about AVIC-TestModeKey

[ToaruOsaka]

hi, bro, i'm interesting about how your guys can decode the TestModeKey.
as UBOOT/kernel must follow GPL to be open-source , but frameworks are not.
these keyStrings are checked in native code C/C++ with some SO file .
so , you just IDA them, read through assembly code ? ( WOW,MY GOD)

[crash-rider]

hi! I have disassembled the unpacking of new versions of testmode!
but where is the error, can we somehow solve this puzzle?
downloaded files from the device, the code is rewritten from assembler to C++, it works fine! but the radio device does not take it! crashes on the first check with error 19.
In the new versions, a parity check is made, and the byte in the sum is changed
code :)

#!/usr/bin/perl
# usage perl decode.pl TEST.KEY

my $filename = (shift);

open(my $fh, $filename) or die $!;

binmode($fh);

my $cnt = 0;
my $encodeString = "";
my $otherString = "";

while (read($fh, my $byte, 1))
{
	if ($cnt % 2 == 1)
	{
		if (ord($byte) > 55)     #$33
		{
			$byte = ord($byte) - 24; #$14 old  new 0x18
		}
		else
		{
			$byte = ord($byte) + 72; #old $4C new  0x48;
		}
		$encodeString = $encodeString.chr($byte);
	} else {
		if (ord($byte) > 55)
		{
			$byte = ord($byte) - 24; #0x18
		}
		else
		{
			$byte = ord($byte) + 72;#  0x48;
		}
		$otherString = chr($byte).$otherString;
	}
	$cnt++;
}

print $encodeString.$otherString;
print "\n";

close $fh;

[crash-rider]

007SERVICE003ALL00833333333013XXTECHNICALXX0031670082013010100820251230000
007SERVICE - type
003ALL -all
00833333333
013XXTECHNICALXX -version
003167 -verson
00820130101 -start date
00820251230 -end date
000

[crash-rider]

vc+ code

1. 1-st check

while (1)
		{
			v17 = (unsigned __int8)*++v14;
			v16 = v17;
			if (!v17 && !v14[1])
				break;
			if ((v13 & 1) == 0)  //skip odd characters NEW in modern model!!!
				*((BYTE *)&a5 + v15++) = v16;
			if (arrSize <= v13 + 1)
				break;
			++v13;
		}
	if (v15)
		{
			v18 = (unsigned __int8)a5;

2. 2-nd check

	if ((BYTE)a5)
			{
				v19 = (__int16 *)((char *)&a5 + 1);
				do
				{
					if (v18 > 55)
						v21 = v18 - 0x18;  // in perl decode upper message
					else
						v21 = v18 + 0x48;
					*((BYTE *)v19 - 1) = v21;
					if (v19 == (__int16 *)((char *)&a5 + v15))
						break;
					v20 = *(unsigned __int8 *)v19;
					v19 = (__int16 *)((char *)v19 + 1);
					v18 = v20;
				} while (v20);
				//LOBYTE(v18) = a5;
				////a5 = LOBYTE(v18);// = a5;
				v18 = LOBYTE(a5);
			}
			v22 = 0;
			v23 = &a5;
			v24 = 0;
			v25 = v15 - 1;

3. 3-d check

while (1)
			{
				v5 = (v22++ & 1) == 0;
				if (v5)
					ArrOfChar_1028[v25--] = v18;
				else
					ArrOfChar_1028[v24++] = v18;
				if (v22 == v15)
					break;
				v26 = *((BYTE *)v23 + 1);
				v23 = (__int16 *)((char *)v23 + 1);
				//LOBYTE(v18) = v26;
				v18 = LOBYTE(v26);
				//v18 = v26;
			}
		}
		ArrOfChar_1028[v15] = 0;

• key without 1-st check

HHHHHOHkK]JjInMaJ[H]JHPHHKHYIdHdIHHHKPIKHKJKPKHKHKOKNKIHKIHKHppppld]Y[[`af

• key with 1-st check (odd characters added)

H!H!H!H!H!O!H!k!K!]!J!j!I!n!M!a!J![!H!]!J!H!P!H!H!K!H!Y!I!d!H!d!I!H!H!H!K!P!I!K!H!K!J!K!P!K!H!K!H!K!O!K!N!K!I!H!K!I!H!K!H!p!p!p!p!l!d!]!Y![![!`!a!f!

[crash-rider]

1-st check on device and get error 19

	if (!TST_KeyFileInformation::extractKyeData(KeyFileInformation, ArrChar_1056))
		{
			v8 = 19;
			goto LABEL_15;
		}

[crash-rider]

key_here_libTestModeStartUp_Ext.so.zip