NefMoto > Technical > Flashing and Chipping > FRF and SGO - Differences?
Pages: 1 ... 6 7 [8]
« previous next »
Author Topic: FRF and SGO - Differences?  (Read 117797 times)
d3irb
Full Member
***

Karma: +134/-1
Offline Offline

Posts: 195
« Reply #105 on: August 25, 2021, 03:48:34 PM »
Quote from: gremlin on October 12, 2020, 07:54:36 AM
This TCU use 256 bytes encryption table and LZZ-compression.

Here is the encryption algorithm for compression/encryption "0x11" for DQ250-MQB:

https://github.com/bri3d/VW_Flash/blob/master/lib/crypto/dsg.py

This one is interesting because it isn't a real accepted crypto algorithm (like AES) or an XOR keystream algorithm (like older Bosch) - it's a progressive substitution cipher.

Here's the substitution key data:

https://github.com/bri3d/VW_Flash/blob/master/data/mqb_dsg_key.bin

The compression algorithm is LZSS so my existing decompressor seems to work - I am not sure about the comments made elsewhere in this thread about the data stream looking different from Simos/"Audi" LZSS, maybe someone was looking at the encrypted data instead of the compressed data?

https://github.com/bri3d/VW_Flash/blob/master/extractodx.py now has a `--dsg` flag to extract MQB DSG ODXes - I tested on a few and it produced good looking binaries.

I think the algorithm is similar for some other DSG models but with different 256-byte cypher data.

To figure this out wasn't so bad, I downloaded a DSG bench read from this very thread and loaded it up in Ghidra (it's Tricore, so 0x80000000 base address). The DSG's UDS handler is a simple switch construct so it was pretty easy to find, and then inside of the 0x36 TransferData handler there's a call to a routine that both decrypts and decompresses a block, with a simple xref to the key data. I've attached a screenshot of the decryption method as Ghidra pseudocode for the curious, although the Python implementation linked above is probably easier to read.
« Last Edit: August 29, 2022, 11:46:25 AM by d3irb » Logged
prj
Hero Member
*****

Karma: +1072/-480
Offline Offline

Posts: 6035
« Reply #106 on: August 26, 2021, 04:43:19 AM »
Since Python seems to be the name of the game, and we're posting old stuff.
Here's something I made a long time ago.

This just breaks all of the XOR faux security on the fly. As long as it's BCB + XOR encrypted, you don't need the key.

Remember to XOR by 0xFF first, before applying this algorithm, if you're dealing with SGO.

Code:
def deleterepeat(s):
	s = binascii.hexlify(s)
	i = (s+s).find(s, 1, -1)
	return binascii.unhexlify(s) if i == -1 else binascii.unhexlify(s[:i])

def stripBCBHead(imgxor):
	return imgxor[imgxor.index(b"\x1A\x01") + 2:]

def freqtable(data, klen):
	freqtable = {}
	for x in range (0, klen):
		curfreq = {}
		for y in range (0, 256):
			curfreq[y] = 0
		freqtable[x] = curfreq

	for nr in range(len(data)):
		freqtable[nr % klen][data[nr]] += 1
		
	return freqtable

def findXORkeyfreq(bcbdata, byte, confidence, maxlen):
	data = stripBCBHead(bcbdata)
	keyFound = False
	key = bytearray()
	debug = config.getint("main", "debug", fallback=0)

	for curlen in reversed(range(4, maxlen+1)):
		fqtable = freqtable(data, curlen)
		key = bytearray(curlen)
		
		avgconf1 = 0
		for fqpos in sorted(fqtable):
			sortedlist = sorted(fqtable[fqpos].items(), key=lambda x: x[1], reverse=True)
			avgconf1 += 100 - sortedlist[1][1]/sortedlist[0][1]*100
			key[fqpos] = sortedlist[0][0] ^ byte
		
		avgconf1 = avgconf1/curlen
		
		if (avgconf1 >= confidence):
			key = deleterepeat(key)
			return key
	return b""

Call like:
findXORkeyfreq(bcbdata, 0xFF, 50, 32)

Recommend calling it on the biggest section or just foreach all sections until a key is found, etc...
« Last Edit: August 26, 2021, 04:53:03 AM by prj » Logged
PM's will not be answered, so don't even try.
Log your car properly - WinOLS database - Tools/patches
gremlin
Hero Member
*****

Karma: +196/-9
Offline Offline

Posts: 653
« Reply #107 on: August 26, 2021, 10:08:08 PM »
Quote from: d3irb on August 25, 2021, 03:48:34 PM
I think the algorithm is similar for some other DSG models but with different 256-byte cypher data.

You are right.
At least 20 variants of 256 encrypted data tables are used in DSG TCU control units.
Logged
dstar
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 7
« Reply #108 on: December 13, 2021, 05:34:39 AM »
Hello.
But what about other modules? For example I have one A6 dashboard also with encryption 11. It is Bosch with Fujitsu MCU, in the ODX there are RSA keys and data sectors:

              <SHORT-NAME>FD_1DATA</SHORT-NAME>
              <LONG-NAME>1 DATA</LONG-NAME>
              <DATAFORMAT SELECTION="BINARY"/>
              <ENCRYPT-COMPRESS-METHOD TYPE="A_BYTEFIELD">11</ENCRYPT-COMPRESS-METHOD>

Does any one knows the encryption algorithm 11 for Fujitsu?
Thanks.




 
« Last Edit: December 14, 2021, 04:40:16 PM by dstar » Logged
Pages: 1 ... 6 7 [8]
  Print  
« previous next »
 
Jump to:  

Navigation
Personal Tools
  • November 23, 2024, 06:33:17 AM
  • Welcome, Guest. Please login or register.
    Did you miss your activation email?

    Login with username, password and session length
Search
 
Advanced Search
About Disclaimer
All Rights Reserved 2010 Nefarious Motosports
Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.016 seconds with 17 queries. (Pretty URLs adds 0s, 0q)