Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
DIY CEM (and VGM) PIN Retrieval for Volvo and Polestar
#41
(07-09-2023, 09:25 AM)ravvam Wrote:
(07-06-2023, 04:40 PM)Power6 Wrote: FYI I am currently "piloting" PIN Service for Polestar models. If it works well, I could add this to the offerings same as Volvo models. So if anyone wants to get Polestar PINs, let me know ;-)

Hi Power6. Thank you for all the amazing work you’ve done!
Just so I understand, I should be purchasing the Android CEM/VGM PIN with orbit subscription package ($325) if I were to use it for a Polestar 2. I wouldn’t just be able to pay for Orbit alone ($100) as I don’t have the PINs and don’t have a current VIDA subscription?
Thanks!


That is correct. To do Volvo/Polestar config you have 2 things you need: some software to do it (I recommend OrBit of course!) and you need the PINs that allow access to the parts of the car needed to do it. However you go about getting those PINs is OK, but you need them.

I don't cover all the ways to get PINs around here, I offer the options that you can do with the same equipment used for OrBit (Windows laptop and adapter). I get all kinds of customers, some already have their PINs, some get their own, and some buy the PIN service. Some of my customers are shops that have the hardware tools to remove the CEM from the car and read the PIN from it. 

It's good to remember the PINs you need, they are static for the life of the car, so that is only a one time thing to do, once you have the PINs you have them. With OrBit you always get the PIN(s) to record for yourself, even if you decide you hate me later and use some other tool with your car you will already have the PINs. With the newer Android cars needing the VGM PIN, this is something needed even for some diagnostics functions. Being a DIY "right-to-repair" advocate myself, I would want to have at least that PIN for any future diagnostics of my own car!

That's more information than you need or asked for, I just wanted to answer it in a way that covered anyone else with the same sort of question happening by this thread ;-)
Reply
#42
I was gonna go the DIY route, but I mistakenly assumed that the Volvo VIDA subscription will work with Polestar, so I ended up with just buying the PIN service as well. I guess my question is, what can I do with my Volvo VIDA? lol
Reply
#43
(07-23-2023, 06:13 PM)p2carbon Wrote: I was gonna go the DIY route, but I mistakenly assumed that the Volvo VIDA subscription will work with Polestar, so I ended up with just buying the PIN service as well. I guess my question is, what can I do with my Volvo VIDA? lol


It does work with Vida but you have to select it. There’s Vida for VCC and Polestar. VCC will not work for Polestar.
Reply
#44
(07-24-2023, 11:49 AM)Sodertalje Wrote:
(07-23-2023, 06:13 PM)p2carbon Wrote: I was gonna go the DIY route, but I mistakenly assumed that the Volvo VIDA subscription will work with Polestar, so I ended up with just buying the PIN service as well. I guess my question is, what can I do with my Volvo VIDA? lol


It does work with Vida but you have to select it. There’s Vida for VCC and Polestar. VCC will not work for Polestar.

Yeah that was my mistake. I bought the VCC VIDA.. The pin service work great though!
Reply
#45
(02-22-2023, 09:48 AM)x119 Wrote: For information: Brute force isn't feasible on a SPA car because the ECU locks out after failed attempts. You either have to wait for the lock out to pass or reset the ECU to allow new attempts. This required procedure unfortunately causes too much delay in attempts and instead of XX hrs, you're in to the realms of months / years to brute the PIN. It's much more efficient to either use VIDA to extract a Seed / Key and generate a working PIN, pull the ECU and extract the firmware on a bench or to purchase some magic as loosely outline above..

Today D5T5 announced that now they can brute-force SPA cars:

Quote:CEM PIN DCEM PIN Decoding for SPA/CMA Cars for Configuration Changes

For SPA/CMA cars without the Android infotainment system (iCUP/Google), it is now possible to decode the CEM PIN to modify configurations (e.g., remove speed limits, activate CarPlay, enable parking cameras, activate navigation, remote start, etc.). CEM PIN decoding is possible using VDASH and a compatible diagnostic cable - Volvo DiCE, Super J2534, Mongoose JLR, VOE, VXDIAG. Decoding may take 0 to 24 hours and can be paused and resumed from the same point at any time.ecoding for SPA/CMA Cars for Configuration Changes

Probably they found a way how to keep car unblocked during the brute-force process. 

And another thing (that's funny) - they introduced a flat price!  @Power6 you rock the world Big Grin
Reply
#46
I saw that news! I can see some clues there, notice you need to use the "legacy" DiCE/J2534 interface there. Regardless it's nice work for sure to figure that out. 

And the pricing model change, a long time coming I would think.
Reply
#47
(10-11-2023, 02:27 PM)Power6 Wrote: I saw that news! I can see some clues there, notice you need to use the "legacy" DiCE/J2534 interface there.

They mentioned about VOE in their list, so I don't think legacy adapter matters. But we need to do a research Wink
Reply
#48
Question,

Can VIN number be changed in the ECUs (the ones used in VIDA online communication)?

In such case - someone with VIDA access and a ECU on a bench can change the VIN to a given one, then query the Volvo for an update and sniff for PIN for this particular VIN.

Ideally - one could end up with a database with all VINs and PINs

Thinking right?
Reply
#49
(10-27-2023, 11:37 AM)Sir0cco Wrote: Question,

Can VIN number be changed in the ECUs (the ones used in VIDA online communication)?

In such case - someone with VIDA access and a ECU on a bench can change the VIN to a given one, then query the Volvo for an update and sniff for PIN for this particular VIN.

Ideally - one could end up with a database with all VINs and PINs

Thinking right?


My strong suspicion is that whoever is providing the PIN retrieval service has more or less done just that. They have a valid VIDA subscription and have more or less figured out how to spoof the process so VIDA gets the target VIN and retrieves the correct PIN for it.


Sent from my iPhone using Tapatalk
Reply
#50
(02-02-2023, 02:42 PM)Power6 Wrote: If you want to change configuration on your Volvo, you need to have the "CEM PIN" for your car, and if you have an Android Auto based Polestar or Volvo (aka an "iCup" car) you also need the "VGM PIN" for the car. PINs are something like passwords to access modules. Like all modern cars, the manufacturer doesn't want you to make changes, so there are various security features throughout the car to prevent that. There are dozens of PINs for each car. We are only interested in the specific PINs to make configuration changes to the car for this procedure.

We currently offer the PIN service as an easy way to get the PIN(s) you need. But it is possible to get PINs yourself for your car, or PINs for any Volvo or Polestar. OrBit has tools built in to help. First you must gather some information from the official diagnostic software, VIDA. Essentially what you do is make VIDA use the secret PIN on your car and record it, then use OrBit to 'crack' the PIN from that information.

Here's what you will need to do that:
  • Access to Volvo or Polestar VIDA
  • Access to the local computer running VIDA, will need to be able to install Wireshark on it)
  • Ability to order "configuration test" software in VIDA
  • VIDA must be connected to the car with wired connection (no dealer WiFi)
  • VOE Cable to connect to the car (or equivalent, same as what you would use with OrBit)

Thanks to right-to-repair law in a single US state (Go Massachusetts Smile ), consumers in North America (NA) are able to buy a subscription to VIDA at volvotechinfo.com (or polestartechhub.com for Polestar). If you are set up with a Windows laptop and cable for OrBit, the same setup will work for VIDA. Outside North America, VIDA software is not available to consumers, making access to VIDA much more difficult. There have been many workarounds for this, which is not part of this discussion but creative solutions are out there to get to VIDA outside NA. 

This post is not a VIDA DIY, that's a whole other topic! We'll assume you have a subscription set up, or a friendly mechanic with VIDA, and you are able to navigate connecting the car and purchasing software. It can be tricky the first time through to know how the system works.

STEP 1 - Capture software install from VIDA
  • Open VIDA and log in

  • Open Wireshark, go to Capture menu, click "Start"
  • Connect to the car in VIDA
  • In VIDA order a "configuration test" for your car (this is cheap, just $0.01!)
  • Once ordered, you can retrieve the order in VIDA, to get it ready for install
  • Install the software in VIDA, wait until it is complete
  • In Wireshark, go to Capture menu, click "Stop"
  • Got to the File menu, click "Save As..."
  • Save the capture file (as a "pcapng" file type)
  • If this is not the same computer you will run OrBit on, save the pcapng somewhere you can get to it later (cloud service) or take it with you (USB stick)

STEP 2 - Crack the PIN with OrBit
  • Open OrBit, and log in
  • Go to "Expert Toolbox" tab
  • Click the "PIN Finder" button
  • Choose the pcapng capture file from Step 1
  • Wait for OrBit to do the magic! It can take up to a minute, maybe longer for really slow laptop...
  • If the pcapng file contains PIN information (including CEM/VGM PINs), OrBit will output the PINs found in the PIN finder report
  • You can save the PIN(s) report for safe keeping. If your car is currently connected, OrBit will prompt you to save the PINs in the profile.
  • If your car is not connected, you can later paste the PIN(s) into the "Add CEM PIN" and "Add VGM PIN" dialogs opened with the buttons on the Shortcuts tab in OrBit, while you are connected to your car. 

Enjoy exploring and modifying config with OrBit! I'd like to note here, unlike "other" software, OrBit reflects my belief that *you* own your car, so always the PINs that you get, are given to you, to use however you like! You can take them and use them with any other Volvo software, make your own software or tools, whatever. We don't borrow them from Volvo then lock them up in our own proprietary system. Just wanted to get that off my chest lol ;-) Enjoy!
In Wireshark, which packet filter should be applied for the capture? Thanks!
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)