Friday, August 21st 2015


MBE ECU DIM Sport Key Decryption
posted @ 4:07 pm in [ Cars -Decryption -Fixing Things -PHP -Technology ]

I’ve recently started investigating into the working of the MBE ECU (Engine Control Unit) that runs the engine and fuel mixture on my TVR Cerbera and as part of the process took my own ECU out of the car to see how it was setup, and what version of the software it was using

On inspection my own ECU seemed rather different than the test unit I had bought from eBay, as the EPROM that contains the program code was piggy-backed off of a daughter board rather than being directly connected to the ECU motherboard

As you can see from the picture below the daughterboard plugs in in-between the ECU and the code EPROM

IMG_1334

IMG_1335

and if we actually take the EPROM and daughterboard out of the ECU you can see that the daughterboard has an ATMEL F16V8BQL electronically programmable logic device in circuit

IMG_1340

IMG_1338

So the ATMEL F16V8BQL basically can be programmed like a small computer to do something with data that comes through it’s inputs, and then send this data back out of it’s outputs

Therefore the next logical question would why would you want to do that when normally the data from the EPROM is sent directly to the ECU for reading?

We’ll it turns out that basically it is a decryption device for taking encoded data stored on the EPROM, decoding it in real time, and then sending this to the ECU as unencoded data to run with

Taking the EPROM out of it’s daughterboard you can see it’s made by “DIM Sport, Electronic per motori” and is labelled as Key 1010A

IMG_1341

On investigation DIM Sport are an Italian engine calibration specialist company who make rolling road tuning systems for cars and other vehicles and Key 1010A is sold as part of their rolling road kit

So let’s try and work out how this works by reading the EPROM on it’s own (encrypted) and with it’s daughterboard installed (unencrypted)

As you can see from the Hex dumps below, the daughterboard is doing some data decryption in between

EncryptionComparison

If you compare the first 16 bytes of the encrypted versus the unencrypted you can see that there is a pattern between the two

Encrypted

04219402 C4C10FC4 9501C4C1 0FC49501

Unencrypted

01249102 C1C40FC1 9504C1C4 0FC19504

Every second value is being changed between the two, but the first value is always exactly the same

Originally I thought this was a pattern based cypher, so basically something like

0, -3, 0, +3, 0, -3, 0

but if you look at it visually you can see it is actually a substitution based cypher as every time on the ASCII display you see an ‘!’ symbol on the encryption version, or the unencrypted version it is a ‘$’, the same for the letter ‘t’ being a q

So that leans to being a substitution cypher, so we basically just need to work out the mapping of which letter to which, and then we can begin to reverse engineer the encryption

Here’s my map I made as I was doing it for reference (and you can see the original pattern test sequence there too) 🙂

IMG_1345

Now lets test our theory and translate the first 8 numbers (the numbers mapped are in brackets, every even number)

04219402 = 0(1)2(4)9(1)0(2)

Perfect! So now we have the sequence let’s write a decryption program to read the original encrypted binary EPROM dump, decode it, and then write out an UNENCODED EPROM dump for us to use in our ECU and no longer require the key

I’ve written it in PHP as that’s currently where I am spending most of my programming time at the moment, and uploaded it to my GIT HUB account here

https://github.com/Judder/DIM-Sport-ECU-Key-1010A-Decrypter

So if you find one of these in your ECU, or you want to backup your own ECU software feel free to use the above, which because I didn’t reverse engineer any hardware, doesn’t normally break any software licensing rules 🙂




Saturday, August 8th 2015


Snap-on Tool Kit – now with wheels
posted @ 9:36 am in [ Cars -Fixing Things ]

As a recent mechanical student I had the opportunity to buy my first Snap-on tool kit, which of course I snapped up the chance of doing.

It’s a fantastic student kit with everything you need for day-to-day car maintenance tasks, however even though it comes with a carry handle it is heavy which means getting it from the house to the car is quite an effort in itself!

So I put my thinking hat on, and as with our recent arcade machine projects in the office, decided that it was time to mobilise the tool kit with it’s own set of wheels

First things first – where to mount them.

Luckily the tool box has 4 holes on the bottom which after measuring them fit nicely with 8mm / M8 allen socket bolts.

SnapOnHoles

So off to our good friends on eBay, KayFast, and order M8 bolts 20mm long and matching M8 flange nuts. I went for the round headed allen socket bolts as they will sit flush either way around

M820mmBolts

M8FlangeNuts

Next we need some wheels, castors in this case, and as we are using our own bolts we want ones without threaded heads, just with a hole to be bolt mounted.

Again eBay is a good source for these and I ordered 4 x 50mm lockable cabinet speaker castors from the great people at Atlas Handling (make sure you order the Bolt Hole ones)

Snap-onCastors

Once they’ve arrived it’s time to match them all up and check they all fit correctly as per the picture below

IMG_1317

Now we need to remove the bottom drawer of the tool kit to access the mounting holes from the inside, but the problem here is that there is a locking latch on the drawer that matches up with a stop on the slider, meaning that you can’t just slide the drawers out.

I had a read around and this guy had suggested using a flat hacksaw blade, but for me the easiest way was to get behind the point where they lock and apply gentle pressure using the small Snap-on screwdriver included with the toolkit on the drawer latch point to allow it slide underneath the slider locking point as per this photo

SnapOnReleaseDrawer

This allows the drawer to slide all the way out as per this photo and then we can start to mount our wheels to the bottom of the cabinet

IMG_1322 (2)

Tighten everything up using an allen key (I put the bolts with the heads on the bottom so that I can tighten them up at a later date if needed) and voila all ready to go!

IMG_1326 (1)




Thursday, July 4th 2013


Magento: calculating Total Paid 1 penny out £0.01
posted @ 6:45 am in [ Fixing Things -Magento ]

We have a strange issue with a Magento / eBay install for a client where occasionally the orders are being stored with the Total Paid for the order showing in Magento as being £0.01 less than the real total paid by the customer.

MagentoeBayIncorrectTotalPaidCalculation

Looking at the order in the Magento database it appears to be an incosistency in the way that the tax for shipping is calculated.

Amount of shipping charged = £3.95

Magento Values:

Base Shipping Amount = £3.29

Base Shipping Tax Amount = £0.65

Total of these = £3.94

What these values should be:

Base Shipping Amount = (£3.95 – 20% tax) = (£3.95 / 1.2) = £3.29166666

Base Shipping Tax Amount = (20% tax of £3.95) = (£3.95 / (1.2 * 5)) = £0.65833333

Total of these = £3.95 (notice the extra £0.01 difference)

So Magento seems to occasionally NOT correctly round-up the Base Shipping Tax Amount as the value should be £0.66 if the full value is £0.658333333

Now to find out why, where and fix it!

Here’s the tables for reference of two sequential orders – the first that is calculated incorrectly then the second that is calculated correctly!:


mysql> select base_shipping_amount, base_shipping_tax_amount, base_shipping_incl_tax from sales_flat_order where entity_id like '%298';
+----------------------+--------------------------+------------------------+
| base_shipping_amount | base_shipping_tax_amount | base_shipping_incl_tax |
+----------------------+--------------------------+------------------------+
| 3.2900 | 0.6500 | 3.9500 |
+----------------------+--------------------------+------------------------+
1 row in set (0.00 sec)

mysql> select base_shipping_amount, base_shipping_tax_amount, base_shipping_incl_tax from sales_flat_order where entity_id like '%299';

+----------------------+--------------------------+------------------------+
| base_shipping_amount | base_shipping_tax_amount | base_shipping_incl_tax |
+----------------------+--------------------------+------------------------+
| 3.2900 | 0.6600 | 3.9500 |
+----------------------+--------------------------+------------------------+
1 row in set (0.00 sec)




Wednesday, October 24th 2012


Decoding $_F=__FILE__;$_X= Encoded PHP Files
posted @ 7:27 am in [ Decryption -Fixing Things -Magento -PHP -Technology -Web Design ]

Some PHP files we get from Extension developers for Magento have Bytecode encoding on them, which means if we want to change the functionality or layout of certain parts of the code, even if we’ve paid for it, we can’t.

Obviously this is rather frustrating, however it is possible to reverse engineer the files as follows to make the changes you need.

1. The three component parts

Each file has 3 main parts to it:


$_F=__FILE__;

$_X='a-string-of-text-and-numbers';

eval(base64_decode('a-string-of-text-and-numbers');

These parts are as follows:


$_F - a holder to do the ereg_replace of the obfuscater code with the unencryption keys

$_X - the encrypted PHP code

eval(base64_decode() - the decryption code for $_X

2. Getting the decryption code

To get the decryption code, we need to change the eval(base64_decode()); code to be an echo instead.

In our case above this would be:

echo(base64_decode(‘a-string-of-text-and-numbers’);

and this gives us the decryption code for the main $_X values;


$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;

If we break this apart into it’s core lines we have:


//decode our main string with base64_decode
$_X=base64_decode($_X);

//replace obfuscater characters in the result with the correct ones
$_X=strtr($_X,'123456aouie','aouie123456');

//replace the contents of $_R with our unencrypted file/PHP code
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);

//run the contents of the unencrypted file/PHP code
eval($_R);

//clear the contents of $_R so you can't access it
$_R=0;

//clear the contents of $_X so you can't access it
$_X=0;

3. Decrypting the encoded code

So now we just need to run the decryption code as far as it replacing the contents of $_R with the un-encrypted result, and echo that out to the screen.

Here’s the code:


//decode our main string with base64_decode
$_X=base64_decode($_X);

//replace obfuscater characters in the result with the correct ones
$_X=strtr($_X,'123456aouie','aouie123456');

//replace the contents of $_R with our unencrypted file/PHP code
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);

//print the contents of the unencrypted file/PHP code
echo($_R);

4. Final code

So we end up with:



And we can now make the changes we need




Monday, November 7th 2011


NGinx not compressing CSS and Javascript
posted @ 8:11 am in [ Fixing Things -Javascript -Magento -PHP -Web Design ]

Another challenge to catch-out the unwary, is that the latest CentOS/RedHat YUM repository version of NGinx, the fantastically fast web server we use for Magento, has some case scenarios where even though it should be compressing CSS and Javascript, it simply doesn’t!

The reason why seems to be that most definitions for what types of files NGinx should compress posted across the forums of the web, include the “text/html” type, such as:

gzip_types text/plain text/html text/css application/json application/x-javascript text/xml application/javascript text/x-js;

Now the problem with this seems to be that NGinx throws a simple warning that it has already got “text/html” defined as it does this by default, however what it then doesn’t tell you is that it IGNORES all the other definitions that come after it in the same line.

So what that means is that if you have the line above in your config file, even though you are defining for example “text/css” as being a file type to compress, NGinx will ignore this as it stops reading the line as soon as it hits the “text/html” double definition.

To fix, remove “text/html” from your line (*and while you are there you might as well just define the types we are using) and it will all work again.

Here’s my line for reference:

gzip_types text/css application/x-javascript;




Thursday, August 11th 2011


Fixing Login problems with EPiServer due to too many incorrect password attempts
posted @ 9:41 am in [ Fixing Things -Technology -Web Design ]

EPiServer let’s you quite happily wrongly login, but then after the default amount of incorrect attempts puts you account into a locked status.

Sensible enough one would think, except that the error message on login, correct or now incorrect, never tells you this and instead just uses the same incorrect username and/or password message as before.

To correct this you need to reset your account status in the EPiServer database, and for reference it’s in the Authentication database in the aspnet_Membership table and stored in the column IsLockedOut.

To fix, simple reset the status of that field to 0 using a similar SQL query to the one below

UPDATE [Authentication].[dbo].[aspnet_Membership] SET [IsLockedOut] = 0 WHERE [LoweredEmail] = ‘myemail@mydomain.com’;




Tuesday, June 21st 2011


Tuning mySQL for Magento
posted @ 10:07 am in [ Apache -Fixing Things -Magento -mySQL -Technology -Web Design ]

Magento loves using lots of mySQL processes, so therefore mySQL needs to finely tuned to achieve this.

We ran some benchmarking tests today using mysqlreport as the benchmarking tool and as you can see from the results below, mySQL caching following some of the tips in the articles below can really make a difference

1. First test

As you can see with basic caching turned on and no massive tuning we get a cache insert to prune rate of 1.31:1 and no real cache hits

query_cache_size = 8M
table_cache = 128
innodb_buffer_pool_size = 8M

__ Query Cache _________________________________________________________
Memory usage 5.89M of 8.00M %Used: 73.58
Block Fragmnt 14.66%
Hits 1.21M 157.7/s
Inserts 389.92k 50.7/s
Insrt:Prune 1.31:1 11.9/s
Hit:Insert

2. Second test with recommendations from mysqltuner.pl and mysqlreport-3.5

Bigger cache better results

query_cache_size = 32M
table_cache = 512
innodb_buffer_pool_size = 256M

__ Query Cache _________________________________________________________
Memory usage 23.79M of 32.00M %Used: 74.33
Block Fragmnt 12.43%
Hits 3.50M 184.3/s
Inserts 681.81k 35.9/s
Insrt:Prune 2.55:1 21.8/s
Hit:Insert 5.13:1

Hit versus Insert of 5.13 to 1 – now that should make the world a much faster place 🙂

References:

http://www.mysqlperformanceblog.com/2007/11/01/innodb-performance-optimization-basics/
http://www.mysqlperformanceblog.com/2007/11/03/choosing-innodb_buffer_pool_size/
http://www.techiecorner.com/45/turn-on-mysql-query-cache-to-speed-up-mysql-query-performance/
http://webcache.googleusercontent.com/search?q=cache:wVQfPOsS3t0J:www.debianhelp.co.uk/mysqlperformance.htm+mysql+optomise&cd=10&hl=en&ct=clnk&gl=uk&client=firefox-a&source=www.google.co.uk




Wednesday, June 15th 2011


Fixing TimThumb for PHP 5.3
posted @ 8:01 am in [ Fixing Things -PHP -WordPress ]

The latest version of PHP 5.3 deprecates the ‘ereg’ function, which generates errors that break programs such as TimThumb, the automatic image thumbnail generator.

To fix this, replace the existing ‘ereg’ expressions with alternative functions as per below:

Replace:

if (ereg(‘http://’, $src) == true) {

With:

if (strpos (strtolower ($src), ‘http://’) !== false || strpos (strtolower ($src), ‘https://’) !== false) {

Replace:

if (ereg($site, $url_info[‘host’]) == true) {

With:

if (strpos (strtolower ($url_info[‘host’]), $site) !== false) {

and you are all good to go :->

References:

http://code.google.com/p/timthumb/
http://devthought.com/2009/06/09/fix-ereg-is-deprecated-errors-in-php-53/




Tuesday, August 24th 2010


WordPress – PHP Fatal error: Call to undefined function get_option() in admin
posted @ 8:51 am in [ Fixing Things -Web Design -WordPress ]

For us, this was a strange problem in FreeBSD where even with a vanilla latest version of WordPress the error still occurred and we got a white screen trying to login to our admin area.

It seems to be caused by FreeBSD incorrectly thinking that the required files have been included as asked for in PHP using a require_once function.

So to fix it we manually added the wp-includes/functions.php file and change the existing require_once for wp-load.php in ‘wp-admin/admin.php’ to be:

[modified wp-admin/admin.php lines 20 and new line 21]

require(dirname(dirname(__FILE__)) . ‘/wp-load.php’);
require(dirname(dirname(__FILE__)) . ‘/wp-includes/functions.php’);

[original for reference line 20]

require_once(dirname(dirname(__FILE__)) . ‘/wp-load.php’);

Problem solved!




Friday, August 20th 2010


Magento Site Performance
posted @ 8:57 am in [ Apache -Fixing Things -Hosting -Magento -Media Temple -PHP -Technology -Web Design ]

Magento the nice Community Version available e-commerce platform that we are using at Skywire for a number of our client builds is incredibly feature rich, but with all of these features comes the trade-off that to get any kind of speed out of the system you either need SERIOUS server hardware, or an awful lot of performance tuning.

To be honest it can run like a real dog if you don’t really work at it!

Well we like to make things work hard at Skywire so went on a journey of discovery on how to make Magento fly, and here’s our understandings to share with everyone else.

1. Server software selection and tuning

Lots of articles out there about this around the web, but you can sum it up in a few points really.

– What webserver (Apache vs. Lighttpd vs. Nginx) and how many threads for that webserver you need. Interestingly, against every article out there, Apache 2 was faster for us that Lighttpd and NginX but I think this was to do with the PHP CGI access the other two were using being slower on our Media Temple server

– Fine tune your mySQL database – we found that the two great scripts mysqlreport and mysqltuner are your friends here

– Get rid of any other processes you don’t need that get in the way (xinetd, spam assassin etc.)

2. Turn on lots of Caching

Magento has caching so turn that on for starts, and then get a minify type plugin (there’s lots of them out there but ) to complement that and join all of your CSS and JS into a single compressed file.

Install a PHP Byte Code caching system to cache any code generated by PHP – we used XCache as it was available via yum but eAccellerator gets good reviews too [although it just hung in our environment].

3. Turn on the Page Compilation feature in Magento!

Yes, I know it’s labelled as Beta, and yes I know it falls over most of the time you run it, but if you run it from the command line, as the same user that owns your web files then it works just great creating a new single directory in /includes/src containing flattened files of all your Magento files with the naming format directory_directory_etc_filename.php

This shaved at least 1 second off of every page load for us (amazing but true) however was a job to install as it ignores any modules installed in /app/code/community.

No worries though, you can work around this by just copying the whole module directory to the /app/code/local directory and rerunning the compiler and then it works great.

4. Load you Magento cache directories into a memory filesystem

Sounds a strange thing to do but you can load your /var/cache/ directory into a memory based ‘tmpfs’ which makes it much faster. Also you can move your sessions to your database instead however this slowed things down for us so we left them as files.

Summary:

So once you’ve done this on a mid-spec Media Temple DV server you can reduce page times from about 10 seconds down to just over a second, which believe me seems fast compared to how clunky Magento can be when running. Have fun!

References:

Magento performance and optimization

http://www.magentocommerce.com/group/view/168/

How do I use the inbuilt magento profiler to see bottlenecks?

http://www.magentocommerce.com/group/blog/action/viewpost/1405/group/168/

Magento Compiler – Improve your performance

http://www.magentocommerce.com/group/blog/action/viewpost/1243/group/168/

9 Methods to Speed Up Magento – A Guide to Making Magento Faster

http://www.blastedthing.com/magento/questions/mag-9-methods-to-speed-up-magento-a-guide-to-making-magento-faster/

Magento performance hosting

http://yoast.com/magento-performance-hosting/

Magento Site Performance Optimization

http://www.yireo.com/tutorials/magento/magento-spo#compress-output-in-general

Performance is Key! – Notes on Magento’s Performance

http://www.magentocommerce.com/blog/comments/performance-is-key-notes-on-magentos-performance/