BMW ICOM NEXT | BMW NBT EVO FSC Codes | BMW NBT & CIC FSC Codes | BMW Rheingold , ISTA/P, KSD, ETK remote installation | BMW STANDARD TOOLS remote installation | BMW ESYS remote installation
Go Back   BMW forum. Diagnostics, coding, programming, repair BMW vehicles. > BMWelcome > BMW coding and programming

Like Tree2Likes
Reply
 
LinkBack Thread Tools Display Modes
  #1  
Old 10-26-2013, 06:25 PM
Junior Member
 
Join Date: Jul 2011
Location: -
Car: -
Posts: 17
Thanks: 0
Thanked 42 Times in 7 Posts
Default DIY E-Sys soft token generation instructions

Thanks to the wonderful people who wrote E-Sys in Java, included debug info, and provided detailed error messages, it is actually quite trivial to reverse EST token generation procedure. Here it is (some skills are required).

The guide below will generate a soft token for newer E-Sys (3.22+)

You need openssl and a base64 encoder. The EST token is just a PKCS#12 certificate with certain parameters in DN (UID and role)

1. create a template for your EST token:
Code:
<?xml version="1.0" encoding="UTF-8" ?>
<root>
<Name>Angry Coder</Name>
<Role>EXPERT</Role>
<EST NotValidBefore="YYYY-MM-DD" NotValidAfter="YYYY-MM-DD">
</EST>
</root>
create config file for openssl as follows. Save it as ossl.conf
Code:
[ req ]
distinguished_name        = req_dn

[ req_dn ]
countryName                 = Country Code
countryName_default      = US
organizationName           = Organization Name
organizationName_default= My Garage
0.UID                           = User ID
0.UID_default                = Angry Coder
1.UID                           = User Role
1.UID_default                = EXPERT
2. Generate private key (unix/linux syntax from here below)
Code:
openssl genrsa -out pvt.key 2048
3. generate certificate request. User name and role must match values in the xml template. Also, beware that tag names in the XML are case-sensitive.
Code:
openssl req -new -key pvt.key -out req.csr -config ./ossl.conf
4. generate self-signed certificate (3650 is how long you want EST token to be valid. 3650 days is approximately 10 years, this should be enough)
Code:
openssl x509 -req -days 3650 -in req.csr -signkey pvt.key -out cert.crt
5. check your certificate, find NotValidBefore/NotValidAfter dates in the dump and copy them to the template in YYYY-MM-DD format
Code:
 
openssl x509 -in cert.crt -text
6. export pkcs12 certificate, provide PIN when it asks for a password (this will be your EST pin)
Code:
openssl pkcs12 -export -in cert.crt -inkey pvt.key -out cert.p12
7. base64-encode the certificate and place it in the <EST> tag in the template.
Code:
base64 < cert.p12
Your EST token is now ready.

Last edited by AngryDad; 10-26-2013 at 07:44 PM.


Reply With Quote
The Following 23 Users Say Thank You to AngryDad For This Useful Post:
argos (10-28-2013), BMW 7 (04-10-2014), bmw-gamer (12-22-2013), bmwbmw (10-27-2013), boccaccio (01-27-2014), dirtyF30 (08-29-2014), docnuas (10-28-2013), franzli (01-24-2014), gmprof (02-10-2014), justa3series (10-27-2013), kazaam99 (04-18-2014), kisslorand (10-27-2013), M346ZCP (03-24-2014), miguex (12-05-2013), nae257092 (10-28-2013), newbienear (01-15-2014), ninjalp (05-22-2014), nth_79 (01-22-2014), shawnsheridan (10-27-2013), shintake (08-23-2014), slaw1971 (10-26-2013), VroomVroom (12-26-2013), zimmy76 (08-24-2014)
  #2  
Old 10-27-2013, 03:26 PM
Member
 
Join Date: Dec 2011
Location: Houston, TX
Car: 2011 535i M-Sport
Posts: 87
Thanks: 4
Thanked 21 Times in 16 Posts
Default

Great stuff! Thanks for sharing.

Any words of wisdom on how to patch the two .jar files to accept this non-OEM token?
Reply With Quote
  #3  
Old 10-28-2013, 12:18 AM
Junior Member
 
Join Date: Jul 2011
Location: -
Car: -
Posts: 17
Thanks: 0
Thanked 42 Times in 7 Posts
Default

I have not reached that phase yet... Soldering the cable... Considering that java classes are not obfuscated or protected in any way, it should not be difficult to patch them.
Reply With Quote
  #4  
Old 10-28-2013, 04:53 AM
Junior Member
 
Join Date: Jul 2011
Location: -
Car: -
Posts: 17
Thanks: 0
Thanked 42 Times in 7 Posts
Default

Quote:
Any words of wisdom on how to patch the two .jar files to accept this non-OEM token?
Apparently, I am doing something wrong, because the tokens I generate are accepted with no questions (E-Sys 3.23.4). Here, somebody try it (PIN=1234).
Attached Files
File Type: zip SampeToken.zip (2.7 KB, 127 views)
mojojojosh likes this.
Reply With Quote
The Following 7 Users Say Thank You to AngryDad For This Useful Post:
binsheng (06-17-2014), BMW 7 (04-15-2014), emrah_06 (11-05-2015), hamdam (12-27-2013), mojojojosh (03-17-2017), rauan (12-18-2013), shintake (08-23-2014)
  #5  
Old 10-28-2013, 05:00 AM
Member
 
Join Date: Dec 2011
Location: new york
Car: bmw
Posts: 98
Thanks: 3
Thanked 9 Times in 6 Posts
Default

Did you try to code anything on the car yet?

@shawnsheridan

Can you test?
Reply With Quote
  #6  
Old 10-28-2013, 05:15 AM
Member
 
Join Date: Dec 2011
Location: Houston, TX
Car: 2011 535i M-Sport
Posts: 87
Thanks: 4
Thanked 21 Times in 16 Posts
Default

Quote:
Originally Posted by AngryDad View Post
Apparently, I am doing something wrong, because the tokens I generate are accepted with no questions (E-Sys 3.23.4). Here, somebody try it (PIN=1234).
You need to check it using PSdZData and a car.

PSdZData <= 48.3 don't need patch, and >= 48.3 needs patch.
Reply With Quote
The Following User Says Thank You to shawnsheridan For This Useful Post:
rauan (12-18-2013)
  #7  
Old 10-28-2013, 05:35 AM
Member
 
Join Date: Dec 2011
Location: new york
Car: bmw
Posts: 98
Thanks: 3
Thanked 9 Times in 6 Posts
Default

Can you try to code something @ShawnSheridan on your car using his token method?
What do you mean don't need patch? you mean for certain version?
Reply With Quote
  #8  
Old 10-28-2013, 05:41 AM
Member
 
Join Date: Dec 2011
Location: Houston, TX
Car: 2011 535i M-Sport
Posts: 87
Thanks: 4
Thanked 21 Times in 16 Posts
Default

Quote:
Originally Posted by justa3series View Post
Can you try to code something @ShawnSheridan on your car using his token method?
What do you mean don't need patch? you mean for certain version?
Not any time soon. My F10 was flatbedded to the dealership yesterday.

The patched .jar files came later after BMW made changes in the PSdZData, beginning with 48.2 PSdZData for F20, and then the rest of the chassis' in 48.3 48.3 PSdZData. Prior to that, the patch wasn't needed.
Reply With Quote
  #9  
Old 10-31-2013, 10:57 AM
Junior Member
 
Join Date: Oct 2013
Location: Portugal
Car: BMW
Posts: 2
Thanks: 2
Thanked 0 Times in 0 Posts
Default

So far I've managed to patch est-cm-01.03.02 so that it can accept the certificate used to generate the token, but I'm having a hard time finding where this fingerprint is...

anyone else working on this?

Code:
com.bmw.esys.domain.psdz.PsdzException: Failed to create FDL object (SGBMID "cafd_00000ded-002_002_008"). [C326]
	
Caused by: Certificate for Fingerprint F591B6E1C47D5FE5BA899D556B2C9F8FAE2F1B67 not found!
Timestamp: Thu Oct 31 09:47:04 GMT 2013
SessionId: default
ErrorCategory: SYSTEM_ERROR ID: 1462
Class: com.bmw.psdz.security.impl.LicenseValidator
ExecutionContext={category=DATA, ecuid=(UNKNOWN,?)}
Reply With Quote
  #10  
Old 11-01-2013, 11:27 AM
Member
 
Join Date: Dec 2011
Location: new york
Car: bmw
Posts: 98
Thanks: 3
Thanked 9 Times in 6 Posts
Default

You tried coding with the generated token without patching and that's error you get?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Pa-Soft ebay ? Tampa 528i BMW Scanner (PASoft) 6 10-26-2014 09:08 PM
PA Soft question nhat179 BMW Scanner (PASoft) 6 03-27-2013 11:27 PM
e-sys token for development eften BMW coding and programming 0 11-14-2012 05:15 AM
PA Soft 1.36 oldmaddog BMW Scanner (PASoft) 1 10-10-2012 04:03 PM
P.A.Soft 1.3.6 ABS Clear? bobbi BMW Scanner (PASoft) 6 09-21-2011 05:40 AM


All times are GMT. The time now is 10:42 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.1
BMW forum: diagnostics, coding, programming.