VAG-COM/VCDS EVERYTHING

[kaalis]

20.12 is in english, other languages not yet available.

latest NEZ version is 20.12.0

[Pepesoft]

Hello<br>Can someone just tell me that can original ross-tech hex-v2 3vin cable be "unlocked" as unlimited vins?<br>And if so what do i need for that?

[borian]

Hi
I am atm trying to make my own tool to communicate with the cable to make thinks a bit more easy.
The first stage of the communication is to agree on a 256 bits AES key to use for the rest of the session.
This key (there are in fact 19 of the) was also changed from my 415 / 405 cable to the upgradable one so I needed help from a forum member to extract this info.
But the best way would be to make the tool support this and there is one more function I need to reverse to complete this task.
Since I am working with the loader and have the key it's not to important and I wont spend time on this algo atm but if anyone else want to join in and helt that would be great.

So the cable sends 0x80 (128 byte 1024bit) to vcds.exe and this data is now decrypted/encrypted (depends how you look at it) using RSA1024. The 256bits' AES key is now derived from this data by calling a function that will return this AES key. I need someone to have a look at this function and figure out how this is done.

Use the unpacked version of vcds (20.12) and thanks to whom ever unpacked this exe coz this helped speed things up
At address 0x4B56DC is the function that will extract the AES key from RSA-C
In this function there is a call to RSA decrypt
0x004B5736 call rsa_decrypt(rsa_c, len, v11, &rsa_ses, 0, a7);
and the decrypted rsa data (rsa-m) will be returned in "rsa_res"
below this then this function is called
0x004B575E call sub_4B5377(v11, rsa_ses, a6, aes_key, a5, key)
and uses the decrypted rsa data and derived the aes key from it.

If someone could have a look at this function then that would be great..

Hello Badrax!

I offer my help. I have some small experience with hacking electronics (mainly in mobile phone servicing equipment on desktop apps cracking). I am not that fluent in assembler but I know the basics and I am open minded and learn fast. Currently I use PowerShell the most but still remember something about C, C++, Java, PHP.
I can offer my help in area of my knowledge, helping wih programming, soldering, delivering some test devices (got some pieces with 415`s), donating You, I can also get some original device If that is needed.
Please contact me if You're interested in my help

Borian

[flyfvdi]

20.12 is in english, other languages not yet available.

VCDS Hex-V2 with main chip STM32F405VGT6 Software for other languages (14 languages)


https://mega.nz/file/g09yXDiR#exlbFg...yMyipYXXjr0lic

[mrle9]

VIIPlusLoader-08.021.01-EN-Installer.rar mega.nz download link:


https://mega.nz/file/FxkVxQgZ#Pknh_d...YwHSpDv1zxUTBU

Attachment 776094Attachment 776095

Thank you.

What's new ?
Is there a changelog ?

what is the official website or board for viiplusloader ?

Bye

[flyfvdi]

Thank you.

What's new ?
Is there a changelog ?

what is the official website or board for viiplusloader ?

Bye

vcds hex v2 pcb-006.jpg


VCDS Hex-V2 with main chip STM32F405VGT6 and VII PLus Loader. full version, update freely. most stable.


VCDS hex-v2 is also available in the following languages:
Chinese, Croatian, Czech, Danish, English, French, German, Hungarian, Italian, Polish, Portuguese, Romanian, Russian, Spanish, Swedish

[networkers]

OK, but what is the latest VCDS version for KLoader9.2?

Latest GERMAN Version : VCDS-DRV-20042-Installer.exe da48629f6978540d342826eb390aeda0e47334857765c08e0b ffba44504e52bd

[mrle9]

vcds hex v2 pcb-006.jpg


VCDS Hex-V2 with main chip STM32F405VGT6 and VII PLus Loader. full version, update freely. most stable.


VCDS hex-v2 is also available in the following languages:
Chinese, Croatian, Czech, Danish, English, French, German, Hungarian, Italian, Polish, Portuguese, Romanian, Russian, Spanish, Swedish

it's not answer of anyone of my questions...

[Jackson0]

So can somebody confirm that the last/latest useable GERMAN VCDS Version for the old V1 Hardware (Atmel162, MCP, GAL, FTDI) is the 19.06.1 with Kolimer Loader 9.1 ?

[Bastard2]

So can somebody confirm that the last/latest useable GERMAN VCDS Version for the old V1 Hardware (Atmel162, MCP, GAL, FTDI) is the 19.06.1 with Kolimer Loader 9.1 ?

Latest version from rt website (20.12) works perfectly with loader 9.2. Read the pdf in the bundle tho and flash your cable if necessary.

[bg17aw]

Hello<br>Can someone just tell me that can original ross-tech hex-v2 3vin cable be "unlocked" as unlimited vins?<br>And if so what do i need for that?

I think you can use Kolimer package to rewrite the firmware and it will work as un unlimited cable.
I did something similar on an original VCDS some time ago

[bg17aw]

Hello<br>Can someone just tell me that can original ross-tech hex-v2 3vin cable be "unlocked" as unlimited vins?<br>And if so what do i need for that?

I think you can use Kolimer package to rewrite the firmware and it will work as un unlimited cable.
I did something similar on an original VCDS some time ago
EDIT: Just to be clear, I did this on an old V1 interface with Atmel chipset, not the new HEX-V2 that use the ARM chips (Kolimer solution will not work on these!)

[Col19]

Hi friends


I will buy a Hex V2 415 and make it available to you for testing. I think the kings of reprogramming will succeed in modifying the 415 to make it work like the 405 and everyone will be happy too bad I'm a programming enthusiast but I remain at your disposal.

[flyfvdi]

Hi friends


I will buy a Hex V2 415 and make it available to you for testing. I think the kings of reprogramming will succeed in modifying the 415 to make it work like the 405 and everyone will be happy too bad I'm a programming enthusiast but I remain at your disposal.

i think you can not replace STM32F405 with STM32F415

[GOLF 5]

hi,i heave golf 5(2004).any one know how o find security acces code for diferent module example for central conv or cent elect etc?
thasnks in advance