You are currently viewing our forum as a guest, which gives you limited access to view most discussions and access our other features. By joining our community, at no cost, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is free, fast and simple, so please join our community today!
So the XML file does have the following pieces of information in it:
Request ID - guessing it's a number generated when my dealer put the order in their system
Order ID - the actual order ID
Customer Order ID - this is the actual Order # that appeared on my invoice
Dealer # - The dealer's identification number
Part # - The actual part number of the JCW Engine Kit I ordered
Beyond this, there is a certificate code which is shown in BASE64 along with a serial number. I'm going to guess that it's somehow related to the actual .DER certificate file, which in turns decrypts the actual BIN file if the VIN (both full form and short form) matches when the Mini is connected to the dealer's ECU programming device.
Guess MINI really wanted to protect the ECU software upgrade very well.
Ohh yeah, one more thing. I'm on an XP SP3 notebook, so when I click on the .DER certificate file, Windows pulls it up as though it was a valid certificates, and displays the following text:
Issues to: zentrale Master Freischaltcodestelle-Produktiv
Issued by: fzg-root-ca
Valid from: 7/30/2007 to 7/30/2012
The full subject DN: CN = zentrale Master Freischaltcodestelle-Produktiv, OU = bmw-fzg-pki, O = pki, DC = bmwgroup, DC = com
It is an RSA 1024Bit Public Key with an enhanced key usage of unknown use.
I just wanted to post this incase there is someone cursious what was on the CD.
....I'm no expert in security so I expect someone to probably come in and complain that I don't know what I'm talking about....which I will fully agree with.
I think that MINI/BMW us protecting their file with "XML encryption". Basically it uses the x.509 certificate (the .der file) as the "key" for the "lock" which is the XML file that will decrypt the contents of the information they want protected - in this case the .bin file that is the ECU data.
It is a pretty elegant and simple solution for securing their data. You can probably "open" the XML file in a web browser but who knows at this point. I suspect that you're right that however they load the ECU code onto the car (I assume via a computer) that the decryption happens when there is a valid check that most likely ties back to your VIN.
Finally - I don't think that it is an issue if the certificate expires. Worst case is they just issue you a new CD with an update certificate on it. By that time I am confident that someone will have reverse-engineered this stuff.
Now i might have missed some important things here and may even be way out in left field but at least it is an interesting dialog....at least to me!
I wonder how much an ECU tune costs the dealer and if it can be purchased as a seperate item, without the entire kit? I've got the new CAI and inlet tube, if I buy the exhaust seperately in a year or so, I wounder if I can get the ECU tune for a nominal amount
__________________
My pal Spike!
2008 MCS / 2002 4Runner / Kona Stinky Primo / Kona Roast
I wonder how much an ECU tune costs the dealer and if it can be purchased as a seperate item, without the entire kit? I've got the new CAI and inlet tube, if I buy the exhaust seperately in a year or so, I wounder if I can get the ECU tune for a nominal amount
I asked the dealer that question, and the parts that make up the JCW Engine Tuning Kit are not available seperately. I even search on WWW.REALOEM.COM and I was unable to locate the part numbers.
However the dealer literature (which I attached to this post) has the following on the 2nd page:
For registration and warranty reasons, only the complete John Cooper Works tuning kit is allowed to be installed. Individual parts of the kit must not be installed.
before the factory tools "called home to Mama", some of the dealers would install a JCW tune onto privetly modded cars just for the labor costs. It was dealer by dealer. now that everything is tied to the mothership, I don't think they'd even have the option to do this.
In the end....its just software. Jan can tune it. Someone, somewhere, if they have enough time and desire can crack this and figure a way to install the JCW tune if they really wanted to. The catch is the "calling home to mama". I am sure that in their VIN DB there is a flag that says "JCW ECU?" and if you come in with that software and its not checked.....
Of course we might be giving them too much credit.....So who knows maybe it will get solved....
of any dealers doing a bit compare to sniff for ECU remaps. It's possible, but not likely. And now that the R56 encription is beat, I wouldn't worry too much. The reflashers tend not to write over the version number of the software and the like (they're just bits in an eeprom), just changing the guts of the code....
What I have heard of the dealers doing is seing that you're not on the latest software and flashing you up to current. This happened A LOT in the first couple of years, and was one of the reasons MTH was so nice.... You'd just download the upgrade, sent it off, get the new maps back and load them into the car.... You'd live with the crappy stock maps for a couple of days and that was it.....
Good to know. It is probably advantageous to be running the "new" code since SO MUCH of the car is run by the ECU these days. Even the windows....I am sure that someone will figure a simple way to get you back to spec with not much wait.
2008 MCSa LiB/W, Premium, Cold, Stripes, Anthracite, Rear Fogs, White Turn, DSC
Laser Blue/White MCS delivered 3/8/07. Off lease 5/17/09.
