IC907

[jglim]

ECU Name
IC907

Source file
IC907.smr-d

Additional context
Sergey (@Feezex) has been working on reversing the IC907. Some of his contributions for level 17 are already up (c32cadd)

---

Also from Feezex: Level 61 key is the seed array, reversed.

Used in IC907 level 61 (Unlock Eeprom Data Access) 
Applicable SW1 : 
9079020203 
9079022900 
9079023701 
9079026602 
9079027202 
9079023000 
9079023801 
9079026702 
9079028101  

[jglim]

Note on DaimlerStandardSecurityAlgo:

This algo and DaimlerStandardSecurityAlgoRefG have implementation flaws that allow the generation parameter "K" to be extracted:

To do so, grab a copy of UnlockECU. In db.json, pick any DaimlerStandardSecurityAlgo definition, e.g. ANC_205M, Replace "K" parameter with the known key (in the seed-key pair) and save. Using the same definition and known seed, the generated output value will be the original "K" parameter.

As an example, with a seed of 1122334455667788
If K parameter = 996BBC90, key output is A891859C
If K parameter = A891859C, key output is 996BBC90

---

This snippet contains an example on how to programmatically:

• Generate a DSSA key given a seed and known k parameter
• Extract the k parameter with a seed/key pair

Program.cs

For RefG, call DSSAG() instead of DSSA()

[Feezex]

SW definitions for future implementation:
Reverse algo:

9079020203
9079022900
9079023701
9079026602
9079027202
9079023000
9079023801
9079026702
9079028101
0000000000000000		00 00 00 00 00 00 00 00 
0000000000000001		01 00 00 00 00 00 00 00 
0000000000000002		02 00 00 00 00 00 00 00 
0000000000000003		03 00 00 00 00 00 00 00 
0000000000000004		04 00 00 00 00 00 00 00 
0123456789ABCDEF		EF CD AB 89 67 45 23 01 

Unknown 1:

9079020803
9079020903
9079022805
0000000000000000		26 3E C4 10 98 7F 68 9F 
0000000000000001		77 A4 F5 61 4B EB 6E 56 
0000000000000002		26 9E C4 14 98 7F 68 9F 
0000000000000003		77 D4 F5 5E 4B EB 6E 56 
0000000000000004		86 FE C3 38 98 7F 65 9F 
0123456789ABCDEF		A8 6F 31 25 F8 6B 97 4E 

Unknown 2:

9079022705
0000000000000000		E3 AE F1 F3 56 5A 4D 0E 
0000000000000001		16 A6 F1 CC 9B FA 4D C0 
0000000000000002		16 9E F1 E9 9B FA 4D C0 
0000000000000003		E3 96 F1 51 56 5A 4D 0F 
0000000000000004		E3 CE F1 CB 54 5A 4B 0E 
0123456789ABCDEF		6B A6 B5 C1 03 02 EC CD 

Unknown 3:

9079024206
9079023706
0000000000000000		3D 9E 20 53 BB 45 58 FD 
0000000000000001		3D A6 20 3D BB 45 58 FD 
0000000000000002		3D AE 20 6F BB 45 58 FD 
0000000000000003		3D B6 20 99 BB 45 58 FD 
0000000000000004		3D BE 20 0B BB 45 58 FE 
0123456789ABCDEF		CA 66 50 E1 5F 6E 28 D2 

Unknown 4:

9079024402
0000000000000000		6A 13 07 BF 77 66 54 71 
0000000000000001		91 51 A9 98 C9 E4 AD 8A 
0000000000000002		A0 63 07 6F 87 46 53 DD 
0000000000000003		2E F9 A8 9A 19 D4 AD C9 
0000000000000004		6A 73 07 A7 78 66 53 71 
0123456789ABCDEF		E5 BA 94 5F 4F 38 2D BB 

Unknown 5:

9079025604
9079028704
9079025704
9079028904
0000000000000000		59 50 6F B4 AC B7 75 BB 
0000000000000001		99 4C 6F 2C FE 47 75 EE 
0000000000000002		9A 48 6F 30 FE 47 75 2E 
0000000000000003		59 44 6F 9A AC B7 75 BB 
0000000000000004		D9 80 6E DC A1 B7 76 BB 
0123456789ABCDEF		0F E4 91 62 12 AF FF EC 

Unknown 6:

9079027303
9079028001
9079027403
0000000000000000		0C D4 E6 0C 8F 88 C6 AA 
0000000000000001		0C C8 E6 13 8F 88 C6 2A 
0000000000000002		0C DC E6 1D 8F 88 C6 AA 
0000000000000003		EA E0 E6 32 DB 78 C6 18 
0000000000000004		0C C4 E6 EA 8F 88 C6 A9 
0123456789ABCDEF		A0 53 10 ED F4 01 F2 9C