ECU cracker
08-31-13, 10:35 AM
#1
Driver School Candidate
Thread Starter
Join Date: Aug 2013
Location: Georgia
Posts: 6
Likes: 0
Received 0 Likes
on
0 Posts
ECU cracker
So I have been reading posts on this uncrackable ecu situation, I'm interested in undertaking the problem, but needed a few answers... So the first thing is I'm about to build a 5 grand sever for desktop for gpu cracking with 448 cores that process data as fast as 1.15GHz and or security protocols. The first things I'd need to know is there a connector from ecu to usb or would there have to be a custom build for it. The second being the bosch encryption, how is it encrypted (AES, serpent , custom), the hash algorithm (whirlpool, SHA-512).
I'm sure people will say its impossible and pros can't do it blah blah, but there is not such thing as uncrackable in the crypto world, it's all about time. Thoughts and comments welcome, no haters, if you don't like some make it constructive.
I'm sure people will say its impossible and pros can't do it blah blah, but there is not such thing as uncrackable in the crypto world, it's all about time. Thoughts and comments welcome, no haters, if you don't like some make it constructive.
08-31-13, 10:42 AM
#2
Driver School Candidate
Thread Starter
Join Date: Aug 2013
Location: Georgia
Posts: 6
Likes: 0
Received 0 Likes
on
0 Posts
oh another side note, anyone who knows of previous problems in cracking this would help too, and if anyone know where the base map is stored on the ecu.
08-31-13, 01:53 PM
#5
Racer
I have no answers to any of your questions but good luck buddy 
08-31-13, 04:57 PM
#7
Hey man I'm with you on cracking the ECU. I'm a Principal Software Engineer so I'm well aware of the time it can possibly take to crack encryption. With one supercomputer it will take you a while to do it still. There is one small tid bit I've heard that hasn't been verified, but if you send a command to the ECU that it wasn't inspecting it will lock out all communications. I don't know how true that is.
A wish of mine is for someone to give us an ICD so we at least know what commands we can send to the ECU. They don't have to publish the decryption...just give us something.
A wish of mine is for someone to give us an ICD so we at least know what commands we can send to the ECU. They don't have to publish the decryption...just give us something.
Trending Topics
08-31-13, 07:11 PM
#9
Pole Position
Join Date: Jun 2010
Location: NOVA
Posts: 357
Likes: 0
Received 0 Likes
on
0 Posts
CTO here with C/C++/java/MIPS/Objective-C/C#/Fortan/....etc experience who used to decompile Subaru ROMs with IDA Pro to help add speed density fueling. I also hack some CUDA/MPI code on my 3 GPU home work station.
So, how exactly do you plan to attack that unkown number Bosch keys locking down out ECUs? Consider my resources available.
So, how exactly do you plan to attack that unkown number Bosch keys locking down out ECUs? Consider my resources available.
08-31-13, 10:52 PM
#10
My brain just liquified and drained out of my ear and is now a puddle of molten glomulets on my bedroom floor as I tried to comprehend how u guys are smart enough to even attempt this. Godspeed be with u.
09-01-13, 04:53 AM
#11
Driver School Candidate
Join Date: May 2006
Location: N.I
Posts: 37
Likes: 0
Received 0 Likes
on
0 Posts
So I have been reading posts on this uncrackable ecu situation, I'm interested in undertaking the problem, but needed a few answers... So the first thing is I'm about to build a 5 grand sever for desktop for gpu cracking with 448 cores that process data as fast as 1.15GHz and or security protocols. The first things I'd need to know is there a connector from ecu to usb or would there have to be a custom build for it. The second being the bosch encryption, how is it encrypted (AES, serpent , custom), the hash algorithm (whirlpool, SHA-512).
I'm sure people will say its impossible and pros can't do it blah blah, but there is not such thing as uncrackable in the crypto world, it's all about time. Thoughts and comments welcome, no haters, if you don't like some make it constructive.
I'm sure people will say its impossible and pros can't do it blah blah, but there is not such thing as uncrackable in the crypto world, it's all about time. Thoughts and comments welcome, no haters, if you don't like some make it constructive.
1. Hardware level communications to the ecu is through Propritory hardware and communications protocols. The ECU uses 3 custom Jtag interfaces
2. User level Comms are Done through CANBUS, this is a seperate layer from hardware and off no significance in this matter
3. ALL hardware and its controlling environment within any denso ECU is totally beposke to Denso corporation
4. and before posting some research may have led you to the fact that the ecu is DENSO not BOSCH
09-01-13, 09:32 AM
#12
Pole Position
Join Date: Jun 2010
Location: NOVA
Posts: 357
Likes: 0
Received 0 Likes
on
0 Posts
That looks like a Typical script kiddie Post TBH.
1. Hardware level communications to the ecu is through Propritory hardware and communications protocols. The ECU uses 3 custom Jtag interfaces
2. User level Comms are Done through CANBUS, this is a seperate layer from hardware and off no significance in this matter
3. ALL hardware and its controlling environment within any denso ECU is totally beposke to Denso corporation
4. and before posting some research may have led you to the fact that the ecu is DENSO not BOSCH
1. Hardware level communications to the ecu is through Propritory hardware and communications protocols. The ECU uses 3 custom Jtag interfaces
2. User level Comms are Done through CANBUS, this is a seperate layer from hardware and off no significance in this matter
3. ALL hardware and its controlling environment within any denso ECU is totally beposke to Denso corporation
4. and before posting some research may have led you to the fact that the ecu is DENSO not BOSCH
https://www.clublexus.com/forums/is-...cu-tuning.html
Jtag access has been neutered along with locking down the ecu if bad comands are sent. I could be wrong. It doesn't matter though. Unless I'm confident I can setup my bench with jtag access or other means to recover a locked out or bad flash, it's simply not worth the risk. I had multiple ecus for my Subaru since they weren't keyed to the car, and they were cheap.
But hey, if someone can get me a rom, I can help crack, and know I can help map it's tables. I'm more software than hardware guy.
Ok, brevity out the door and numb leg on the toilet.
09-01-13, 10:08 AM
#13
Driver School Candidate
Join Date: May 2006
Location: N.I
Posts: 37
Likes: 0
Received 0 Likes
on
0 Posts
On the phone here so excuse my brevity. Regardless of his script kiddy ness, I'm pretty sure Lexus uses Bosch hardware.
https://www.clublexus.com/forums/is-...cu-tuning.html
Jtag access has been neutered along with locking down the ecu if bad comands are sent. I could be wrong. It doesn't matter though. Unless I'm confident I can setup my bench with jtag access or other means to recover a locked out or bad flash, it's simply not worth the risk. I had multiple ecus for my Subaru since they weren't keyed to the car, and they were cheap.
But hey, if someone can get me a rom, I can help crack, and know I can help map it's tables. I'm more software than hardware guy.
Ok, brevity out the door and numb leg on the toilet.
https://www.clublexus.com/forums/is-...cu-tuning.html
Jtag access has been neutered along with locking down the ecu if bad comands are sent. I could be wrong. It doesn't matter though. Unless I'm confident I can setup my bench with jtag access or other means to recover a locked out or bad flash, it's simply not worth the risk. I had multiple ecus for my Subaru since they weren't keyed to the car, and they were cheap.
But hey, if someone can get me a rom, I can help crack, and know I can help map it's tables. I'm more software than hardware guy.
Ok, brevity out the door and numb leg on the toilet.
Nope the ISF runs 100% denso Hardware and design principals in Both Engine management control, and its components. The ISF was a testbed for many of Densos New hardware and control principals such as VVtIE
09-01-13, 05:02 PM
#14
Driver School Candidate
Thread Starter
Join Date: Aug 2013
Location: Georgia
Posts: 6
Likes: 0
Received 0 Likes
on
0 Posts
To bigcloud, is there anything to support this, or anything as far as the language it uses.
To bondango, on the forums they were talking of a bosch encrytion or maybe it was bosch design similar i'm assuming to the charger ecus. and 3 companies in japan supposedly have interfaces to the ecu to flash it and tune it to an extent. yes its denso and ecu says it but again bosch involvement.
To tgui, Jtag access has been neutered along with locking down the ecu if bad comands are sent, by who and neutered as in not implemented anymore, and I would buy a test ecu on the side not working on my own duh. Any knowledge on usb interfaces or what those lexus authorized to tune ecu (trd, sard, and i don't remember) usb hopefully.
To bondango, on the forums they were talking of a bosch encrytion or maybe it was bosch design similar i'm assuming to the charger ecus. and 3 companies in japan supposedly have interfaces to the ecu to flash it and tune it to an extent. yes its denso and ecu says it but again bosch involvement.
To tgui, Jtag access has been neutered along with locking down the ecu if bad comands are sent, by who and neutered as in not implemented anymore, and I would buy a test ecu on the side not working on my own duh. Any knowledge on usb interfaces or what those lexus authorized to tune ecu (trd, sard, and i don't remember) usb hopefully.
Last edited by Chaos64; 09-01-13 at 05:18 PM.
09-01-13, 05:22 PM
#15
Driver School Candidate
Thread Starter
Join Date: Aug 2013
Location: Georgia
Posts: 6
Likes: 0
Received 0 Likes
on
0 Posts
Also I'm more of a hardware guy, hence a tesla supercomputer build for data crunching, my buddy on subs is the software language guy. (He hacked all the Navy crypto guys barracks rooms halarious, there jobs being security) I'm not much for that, I do some C+ and java, etc, but the his knowledge is way beyond mine.