»   Service


(Back to overview)


Checksum modules

What means "Change RSA key" ?

In the last years in engine control units (ECUs) more and more the RSA algorithm is used. That cause large problems for the tuner, who wants to have a reliable checksum correction system.

In general a simple checksum correction is impossible, because the used algorithm is still secure, see here.

Because the complete RSA calculation is time-consuming and the delay between switching on the ECU and starting the engine should not be too long, the programmers use short cuts. These short cuts reduce the security of the algorithm and made it possible to calculate the EDC16 checksum.

The introduction of the MED/EDC17 ECUs with Tricore processor made more computing power available, so that the precision of the calculation could be increased. Unfortunately we as a producer of checksum correction systems cannot find out, which precision is checked in an ECU.

Therefore we created the switch "Change RSA key".

If this switch is off, the procedure known from the EDC16 is used, which calculates a result that is correct, if the ECU works with less precision. This works fine at some EDC17, but not on all.

If the switch is active, the existing public key is exchanged against an own public key, from which the secret key is known. Then the result can be calculated with full precision. This public key is not located in the data area, but in the operating system of the ECU, so that this memory area must also be programmed. However the program in the ECU prevents that, so this cannot be done via OBD2 programming.

If the programming is done via Bootmode, the ECU has no control over that procedure, so that it is mostly possible.

Unfortunately the Tricore processor has the possibility to make some memory areas one time programmable so that no update is possible. In these cases the ECU is secure for the actual state of knowledge and no tuning is possible.