MuffinFlavored
12th August, 2019, 04:49 AM
Attached is FLASH_0705.PRT for MED1775.
File starts GEN_FILE.
Header length is 0xA4 (164 bytes)
Next 4 bytes I believe are checksum: 0x83497E0C
Next 4 bytes are magic number used to decrypt header: 0x30AD5DDA
Header decrypted is
1.009|GOS|6.037|24/07/2019|12.25||||FL0705||||||||||||FLASH_0705 MERCEDES BOSCH ME17.7.X/MED17.7.X CAN|||||||||||||PRT|13/12/2018|24/07/2019|0x00000208|||||F||MG|
The bytes following after are:
049653B0 8C1D731D B68046C1 26BE3359 08F8EC2C 803F77C9 8AF6ACD9 69321B15 B9FD1681 735F5552 C930D087 E1E45B22 B8D0A2F1 E51D3D2F D6FCAC55 81A5CFF0 446A0D8E F18FC6B4
this continues for a total length of 0x7610
I *believe* this file is XOR encrypted. I don't know how the device knows what XOR key + algorithm to use given the header.
I *believe* once this is XOR decrypted, it would contain ARM7TDMI-S NPX LPC2478 CPU instructions for how to perform seed/key challenge for this protocol.
Can somebody with more information speak as to whether I am right + drop some insight?
File starts GEN_FILE.
Header length is 0xA4 (164 bytes)
Next 4 bytes I believe are checksum: 0x83497E0C
Next 4 bytes are magic number used to decrypt header: 0x30AD5DDA
Header decrypted is
1.009|GOS|6.037|24/07/2019|12.25||||FL0705||||||||||||FLASH_0705 MERCEDES BOSCH ME17.7.X/MED17.7.X CAN|||||||||||||PRT|13/12/2018|24/07/2019|0x00000208|||||F||MG|
The bytes following after are:
049653B0 8C1D731D B68046C1 26BE3359 08F8EC2C 803F77C9 8AF6ACD9 69321B15 B9FD1681 735F5552 C930D087 E1E45B22 B8D0A2F1 E51D3D2F D6FCAC55 81A5CFF0 446A0D8E F18FC6B4
this continues for a total length of 0x7610
I *believe* this file is XOR encrypted. I don't know how the device knows what XOR key + algorithm to use given the header.
I *believe* once this is XOR decrypted, it would contain ARM7TDMI-S NPX LPC2478 CPU instructions for how to perform seed/key challenge for this protocol.
Can somebody with more information speak as to whether I am right + drop some insight?