Close

Page 2 of 5 FirstFirst 1234 ... LastLast
Results 26 to 50 of 120
  1. #26
    Join Date
    Jul 2010
    Posts
    79
    Rep Points
    45.0
    Mentioned
    6 Post(s)
    Rep Power
    0


    Reputation: Yes | No
    Time... luck and a 10k investment in a test setup

  2. #27
    Join Date
    Jan 2010
    Location
    SoCal
    Posts
    117,202
    Rep Points
    31,315.4
    Mentioned
    2056 Post(s)
    Rep Power
    314


    Reputation: Yes | No
    Click here to enlarge Originally Posted by RTA Click here to enlarge
    Time... luck and a 10k investment in a test setup
    I think I've mentioned it before but why we can't we break it up into chunks and utilize the combined computing power of the forum?
    Stage 2 or 2.5 E9X M3 S65 V8 supercharger kit for sale: http://www.boostaddict.com/showthrea...r-kit-for-sale

  3. #28
    Join Date
    May 2013
    Posts
    2,930
    Rep Points
    921.6
    Mentioned
    57 Post(s)
    Rep Power
    10



    Reputation: Yes | No
    Click here to enlarge Originally Posted by Sticky Click here to enlarge
    I think I've mentioned it before but why we can't we break it up into chunks and utilize the combined computing power of the forum?
    Yeah, I was just going to say the numbers I hear thrown around don't seem that bad. Even at $10k that could be earned back fairly quickly. I was even thinking about a one time community sale. Everyone from the community pitches in and hires someone to do this, under the contract that it is a one time sale, once sale is done for $XXXX to the company who does the legwork we, the community have full access. Good idea or nah?
    2009 335i coupe back to stock...for now

    Click here to enlarge

  4. #29
    Join Date
    Jan 2010
    Location
    SoCal
    Posts
    117,202
    Rep Points
    31,315.4
    Mentioned
    2056 Post(s)
    Rep Power
    314


    Reputation: Yes | No
    Click here to enlarge Originally Posted by mjmarovi Click here to enlarge
    Yeah, I was just going to say the numbers I hear thrown around don't seem that bad. Even at $10k that could be earned back fairly quickly. I was even thinking about a one time community sale. Everyone from the community pitches in and hires someone to do this, under the contract that it is a one time sale, once sale is done for $XXXX to the company who does the legwork we, the community have full access. Good idea or nah?
    I think it's best to get money first and not count on making anything back.
    Stage 2 or 2.5 E9X M3 S65 V8 supercharger kit for sale: http://www.boostaddict.com/showthrea...r-kit-for-sale

  5. #30
    Join Date
    May 2013
    Posts
    2,930
    Rep Points
    921.6
    Mentioned
    57 Post(s)
    Rep Power
    10



    Reputation: Yes | No
    Click here to enlarge Originally Posted by Sticky Click here to enlarge
    I think it's best to get money first and not count on making anything back.
    I think we're kind of on the same page. I was thinking BB sort of "sponsors" the project, but not before receiving adequate donations from the community. Not even sure who to speak with about it. I can't remember who, but someone mentioned before they could get access but it was going to cost $5k. I guess COBB is/was also aware of this but didn't want to spend the $5k for access, obviously it would cost them more to also figure out the actual tuning and integrate it into the AP after the $5k would be spent on just unlocking it
    2009 335i coupe back to stock...for now

    Click here to enlarge

  6. #31
    Join Date
    Jan 2010
    Location
    SoCal
    Posts
    117,202
    Rep Points
    31,315.4
    Mentioned
    2056 Post(s)
    Rep Power
    314


    Reputation: Yes | No
    Click here to enlarge Originally Posted by mjmarovi Click here to enlarge
    I was thinking BB sort of "sponsors" the project
    As soon as someone sponsors my projects that sounds great.
    Stage 2 or 2.5 E9X M3 S65 V8 supercharger kit for sale: http://www.boostaddict.com/showthrea...r-kit-for-sale

  7. #32
    Join Date
    May 2013
    Posts
    2,930
    Rep Points
    921.6
    Mentioned
    57 Post(s)
    Rep Power
    10



    Reputation: Yes | No
    Click here to enlarge Originally Posted by Sticky Click here to enlarge
    As soon as someone sponsors my projects that sounds great.
    I can't help it the N54 community is just that much larger; for obvious reasons...besides what project does the S65 platform need now? I thought Gintani cracked the TCU and was going to be offering tuning? What else does the S65 need?
    2009 335i coupe back to stock...for now

    Click here to enlarge

  8. #33
    Join Date
    Jan 2010
    Location
    SoCal
    Posts
    117,202
    Rep Points
    31,315.4
    Mentioned
    2056 Post(s)
    Rep Power
    314


    Reputation: Yes | No
    Click here to enlarge Originally Posted by mjmarovi Click here to enlarge
    I can't help it the N54 community is just that much larger; for obvious reasons...besides what project does the S65 platform need now? I thought Gintani cracked the TCU and was going to be offering tuning? What else does the S65 need?
    That's not what I meant at all.
    Stage 2 or 2.5 E9X M3 S65 V8 supercharger kit for sale: http://www.boostaddict.com/showthrea...r-kit-for-sale

  9. #34
    Join Date
    May 2013
    Posts
    2,930
    Rep Points
    921.6
    Mentioned
    57 Post(s)
    Rep Power
    10



    1 out of 1 members liked this post. Reputation: Yes | No
    Click here to enlarge Originally Posted by Sticky Click here to enlarge
    That's not what I meant at all.
    Oh I see, you want your personal project sponsored...now that's just selfish
    2009 335i coupe back to stock...for now

    Click here to enlarge

  10. #35
    Join Date
    Jan 2010
    Location
    SoCal
    Posts
    117,202
    Rep Points
    31,315.4
    Mentioned
    2056 Post(s)
    Rep Power
    314


    Reputation: Yes | No
    Click here to enlarge Originally Posted by mjmarovi Click here to enlarge
    Oh I see, you want your personal project sponsored...now that's just selfish
    It's not really all that different. But in this instance I'd be putting up money for others (again) yet nobody would do the same for me.
    Stage 2 or 2.5 E9X M3 S65 V8 supercharger kit for sale: http://www.boostaddict.com/showthrea...r-kit-for-sale

  11. #36
    Join Date
    May 2013
    Posts
    2,930
    Rep Points
    921.6
    Mentioned
    57 Post(s)
    Rep Power
    10



    Reputation: Yes | No
    Click here to enlarge Originally Posted by Sticky Click here to enlarge
    It's not really all that different. But in this instance I'd be putting up money for others (again) yet nobody would do the same for me.
    What money did you put up for someone? so you're equating your personal project to entire platform the community that without them you would have no forum? Yeah....ok
    2009 335i coupe back to stock...for now

    Click here to enlarge

  12. #37
    Join Date
    Jan 2010
    Location
    SoCal
    Posts
    117,202
    Rep Points
    31,315.4
    Mentioned
    2056 Post(s)
    Rep Power
    314


    Reputation: Yes | No
    Click here to enlarge Originally Posted by mjmarovi Click here to enlarge
    What money did you put up for someone? so you're equating your personal project to entire platform the community that without them you would have no forum? Yeah....ok
    No. I'm equating the money and resources I put up to develop the BB flash and there certainly was no monetary gain from that. Now what, you want this all over again?
    Stage 2 or 2.5 E9X M3 S65 V8 supercharger kit for sale: http://www.boostaddict.com/showthrea...r-kit-for-sale

  13. #38
    Join Date
    Jul 2010
    Posts
    79
    Rep Points
    45.0
    Mentioned
    6 Post(s)
    Rep Power
    0


    Reputation: Yes | No
    Luck luck and about 10k in investment and you need a specialist in the following topic:

    http://www.google.nl/url?sa=t&rct=j&...YVmAdsqehjYWJQ

    ASAM... The underlying software framework of the ZF gearbox seems to be ASAM based.

  14. #39
    Join Date
    Sep 2012
    Location
    Huntsville, AL
    Posts
    143
    Rep Points
    263.4
    Mentioned
    1 Post(s)
    Rep Power
    3


    Reputation: Yes | No
    I think I'm to high to reply but I shall anyways. I refuse to believe that the tcu is that tough to hack. I mean has anyone asked china? $#@! they hack everything. I'm sure they would do it for like tree-fiddy. I bet they already hacked it. It's probably what is required to pass the 3rd grade. Click here to enlargeClick here to enlarge
    07 335i FFTEC 600 Click here to enlarge

  15. #40
    Join Date
    Feb 2014
    Posts
    24
    Rep Points
    84.3
    Mentioned
    0 Post(s)
    Rep Power
    0


    8 out of 8 members liked this post. Reputation: Yes | No
    If (and that's a big IF) the TCU ever gets "hacked", it certainly isn't going to be because someone ran a brute force crack on the key.

    That will likely take many human lifetimes to crack using the fastest computers. Who knows how long the key is.

    It will likely be done using some other exploit.

    The Xbox360 was also impossible to hack from a pure encryption standpoint, until people found out you could hold the reset line down on the CPU for a period of time and cause a glitch (or something of the sort) which opened up a void in the security.

    Also, with all the security Microsoft used, they forgot about the simple and obvious backdoor...the DVD drive firmware. The point is...

    Maybe there is some other method of forcing the TCU to behave in a way we want?

    It's clear that the main goal here is to increase line pressure REQUESTED. Obviously you can't just mechanically force it to max because the TCU monitors shift slip and will compensate. Similar to if you were to turn up the fuel pressure on a car that is running in closed loop.

    The first question is: how does the TCU gauge slip?

    It likely compares the input shaft speed with the output shaft speed. Maybe there is a method to add a time delay to the OSS signal and trick the TCU in to thinking the trans is taking longer to shift.

    What other parameters does the TCU use to control pressure? One clear variable is temperature. Maybe we can modify the thermistor to trick the TCU to thinking the trans is hot or cold and modify the line pressure accordingly?

    Who knows...just ideas.


    Another proposed solution:

    Rather than trying to crack the BMW TCU, maybe we can understand the communication interface (essentially the API between modules) between the TCU and the rest of the car. This could allow us to swap in a Ford TCU (Ford uses very similar ZF transmissions) and have a "translator" box sit on the CAN line for the trans and convert the messages between the two. The Ford ZF TCU's are well understood and able to be flashed.


    But what engineer is going to spend valuable hours on something like this for no real monetary gain?

    They would be better off trying to crack the F30 ecu.

  16. #41
    Join Date
    Jan 2010
    Location
    SoCal
    Posts
    117,202
    Rep Points
    31,315.4
    Mentioned
    2056 Post(s)
    Rep Power
    314


    Reputation: Yes | No
    Interesting first post.
    Stage 2 or 2.5 E9X M3 S65 V8 supercharger kit for sale: http://www.boostaddict.com/showthrea...r-kit-for-sale

  17. #42
    Join Date
    Feb 2014
    Posts
    24
    Rep Points
    84.3
    Mentioned
    0 Post(s)
    Rep Power
    0


    Reputation: Yes | No
    Click here to enlarge Originally Posted by Sticky Click here to enlarge
    Interesting first post.
    Thanks.

    I think that the people who make the JB and Procede (and other CAN snooping/intercepting things) have the best chance of making something happen.

    They seem to know what CAN messages are what and have the ability to modify them.

  18. #43
    Join Date
    Jan 2010
    Location
    SoCal
    Posts
    117,202
    Rep Points
    31,315.4
    Mentioned
    2056 Post(s)
    Rep Power
    314


    Reputation: Yes | No
    Click here to enlarge Originally Posted by Unklejoe Click here to enlarge
    I think that the people who make the JB and Procede (and other CAN snooping/intercepting things) have the best chance of making something happen.
    No. If there isn't money in it they aren't interested.
    Stage 2 or 2.5 E9X M3 S65 V8 supercharger kit for sale: http://www.boostaddict.com/showthrea...r-kit-for-sale

  19. #44
    Join Date
    Nov 2012
    Posts
    412
    Rep Points
    518.6
    Mentioned
    1 Post(s)
    Rep Power
    6


    2 out of 2 members liked this post. Reputation: Yes | No
    Nah you just announce the first annual Bimmerboost Worldwide Automotive Hacking Tournament in hacker forums. First to crack N54 6HP21 TCU wins. Grand Prize includes tour of BB skyscraper & penthouse plus keys to Sticky's M3 for a night. Case of pop tarts and an inflatable girlfriend.

  20. #45
    Join Date
    Feb 2013
    Location
    Maryland
    Posts
    1,525
    Rep Points
    2,416.9
    Mentioned
    61 Post(s)
    Rep Power
    25


    Reputation: Yes | No
    Click here to enlarge Originally Posted by Unklejoe Click here to enlarge
    Thanks.

    I think that the people who make the JB and Procede (and other CAN snooping/intercepting things) have the best chance of making something happen.

    They seem to know what CAN messages are what and have the ability to modify them.
    Welcome.

    So in your mind something that rides the CAN feed and interecepts/relays certain values (real or not) back to the TCU...that's the more viable solution?

    It does seem clear that at this point, there isn't any substantive path forwards towards actual read/write ability on the TCU. And we still don't have a particularly strong understanding of how it interacts with the DME.
    E88 N54 Alpinweiss/Coral Red/Motiv HTA 3586r Tial .82AR/Motiv Port Fuel/BMR 3.5" Exhaust/ER CP/Synapse/VRSF FMIC/Rob Beck PCV Valve + Cap/ST Coilovers/M3 FCA + Tension Rods/M3 Subframe Bushings/M3 FSB/AA Strutbrace/DINAN Camber Plates/Apex ARC-8/Project Kics/VAC Hubs/Rogue Transmission Mounts/Alpina TCU Flash/Icarbon/Kerscher/BMW Performance
    F30 335 X-Drive EBII....Stock
    Click here to enlarge

  21. #46
    Join Date
    Mar 2010
    Location
    AZ
    Posts
    2,726
    Rep Points
    2,462.7
    Mentioned
    40 Post(s)
    Rep Power
    25


    1 out of 1 members liked this post. Reputation: Yes | No
    Click here to enlarge Originally Posted by wtfmarine Click here to enlarge
    I think I'm to high to reply but I shall anyways. I refuse to believe that the tcu is that tough to hack. I mean has anyone asked china? $#@! they hack everything. I'm sure they would do it for like tree-fiddy. I bet they already hacked it. It's probably what is required to pass the 3rd grade. Click here to enlargeClick here to enlarge
    Hack is a very broadly used term. But to discover the private key? Its essentially impossible to do and a waste of time without massive massive amounts of luck. I'm going to take a grain of sand and throw it onto a beach, kick some other sand over it, let the tides come in and out a few times and then tell you to go find it without telling you which beach or even if you're on the right side of the planet. This is not exact math but it gives you the sense of futility involved. Encryption isn't tough because it points a lot of guns at you or anything 'secure' in that sense. It is not secure at all really, especially if you find out the password. It only serves the purpose of security because it inundates you with choices. I believe it has 1024 bit RSA signature, but I'm not sure. I don't think 1024 RSA has ever been hacked by the way, and there are research teams that go out and try to do just that, to be the first ones.


    Click here to enlarge Originally Posted by Unklejoe Click here to enlarge
    If (and that's a big IF) the TCU ever gets "hacked", it certainly isn't going to be because someone ran a brute force crack on the key.

    That will likely take many human lifetimes to crack using the fastest computers. Who knows how long the key is.

    It will likely be done using some other exploit.

    The Xbox360 was also impossible to hack from a pure encryption standpoint, until people found out you could hold the reset line down on the CPU for a period of time and cause a glitch (or something of the sort) which opened up a void in the security.
    Yes, I quit messing with the 360 when this came about but I remember watching this story develop. Had to do with resetting the cpu over and over keeping the cpu in a low clock speed and then using a timing attack to determine if the key they were using was any have any effect on the boot time or something. Took a few days of resetting the 360 if I remember correctly.


    If in fact 1024 bit encryption is used to sign these TCU roms, then we are $#@!ed in terms of brute forcing. I mean, if you all have extra cycles, then perhaps someone can get a rom and figure out how the signature is calculated(RSA?) and then try to brute force this using distributed processing. I mean, I'd run it just for the off chance that I stumbled upon a thousand playmates who wanted to suck my dick for free. On the other hand, the more likely and what I can see as the only option is to get a true hacker on it. We need to figure out what kind of unit this TCU is, I don't even know right now. I need to know what processor it uses. The DME is an Infineon TriCore. Then once we know the processor, we need to find a plugin for Hex Rays IDA Pro and give it to the one of a half dozen reverse engineers I know. I've even ran t his idea by a couple of them and they love the idea of it. I hire reverse engineers for unscrupulous projects I have here and there, typically to get people to reverse engineer encryption algorithms for network communication in games, then I write private servers or whatever I feel like after that. Because of this I know quite a few very skilled reverse engineers. Also chinese 'companies' with teams of people looking for a big job if someone can finance it.

    If someone can provide me more details on this TCU, which all I know is sumberged in the transmission fluid inside the mechatronic or whatever, get me a ROM file, and the hard ware specs on the TCU itself, I can start somewhere. There may be also a different file for flashing the bootloader, likely this would be a dealer only file. I know these files exist for the msd80/1 and they are difficult to find as they include the boot loader in addition to the other things.


    What I need to help plan this and find out whats possible:

    1) Model number of the DCT(I'm lazy)
    2) Module name of the TCU, English, German, etc for researching purposes
    3) Hardware specifications on the TCU, Primarily type of processor, programmable memory ranges
    4) Most importantly, I need a ROM file. More specifically, if it exists and I'm fairly certain it does, a DEALER SPECIFIC rom file which includes the boot loader in it. I want as many different versions of this as possible, especially older ones and the newest ones.
    Last edited by klipseracer; 07-25-2014 at 01:23 PM.
    Click here to enlarge
    Join the largest N5X Enthusiasts Group! 1200+ Members Strong!
    https://www.facebook.com/groups/n5xenthusiasts/

  22. #47
    Join Date
    Mar 2010
    Location
    AZ
    Posts
    2,726
    Rep Points
    2,462.7
    Mentioned
    40 Post(s)
    Rep Power
    25


    1 out of 1 members liked this post. Reputation: Yes | No
    Click here to enlarge Originally Posted by RTA Click here to enlarge
    Luck luck and about 10k in investment and you need a specialist in the following topic:

    http://www.google.nl/url?sa=t&rct=j&...YVmAdsqehjYWJQ

    ASAM... The underlying software framework of the ZF gearbox seems to be ASAM based.
    @RTA

    Please read my post above, as I think you could be the most helpful at this point. I have the reversers. They are experts at x86/ARM assembly and they can learn any other assembly if necessary. I can provide them with all the details for them to look at and see if finding an exploit on the boot loader or tuning values is possible. If so, then perhaps we can crowdsource some of the expense, which I do not see costing a ton to be honest. These guys are quite cheap considering their capabilities. They just help me beat 2048bit network comms encryption by reversing the algorithm and creating my own server issuing my own private key for an online mmo.
    Click here to enlarge
    Join the largest N5X Enthusiasts Group! 1200+ Members Strong!
    https://www.facebook.com/groups/n5xenthusiasts/

  23. #48
    Join Date
    Feb 2013
    Location
    Maryland
    Posts
    1,525
    Rep Points
    2,416.9
    Mentioned
    61 Post(s)
    Rep Power
    25


    Reputation: Yes | No
    Klipse this is so far over my head on the programming side but count me in 4 some funding if we ever get to that point.

    We need a solution and an MT swap is lame.
    E88 N54 Alpinweiss/Coral Red/Motiv HTA 3586r Tial .82AR/Motiv Port Fuel/BMR 3.5" Exhaust/ER CP/Synapse/VRSF FMIC/Rob Beck PCV Valve + Cap/ST Coilovers/M3 FCA + Tension Rods/M3 Subframe Bushings/M3 FSB/AA Strutbrace/DINAN Camber Plates/Apex ARC-8/Project Kics/VAC Hubs/Rogue Transmission Mounts/Alpina TCU Flash/Icarbon/Kerscher/BMW Performance
    F30 335 X-Drive EBII....Stock
    Click here to enlarge

  24. #49
    Join Date
    Feb 2010
    Location
    Downey, Ca
    Posts
    2,051
    Rep Points
    2,765.5
    Mentioned
    41 Post(s)
    Rep Power
    28


    Reputation: Yes | No
    Click here to enlarge Originally Posted by 135pats Click here to enlarge
    Klipse this is so far over my head on the programming side but count me in 4 some funding if we ever get to that point.

    We need a solution and an MT swap is lame.
    +1

  25. #50
    Join Date
    Mar 2010
    Location
    AZ
    Posts
    2,726
    Rep Points
    2,462.7
    Mentioned
    40 Post(s)
    Rep Power
    25


    Reputation: Yes | No
    Click here to enlarge Originally Posted by 135pats Click here to enlarge
    Klipse this is so far over my head on the programming side but count me in 4 some funding if we ever get to that point.

    We need a solution and an MT swap is lame.
    I can setup a Bitcoin address or setup a crowdfunding campaign somewhere with someone notable in the community who can be trusted with the money if we get to that, but we are a long ways from that still. I have no N54, hence why my bimmer boost mobile app has been delayed since I can't get my bench to work, since I think there is a problem with either my lab power supply or perhaps one of the other modules I purchased. I also have no TCU to access or play with because of this, not to mention a DCT powered vehicle at the moment. But I desparately need this information to continue, and if anyone has any inside dealer contacts to try and glean some information from on how the flashing process works in more detail this will be very helpful. We need to get a bootlader to look at. At least a rom file from the TCU of some kind. And I need to know the processor inside this TCU as well. Those two things are a starting point.
    Click here to enlarge
    Join the largest N5X Enthusiasts Group! 1200+ Members Strong!
    https://www.facebook.com/groups/n5xenthusiasts/

Page 2 of 5 FirstFirst 1234 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •