apps-inoeg VS UnsignedFlash

Compare apps-inoeg vs UnsignedFlash and see what are their differences.

apps-inoeg

Kiebitz Web Applications (for users, providers and mediators). Still a work-in-progress, use with care! (by impfen)
Suggest topics

DISCONTINUED

Suggest alternative
Edit details

UnsignedFlash

Firmware signature bypass on the IC204 (by jglim)
Suggest topics

DISCONTINUED

Suggest alternative
Edit details
SurveyJS
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
Our great sponsors
apps-inoeg UnsignedFlash
1 3
0 8
- -
7.7 4.2
over 1 year ago over 2 years ago
Svelte
GNU Affero General Public License v3.0 -
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

apps-inoeg

Posts with mentions or reviews of apps-inoeg. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-08-13.
  • Hyundai car software update private keys came from easily Googleable sample code
    7 projects | news.ycombinator.com | 13 Aug 2022
    That's why I try to never put any testing or development keys in repositories. From those keys sitting there it just takes one act of negligence for the keys to make it into a production environment.

    It's really frustrating that most people don't care about this at all. Even people forking my own projects would not listen when I told them to please just generate the keys dynamically (for which I included all necessary functionality in the software itself, easily accessible in CI and from the CLI via a simple make command), and instead just put dev keys smack in the repository [1]. And mind you those were some really "security minded" people from the CCC.

    1: https://github.com/impfen/apps-inoeg/blob/main/tests/fixture...

UnsignedFlash

Posts with mentions or reviews of UnsignedFlash. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-08-29.
  • ECU resources
    8 projects | /r/CarHacking | 29 Aug 2022
    JG Lim's Mercedes instrument cluster exploit: https://github.com/jglim/UnsignedFlash . A good example of a common issue in modern control units.
  • Hyundai car software update private keys came from easily Googleable sample code
    7 projects | news.ycombinator.com | 13 Aug 2022
    That's pretty cool! I wonder how properly they were really signed - there are _so many_ mistakes even in systems that at least don't use an example key off the Internet.

    The most common ones I know of are:

    * Out-of-bounds write issues allowing "signature was validated" flags to be overwritten in Flash memory, like https://github.com/jglim/UnsignedFlash

    * State machine mistakes, like https://github.com/bri3d/VW_Flash/blob/master/docs/docs.md - allowing Flash to be written again after it was already written, without an erase first.

    * Filesystem parsing mistakes, like those in a number of VW AG head units: https://github.com/jilleb/mib2-toolbox/issues/122

    * The use of RSA with E=3 and inadequate padding validation, like https://words.filippo.io/bleichenbacher-06-signature-forgery... .

    * Failure to understand the system boundaries, like in the second part of https://github.com/bri3d/simos18_sboot where "secret" data can be recovered by halting the system during a checksum process.

    * Hardware fault injection issues, as used in https://fahrplan.events.ccc.de/congress/2015/Fahrplan/system... .

    Fundamentally this is of course, a very hard problem, since in the "protect against firmware modification" case, the attacker has physical access. But, compared to the state of the art in mobile devices and game consoles, automotive stuff is still way behind.

  • Hacking a VW Golf Power Steering ECU
    4 projects | /r/ReverseEngineering | 4 Jan 2022
    My writeups and JG Lim's cover three of the common mistakes in modern modules (supplier backdoor bugs in Simos supplier bootloader, state machine issues in Simos VW bootloader, and block buffer validity confusion / bounds check issues in Mercedes instrument cluster).

What are some alternatives?

When comparing apps-inoeg and UnsignedFlash you can also consider the following projects:

mib2-toolbox - The ultimate MIB2-HIGH toolbox.

Simos18_SBOOT - Documentation and tools about Simos18 SBOOT (Supplier Bootloader), including a Seed/Key bypass and Tricore boot password recovery tool.

VW_Flash - Flashing tools for VW AG control units over UDS. Compression, encryption, RSA bypass, and checksums are supported for Simos18.1/6/10, DQ250-MQB, DQ381-MQB, and Haldex4Motion-Gen5-MQB.

ME7Sum - Checksum/CRC checker/corrector for Motronic ME7.1 firmware images. Download binaries here:

LinkLiar - :link: Link-Layer MAC spoofing GUI for macOS

sa2_seed_key - VW SA2 Seed/Key Authentication for Programming Sessions

hn-search - Hacker News Search

OpenJ2534 - Open (and Closed) Source J2534 Resources for Automotive Diagnostics, Reprogramming & Tuning

NefMotoOpenSource - Open source collaborative projects driven by the NefMoto.com community

ME7RomTool_Ferrari - Bosch ME7.3H4 RomTool for Ferrari 360's

apps-inoeg vs mib2-toolbox UnsignedFlash vs mib2-toolbox apps-inoeg vs Simos18_SBOOT UnsignedFlash vs Simos18_SBOOT apps-inoeg vs VW_Flash UnsignedFlash vs ME7Sum apps-inoeg vs LinkLiar UnsignedFlash vs sa2_seed_key apps-inoeg vs hn-search UnsignedFlash vs OpenJ2534 UnsignedFlash vs NefMotoOpenSource UnsignedFlash vs ME7RomTool_Ferrari