Bimmerpost
3
/
4 Series
BMW Garage BMW Meets Register Search Today's Posts Mark Forums Read
Technical Topics B58 6-Cylinder Turbo Engine / Drivetrain / Exhaust Modifications Mission Performance Presenting: World's First '21 DME Unlock paired with new Platform

Closed Thread
 
Thread Tools Search this Thread
      06-16-2021, 09:28 AM   #23
MuffinFlavored
Second Lieutenant
79
Rep
260
Posts

Drives: 2014 F10 M5 MT
Join Date: Apr 2017
Location: N/A

iTrader: (0)

Quote:
Originally Posted by MissionPerformance View Post
No idea who "Misha" is, but yes my name is Alex.

1) Yes there are ways and BMW is currently already implementing a tool-to-vehicle encryption channel (think about SSL on your browser). If we are able to implement that as well, then no datalogging of the actual protocol will be possible.

2) You mentioned BTLD 6198 from the video. Good job for noticing that, and that means you actually can differentiate Bootloader/Prog/Data. What that also means is that you should be able to scroll down the official xml for that bootloader "btld_00006198.xml.001_025_003" (you did get the DME info from that file which you posted) and you will see this line: "<TARGET-START-ADDRESS>80028100</TARGET-START-ADDRESS>". Look at that address and please tell everyone up here, does it belong to Aurix or PPC family? Hint Hint look at memory layout table at the address.
Or better yet, open up the corresponding program xml "swfl_00005d55.xml.080_040_007" and look for requisite or reference field. What do we see there?
<br>$DIF_Ref1: btld-00004294-001.025.003</br>
<br>$DIF_Ref2: btld-00004295-001.025.003</br>
<br>$DIF_Ref3: btld-000048dc-001.025.003</br>
<br>$DIF_Ref4: btld-00005d53-001.025.003</br>
<br>$DIF_Ref5: btld-00006198-001.025.003</br>

Reference 5 is our bootloader used on all 21 G05 hybrids, as and probably other 21 hybrids. But what do you see for reference "REF3"? Oh, that's the typical M340i 0x48DC bootloader, which is once again AURIX, and not PPC.

So please, before speaking out and trying to play conspiracy theory, Please do some research ahead of time and make sure that what you are saying is Correct and True.

P.S. I see you edited your original post and yes, I'm sure you have seen the 6198 on Aurix, since it ONLY belongs to Aurix just like proven in the response above.
Thank you Alex.

Just for everybody reading along, 0x80028100 is AURIX. I was confused, 2021 x5e (or whatever car is in this video) is not MPC.

Alex, check your DMs please. I'd like to hear your thoughts on whether you think bFlash is bluffing or if they actually have something close to market and (like you) are just waiting.
Appreciate 0
      06-16-2021, 09:34 AM   #24
MissionPerformance
MissionPerformance's Avatar
United_States
1505
Rep
676
Posts

Drives: '17 F31 340xi US Spec
Join Date: Aug 2014
Location: The Woodlands, TX

iTrader: (0)

Garage List
Quote:
Originally Posted by MuffinFlavored View Post
Thank you Alex.

Just for everybody reading along, 0x80028100 is AURIX. I was confused, 2021 x5e (or whatever car is in this video) is not MPC.

Alex, check your DMs please. I'd like to hear your thoughts on whether you think bFlash is bluffing or if they actually have something close to market and (like you) are just waiting.

There is absolutely no need to reach out to us over DM and ask us to skype with you about the unlock after you directly attach the unlock method we posted. You are not the first, and sadly not the last.

And yes, bFLash can read it finally! But guess what, so can you. Reading was never locked down by BMW so just issue command 23 24 + address you like to read.

On top of that, we have had the "map pack" that Facebook link mentions, way before the G80 even was public as we had the NRV compressed development and production calibration files for it for nearly a year now.

Side Note
This thread is not in place for us to defend or argue. Hostile responses might be met with hostile responses, but in the end of a day, the proof is in the pudding.
Appreciate 0
      06-16-2021, 09:39 AM   #25
MuffinFlavored
Second Lieutenant
79
Rep
260
Posts

Drives: 2014 F10 M5 MT
Join Date: Apr 2017
Location: N/A

iTrader: (0)

Quote:
Originally Posted by MissionPerformance View Post
There is absolutely no need to reach out to us over DM and ask us to skype with you about the unlock after you directly attach the unlock method we posted. You are not the first, and sadly not the last.

And yes, bFLash can read it finally! But guess what, so can you. Reading was never locked down by BMW so just issue command 23 24 + address you like to read.

On top of that, we have had the "map pack" that Facebook link mentions, way before the G80 even was public as we had the NRV compressed development and production calibration files for it for nearly a year now.

Side Note
This thread is not in place for us to defend or argue. Hostile responses might be met with hostile responses, but in the end of a day, the proof is in the pudding.
I was not attacking. I was letting you know the most common initial reaction after watching the video ("why didn't he turn the car on to prove engine runs?")

> And yes, bFLash can read it finally! But guess what, so can you. Reading was never locked down by BMW so just issue command 23 24 + address you like to read.

You can read BootCtrl / SBOOT from 0x80000000 OBD with service ID 0x23 read memory by address on BMW? I doubt it?
Appreciate 0
      06-16-2021, 09:44 AM   #26
MissionPerformance
MissionPerformance's Avatar
United_States
1505
Rep
676
Posts

Drives: '17 F31 340xi US Spec
Join Date: Aug 2014
Location: The Woodlands, TX

iTrader: (0)

Garage List
Quote:
Originally Posted by MuffinFlavored View Post
Quote:
Originally Posted by MissionPerformance View Post
There is absolutely no need to reach out to us over DM and ask us to skype with you about the unlock after you directly attach the unlock method we posted. You are not the first, and sadly not the last.

And yes, bFLash can read it finally! But guess what, so can you. Reading was never locked down by BMW so just issue command 23 24 + address you like to read.

On top of that, we have had the "map pack" that Facebook link mentions, way before the G80 even was public as we had the NRV compressed development and production calibration files for it for nearly a year now.

[SIZE="5"]Side Note[/SIZE]
This thread is not in place for us to defend or argue. Hostile responses might be met with hostile responses, but in the end of a day, the proof is in the pudding.
I was not attacking. I was letting you know the most common initial reaction after watching the video ("why didn't he turn the car on to prove engine runs?")

> And yes, bFLash can read it finally! But guess what, so can you. Reading was never locked down by BMW so just issue command 23 24 + address you like to read.

You can read BootCtrl / SBOOT from 0x80000000 OBD with service ID 0x23 read memory by address on BMW? I doubt it?
Anything needed for "map pack" building advertised by bFlash can be read on all production PPC and Aurix. Of course we lock that abuse with our product, but that's beside the point.

Again this is not a thread to discuss how it's done and whatnot. It's a simple thread to let the 2021 community lest assured that there is a light in the end of a tunnel and flashing will be rolling out. There is no need to turn this into another argument thread that come with forums territory.
Appreciate 0
      06-16-2021, 09:47 AM   #27
MuffinFlavored
Second Lieutenant
79
Rep
260
Posts

Drives: 2014 F10 M5 MT
Join Date: Apr 2017
Location: N/A

iTrader: (0)

Quote:
Originally Posted by MissionPerformance View Post
Anything needed for "map pack" building advertised by bFlash can be read on all production PPC and Aurix. Of course we lock that abuse with our product, but that's beside the point.

Again this is not a thread to discuss how it's done and whatnot. It's a simple thread to let the 2021 community lest assured that there is a light in the end of a tunnel and flashing will be rolling out. There is no need to turn this into another argument thread that come with forums territory.
Except there isn't a light at the end of the tunnel, because you have 0 plans to releasing it to anybody. You just want to be famous and get praise for how good of a reverse engineer/embedded hacker you are, which you deserve.

But... why honeydick the whole community? You aren't going to actually release this at all lol

You're going to wait for Femto/Autotuner/bFlash/CMD.
Appreciate 0
      06-16-2021, 09:52 AM   #28
MissionPerformance
MissionPerformance's Avatar
United_States
1505
Rep
676
Posts

Drives: '17 F31 340xi US Spec
Join Date: Aug 2014
Location: The Woodlands, TX

iTrader: (0)

Garage List
Quote:
Originally Posted by MuffinFlavored View Post
Quote:
Originally Posted by MissionPerformance View Post
Anything needed for "map pack" building advertised by bFlash can be read on all production PPC and Aurix. Of course we lock that abuse with our product, but that's beside the point.

Again this is not a thread to discuss how it's done and whatnot. It's a simple thread to let the 2021 community lest assured that there is a light in the end of a tunnel and flashing will be rolling out. There is no need to turn this into another argument thread that come with forums territory.
Except there isn't a light at the end of the tunnel, because you have 0 plans to releasing it to anybody. You just want to be famous and get praise for how good of a reverse engineer/embedded hacker you are, which you deserve.

But... why honeydick the whole community? You aren't going to actually release this at all lol

You're going to wait for Femto/Autotuner/bFlash/CMD.
👍

What we decide to do is completely up to us.
If you read the first response from us, you would have seen that we do plan on releasing this if we come up with user to ECU encryption channel like Bmw is working on implementing now.

Also, we are entertaining idea of offering mail-in service for unlock, but again that's all up to us to decide.
Appreciate 1
02M3ForMe4255.50
      06-16-2021, 09:56 AM   #29
Der_Wolf
Lieutenant
Der_Wolf's Avatar
United_States
888
Rep
574
Posts

Drives: 2021 G82 Comp
Join Date: Mar 2016
Location: Midwest

iTrader: (0)

__________________
|2021 M4 Competition| |2018 M3 Competition| |1994 525i|

///M
Appreciate 1
M2_MEDUSA664.00
      06-16-2021, 10:00 AM   #30
chenry
Colonel
United_States
2346
Rep
2,964
Posts

Drives: BMWs
Join Date: Feb 2012
Location: SoCal Huntington Beach

iTrader: (8)

Exclamation

While I do not understand the last few technical posts....what I do understand is that once again you have figured out in months what others speculated may take years.

Congratulations on what you have achieved!

I know there is still some work to be done before we see a consumer product but it would seem that this is the breakthrough many have been waiting for.


Last edited by chenry; 06-22-2021 at 05:09 PM.. Reason: typos of course :-)
Appreciate 4
Der_Wolf888.00
Musaabi118.00
tarrant64116.00
02M3ForMe4255.50
      06-16-2021, 10:06 AM   #31
PrinceM340
New Member
PrinceM340's Avatar
26
Rep
27
Posts

Drives: 21' M340
Join Date: Apr 2021
Location: New York City

iTrader: (0)

me want fast car, now!

I'm going to send an email to get on that waiting list
Appreciate 3
      06-16-2021, 10:10 AM   #32
MuffinFlavored
Second Lieutenant
79
Rep
260
Posts

Drives: 2014 F10 M5 MT
Join Date: Apr 2017
Location: N/A

iTrader: (0)

Quote:
Originally Posted by MissionPerformance View Post
��

What we decide to do is completely up to us.
If you read the first response from us, you would have seen that we do plan on releasing this if we come up with user to ECU encryption channel like Bmw is working on implementing now.

Also, we are entertaining idea of offering mail-in service for unlock, but again that's all up to us to decide.
If somebody mails you an ECU with the latest SBOOT and gets it back with not the latest SBOOT on it, it'll be pretty obvious what's happening and your work will get stolen pretty quickly. I hope for your sake it's something really clever in CBOOT to protect your work.

SSL for ENET sounds like a fun script kiddie challenge.
Appreciate 3
FSociety3810.00
M2_MEDUSA664.00
Rux631.50
      06-16-2021, 10:18 AM   #33
Der_Wolf
Lieutenant
Der_Wolf's Avatar
United_States
888
Rep
574
Posts

Drives: 2021 G82 Comp
Join Date: Mar 2016
Location: Midwest

iTrader: (0)

Quote:
Originally Posted by MuffinFlavored View Post
If somebody mails you an ECU with the latest SBOOT and gets it back with not the latest SBOOT on it, it'll be pretty obvious what's happening and your work will get stolen pretty quickly. I hope for your sake it's something really clever in CBOOT to protect your work.

SSL for ENET sounds like a fun script kiddie challenge.
What are we doing here man? This isn't the thread for this
__________________
|2021 M4 Competition| |2018 M3 Competition| |1994 525i|

///M
Appreciate 6
SYT_Shadow11421.00
Musaabi118.00
siegester341.00
tarrant64116.00
Gdiddy23905.50
      06-16-2021, 10:32 AM   #34
chenry
Colonel
United_States
2346
Rep
2,964
Posts

Drives: BMWs
Join Date: Feb 2012
Location: SoCal Huntington Beach

iTrader: (8)

Quote:
Originally Posted by Der_Wolf View Post
What are we doing here man? This isn't the thread for this
+1
Appreciate 0
      06-16-2021, 10:34 AM   #35
FSociety
IG @bmwF9xG80
FSociety's Avatar
3810
Rep
7,594
Posts

Drives: G80 M3, X4M, G07 X7m50
Join Date: Apr 2012
Location: NYC to NJ to Orlando FL

iTrader: (3)

Garage List
2023 BMW G80 M3  [0.00]
2020 BMW X4MC  [0.00]
16' BMW X4 M40i  [10.00]
06 Cadillac STS  [0.00]
Quote:
Originally Posted by MuffinFlavored View Post
Except there isn't a light at the end of the tunnel, because you have 0 plans to releasing it to anybody. You just want to be famous and get praise for how good of a reverse engineer/embedded hacker you are, which you deserve.

But... why honeydick the whole community? You aren't going to actually release this at all lol

You're going to wait for Femto/Autotuner/bFlash/CMD.
Finish him… F A T A L I T Y!!
Appreciate 2
      06-16-2021, 10:34 AM   #36
S58King
Second Lieutenant
S58King's Avatar
145
Rep
216
Posts

Drives: 2022 G80 M3 CX
Join Date: Mar 2021
Location: Glendale CA

iTrader: (0)

Quote:
Originally Posted by MuffinFlavored View Post
Except there isn't a light at the end of the tunnel, because you have 0 plans to releasing it to anybody. You just want to be famous and get praise for how good of a reverse engineer/embedded hacker you are, which you deserve.

But... why honeydick the whole community? You aren't going to actually release this at all lol

You're going to wait for Femto/Autotuner/bFlash/CMD.
Bro you jcat are you bflash d rider or what stop being a jcat and gtfo this thread your over here starting issues for no reason lmao
Appreciate 1
SYT_Shadow11421.00
      06-16-2021, 10:38 AM   #37
Der_Wolf
Lieutenant
Der_Wolf's Avatar
United_States
888
Rep
574
Posts

Drives: 2021 G82 Comp
Join Date: Mar 2016
Location: Midwest

iTrader: (0)

Quote:
Originally Posted by FSociety View Post
Finish him… F A T A L I T Y!!
Yeah, because it makes sense for Mission to put a shit ton of hours and money into cracking the DME in exchange for some Bimmerpost rep...

I'm no Warren Buffet, but I imagine the end game is to sell the product for profits?? I'll have to go back and look at my econ notes from college
__________________
|2021 M4 Competition| |2018 M3 Competition| |1994 525i|

///M
Appreciate 4
      06-16-2021, 10:45 AM   #38
MuffinFlavored
Second Lieutenant
79
Rep
260
Posts

Drives: 2014 F10 M5 MT
Join Date: Apr 2017
Location: N/A

iTrader: (0)

Quote:
Originally Posted by Der_Wolf View Post
Yeah, because it makes sense for Mission to put a shit ton of hours and money into cracking the DME in exchange for some Bimmerpost rep...

I'm no Warren Buffet, but I imagine the end game is to sell the product for profits?? I'll have to go back and look at my econ notes from college
bro trust me, I try to wrap my head around this business model all of the time.

Go to Google. Go read what an Autotuner or bFlash master/slave tool is.

You make a 1 time purchase of about $5,500 for a device and you wait for them to release new protocols. *maybe* they charge you $99/mo for a subscription, unlimited flashes.

Then they all race to fight and copy each other for protocols. So everybody is waiting for 2021 MG1 Aurix bench/CBOOT. Then, they release it for free to all customers... who already have their device, and already pay the $99 month subscription, no extra cost...

Why?! You could charge $500/car and get away with it!

The industry is beyond upside down but it is what it is. Lots of smart hackers, not very smart business men.

Don't even get me started how bootmod3 destroyed all tuning margins and are willing to flash an M5 for $999, rock bottom pricing no margin lol

Go compare what it costs to tune a G63 AMG compared to an M5, it's gross how cheap BMW tunes are.
Appreciate 1
Rux631.50
      06-16-2021, 10:46 AM   #39
S58King
Second Lieutenant
S58King's Avatar
145
Rep
216
Posts

Drives: 2022 G80 M3 CX
Join Date: Mar 2021
Location: Glendale CA

iTrader: (0)

Quote:
Originally Posted by Der_Wolf View Post
Yeah, because it makes sense for Mission to put a shit ton of hours and money into cracking the DME in exchange for some Bimmerpost rep...

I'm no Warren Buffet, but I imagine the end game is to sell the product for profits?? I'll have to go back and look at my econ notes from college

Exactly these 2 kids talking shit are most likely other tuners mad that they can’t steal Alex’s work lmao bored with their lives.
Appreciate 5
chenry2346.00
Vmaxx240.00
SYT_Shadow11421.00
Musaabi118.00
siegester341.00
      06-16-2021, 10:49 AM   #40
Der_Wolf
Lieutenant
Der_Wolf's Avatar
United_States
888
Rep
574
Posts

Drives: 2021 G82 Comp
Join Date: Mar 2016
Location: Midwest

iTrader: (0)

Quote:
Originally Posted by MuffinFlavored View Post
bro trust me, I try to wrap my head around this business model all of the time.

Go to Google. Go read what an Autotuner or bFlash master/slave tool is.

You make a 1 time purchase of about $5,500 for a device and you wait for them to release new protocols. *maybe* they charge you $99/mo for a subscription, unlimited flashes.

Then they all race to fight and copy each other for protocols. So everybody is waiting for 2021 MG1 Aurix bench/CBOOT. Then, they release it for free to all customers... who already have their device, and already pay the $99 month subscription, no extra cost...

Why?! You could charge $500/car and get away with it!

The industry is beyond upside down but it is what it is. Lots of smart hackers, not very smart business men.

Don't even get me started how bootmod3 destroyed all tuning margins and are willing to flash an M5 for $999, rock bottom pricing no margin lol

Go compare what it costs to tune a G63 AMG compared to an M5, it's gross how cheap BMW tunes are.
No, I don't think I will actually.
__________________
|2021 M4 Competition| |2018 M3 Competition| |1994 525i|

///M
Appreciate 3
      06-16-2021, 10:51 AM   #41
MuffinFlavored
Second Lieutenant
79
Rep
260
Posts

Drives: 2014 F10 M5 MT
Join Date: Apr 2017
Location: N/A

iTrader: (0)

Quote:
Originally Posted by AlphineW_M340i View Post
Exactly these 2 kids talking shit are most likely other tuners mad that they can’t steal Alex’s work lmao bored with their lives.
bored with my life lol, yeah that's me dog

i tried for 3 months to crack this shit. it'd be the easiest $50k i ever made in my life.

alex deserves credit, he's the real deal. just sucks that he cares more about internet points than making money.
Appreciate 2
M2_MEDUSA664.00
Rux631.50
      06-16-2021, 11:10 AM   #42
forza1976
Major General
forza1976's Avatar
United_States
3391
Rep
6,585
Posts

Drives: BMW
Join Date: Aug 2007
Location: 49417 and 60610

iTrader: (13)

Garage List
2022 BMW M3X  [10.00]
Quote:
Originally Posted by AlphineW_M340i View Post
Bro you jcat are you bflash d rider or what stop being a jcat and gtfo this thread your over here starting issues for no reason lmao
Not sure if english???
Appreciate 1
siegester341.00
      06-16-2021, 12:05 PM   #43
TruthOne
Major
TruthOne's Avatar
1081
Rep
1,086
Posts

Drives: 2021 M340i
Join Date: Oct 2020
Location: Oakland, CA

iTrader: (0)

Quote:
Originally Posted by AlphineW_M340i View Post
Quote:
Originally Posted by MuffinFlavored View Post
Except there isn't a light at the end of the tunnel, because you have 0 plans to releasing it to anybody. You just want to be famous and get praise for how good of a reverse engineer/embedded hacker you are, which you deserve.

But... why honeydick the whole community? You aren't going to actually release this at all lol

You're going to wait for Femto/Autotuner/bFlash/CMD.
Bro you jcat are you bflash d rider or what stop being a jcat and gtfo this thread your over here starting issues for no reason lmao
You must be from Frisco using "Jcat"
Appreciate 1
M2_MEDUSA664.00
      06-16-2021, 12:29 PM   #44
S58King
Second Lieutenant
S58King's Avatar
145
Rep
216
Posts

Drives: 2022 G80 M3 CX
Join Date: Mar 2021
Location: Glendale CA

iTrader: (0)

Quote:
Originally Posted by TruthOne View Post
You must be from Frisco using "Jcat"
Glendale brother
Appreciate 0
Closed Thread

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 07:53 AM.




g20
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST