Originally Posted by
Jacb
Ben@Weapon X Said:
"The LT5 E99 PCM is insane with the VIN specific encryption. It is rumoured that "someone is in"; however, unless they had help from the backdoor at GM, I will believe it when I see it. GM released this technology on the 2017 trucks and they have yet to be cracked. Now HP Tuners did just get into the 2018 Dodges and they provide a cable, so we shall see what they come up with. I think we just need to start a GoFund me page and toss it up on the black web for the first person to crack it gets the kitty; however, the coding is also VIN specific, so unless there is a key to follow per VIN, each car would be specific.
“GM’s Phase-1 overall process involves multi-factor authentication involving dealer employees and credentials and a Diffie-Hellman 2048-bit key exchange using a SHA-256 hash digest that is unique for each VIN ECM and TCM,” he said. “The main concept to keep in mind is that is not a STATIC security implementation […] Diffie-Hellman 2048/SHA-256, if implemented correctly, is un-crackable, even by the NSA.” Turbowizard illustrated his point further: “Current estimates to crack Diffie-Hellman 1024 is 35,000,000 core years, [such that] it would take 35 million CPU cores 1 year to crack a single key exchange, and the key exchange is unique for each VIN. Diffie-Hellman 2048? Forget about it, not going to happen.”Turbowizard capped off his argument, saying, “I’ve had several trucks tuned over the years, and I hate the emissions crap on these new trucks as much as anyone, but I’m afraid we are nearing the end of an era. Both ominous and saddening, turbowizard’s post garnered loads of attention. Fellow users were quick to label turbowizard a troll, or proclaim that the solution was already there in the form of aftermarket ECMs.“None of the factory instrument cluster, HVAC, audio, BCM, power windows, etc…..NONE of it will work because it has security dependencies on the factory ECM,” said turbowizard. “Every module that communicates with the ECM/TCM uses 2048-bit Diffie-Hellman key exchange with a SHA-256 has…..and aftermarket ECM’s will not have any of that…..useless for a daily or street-driven truck.”