[RTPenland]

Quote:

Originally Posted by B58togo

I forgot no hyphens. You're just obsessed with putting random hyphens (you probably have 50 in this thread alone), multiple periods, and ellipses in places they don't belong. Nor was my math incorrect.

Be sure to edit your reply to this post too. Your indecisiveness truly amuses me.

***double sigh***

Here let me help you some more (hopefully for the last time so we can get back on topic).

As for hyphens....there should be one between "mid 2018" (but you know that right because you are a self professed English composition person - i mean that's what's going to carry you forward in life as you stated).....here let me show you....mid-2018

As for your math - yes you are correct your simple little division that you did was in fact correct (congratulations) - however using that formula to prove your point of "randomness" was no where near the correct answer. In fact you dug a deeper hole for yourself (a deep one) when you pointed out how long the B58 has been out - the longer it's been out the less likely it is a total random act that multiple tuners cracked the code around the same time.

I hope none of this is lost on you...I'm only trying to help. Not trying to fry your brain

In closing I'll add while you speak of indecisiveness - you may want to look at your own - after all you started to respond to my post yesterday but had to sleep on it before you came up with this response (admit it). I mean I wouldn't really care when someone responds but if you are accusing someone of something you yourself are guilty of----------(hyphens for you) it just shoots your credibility all to poop - I can share the screen shot. In the end I have only shared and written about objective facts ------you however have gone subjective personal etc...and that's not nice.

ps-look for upcoming edit I'll make sure it's there -------------------------------------

[Wires]

Quote:

Originally Posted by jalkster

I think it has to do with competition. PTF announces and knowing they are a very popular platform, so is MHD. MHD cant let them have all the light so they announce their partnership with Pure Turbos for their OTS flashes. HC Performance has had a flash available for a while now, and they are the owners of PTF. PTF BM3 has a lot more to it than a set and forget flash tune, answering your question on my last post you had. I dont think these powerhouses in BMW turbo tuning were worried about losing business to companies like Mission or the other earlier offerings.

These guys really do not want to release an incomplete tune, hurting their reputation. Its all about the RND

So it isnt coincidental. Its the money makin game

#DMETUNING

To the OP's point, it has been just silence up to the last 6 months. You would think someone would have did a "Heh! We are working on a tune for the B58" to draw up hype, even if it was 6 months pre-mature.

It's not like BMW publishes the keys to their DME's, so having a bunch of tuners all having a solution within months on a 3.5 year old platform is a bit of a statistical anomaly.

[ArcticFormula]

I don’t know anything, but is it an idiotic idea that one examines the tune from one vendor and reverse engineers it some way thus the initial breakthrough opens the floodgates so to speak?

[ArcticFormula]

Or maybe more plausible is that the aftermarket community has unwritten understanding that whoever has the breakthrough shares the info for a price. Insurance of sorts for all, no single vendor is confident they will be first or attain, so they work in concert with the first getting the spoils.

[RTPenland]

Quote:

Originally Posted by ArcticFormula

Or maybe more plausible is that the aftermarket community has unwritten understanding that whoever has the breakthrough shares the info for a price. Insurance of sorts for all, no single vendor is confident they will be first or attain, so they work in concert with the first getting the spoils.

Interesting maybe - like you I don't know and at the end of the day I guess it really doesn't matter to us end users - we get the tunes we want and go on our merry way.

However something is up - it's just idle curiosity for me.

But I can tell you that there is no way all these recent developments are random. Separate, isolated development work flows cannot produce independent solutions in such rapid succession if there is not some correlation between them (at least not for this complex of a challenge)

[RTPenland]

Quote:

Originally Posted by Wires

It's not like BMW publishes the keys to their DME's, so having a bunch of tuners all having a solution within months on a 3.5 year old platform is a bit of a statistical anomaly.

well said

[TreDirtyFive]

Quote:

Originally Posted by ArcticFormula

I don’t know anything, but is it an idiotic idea that one examines the tune from one vendor and reverse engineers it some way thus the initial breakthrough opens the floodgates so to speak?

This...

Quote:

Originally Posted by ArcticFormula

Or maybe more plausible is that the aftermarket community has unwritten understanding that whoever has the breakthrough shares the info for a price. Insurance of sorts for all, no single vendor is confident they will be first or attain, so they work in concert with the first getting the spoils.

And this...
Typical in this industry.

[dizzy619]

It's Maths.

[E90ROXS]

Who cares if the info was leaked. DME is cracked! Now focus on bigger turbos.....

[NISFAN]

You are getting professions mixed up. A tuner is a guy who modifies an excel like table, to make an engine run differently. They know absolutely nothing about 'hacking'.

A 'hacker' has cracked the DME code and sold the ability to alter the tables to 'tuners'. Nothing more than that!

[Acheron83]

Quote:

Originally Posted by NISFAN

You are getting professions mixed up. A tuner is a guy who modifies an excel like table, to make an engine run differently. They know absolutely nothing about 'hacking'.

A 'hacker' has cracked the DME code and sold the ability to alter the tables to 'tuners'. Nothing more than that!

Bingo.

To add the above it has widely been known that the same Russian "hackers" have been responsible for dismantling the code for the last few BMW ECU breakthroughs and distributing the toolsets/methodology required for tuners to take advantage of.

[E90ROXS]

Quote:

Originally Posted by NISFAN

You are getting professions mixed up. A tuner is a guy who modifies an excel like table, to make an engine run differently. They know absolutely nothing about 'hacking'.

A 'hacker' has cracked the DME code and sold the ability to alter the tables to 'tuners'. Nothing more than that!

Makes sense!!!!

[OldCrow7xx]

Can someone explain how the DME itself is secured? How long is the encryption key and how much distributed computing power do these tuning companies have at their disposal?

Keep in mind my rack of just 6 AMD RX570s churns out 150-175 million hash combinations per second which is staggering, but mining alone it would still take me months to break a secure hash. So the math here is very well "complicated" to say the least. If one company did crack the encryption they likely just sold the solution to the others for profit.

Its also possible the key was just leaked or compromised via traditional hacking or corrupt under the table dealings. This points to the "money to be made" argument.

[bmw1boy]

Quote:

Originally Posted by OldCrow7xx

Can someone explain how the DME itself is secured? How long is the encryption key and how much distributed computing power do these tuning companies have at their disposal?

Keep in mind my rack of just 6 AMD RX570s churns out 150-175 million hash combinations per second which is staggering, but mining alone it would still take me months to break a secure hash. So the math here is very well "complicated" to say the least. If one company did crack the encryption they likely just sold the solution to the others for profit.

Its also possible the key was just leaked or compromised via traditional hacking or corrupt under the table dealings. This points to the "money to be made" argument.

P

[MissionPerformance]

Quote:

Originally Posted by OldCrow7xx

Can someone explain how the DME itself is secured? How long is the encryption key and how much distributed computing power do these tuning companies have at their disposal?

Keep in mind my rack of just 6 AMD RX570s churns out 150-175 million hash combinations per second which is staggering, but mining alone it would still take me months to break a secure hash. So the math here is very well "complicated" to say the least. If one company did crack the encryption they likely just sold the solution to the others for profit.

Its also possible the key was just leaked or compromised via traditional hacking or corrupt under the table dealings. This points to the "money to be made" argument.

I know not a lot of others are willing to go into discussion on this but let me just put it simply. The security key doesnt get cracked. In theory its possible to crack that key, but its just not practical. Instead, we have spent over a year buying used computers where-ever we can find them, ebay, car-part and so on. Then we go to work and extract the bootloader, "the main brain" behind the operation of the DME. The bootloader contains all the important code that has to do with flashing/updating. We reverse engineer the bootloader and look for bytes/areas that request the data/tune file to be signed in a special way using a specific RSA key. Once we know the area where the signature is requested after a flash, we modify it to NOT request a signature. Now we have a "patched" bootloader but still have no way of loading it on the ECU because even bootlaoder is signed, just like the data/tune.

This is where the hard part begins: We run the bootloader through different routines looking for errors/loopholes that BMW has accidentally left behind. This is a very long and very frustrating process and results in frying/locking countless ECUs (I think we have over 20 dead computers in storage now), but eventually we find a way that we can exploit these "errors" and force unsigned bootloader into the ECU. With our patched bootloader loaded, the game is over. ECU no longer requests signature check and we can load any file we want.

And to answer the initial question: We use ethernet connection to load our tunes as this is the safest, quickest and most stable way of loading a flash onto the ECU. But, the biggest downside of etherent is the fact is that anyone can use packet sniffer and log every single byte that is transferred. Then its just a matter of putting those bytes together and finding the exploit used as well as bytes changed in bootloader.

[OldCrow7xx]

So instead of leasing computer power to take a run at cracking the key, you somehow find enough errors to change the bootloader not to ask for RSA key anymore?

[MissionPerformance]

Quote:

Originally Posted by OldCrow7xx

So instead of leasing computer power to take a run at cracking the key, you somehow find enough errors to change the bootloader not to ask for RSA key anymore?

It's just not practical. MG1 has 9 different bootloader versions all of them have different RSA keys. It's just not happening with the "guessing" method.

[OldCrow7xx]

Thank you for the insight, great knowledge!!!

[OldCrow7xx]

Quote:

Originally Posted by MissionPerformance

Quote:

It's just not practical. MG1 has 9 different bootloader versions all of them have different RSA keys. It's just not happening with the "guessing" method.

May I ask if you were a computer guy that got into cars, or a car guy that got into computer programming?

[MissionPerformance]

Quote:

Originally Posted by OldCrow7xx

May I ask if you were a computer guy that got into cars, or a car guy that got into computer programming?

For sure the second one as from a very early age, cars have been in my blood. Growing up in post-soviet Russia, I was able to pretty much do anything I wanted to (within reason of course) from ditching weeks of school to spend that time in garage to driving as soon as I was able to reach the pedals and still see the road...and all of that without getting child services called on by neighbors.

Moving to USA has given me opportunities after HS to actually turn this hobby into a carrier, something I would never be able to do back "home". And that is how my first company was started in 2010 when we built world's first Twin Screw BMW V8. The car was a '99 E39 540i Wagon converted to 6Speed with a Eaton M122 mounted to it. The hardware aspect was pretty easy, but the tuning was next to impossible. I have reached out to numerous tuners, in states and abroad, in hopes to have them custom tune this build but no one was able to. They had a basic SC tune but it just wouldn't work with our setup....so it was time for me to learn the art of tuning/hacking/programming. Countless sleepless nights and gallons of coffee has led us to where we are now, and its still just the beginning.

PS:
Found the video of that project still posted on youtube:

[E90ROXS]

Quote:

Originally Posted by MissionPerformance

I know not a lot of others are willing to go into discussion on this but let me just put it simply. The security key doesnt get cracked. In theory its possible to crack that key, but its just not practical. Instead, we have spent over a year buying used computers where-ever we can find them, ebay, car-part and so on. Then we go to work and extract the bootloader, "the main brain" behind the operation of the DME. The bootloader contains all the important code that has to do with flashing/updating. We reverse engineer the bootloader and look for bytes/areas that request the data/tune file to be signed in a special way using a specific RSA key. Once we know the area where the signature is requested after a flash, we modify it to NOT request a signature. Now we have a "patched" bootloader but still have no way of loading it on the ECU because even bootlaoder is signed, just like the data/tune.

This is where the hard part begins: We run the bootloader through different routines looking for errors/loopholes that BMW has accidentally left behind. This is a very long and very frustrating process and results in frying/locking countless ECUs (I think we have over 20 dead computers in storage now), but eventually we find a way that we can exploit these "errors" and force unsigned bootloader into the ECU. With our patched bootloader loaded, the game is over. ECU no longer requests signature check and we can load any file we want.

And to answer the initial question: We use ethernet connection to load our tunes as this is the safest, quickest and most stable way of loading a flash onto the ECU. But, the biggest downside of etherent is the fact is that anyone can use packet sniffer and log every single byte that is transferred. Then its just a matter of putting those bytes together and finding the exploit used as well as bytes changed in bootloader.

So fueling is still the main issue for the b58?

[OldCrow7xx]

Quote:

Originally Posted by MissionPerformance

Quote:

For sure the second one as from a very early age, cars have been in my blood. Growing up in post-soviet Russia, I was able to pretty much do anything I wanted to (within reason of course) from ditching weeks of school to spend that time in garage to driving as soon as I was able to reach the pedals and still see the road...and all of that without getting child services called on by neighbors.

Moving to USA has given me opportunities after HS to actually turn this hobby into a carrier, something I would never be able to do back "home". And that is how my first company was started in 2010 when we built world's first Twin Screw BMW V8. The car was a '99 E39 540i Wagon converted to 6Speed with a Eaton M122 mounted to it. The hardware aspect was pretty easy, but the tuning was next to impossible. I have reached out to numerous tuners, in states and abroad, in hopes to have them custom tune this build but no one was able to. They had a basic SC tune but it just wouldn't work with our setup....so it was time for me to learn the art of tuning/hacking/programming. Countless sleepless nights and gallons of coffee has led us to where we are now, and its still just the beginning.

PS:
Found the video of that project still posted on youtube:

I love superchargers.

In high school I put a blower on a single cam Honda four cylinder (d16y8) because that's all I had and I wanted a supercharger! Jackson racing made an Eaton based kit with mechanical fuel manager.

Very nice work on the wagon, blown V8 is just a great platform.