In order to verify the signature, the PowerVision stores the public key in an encrypted database. It contains the SHA1 of the XML file, encrypted with Dynojet’s private key. The signature, however, is here in order to prevent exactly this. The cmd part here contains the command VL, that indicates to the PowerVision which VIN it is coupled to.Controlling the value of this field is the ultimate jackpot, as it enables to forge licenses for arbitrary VINs. Q8EgYRN+XZ/88wEyYfAOQEkZ7GPoV/JbtvuYYsUEOhEWH1cyN1i9OvHPyaj945+fgILJUEJNaGgM15YUwtlsJQ= 1HD1FC413AB618635 - 2010 Harley-Davidson FLHTCU (1584CC), Motorcycle - Touringįor the Dynojet PowerVision 1, a license file is something of the form:.1HD1KED10HB661265 - 2017 Harley-Davidson FLHTK / ultra limited - (1.8 Li), Motorcycle - Touring.Here are a few sample VINs for Harley Davidson: A VIN Lock is therefore essentially just a VIN stored in the programmer, which is used to ensure the device will not be used to program anything else.
For neophytes, the Vehicle Identification Number is a unique identifier stored in the ECU. It can be achieved in many different ways: forging a license, or disabling the verification it is subjected to, or deleting/ignoring the VIN locks. The ultimate goal of the exercice is to be able to use the PowerVision without a valid license. Now holding all the cards, we can achieve our primary goal, that was bypassing the licensing system in place! 2.
#Power vision tuner harley full
In Part 1, we decrypted and retrieved the full firmware of the programmer, in Part 2, we reverse engineered the communication protocol on the USB link. Most of what will be described here will seem out of topic if you haven’t read:
In no way is it endorsing nor encouraging software piracy.Īfter nearly a year of absence, it is now time to conclude this adventure. DISCLAIMER: This blog is aimed towards educative purposes.
0 kommentar(er)
