Custom Screen Animation
#18
It looks like they actually have MD5 sums for the individual files that are loaded in their .der certificate files. But....this just seems to easy to circumvent? 2009kr, how did you come to the conclusion on the HMAC system, did you alter something and try to install it?
Here's a snippet from one of the image certificates:
Type = Utility
Post-Script = GB5T-14G386-AB.sh
File1 = GB5T-14G386-AB.sh
File1 Hash Value = 01bced7dc9f78d69a35ce5c3f0712b8516330e827c1a97b658 3ab1d2fbb01dbf
File1 Size = 2231
File2 = utloggingutility
File2 Hash Value = d2a94381cdda68004ee55bd0c437f3f0148cd489733f8c4469 ad63b52df675e1
File2 Size = 85628
File3 = Decoded_ODL.xml
File3 Hash Value = 9d23e743e31f7075f06d88f198297122e82a2f851fac53adab f761a5c6dd731c
File3 Size = 9478
Save Location = /tmp/
Here's a snippet from one of the image certificates:
Type = Utility
Post-Script = GB5T-14G386-AB.sh
File1 = GB5T-14G386-AB.sh
File1 Hash Value = 01bced7dc9f78d69a35ce5c3f0712b8516330e827c1a97b658 3ab1d2fbb01dbf
File1 Size = 2231
File2 = utloggingutility
File2 Hash Value = d2a94381cdda68004ee55bd0c437f3f0148cd489733f8c4469 ad63b52df675e1
File2 Size = 85628
File3 = Decoded_ODL.xml
File3 Hash Value = 9d23e743e31f7075f06d88f198297122e82a2f851fac53adab f761a5c6dd731c
File3 Size = 9478
Save Location = /tmp/
it's fairly straightforward to verify that some authentication is used in addition to the hash's integritity function. First see if you can generate the the same hash for one of the files. The hash values you show are 256 bits long, so I'd try SHA256 first. (MD5 is half that length.) Once you can do that, you have verified that you have the right algorithm, the file is just hashed in its entirety, and there isn't a salt (or the hashes aren't HMACs).
With this information, change one of the internal files (the .XML one is a nice candidate), recalculate the hash, put the changed file and new hash back in and see if the truck will accept it. I'm not optimistic though.
#19
#20
#21
#22
- On newer trucks without a CD player, you press and hold the steering wheel right menu button, then press and hold the dash's right menu button.
- On trucks with CD player, you press and hold eject and scan at the same time for up to 20 seconds. (I've never actually tested this as my truck is 2019 without CD player.)
#23
That's a fact. Personally, I'm glad they've made it more secure, even if it is more difficult for us to ethically hack our own vehicles.
#24
No, you're absolutely correct. I was just joshing, but I actually was able to follow most of the discussion.
#25
See https://repair.org/ Support if you agree.
#26
And we need to stand up to the OEMs and corporations for the Right to Repair. I believe that I own my truck, not Ford, and if I want to replace the code in it, I should be able to do so. Ford should have to allow its code to be reviewed for security purposes etc and we should be able to purchase all the same tools and parts and info that the dealers can purchase.
See https://repair.org/ Support if you agree.
See https://repair.org/ Support if you agree.
#27
Well, I believe I should be able to change my own product, but in so changing it that should relieve Ford of responsibility....unless their design is found to be at fault. I can put different wheels and tires or change the engine program (Banks etc), why shouldn't I be able to change other aspects of the code? I hate all these nagging safety things that are designed to protect stupid people from themselves.