Interact with Vector security DLLs that are used to generate Security Access Keys in a ECU challenge/response ("seed key").
SAQ requires .NET 4.6 or newer. You will also need to bring your own security DLLs.
- Download SAQ from the Releases page.
- Unzip the archive, including the empty Library folder.
- Add your DLLs into the Library folder. No DLLs are provided by default.
- Run SAQ.
- Under
File, clickSelect DLL (Filtered) - Select the DLL file that matches your ECU (double-click)
- In the text field, insert your seed value from Monaco or Vediamo
- The key will be automatically generated (shown beside
Access Key) - Select the cell and copy from it (
CTRL + C) - The key can now be pasted back into Monaco or Vediamo
A set of tests are available here. As I do not own a C4, I used seed requests and generated keys that are shown in public screenshots and videos to verify that the generated values are correct.
Please note: SAQ does not perform the actual key generation. It is only an interface to a target DLL.
The DLL files are typically packaged with vendor tools like DTS Monaco, and several automotive forums typically share these files. As they are proprietary blobs, they cannot be included directly in this repository for legal reasons. Please do not share or request for them here.
The keys are generated by the DLL. If the key is not accepted, it may indicate that the wrong or mismatched DLL was used. The challenges (seed) are also refreshed on reset or disconnection so they cannot be reused.
Some modern ECU systems offer a layer of security that prevents normal users from making changes without completing a seed-key challenge. An authorized client will typically have a DLL or JAR file that takes in a seed challenge, and generates a key. Vector has a well-written application note (AN-IDG-1-017) available here, that describes this verification process.
At its essence, SAQ is simply a wrapper to call a target security DLL's key generation function — namely GenerateKeyEx or GenerateKeyExOpt.
In my limited understanding, the DLLs are usually packaged in a container format, and only extracted by the vendor tools when they are required. For example, in the MED40.smr-d ODB file, the security DLLs are present as med40_abgleich_00_00_01.dll , med40_flash_12_39_00.dll and med40_sec_00_00_01.dll.
Recent ECUs seem to prefer JARs instead of DLLs, which should offer much better cross-platform support and disassembly quality.
MIT
Icon from http://www.famfamfam.com/lab/icons/silk/