Offline Offline

Posts: 170



« Reply #1720 on: October 23, 2022, 04:00:50 PM »

its relatively simple to just roll your own license file, its just an xml file with your user data, the license key is just your name and VIN mixed together and then base64'd, i can provide the specific functions i found in the source. still working on figuring out the bin encryption, so annoying

[edit] also want to note that hiltons flasher program is worthless, the real magic is inside dicedotnet.dll which isn't even obfuscated and can be modified easily. this dll contains everything for reading, writing, logging, and encrypting/decrypting licenses and bins

friend sent me this in dotpeek a while ago
« Last Edit: October 23, 2022, 04:02:57 PM by s60rawr » Logged


There is a free flash suite in progres

-Karma Sponge
rlinewiz
Jr. Member
**

Karma: +12/-1
Offline Offline

Posts: 42


« Reply #1721 on: October 23, 2022, 05:07:11 PM »

friend sent me this in dotpeek a while ago
Jetbrains is pretty good for this sort of thing, but its not perfect. I had to rewrite a ton of code to get the hilton flasher to build.. not an easy task in a language I havent learned yet. Worked really well on the dll though

The license functions are pretty interesting, it appears that the functions that decode the license key also set up the comms functions, which makes sense because the VIN will have the info neccessary to set the proper baud rates and addresses etc. Attaching the DLL and just calling the functions manually seems to refuse to work unless you present a valid license first.. currently I'm attempting to create a fake license, and recompile the DLL modified to accept any license key..

[edit] here's the untouched source, no modifications except making it ready to build: https://drive.google.com/file/d/1neHD_bBAc2-I4Prt8JvhJqzBR2RRv-g1/view?usp=sharing
« Last Edit: October 24, 2022, 07:30:43 AM by rlinewiz » Logged

2005 S60R M66-Swapped // Self-tuned @ 22psi
[[forever coding for the OpenMoose project]]
dikidera
Full Member
***

Karma: +8/-8
Offline Offline

Posts: 149


« Reply #1722 on: October 24, 2022, 08:44:14 AM »

They never learn...if they want good obfuscation they need to write in native code and use something like VMProtect.
Logged
prometey1982
Sr. Member
****

Karma: +70/-60
Offline Offline

Posts: 323



WWW
« Reply #1723 on: October 24, 2022, 11:16:23 AM »

Did anybody try to disassemble VDASH? I tried but couldn't deobfuscate it. I have not enough experience with .NET disassembling. Other option looks like just buy some reflashing and grab CAN messages. VDASH developers just grab these protocols (with SBLs) from dealer early. Or just stole VBF files from dealers VIDA.
Logged

Россия - Великая страна!
https://youtu.be/fup5GzIFdXk
dikidera
Full Member
***

Karma: +8/-8
Offline Offline

Posts: 149


« Reply #1724 on: October 24, 2022, 11:56:00 AM »

I have no experience with .NET either, mostly just x86 and DRM protection with virtualization and such. I just never needed .NET.

But really, what we need to understand is how the CEM stores...software. Personally I like to imagine a small space where CAN commands can be written such as

if(keyfob_double_pressUnlock)
   fold_mirrors();
« Last Edit: October 24, 2022, 11:58:26 AM by dikidera » Logged
Pages: 1 ... 113 114 [115] 116 117 ... 182
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.03 seconds with 17 queries. (Pretty URLs adds 0s, 0q)