VGS4NAG2 Issue

[lndmnn]

Hey there,

when using the just implemented VGS4NAG2 with the following Seed, the Script crashes.

Maybe the K-Key with 00 at the End is the Problem?

Seed: 79b69e7c25204e01

Edit: This Key should come out 89 E0 E2 2A Edit2: Got this Value for K out of Ghidra and the working DLL. But it does not calculate the same.. K:33582589

[jglim]

Hello,

The "K" parameter for DaimlerStandardSecurityAlgo requires a 4-byte array.

In https://github.com/jglim/UnlockECU/commit/3f0199b7bc64ca47656dd912ff0f3d002477dc16#diff-3673c03c81c1a1d4b94a23e7bc5554d707a513ba21cd70a9f7601fcade99a852L8125 , the "K" parameter was changed from 33580000 to 335800. Do you happen to know the reason for the change?

My original value of 33580000 seems to be incorrect as well. I have checked VGS4NAG2_vgs4nag2_2_12_06_01 manually, and the correct value seems to be 33582589. If 33582589 works for you, please let me know and I will update the database.

[lndmnn]

Hello,

oh, maybe i am the reason for that :)

33582589 does not work, as UnlockECU calculates the Key BA B8 C7 A3 with the Seed 79b69e7c25204e01. The DLL calculates 89 E0 E2 2A with the Seed. So there must be another problem.

[jglim]

When the computation is reversed in this manner:

ReverseKey(new byte[] { 0x79, 0xb6, 0x9e, 0x7c, 0x25, 0x20, 0x4e, 0x01 }, new byte[] { 0xBA, 0xB8, 0xC7, 0xA3 });
ReverseKey(new byte[] { 0x79, 0xb6, 0x9e, 0x7c, 0x25, 0x20, 0x4e, 0x01 }, new byte[] { 0x89, 0xE0, 0xE2, 0x2A });

The corresponding results are:

Reversed DSSA key: 00000000
Reversed DSSA key: 33582589

I can't replicate the error that you are experiencing, though it shows that the "wrong" result is using a "K" value of 00000000. Could you check if there is something that I might have missed?

Below is the test definition:

  {
    "EcuName": "Test for K=33582589",
    "Aliases": [],
    "AccessLevel": 9,
    "SeedLength": 8,
    "KeyLength": 4,
    "Provider": "DaimlerStandardSecurityAlgo",
    "Origin": "Test for K=33582589",
    "Parameters": [
      {
        "Key": "K",
        "Value": "33582589",
        "DataType": "ByteArray"
      }
    ]
  },

[lndmnn]

That's strange. The DLL VGS4NAG2_vgs4nag2_2_12_06_01 only contains Level 5. You are using Level 9 and do get the result of Level 5 of the DLL

[jglim]

Please ignore the level, sorry. I copied a random definition that used the same algorithm, and changed the "K" value to check if it was working. The level is unrelated.

[lndmnn]

I think i might need some more sleep ;)

Please try with this Database-File. I

db.zip

[lndmnn]

Just got it working with the Release you published. I executed this right off Visual Studio. Maybe there is anything wrong.

[Szadam88]

Hello I've noticed this issue:

I suppose, { "Key": "X73", "Value": "XE", "DataType": "Byte" } this cant be correct

[jglim]

Hey Ádám, thanks for pointing that out. That definitely looks off, and I'm still trying to figure out how that invalid value got there (https://github.com/jglim/UnlockECU/commit/3f0199b7bc64ca47656dd912ff0f3d002477dc16). Will get back again when I have answers

[jglim]

@Szadam88 just an update on the issue, I've checked the origin DLL and verified the parameters again. The last parameter "X73" was incorrect as it accidentally included the "X" prefix in "0xE".

I have updated the definition to fix this issue. Thanks again for your contribution!