SwedeSpeed - Volvo Performance Forum banner

Part Numbers for Popular P1 Software Updates

23K views 195 replies 20 participants last post by  motoeltech 
#1 · (Edited)
After spending a good part of my 3-day subscription in VIDA researching and executing software updates for my V50, I’ve compiled the below list of part numbers for the different popular software upgrades on the P1 platform. Based on my google-based research, these may also work on some P2 and P3 models, as well.

30679693 - Fog Light Application
- Install Fog Lights and/or Keep On w/High Beams
- Cost: $53.17

30667237: Master Key Application
- Add/Delete Keys
- Cost: $34.18

30679690: Low-Beam 2 Application
- Turn off Daytime Running Lights (DRL) with switch in position 0
- Cost: $34.18

30772600: Frequency Band EU Appl
- Changes Radio from US to Euro Frequency Usage, checks all frequencies, rather than just those ending in odd numbers
- Cost: $182.30

Good luck!
 
See less See more
#3 ·
Some of those prices are flat out insane... But better to know going in. Thanks for the info!
Yeah, some of the others, with unknown benefits, are even higher.

VIDA contains no descriptions of the software, only the title. And, to make things fun, there are three titles "fog light application", numbered 1, 2, or 3.

I downloaded the wrong part number for one of my upgrades and got a error saying failure to load due to incompatible hardware. But it doesn't say which hardware. And reloading the original cost me another $25 or so...

Bottom line: know what your paying for, because VIDA closes the order after you download and install, so you can't do it again without paying. You also lose your original program, so if you want to go back to stock, you have to pay again. THAT is annoying.
 
#5 ·
Fun fact: the size of these softwares is 4 kB. So said:
YES! $200+ for a 3-4 second download... it's hard to believe that they're not there and it's even harder to believe that Volvo isn't laughing at us all for paying that much for something so small and simple...

As for the key loader, yes. As many as you want. Until you close it... I didn't realize that last part. I was going to go and buy another key to add, after I saw how simple it really was. But I'm glad that I checked the program and found that I couldn't get it back before doing so.

On the fogs, my car came with them installed, so the "add fog lights" want one of my options. Interestingly, when I updated my radio to the euro-tuner spec, the list them showed the us-spec program that hadn't been listed before. So, your list of available software and part numbers will vary based on your current configuration.

And I'm pretty sure that the other programs popped up without doing a re-synch, lending credence to your belief that they may already be there in 2014D.
 
#6 · (Edited)
^^^^
Had similar thoughts. If the community were more active we could probably do a "bounty pool" (common practice in the game console modding community, cellphone hacking, etc) and get a bored independent hacker to get us all the software updates free to everyone... Wish I had such skills myself, but no such background.

Sent from my PH-1 using Tapatalk
 
#7 ·
We need an SQL guy. Unfortunately with what I do for a living now I can't do anything like that sort of work, so I am unfortunately unable to help for now, which is rather upsetting because I am surrounded by people with the abilities to do this sort of work.
 
#11 ·
I’d love to dive into this somehow. CS student here with a lot of knowledge, I’d love to find a way to do this


Sent from my iPhone using Tapatalk
 
#12 ·
Sorry to revive an old thread, but this is engaging to me more than before because of a few reasons. I’m for one, ready to shell out money to purchase a VIDA subscription so I can load the fog light app into my car. I also would like to do things like the “Total CAN Upgrade”.

I’m fairly good at SQL and have already found some pretty cool stuff hidden inside of VIDA (Like a list of all the CANBus commands and IDs from each module in the car!). If anyone is interested in potentially trying some of this stuff out with me and figuring out if there’s a way to activate these things for free, let me know!

If anyone has prior knowledge they’d like to share on this, also let me know! Any code, research, etc would be a helpful head start!


Sent from my iPhone using Tapatalk
 
  • Like
Reactions: ACD134
#17 ·
Sorry to revive an old thread, but this is engaging to me more than before because of a few reasons. I'm for one, ready to shell out money to purchase a VIDA subscription so I can load the fog light app into my car. I also would like to do things like the "Total CAN Upgrade".

I'm fairly good at SQL and have already found some pretty cool stuff hidden inside of VIDA (Like a list of all the CANBus commands and IDs from each module in the car!). If anyone is interested in potentially trying some of this stuff out with me and figuring out if there's a way to activate these things for free, let me know!

If anyone has prior knowledge they'd like to share on this, also let me know! Any code, research, etc would be a helpful head start!

Sent from my iPhone using Tapatalk
I also have Vida and am a dB admin in my day job but never looked inside Vida for the sql commands.
Care to share what you found' I'd love to compile the device ids.

Sent from my iPad using Tapatalk
 
#14 ·
So the way that scanners like VIDA work is using J2534, which is an SAE standard that's requires on cars newer than I think 1999(?) (might be wrong on the year). Basically allows for an easy way for manufacturers and dealerships to update car software for emissions and safety down the road. This isn't necessarily a way for you to diagnose issues, and a fair amount of J2534 devices can't even read out DTCs (however more recent ones do). A VIDA DICE is just a fancy, Volvo branded J2534 device.

However, to my knowledge, most generic OBD scanners are not using this standard. OBD2 Is a standard that incorporates many different standards as a generic way to provide simple diagnostics, such as engine speed etc. I believe each scanner can implement this differently.

Not too sure what you're asking, but torque will not be able to provide the same level of info something like VIDA can.

Sent from my iPhone using Tapatalk
 
#21 ·
Software engineer by day, diy mechanic by night here, so this is very interesting to me as well.

From what I've gathered, the big difficulty in applying software to the ECM is that you need a special key to do so. When you purchase the software through VIDA, it sends your VIN to Volvo who then sends back that code, which enables the necessary communication through the DiCE. The Vdash folks have a way to brute force that key, but seeing as they sell their software, I'm willing to bet they won't spill many secrets there.
 
#22 ·
So that's also what I've gathered as well. I'm curious how many functions need this key though, because I found commands to send key codes to the car and even remove some, without ever needing to use a key from Volvo.

I'm hoping that we can change things to an extent. Things like fog lights, etc would be awesome. I know our cars actually are already programmed for the fog light relay as I've been able to manually activate it using VIDA (Meaning it's there and the car knows it, I just don't have fog lights so I can control it on the dash).

I'm going to be diving into this a lot today, so hopefully I can provide some insight at the end of my day with findings. Hoping to be able to talk to the car with a raspberry pi by tonight!

Sent from my iPhone using Tapatalk
 
#23 ·
Oh interesting, yea without having looked into it at all myself I'm curious what even happens if you try to give it an authed command with no key. My concern would be safe vs catastrophic failures lol.

Very curious to hear what you find. If you open up a discord or anything, let me know. It's surprising to me that this stuff hasn't been more opened up by the community to be honest. Though if we were able to start making these programming changes at no cost, I'm not sure what the legal ramifications would be. If Dave Barton can't make a moose sticker that says "Volvo", I'm sure they wouldn't love people cheating their systems even more than we already are with our cracked VIDA 2014.
 
#25 ·
muppetman342, I too have been wondering about legal issues surrounding this. Thats also part of the reason that I feel like charging users to add keys, etc. at a reduced price from what Volvo charges would be a big no no (itd likely be considered stealing from them, however not sure). I feel like if VDASH can crack CEM pins and program stuff (and charge to do it), we could atleast do something similar and offer it as open-source, no? I feel like an open-source, for "educational use only" project would be protected from most legal issues in that manner, but Im not sure.

VincentMiata, I appreciate the info on Torque. I assume only certain scanners support this feature? Also, we'd love to have you help out! Im starting with VIDA as well as a raspberry pi and PiCAN2. I have tons of arduinos and will likely also get some CANBus interfaces for arduino as well (as arduino is better for this than raspberry pi IMO). Im really interested in the CFE. I dont need to steal their code or anything like that, as I know I can access the correct CANBus IDs and commands inside of VIDA, which is likely how they did it too. However I am very curious as to what hardware the CFE is using, as its very compact and functional for its size. Props to the CFE guys and those who made it (as well as VDASH). but I want something I can do myself for cheap, and I want to learn along the way!

So this project wont be anything im doing to compete against VDASH or the CFE, but I really just want to learn, see if this is even possible with what we have, and overall just make something that DIYers can do themselves, and also learn a thing or two about their cars and how they operate!
 
#26 ·
I also have VDASH installed. And have some raspberry pi's laying around.

The CFE is indeed very small. The newer ones even have wifi connection to read DTC and also can send out data to a server i think. But it dont have the newest one. CFE is very easy to use. Download a free program from them, select some features and save it to the CFE. Plug it in the car and after a few seconds it will intialize with the car and after 20s or so everything works. But not a lot of functions are supported yet like in the P2 or P3. But gauge sweep is cool and automated coming and leaving home is cool And some other functions
 
#27 ·
I also have VDASH installed. And have some raspberry pi's laying around.

The CFE is indeed very small. The newer ones even have wifi connection to read DTC and also can send out data to a server i think. But it dont have the newest one. CFE is very easy to use. Download a free program from them, select some features and save it to the CFE. Plug it in the car and after a few seconds it will intialize with the car and after 20s or so everything works. But not a lot of functions are supported yet like in the P2 or P3. But gauge sweep is cool and automated coming and leaving home is cool And some other functions
Yeah, I'd be interested to see their hardware because as you mentioned, it is very small.

The new version do look neat with wifi packed in! I'm considering, if we can get this working, adding Apple Car Key to my S40. I'm a freelance app developer for iOS apps and I'd be interested in making it so that when you're in range of the car, you can unlock it with your phone (the car is old and I like to tinker, why not? ;) ).

The big thing for me on this project is the trunk. The P1 trunks do not pop open when you press the trunk button on the remote, but I've been able to manually do it inside of VIDA. So I'd like to add that functionality in using an arduino and CANBus shield.

Sent from my iPhone using Tapatalk
 
#28 ·
Only thing i would need beside the others things i have would be something like a arduino CANBUS OBD2 shield right? any recommendation.

There are also some video's of other cars that are hacked and this one also provided a tutorial

 
#29 · (Edited)
In terms of legality - there is some amount of concern that reverse engineering their SQL db in it's entirety for public distribution will draw scrutiny. Maybe not action, but definitely some amount of scrutiny. The less we do and the more innocuous it is, the less scrutiny it will draw. Cracking ECM Pins by reverse engineering their SQL methodology is probably the most egregious, as they have historically been VERY limited (only releasing ECM erasing/writing by non-dealers recently in the last few years). Basically the less money it costs them in lost revenue is the less scrutiny it will draw. Doing things NOT available (i.e. making the trunk open on pre-FL models) will probably not draw ANY scrutiny since it's not something they even offer. Once they do I'd expect them to send a cease-and-desist, even if we put a TOS in service that it is an open source project for all and cannot be used for profit. I wouldn't put it above a corporation to TRY like Sony did with their music CD's back in the 90's.

That being said, making any proprietary info publicly available and calling it open source invites eyeballs and lawyers wringing their hands evilly as they discuss "lost revenue." This is similar to the TF2 and CSGO source code leak that happened recently, where the source code for the game was released into a public forum. Intent (whether malicious or open sourcing) is relevant to some degree but not enough to overcome the lost revenue it can cause in lawyers and a judge's eyes.

So basically if we do something open-source, it cannot be derived from their copyrighted work. And if we charge money for it as a service (keys and whatnot), we will DEFINITELY invite attention as we are now profiting off their proprietary creation. This is partially why tuning a car costs $800 for the hardware and canned stage 1 tune. It's not a recoupe of the dyno time - it's a recoupe of the hardware/software exploitation and design time.

I am not a lawyer tho, and this isn't legal advice, and I hate you all.
 
#30 ·
In terms of legality - there is some amount of concern that reverse engineering their SQL db in it's entirety for public distribution will draw scrutiny. Maybe not action, but definitely some amount of scrutiny. The less we do and the more innocuous it is, the less scrutiny it will draw. Cracking ECM Pins by reverse engineering their SQL methodology is probably the most egregious, as they have historically been VERY limited (only releasing ECM erasing/writing by non-dealers recently in the last few years). Basically the less money it costs them in lost revenue is the less scrutiny it will draw. Doing things NOT available (i.e. making the trunk open on pre-FL models) will probably not draw ANY scrutiny since it's not something they even offer. Once they do I'd expect them to send a cease-and-desist, even if we put a TOS in service that it is an open source project for all and cannot be used for profit. I wouldn't put it above a corporation to TRY like Sony did with their music CD's back in the 90's.

That being said, making any proprietary info publicly available and calling it open source invites eyeballs and lawyers wringing their hands evilly as they discuss "lost revenue." This is similar to the TF2 and CSGO source code leak that happened recently, where the source code for the game was released into a public forum. Intent (whether malicious or open sourcing) is relevant to some degree but not enough to overcome the lost revenue it can cause in lawyers and a judge's eyes.

So basically if we do something open-source, it cannot be derived from their copyrighted work. And if we charge money for it as a service (keys and whatnot), we will DEFINITELY invite attention as we are now profiting off their proprietary creation. This is partially why tuning a car costs $800 for the hardware and canned stage 1 tune. It's not a recoupe of the dyno time - it's a recoupe of the hardware/software exploitation and design time.

I am not a lawyer tho, and this isn't legal advice, and I hate you all.
Lots of good points here.

I'm personally wanting to do this for fun, as a personal project, but would be open to sharing information on it provided it doesn't bring in any issues from Volvo.

Also, side note: do the Facelift models pop their trunk? I thought all model years didn't. But now I definitely want to knowing they only offer it on facelift models!

I wonder if the "things they don't offer" point is why the CANBus function extender (CFE) is legal. It's offering support and adding features to older model Volvo's that Volvo never intended to offer, so they're not losing any money. That makes sense to me.

From what I've heard, CEM cracking onP1 cars is impossible unless you have a BDM programmer to gain access to the actual chip inside the CEM. I personally wouldn't want to risk messing it up doing that. However, for things like the adding new keys, I'd be interested to see if I'm able to do that. Maybe just to say I can, maybe to share it, but I'm up for a good challenge! Again I appreciate the info, you do bring up a lot of good points!!

Sent from my iPhone using Tapatalk
 
#33 · (Edited)
One thing to keep in mind if using the OBDII port on the car.

Speed will either be 250kbps or 500kbps. Addressing uses either 11-bit or 29-bit, I believe our cars use 11-bit 500kbps.

You want to send messages as a diagnostic tool, which means using 7DF as your address.

As mentioned there are several ECUs, usually 7E8-7EF for standard OBD-II.

Check out this link for standard mode/pids that work on most cars, and a great place to start, try reading RPM or Speed: https://en.wikipedia.org/wiki/OBD-II_PIDs

Important to note, there are longer messages like VIN that require more work as they are multi-part messages. I suggest not attempting those at first.

All of the standard frames are 8 data bytes in length. So let's say you want to ask for RPM, you send 8 bytes but do so as follows:

Address - Length - Mode - PID - Filler Data (can usually be anything, sometimes 00 is used, sometimes CC or 55)
7DF - 02 - 01 - 0C - CC CC CC CC CC

The car will usually respond with something like: 7E804410C0B01000000

ECU Address +8 - Length - Mode + 0x40 - PID - DATA_A - DATA_B - DATA_C - DATA_D - Not Used
7E8 04 41 0C 0B 01 00 00 00

If you look at the formula for RPM from the wikipedia page it shows: (256A + B) / 4.
= (256 * 0x0B + 0x01) / 4
= (256 * 11 + 1) / 4
= 704.25

In some vehicles you could get multiple responses to your request, you could get an answer from 7E8, 7E9 etc. Different modules in the car may have the answer and they will all respond. Usually just one, but I have seen it where there are more than 1.

So I am just recommending you try a few of these standard mode/pids first to get the hang of things. Note that not all cars support all the PIDS listed on that wikipedia page, some like the tesla pretty much only support VIN because they have nothing else to report for emissions reasons. I believe these are J1979 standard, many cars will also run higher-level protocols like UDS (Universal Diagnostic Services) https://en.wikipedia.org/wiki/Unified_Diagnostic_Services. At the core, each message is still 8 bytes long they just have more handshaking etc.
 
#34 ·
One thing to keep in mind if using the OBDII port on the car.

Speed will either be 250kbps or 500kbps. Addressing uses either 11-bit or 29-bit, I believe our cars use 11-bit 500kbps.

You want to send messages as a diagnostic tool, which means using 7DF as your address.

As mentioned there are several ECUs, usually 7E8-7EF for standard OBD-II.

Check out this link for standard mode/pids that work on most cars, and a great place to start, try reading RPM or Speed: https://en.wikipedia.org/wiki/OBD-II_PIDs

Important to note, there are longer messages like VIN that require more work as they are multi-part messages. I suggest not attempting those at first.

All of the standard frames are 8 data bytes in length. So let's say you want to ask for RPM, you send 8 bytes but do so as follows:

Address - Length - Mode - PID - Filler Data (can usually be anything, sometimes 00 is used, sometimes CC or 55)
7DF - 02 - 01 - 0C - CC CC CC CC CC

The car will usually respond with something like: 7E804410C0B01000000

ECU Address +8 - Length - Mode + 0x40 - PID - DATA_A - DATA_B - DATA_C - DATA_D - Not Used
7E8 04 41 0C 0B 01 00 00 00

If you look at the formula for RPM from the wikipedia page it shows: (256A + B) / 4.
= (256 * 0x0B + 0x01) / 4
= (256 * 11 + 1) / 4
= 704.25

In some vehicles you could get multiple responses to your request, you could get an answer from 7E8, 7E9 etc. Different modules in the car may have the answer and they will all respond. Usually just one, but I have seen it where there are more than 1.
Our cars use different speeds on the LS and HS CAN busses. I have a sheet somewhere with the specs on it. Good call on using 7DF as the address. I've found a couple of repos on GitHub if users doing this and that seems to be the best option, so the car doesn't freak out when it sees a new device, it just sees a diagnostic one.

Sent from my iPhone using Tapatalk
 
#37 · (Edited)
Wrt software downloads, I'd be super curious what you'd see if you even just did something like run a legit copy of VIDA with Charles proxy or the like and inspect the network traffic. Wonder if you'd be able to see the CEM pin or any other good info about the software you're installing.

EDIT: Looking into VIDA more in-depth today, this looks like it could work for getting the ECU key. Though you'd still have to pay for the subscription at least once to be able to intercept that call. Still wonder if it's possible to re-engineer the VIDA code to brute-force the key
 
#38 ·
EDIT: Looking into VIDA more in-depth today, this looks like it could work for getting the ECU key. Though you'd still have to pay for the subscription at least once to be able to intercept that call. Still wonder if it's possible to re-engineer the VIDA code to brute-force the key
That's exactly what Vdash does: runs a brute force attack on the CEM to get the CEM pin
 
#40 ·
I had come across this paper a while back when researching it for other purposes.

https://www.cs.bham.ac.uk/~garciaf/publications/BtB.pdf

Take a look at page 8, they mention that the 2015 Volvo ECU does not have a delay mechanism to prevent brute-force attacks on this key. I believe this paper is what Vdash does essentially, a brute-force. They also mention all ECUs use the same key, I assume they mean per vehicle each module uses the same key. They also mention it taking about 15 hours, which seems in-line with Vdash.
 
#41 ·
Thanks for that, will be an interesting read.

Thing I've been toying around with is the most valuable way to approach this...

There's the low-level way: figure out what the messages/payloads are that the DiCE sends to the ECU in the case of a software install or configuration, and send them ourselves.
Or the higher-level way: repurpose the existing code and drivers that are in VIDA to do the dirty work for us.

There may be a little of both needed, but I've been looking into how VIDA itself is built, but I still need to figure out if the right data is even present to be able to do something like disable DRLs without making a network call.
 
#42 ·
I think the problem is that the system uses a challenge-response.

The ECU sends a sort of challenge, or seed number to VIDA. VIDA knows the secret, so it can generate the correct challenge and reply and unlock the advanced diagnostics (I guess allowed to write configuration to the ECU).

If you sniff this, the next time you try to enter the advanced diagnostics/writing mode you will receive a different seed from the ECU so you still need to know the secret.

I think sniffing the data would be useful to at least see what messages are sent from VIDA, but I don't think you can just replay all of those messages. Perhaps the messages sending the DRL disable software could be logged, but to enter the mode where writing this configuration is possible you would still need the secret in order to correctly answer the challenge/response otherwise the ECU will not allow writing.

I could be mistaken, but from reading on UDS it seems that way.

Anyway, all good stuff and I look forward to seeing what progress is made. I have a lot of the tools needed to try some of this / help on the P1 platform. It was mentioned you need to read directly from the ECU though on P1... I have all the tools to do that, but having opened up some of those modules before on other vehicles I am not too keen to do this on mine. I never got them apart without damaging the seals etc on them.
 
#44 ·
Yeah this is all very good info. I know VDASH mentions for P1 vehicles you can use a BDM programmer to read the pin code from the CEM. This requires opening it up, etc. I also am seriously curious how VIDA is still able to do this, I think the challenge/secret idea could be it.

I've been digging through VIDA to see what modules each command is hitting, etc. I'm looking at getting a VIDA subscription soon to update some modules anyways, so I can definitely monitor some of this stuff to find out what's happening.

I tried to do this using a modded TSDice32 dll file from here: https://theeshadow.com/files/volvo/tsdice32/

I think it hasn't been updated in a while, as I had issues getting it to work, but can likely update it.

Any other ideas what I can use to monitor CAN traffic across VIDA? That's probably the best way. Thanks again everyone!!

Sent from my iPhone using Tapatalk
 
#57 ·
Yeah this is all very good info. I know VDASH mentions for P1 vehicles you can use a BDM programmer to read the pin code from the CEM. This requires opening it up, etc. I also am seriously curious how VIDA is still able to do this, I think the challenge/secret idea could be it.
It's very simple.
VIDA logs into the factory database and authenticates
The factory then knows you are an authenticated user (licenced Volvo dealer etc)
VIDA sends the VIN and the CEM, ECM or whatever module serial number to the factory
The factory responds with the correct PIN

VIDA sends the software request to the factory for the desired device
The factory responds with the right software file for the requested device

The factory has all the data on their servers, the factory knows everything.
 
#46 · (Edited)
@evy0311 I recommend looking through the dll files in VIDA using dnspy or dotpeek. I've been finding a lot of interesting information by doing that, and have even managed to change some of the assembly around to add additional logging about what VIDA is doing. They have a bunch of data models in there that give good insights into how to decode various responses.

Could modify VIDA 2015 to add more logging, get a subscription, and learn something interesting that way. The downside is that, you'd have to modify 2015, and those changes wouldn't be applicable to 2014D, which is ultimately the version of VIDA we'd want to work with
 
#47 ·
Yeah, I was wondering about the 2015 vs 2014D version myself. To my knowledge most of it is online, right? Obviously still some software on the computer but I think it's more online based. Do you need to buy a subscription first in order to get 2015 or is there a way to access it without one?

I've been digging through the database of 2014D to reviewers engineer the commands it's sending to the car to do certain things (change DIM temp unit for example). It gives the module it's hitting, address, command and more helpful info. Stuff like this would be nice to just easily program as it's an already existing diagnostics function.

I think if we can see more how VIDA operates, we *may* be able to figure out a way to get the P1 CEMs cracked by figuring out their auth method. Now we're talking!

Sent from my iPhone using Tapatalk
 
#48 ·
So 2015 is still run as a local .net application. The main difference from it and 2014, is that instead of referencing local dbs, it makes REST API calls to fetch car's data.

The dlls for 2015 still get stored locally in Users/<you>/AppData/Local/Vida. Meaning it too, can be modified. However, those REST API calls need to be authenticated, that's where your subscription comes into play.
 
#49 ·
Makes sense. Is there a way to get a copy of the 2015 application for testing, without a subscription? If no, I'll be getting one soon so I can definitely just dump them somewhere for us to reverse.

Sent from my iPhone using Tapatalk
 
#50 ·
Yea you can from https://www.volvotechinfo.com/index.cfm?event=info.vida.repair, go to "Installation Instructions", and they have a link in that PDF to download. Though I think you'll find there won't be much for you do with that download since it only includes the data necessary for car comms etc, but none of the actual data that would travel over those comms, as that comes from their API.

Also just looking through the code, it looks like if you proxied VIDA and tried to capture the data coming through the API, the important keys would be encrypted. However I still think it's worth running a Charles recording if you do end up running legit VIDA. Worst case I bet you could replay the responses and trick 2015 into letting you log in and view the data again, though it may not let you auth with your own car again, but I could be wrong.
 
#51 ·
Yea you can from https://www.volvotechinfo.com/index.cfm?event=info.vida.repair, go to "Installation Instructions", and they have a link in that PDF to download. Though I think you'll find there won't be much for you do with that download since it only includes the data necessary for car comms etc, but none of the actual data that would travel over those comms, as that comes from their API.
I see. I'll take a look at this! Appreciate it, we should get a group chat going!

Sent from my iPhone using Tapatalk
 
#53 ·
Damn, well as I had feared, the actual script that gets run for installing a "software package" does not appear to be stored locally in the VIDA installation, even on the old 2014D. It looks like when you order the software, it downloads that script, encrypted, and stores it in the local database. Though it doesn't looks like it stores it encrypted, but I could be wrong, not digging in much further into that route.

Unfortunate, but I'm still willing to bet that 2015 could be modified to save the software package it downloads into an external file, though doing so would almost definitely be illegal, and redistributing it would certainly be illegal. Not to mention it wouldn't get you around needing to have the ECU unlocked to run the script.
 
#54 ·
Isn’t the file it downloads when “installing software” just like a 4kb file? Likely just the encryption key right?

Also, for example I’ve found commands to add or remove keys and do module reloads. Won’t those work without needing to auth?


Sent from my iPhone using Tapatalk
 
#58 ·
Isn't the file it downloads when "installing software" just like a 4kb file? Likely just the encryption key right?

Also, for example I've found commands to add or remove keys and do module reloads. Won't those work without needing to auth?
For many devices there is no "software".
For things like adding functions and removing functions, it's just a reconfiguration. Which means changing a bit in a byte in a memory location

Except for languages, which is a whole new firmware load for the DIM
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top