2020 up Global B GM vehicles...Interesting Read

[Ozmr97]

. . . . . HERES ALL ABOUT GM GLOBAL B PLATFORM . . . . .

As discussed by others for the last year and highly doubtful will be cracked for some time
GM's new E99 ECM in the 2020 and up vehicles.(We will use C8 Corvette as an example) It involves multi-factor
authentication involving dealer employees &credentials and a Diffie-Hellman 2048-bit key exchange using a
SHA-256 hash digest that is unique for eachVIN PCM & TCM.


The Diffie-Hellman 2048/SHA-256 ECM/TCM is not a STATIC security implementation, it is currently un-crackable
by even the best in the aftermarket tuning world. Current estimates to crack Diffie-Hellman 1024 is 35,000,000 core
years. It would take 35 million CPU cores 1 year to crack a single key exchange, and the key exchange is unique
for each VIN. Diffie-Hellman 2048.


....FORGET ABOUT IT, ITS NEVER GOING TO HAPPEN....


Now then, a stand-alone aftermarket PCM that could partially by pass the rolling code encryptions momentarily will cut
off factory instrument cluster, HVAC, audio, BCM, power windows and eventually will obtain authentication error which
will alert On-Star Remote to shutdown the car.
None of it will work because it has security dependencies on the factory ECM. Every module that communicates with the
PCM/TCM uses 2048-bit Diffie-Hellman key exchange with a SHA-256.
Successfully flash-tuning, reprogramming & otherwise altering the engine control unit to increase power output on the
2020 C8 will be next to impossible.


The anti-hacking encryption written into the electronic control module will block any attempt to "read, write, and/or
replace the standard ECU of the C8.If the ECU detects such an effort, and that programming event fails, the Corvette C8
will enter a "recovery mode" thatrequires a reboot. Added to that is GM has assigned each controller a personal security
code and becomes embedded into the vehicle system Only those controllers are allowed to function in that vehicle.


The C8 can be reprogrammed but that is only GM software, and only by an entity with the proper encryption keys -
meaning a trip on a flatbed to the dealer and a sure fire way to completely void your entire warranty.
The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly
establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent
communications using a symmetric key cipherEphemeral Diffie-Hellman – This is considered the most secure implementation
because it provides perfect forwardsecrecy. It is generally combined with an algorithm such as DSA or RSA to
authenticate one or both of the parties in theconnection.


Diffie–Hellman key exchange is a method of securely exchanging cryptographic keys over a public channel and was one
of the first public-key protocols as conceived by Ralph Merkle and named after Whitfield Diffie and Martin Hellman.
DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography.
Traditionally, secure encrypted communication between two parties required that they first exchange keys by some
secure physical means, such as paper key lists transported by a trusted courier.
The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly
establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent
communications using a symmetric key cipher.


Diffie–Hellman is used to secure a variety of Internet services. However, research published in October 2015 suggests
that the parameters in use for many DH Internet applications at that time are not strong enough to prevent
compromise by very well-funded attackers, such as the security services of large governments.The scheme was published
by Whitfield Diffie and Martin Hellman in 1976, but in 1997 it was revealed that James H.Ellis, Clifford *****, and
Malcolm J. Williamson of GCHQ, the British signals intelligence agency, had previously shownin 1969 how public-key
cryptography could be achieved.Although Diffie–Hellman key agreement itself is a non-authenticated key-agreement
protocol, it provides the basis for avariety of authenticated protocols, and is used to provide forward secrecy in
Transport Layer Security's ephemeralmodes (referred to as EDH or DHE depending on the cipher suite).The method was
followed shortly afterwards by RSA, an implementation of public-key cryptography using asymmetricalgorithms.

[BYTES]

Hp tuner already tunes a few global B vehicles am no where near smart not even 0.00000001% to the guys that make this stuf but one thing i have clear is that everything is crackable in the digital world

[Ozmr97]

You are correct about the digital world... I can remember when they said Benz through OBD was not possible, now several years later its posssible. Only time will tell.