Reverse Engineering an algorythm ?

[meho2481]

Hello guys, i hope this is the right forum for my issue. 

 

So i am working with mainly Mercedes benz vehicles which have a bunch of ECU's inside, most of these have no/little security in place so that you can change values inside them (important for retrofitting options to your car or just customization/QOL changes) but there is 1 ECU in particular where, if you request security level xy it sends you an 8 Byte seed like XX XX XX XX XX XX XX XX and wants a 8 Byte Key in return, would it be, from a mathematical or programming standpoint be possible, that if i provide like 2-3 Seed/Key combinations, to reverse engineer the algorythm ? im sorry if all of this sounds dumb but i dont have much if any CS experience and was just wondering if that would be possible ? 

 

[Vishera]

There is a possibility that it's not made by an algorithm,but a key that is tied to the individual ECU.

Anyway in that situation you need a hacker or a security specialist to either crack the key or bypass it.

[Radium_Angel]

4 minutes ago, meho2481 said:

Hello guys, i hope this is the right forum for my issue. 

 

So i am working with mainly Mercedes benz vehicles which have a bunch of ECU's inside, most of these have no/little security in place so that you can change values inside them (important for retrofitting options to your car or just customization/QOL changes) but there is 1 ECU in particular where, if you request security level xy it sends you an 8 Byte seed like XX XX XX XX XX XX XX XX and wants a 8 Byte Key in return, would it be, from a mathematical or programming standpoint be possible, that if i provide like 2-3 Seed/Key combinations, to reverse engineer the algorythm ? im sorry if all of this sounds dumb but i dont have much if any CS experience and was just wondering if that would be possible ? 

 

Personally, I'd hit up a MB aftermarket forum, they are likely to have more insight

[Vishera]

Also you can use a brute force attack - try all of the possible combinations,it will take a while.

[meho2481]

6 minutes ago, Vishera said:

There is a possibility that it's not made by an algorithm,but a key that is tied to the individual ECU.

Anyway in that situation you need a hacker or a security specialist to either crack the key or bypass it.

Hey thanks for the quick answer. 

 

It definitely is an algorithm as confirmed by some people i've talked to. 

 

4 minutes ago, Radium_Angel said:

Personally, I'd hit up a MB aftermarket forum, they are likely to have more insight

Sadly this topic in general cannot be found on most forums. 

 

 

Another thing is that some dlls for the calculation of some seeds are publicly available but they aren't for the right security level, could it be possible to see whats inside the dll file ? 

[Vishera]

Just now, meho2481 said:

Hey thanks for the quick answer. 

 

It definitely is an algorithm as confirmed by some people i've talked to. 

 

Sadly this topic in general cannot be found on most forums. 

 

 

Another thing is that an some dlls for the calculation of some seeds are publicly available but they aren't for the right security level, could it be possible to see whats inside the dll file ? 

I suspect we cannot help you.

7 minutes ago, Vishera said:

Anyway in that situation you need a hacker or a security specialist to either crack the key or bypass it.

 

[Vishera]

I found this forum,which is all about ECU hacking:

https://ecuhacking.activeboard.com/

[meho2481]

thank you so much for your quick help and advice dude 

[Radium_Angel]

17 minutes ago, meho2481 said:

could it be possible to see whats inside the dll file ? 

I believe .dll de-compilers exist, see if this can help

https://www.nirsoft.net/utils/dll_export_viewer.html

 

[Sauron]

27 minutes ago, meho2481 said:

would it be, from a mathematical or programming standpoint be possible, that if i provide like 2-3 Seed/Key combinations, to reverse engineer the algorythm ?

That depends entirely on what the algorithm is. The entire field of cryptography is dedicated to finding algorithms that make it nigh on impossible to find the input starting from the output without trying every possible combination - if any of those are used then no, you can't do it. If it's something very simple (e.g. "take the password and return the sum of its bits times 3") then it's possible you could figure it out with a few sample inputs. If it's anything security related it should be the former though.