Not sure where was best to put this, but I think here will do. In my quest to decode as many jlr CAN signals I have begun to look the sdd files. The ones that are really enticing me are the .exml files, these are encrypted XML. I have been going through so much of the program code but haven't been able to figure out how. Now there is definitely a way to do this and a couple of programs people have made to do it. One user over on jaguar forums has said he can do it but I can't get any response from him, and there's a Chinese site that have listed they can supply a program for $155. So it's definitely do-able but it seems no one is very willing to share the methods.

Everything I have produced, and will produce will all be free and open source so I kind of begrudge spending $155 on something that potentially may work. I know on this site there seems some really good people with sdd, so perhaps someone knows of a way?

Thanks

Last edited by rhys_m on 19th Oct 2019 9:47 pm. Edited 1 time in total

They're not encrypted, they're encoded, and not a very complicated encoding.

The Java program/dll you need is freely available. Took me about an hour of googling to find it. I'm not gonna spoil your fun of finding it, because I learned a huge amount in hunting around for it.

Ah don't do this to me

I have literally decompiled every jar that I could find within sdd as I suspected it would be something there, but no luck so far. I must be missing something in my googling, as I have literally just come up with just 3 links about it.

Il be jumping back on the pc when the misses comes home. Perhaps time to look at this from a different angle if you managed to find it that quick......

How do you call a process which uses:

- a plain text session key
- a 3DES (Triple Data Encryption Standard) cipher
- an electronic codebook cipher mode

Encoding or encrypting?

There is no key, so it's not encrypted.

Maybe that's an over simplification?

Strange, as it's JLR's implementation inside their DLL files...
Maybe we are talking about different things?

Intrigued, will be intently following this thread.

@Vanny
Here's a file encrypted/encoded with the JLR's method: file_to_decrypt
Please try to decrypt/decode it with the program you've found and if you'll get results, then we are talking about the same thing.

The key needed is unique/the same for encryption/decryption and may be embedded inside that program you've found and therefore the program don't ask for it, leaving the impression that there is no key involved. But the process is using the operating systems' cryptographic services (3DES, plain text ver.2 key) alright.

PS: For the sake of topic and OP, please tell us what's in the above file...

@alex_pescaru

Well that was no fun, I was expecting a proper message and not just my own post en***ed

Now, here's a confession for you.
Everything I have learned about extracting the information from the EXMLs has come from your excellent posts, dotted in various places. Especially that Russian LR forum! So I must bow to your superior knowledge on the top and correct myself.

Encrypted NOT encoded.

Thank you for your kind words, but really there is no need. Anyone with enough passion can find out, learn and know the same things.

@rhys_m
If you say that you know how to look through program code, then look through DLLs where CryptAcquireContext, CryptImportKey, CryptSetKeyParam and CryptDecrypt functions are used/imported and you'll hit the jackpot.
And then, don't forget that you said that "everything you will produce will all be free and open source"

Good God, I got lost at encrypted/encoded

Off to take some Anadin


 If it wasn't so bad it'd be funny.

🐑
Freelander 2 HSE auto 2014 ( Florrie ) ..... Try again.
Freelander 2 GS 2012...... Gone.

Maybe code-ine would be better 🤣

Loves it Vanny loves it






 If it wasn't so bad it'd be funny.

🐑
Freelander 2 HSE auto 2014 ( Florrie ) ..... Try again.
Freelander 2 GS 2012...... Gone.

Im sure I replied to this, but obviously not. Dont worry @alex_pescaru I'm a massive advocate for open source, wouldnt do it any other way.

managed to get all the can messages needed though, wrote some software to help finding the correct IDs, its not a freelander 2 jobby at the moment, but this is the most helpful forum I have come across. Once the jag is done, I will be moving back to the freelander anyway





massive thanks to Vanny too

@alex_pescaru

Thanks for the tip.

I made a proxy-dll for intercept CryptImportKey call and inject this dll with help AppInit_DLLs.

The key can be found in the file %TEMLP%\hack.txt.
hack.dll: C:\Program Files\Application.exe key:0x08 0x02 0x00 0x00 0x03 0x66 0x00 0x00 0x18 0x00 0x00 0x00 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX

x86 binary and sources is availible on https://github.com/smartgauges/exml

Last edited by smarggauges on 11th May 2020 9:24 am. Edited 1 time in total