Page 1 of 5 123 ... LastLast
Results 1 to 10 of 50

Thread: Seed/Key, what is the purpose?

  1. #1
    Lifetime Member N0DIH's Avatar
    Join Date
    Jan 2006
    Posts
    467

    Default Seed/Key, what is the purpose?

    Ok, this might be obvious to some, but honestly I have posed the question to many and got no answer.

    What it the purpose in life for the Seed/Key? In all honesty, it ISN'T security, it is too easy to get. So what else? Simply to ensure the right .bin goes with the right PCM?

    Just wondering!

  2. #2
    Lifetime Member Chuck CoW's Avatar
    Join Date
    Feb 2006
    Posts
    471

    Default Seeds grow plants......

    Quote Originally Posted by N0DIH View Post
    Ok, this might be obvious to some, but honestly I have posed the question to many and got no answer.

    What it the purpose in life for the Seed/Key? In all honesty, it ISN'T security, it is too easy to get. So what else? Simply to ensure the right .bin goes with the right PCM?

    Just wondering!
    Seeds grow plants......and keys open locks.

    It actually is security cause it can take weeks sometimes (trying every 8 seconds) to get a match....

    the seed and key are in HEX and actually represent WAY MORE combinations than they than they appear to.

    You need to have BOTH the seed and key "correct" to open the lock.

    The possible combinations are huge considering the 4 hex digits in each part.

    Remember HEX is base 16....not base 10.

    Chuck CoW
    CoW BOOSTER! Electronic Throttle Enhancement.

    - CLICK HERE NOW FOR MORE INFORMATION! -

    VARARAM, EDELBROCK, AMERICAN RACING HEADERS, BAER BRAKES, BORLA, EFI Live, Magnuson,
    COMP Cams, PROCHARGER, PRO TORQUE, PHADT Racing, INNOVATORS WEST, and more.



  3. #3
    Lifetime Member GMPX's Avatar
    Join Date
    Apr 2003
    Posts
    13,148

    Default

    Each controller uses a different seed/key algorithm. This ensures that you can't accidentaly try to program a LS1 PCM with a Diesel tune, nor can anyone just blatantly reprogram the PCM without figuring out each controllers security algo.

    For example (and this is very simplified).
    Assume a LS1 PCM sends back a seed of $2000. The algo to calculate the unlock key is simply to add 1, EFILive would send back a key of $2001 and bingo the PCM is unlocked and you can proceed to reflash the ECM.
    Now, lets say on a Diesel ECM the algo was to add 2, then EFILive would send back a key of $2002.
    This way there is no way the Diesel ECM would allow the LS1 tune to be flashed as the key would be wrong, EFILive knows what controller it is trying to flash and therefore the algo to calcualte the key will only work on that controller type.
    Each PCM has a brute force timer to stop multiple requests of invalid keys, so if you send the wrong key twice then the PCM won't allow another attempt for 10 seconds, multiply that by 65533 possible key values and it kind of drags out a bit.
    For myself, I can have the flash chip off, reprogrammed in a EPROM burner and back on in about 20mins with a valid seed/key pair if the PCM was locked.

    I don't think GM's intention behind the seed/key was fort knox type security, it serves it's simple purpose well. I have tried to figure out if there is any backdoors left open by GM but there isn't, they thought it out quite well.

    Cheers,
    Ross
    I no longer monitor the forum, please either post your question or create a support ticket.

  4. #4
    Lifetime Member N0DIH's Avatar
    Join Date
    Jan 2006
    Posts
    467

    Default

    Where is the S/K stored? Is it software in the flash or in another E^2 somewhere else? Or is it in the processesors' EEPROM?

    Quote Originally Posted by GMPX View Post
    Each controller uses a different seed/key algorithm. This ensures that you can't accidentaly try to program a LS1 PCM with a Diesel tune, nor can anyone just blatantly reprogram the PCM without figuring out each controllers security algo.

    For example (and this is very simplified).
    Assume a LS1 PCM sends back a seed of $2000. The algo to calculate the unlock key is simply to add 1, EFILive would send back a key of $2001 and bingo the PCM is unlocked and you can proceed to reflash the ECM.
    Now, lets say on a Diesel ECM the algo was to add 2, then EFILive would send back a key of $2002.
    This way there is no way the Diesel ECM would allow the LS1 tune to be flashed as the key would be wrong, EFILive knows what controller it is trying to flash and therefore the algo to calcualte the key will only work on that controller type.
    Each PCM has a brute force timer to stop multiple requests of invalid keys, so if you send the wrong key twice then the PCM won't allow another attempt for 10 seconds, multiply that by 65533 possible key values and it kind of drags out a bit.
    For myself, I can have the flash chip off, reprogrammed in a EPROM burner and back on in about 20mins with a valid seed/key pair if the PCM was locked.

    I don't think GM's intention behind the seed/key was fort knox type security, it serves it's simple purpose well. I have tried to figure out if there is any backdoors left open by GM but there isn't, they thought it out quite well.

    Cheers,
    Ross

  5. #5
    Senior Member
    Join Date
    Feb 2008
    Posts
    169

    Default

    I am with N0dih

    1999 CK10906
    Delivering Dealer :
    • ISUZU GENERAL MOTORS AUSTRALIA LTD.
    • 858 LORIMER ST.
    • MELBOURNE , AU 3207



    ************************************************** ********************

    VIT2 data

    ************************************************** ********************

    ssecuhn =
    vin = %s %s ----------
    snoet =
    vmecuhn = 0
    ssecusvn = 0
    ecu_adr = 10
    num_part = 0
    numcms = 1
    blocklen = 112
    disp_type = 1
    protocol = 1
    swcompat_id = ffffffff
    diagdata_id = 65535
    shopcode =
    progdate = 00000000
    pinnum = 0
    numseeds = 1
    event_type = 1
    seed = 4cde
    config_area_size = 0
    id = a7
    chksum = 5789

    table_len = 0
    nav_info = 0000004d
    reserved = 0
    post_prog_instructions =

    OSDI # = 9365095T
    PCM # = 9366810
    # of cal Segments = 7
    Security Algorithim = 16
    Read Algorithim = 5
    Program Algorithim = 7







    ************************************************** ********************
    This is from a Cadillac Northstar

    ************************************************** ********************

    VIT1 data

    ************************************************** ********************

    ssecuhn =
    vin =
    snoet =
    vmecuhn =
    ssecusvn = 65535
    ecu_adr = 10
    num_part = 1
    partno = 12585589
    partnum = 12585589
    sub_asm = 12585667-54635
    sub_asm = 12573807-7051
    cvn_in_vit1 = 1
    numcms = 1
    blocklen = 0
    disp_type = 0
    protocol = 1
    swcompat_id = ffffffff
    diagdata_id = 65535
    shopcode =
    progdate = FFFFFFFF
    pinnum = 0
    numseeds = 1
    seed = 4CDE
    ecu_config_data_length = 0
    id = a7
    chksum = 0
    table_len = 0
    nav_info = FFFFFFFF, FFFFFFFF, FFFFFFFF, FFFFFFFF, FFFFFFFF
    reserved = -1
    numcms = 1
    config_area_size = 0
    devicetype = J2534
    requesttype = dr-request

    ************************************************** ********************
    The rest is

    Oh I guess I will post this. It is the Speed limiter




    Yeah I am just a caddy tech that doesn't know anything

  6. #6
    Senior Member
    Join Date
    Feb 2008
    Posts
    169

    Default

    Quote Originally Posted by GMPX View Post
    For myself, I can have the flash chip off, reprogrammed in a EPROM burner and back on in about 20mins with a valid seed/key pair if the PCM was locked.

    Cheers,
    Ross
    I was unaware of that. So I can have the seed and key changed when I get the RoadRunner in the SIMTEC 5.G PCM?

  7. #7
    Lifetime Member GMPX's Avatar
    Join Date
    Apr 2003
    Posts
    13,148

    Default

    Quote Originally Posted by N0DIH View Post
    Where is the S/K stored? Is it software in the flash or in another E^2 somewhere else? Or is it in the processesors' EEPROM?
    It's stored on the flash (for most ECM's), but that is the point, to gain access to the flash (via the OBD-II port) you need to know the key to get in, you can't 'get' the key from the flash without knowing the key.
    Pretty much like locking your keys in the car, you can't get in via the door without the key. Once in the car, you can get the key to get in the door, but at that point you are already in
    I no longer monitor the forum, please either post your question or create a support ticket.

  8. #8
    Lifetime Member GMPX's Avatar
    Join Date
    Apr 2003
    Posts
    13,148

    Default

    Quote Originally Posted by CalEditor View Post
    I was unaware of that. So I can have the seed and key changed when I get the RoadRunner in the SIMTEC 5.G PCM?
    Yes you could do that once you pull the flash off. I have several of those PCM's here but I have just never had the chance to pull the flash off the PCB to look at how the flash is arranged (apart from being Intel backwards )

    Cheers,
    Ross
    I no longer monitor the forum, please either post your question or create a support ticket.

  9. #9
    Senior Member
    Join Date
    Feb 2008
    Posts
    169

    Default

    Quote Originally Posted by GMPX View Post
    Yes you could do that once you pull the flash off. I have several of those PCM's here but I have just never had the chance to pull the flash off the PCB to look at how the flash is arranged (apart from being Intel backwards )

    Cheers,
    Ross
    Backwards?
    What is it that you need to give me a VDF or what ever you call it?
    I have more.

  10. #10
    Senior Member
    Join Date
    Feb 2008
    Posts
    169

    Default


Page 1 of 5 123 ... LastLast

Similar Threads

  1. Dual purpose PCM pin outputs
    By Whippled 496 in forum General (Petrol, Gas, Ethanol)
    Replies: 4
    Last Post: May 1st, 2009, 07:01 AM
  2. Locked PCM seed: $0FAA HELP!!
    By onegonewild in forum Gen III V8 Specific
    Replies: 2
    Last Post: September 3rd, 2008, 01:54 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •