by passik » Sun Jan 12, 2014 10:46 am
Hello! I from Russia, so sorry for my english =) I have an idea of how to extract ROM from .PAK, but it needs some debugging skills for testing, that i don't have...
We need some stock ROMs downloaded from dealer-updated cars ECUs as etalon for comparing. Then we need to execute SSM software from ollydbg, choose flashing device(i think we should try old SSM way that have "Remote" button there), choose .pak file that should have the same CID as one of our etalon ROMs. I think, sooner or later after we enter "Decryption keyword", the .PAK file will be decrypted in RAM. So we need to search in RAM for sequence exactly matching our etalon ROM. If we find decrypted file in RAM, we will know address, where any other ROM will be after decryption. It will be enough for me, but maybe someone can even extract decryption algorithm from there... Please, somebody try this! I don't know asm at sufficient level...