search

jglim / UnlockECU

Free, open-source ECU seed-key unlocking tool.
MIT License
256 stars 55 forks source link

BMW DME #8

Closed brandonros closed 2 years ago

brandonros commented 3 years ago

It is some kind of RSA stuff with a private key that is inside the BTLD (CBOOT / bootloader).

Some examples:

{"sourceId":"f4","destinationId":"12","payload":"27 11 ffffffff"} # request seed level 11
{"sourceId":"f4","destinationId":"12","payload":"27 12 00000020db48a249fcfd3896a63dfda3be1408be9129fc2e975f137f7b60f8d6b3526b65ffe0b5284e57ca16293c51578012081588c5596e961caed11fcef754487c06beedfb267d8c2709c9bb0a8b0f233b930a2b2ffb49b5a5ee7c7acd3f20f156c968167aecc0e7da055d78cd431e8db21e97e10eaf197dd0aca5d68280d149d30cd8"} # send key level 12
67 11 d74aa7bf9f94f57c
67 11 51a19207eb6ef007
67 11 1bdef6b4bd11f513
67 11 6f08390c0d820e4a

I will respond when I figure out more.

mrt-135 commented 3 years ago

the booltlowders are not in the same place man