Friday, August 21st 2015

MBE ECU DIM Sport Key Decryption
posted @ 4:07 pm in [ Cars -Decryption -Fixing Things -PHP -Technology ]

I’ve recently started investigating into the working of the MBE ECU (Engine Control Unit) that runs the engine and fuel mixture on my TVR Cerbera and as part of the process took my own ECU out of the car to see how it was setup, and what version of the software it was using

On inspection my own ECU seemed rather different than the test unit I had bought from eBay, as the EPROM that contains the program code was piggy-backed off of a daughter board rather than being directly connected to the ECU motherboard

As you can see from the picture below the daughterboard plugs in in-between the ECU and the code EPROM



and if we actually take the EPROM and daughterboard out of the ECU you can see that the daughterboard has an ATMEL F16V8BQL electronically programmable logic device in circuit



So the ATMEL F16V8BQL basically can be programmed like a small computer to do something with data that comes through it’s inputs, and then send this data back out of it’s outputs

Therefore the next logical question would why would you want to do that when normally the data from the EPROM is sent directly to the ECU for reading?

We’ll it turns out that basically it is a decryption device for taking encoded data stored on the EPROM, decoding it in real time, and then sending this to the ECU as unencoded data to run with

Taking the EPROM out of it’s daughterboard you can see it’s made by “DIM Sport, Electronic per motori” and is labelled as Key 1010A


On investigation DIM Sport are an Italian engine calibration specialist company who make rolling road tuning systems for cars and other vehicles and Key 1010A is sold as part of their rolling road kit

So let’s try and work out how this works by reading the EPROM on it’s own (encrypted) and with it’s daughterboard installed (unencrypted)

As you can see from the Hex dumps below, the daughterboard is doing some data decryption in between


If you compare the first 16 bytes of the encrypted versus the unencrypted you can see that there is a pattern between the two


04219402 C4C10FC4 9501C4C1 0FC49501


01249102 C1C40FC1 9504C1C4 0FC19504

Every second value is being changed between the two, but the first value is always exactly the same

Originally I thought this was a pattern based cypher, so basically something like

0, -3, 0, +3, 0, -3, 0

but if you look at it visually you can see it is actually a substitution based cypher as every time on the ASCII display you see an ‘!’ symbol on the encryption version, or the unencrypted version it is a ‘$’, the same for the letter ‘t’ being a q

So that leans to being a substitution cypher, so we basically just need to work out the mapping of which letter to which, and then we can begin to reverse engineer the encryption

Here’s my map I made as I was doing it for reference (and you can see the original pattern test sequence there too) ๐Ÿ™‚


Now lets test our theory and translate the first 8 numbers (the numbers mapped are in brackets, every even number)

04219402 = 0(1)2(4)9(1)0(2)

Perfect! So now we have the sequence let’s write a decryption program to read the original encrypted binary EPROM dump, decode it, and then write out an UNENCODED EPROM dump for us to use in our ECU and no longer require the key

I’ve written it in PHP as that’s currently where I am spending most of my programming time at the moment, and uploaded it to my GIT HUB account here

So if you find one of these in your ECU, or you want to backup your own ECU software feel free to use the above, which because I didn’t reverse engineer any hardware, doesn’t normally break any software licensing rules ๐Ÿ™‚

Wednesday, December 5th 2012

Magento: Show out of stock configurable product options and notifications
posted @ 11:13 am in [ Magento -Technology -Web Design ]

Configurable products in Magento are difficult to handle, as they consist of multiple “Simple” products that have their own stock levels, prices etc.

These notes talk through how to add “Out of Stock” options to each of these on the Magento product page, and some extensions to provide Out of Stock Notifications when they are:

Programming: Show out of stock configurable options

Programming: How to show out of stock configurable options with Magento

Extension: Aheadworks – Product Updates Notifications ($89)

Extension: Amasty – Out of Stock Notifications ($79)

Extension: Apptha – Out of Stock Notification ($79)

Wednesday, October 24th 2012

Decoding $_F=__FILE__;$_X= Encoded PHP Files
posted @ 7:27 am in [ Decryption -Fixing Things -Magento -PHP -Technology -Web Design ]

Some PHP files we get from Extension developers for Magento have Bytecode encoding on them, which means if we want to change the functionality or layout of certain parts of the code, even if we’ve paid for it, we can’t.

Obviously this is rather frustrating, however it is possible to reverse engineer the files as follows to make the changes you need.

1. The three component parts

Each file has 3 main parts to it:




These parts are as follows:

$_F - a holder to do the ereg_replace of the obfuscater code with the unencryption keys

$_X - the encrypted PHP code

eval(base64_decode() - the decryption code for $_X

2. Getting the decryption code

To get the decryption code, we need to change the eval(base64_decode()); code to be an echo instead.

In our case above this would be:


and this gives us the decryption code for the main $_X values;


If we break this apart into it’s core lines we have:

//decode our main string with base64_decode

//replace obfuscater characters in the result with the correct ones

//replace the contents of $_R with our unencrypted file/PHP code

//run the contents of the unencrypted file/PHP code

//clear the contents of $_R so you can't access it

//clear the contents of $_X so you can't access it

3. Decrypting the encoded code

So now we just need to run the decryption code as far as it replacing the contents of $_R with the un-encrypted result, and echo that out to the screen.

Here’s the code:

//decode our main string with base64_decode

//replace obfuscater characters in the result with the correct ones

//replace the contents of $_R with our unencrypted file/PHP code

//print the contents of the unencrypted file/PHP code

4. Final code

So we end up with:

And we can now make the changes we need

Monday, July 16th 2012

Magento: Extend/Rewrite Block
posted @ 7:11 am in [ Magento -Technology -Web Design ]

To extend/rewrite an existing Block, you need to create your new extension, and your extended block and then rewrite the current block using your config.xml file.

1. Create your new extension

1.1 Folder for your blocks


1.2 Folder for your configuration file


2. Extend the block you want to extend/rewrite

2.1 Extended block


* Detailed Product Reviews
* @category Zuneta
* @package Zuneta_Review
* @author Alex Judd
class Zuneta_Review_Block_Product_View_List extends Mage_Review_Block_Product_View_List
public function getReviewUrlSection($id, $section)
return Mage::getUrl($section . '/*/view', array('id' => $id));


Here we have extended the core block, namely /app/code/core/Mage/Review/Block/Product/View/List.php with our own local version to add a new function allowing us to specify which section we would like to refer to when you view a review.

3. Extend/Rewrite the current block using our XML config.xml file

3.1 /app/code/local/Zuneta/Rewrite/etc/config.xml




The trick here is to specify within the ‘global’ section that we want to talk to the ‘blocks’ section.

Then when in the ‘blocks’ section we want the ‘review’ block to be the one begin rewritten, and as our code is 3 levels deep, we want to rewrite the ‘product_view_list’ block as that relates to /app/code/core/Mage/Review/Block/Product/View/List.php

Then we simply specify the whole structure of our block in the rewrite contents

4. Enabling our block

4.1 /app/etc/modules/Zuneta_Review.xml

We need a /app/etc/modules/Zuneta_Review.xml file in order to enable our module


5. Done!

We should now be good to go and our new function can be called, for example in my case I am modifying the product template


to specify that I want to use the ‘review’ rewrite for all my detailed review links

htmlEscape($_review->getTitle()) ?> __('Review by %s', $this->htmlEscape($_review->getNickname())) ?>

Wednesday, May 2nd 2012

Extending core events in concrete5
posted @ 7:09 am in [ concrete5 -PHP -Technology -Web Design ]

We’re building all of our content based sites on concrete5 as it fits in with our LAMP architecture and Zend Framework architecture which we implement a lot with our Magento eCommerce websites.

The platform is ready to go out of the box, but it’s a bit hard to find how to do what you want sometimes so here’s how to extend the core events (add user, login etc.) with your own code

1. Extending the core events

Events are extended using the /config/site_events.php file and contain the event you want to extend, along with the class and method you want to call when this happens, and finally the model that contains that information

Here’s my example extending the user add event, and calling my own class ‘ApplicationUser’ and the method (function) ‘setupUserJoinInfo’

Obviously you only need the PHP tags the first time you create the file and you can overwrite many events in the same file.

2. Create your class

New file outside of the core, so we’re going to create /models/application_user.php and add in our basic class definition

3. Create our method

So in my case I'm going to hook into my method 'setupUserJoinInfo' pass it the new user object (as we know this is being triggered by the 'on_user_add' event)

class ApplicationUser extends Object {

* @param User $uI
public static function setupUserJoinInfo($ui) {
/* Your own code goes here */

4. Make it do something

In my case I wanted to email the user a one time hash password when their account was registered so I used the User object and the Mail object with a template in the '/mail/' folder called 'account_creation.php' (you can borrow the hash generation code from the core user.php file/class)

It's not that scary once you get your files installed and the Helpers for Mail and Users make it pretty flexible. Good luck!



1. System events

2. Helpers -> Mail

3. Permissions -> Users

Thursday, August 11th 2011

Fixing Login problems with EPiServer due to too many incorrect password attempts
posted @ 9:41 am in [ Fixing Things -Technology -Web Design ]

EPiServer let’s you quite happily wrongly login, but then after the default amount of incorrect attempts puts you account into a locked status.

Sensible enough one would think, except that the error message on login, correct or now incorrect, never tells you this and instead just uses the same incorrect username and/or password message as before.

To correct this you need to reset your account status in the EPiServer database, and for reference it’s in the Authentication database in the aspnet_Membership table and stored in the column IsLockedOut.

To fix, simple reset the status of that field to 0 using a similar SQL query to the one below

UPDATE [Authentication].[dbo].[aspnet_Membership] SET [IsLockedOut] = 0 WHERE [LoweredEmail] = ‘[email protected]’;

Tuesday, June 21st 2011

Tuning mySQL for Magento
posted @ 10:07 am in [ Apache -Fixing Things -Magento -mySQL -Technology -Web Design ]

Magento loves using lots of mySQL processes, so therefore mySQL needs to finely tuned to achieve this.

We ran some benchmarking tests today using mysqlreport as the benchmarking tool and as you can see from the results below, mySQL caching following some of the tips in the articles below can really make a difference

1. First test

As you can see with basic caching turned on and no massive tuning we get a cache insert to prune rate of 1.31:1 and no real cache hits

query_cache_size = 8M
table_cache = 128
innodb_buffer_pool_size = 8M

__ Query Cache _________________________________________________________
Memory usage 5.89M of 8.00M %Used: 73.58
Block Fragmnt 14.66%
Hits 1.21M 157.7/s
Inserts 389.92k 50.7/s
Insrt:Prune 1.31:1 11.9/s

2. Second test with recommendations from and mysqlreport-3.5

Bigger cache better results

query_cache_size = 32M
table_cache = 512
innodb_buffer_pool_size = 256M

__ Query Cache _________________________________________________________
Memory usage 23.79M of 32.00M %Used: 74.33
Block Fragmnt 12.43%
Hits 3.50M 184.3/s
Inserts 681.81k 35.9/s
Insrt:Prune 2.55:1 21.8/s
Hit:Insert 5.13:1

Hit versus Insert of 5.13 to 1 – now that should make the world a much faster place ๐Ÿ™‚


Wednesday, June 15th 2011

7 Magento projects to watch on GitHub
posted @ 10:28 am in [ Magento -Technology -Web Design ]

Inspired by the great presentations at the Magento Developers Paradise 2011 I’ve been following some of the code created there on GitHub and some of the presenters own projects and here’s 7 great Magento projects you should be following on GitHub:

Magento GitHub Sites

1. 2Boys1Shop / Twoboysoneshop_Configr

Multi-shop configurator shown at MDP 2011

2. alistairstead / MageTool

Tool to quickly create now Mage extension frameworks

3. dankocherga / MTool

Auto creates files for new Magento module

4. jirafe / magento-plugin

Magento plugin for Jirafe stats

5. firegento / firegento-dynamiccategory

Dynamic category

6. More Vanish options

7. Firegento

FireGento extension with core functionality for debugging Magento

Thursday, March 24th 2011

Vanessa G Fashion Show Launch
posted @ 4:32 am in [ Technology -Web Design ]

Our client, Vanessa G, launched their first collection last night with a fantastic show at The Banqueting Hall, a former palace of James 1st no less!

We recorded the video live and you can see the fantastic clothes and event below

Friday, August 20th 2010

Magento Site Performance
posted @ 8:57 am in [ Apache -Fixing Things -Hosting -Magento -Media Temple -PHP -Technology -Web Design ]

Magento the nice Community Version available e-commerce platform that we are using at Skywire for a number of our client builds is incredibly feature rich, but with all of these features comes the trade-off that to get any kind of speed out of the system you either need SERIOUS server hardware, or an awful lot of performance tuning.

To be honest it can run like a real dog if you don’t really work at it!

Well we like to make things work hard at Skywire so went on a journey of discovery on how to make Magento fly, and here’s our understandings to share with everyone else.

1. Server software selection and tuning

Lots of articles out there about this around the web, but you can sum it up in a few points really.

– What webserver (Apache vs. Lighttpd vs. Nginx) and how many threads for that webserver you need. Interestingly, against every article out there, Apache 2 was faster for us that Lighttpd and NginX but I think this was to do with the PHP CGI access the other two were using being slower on our Media Temple server

– Fine tune your mySQL database – we found that the two great scripts mysqlreport and mysqltuner are your friends here

– Get rid of any other processes you don’t need that get in the way (xinetd, spam assassin etc.)

2. Turn on lots of Caching

Magento has caching so turn that on for starts, and then get a minify type plugin (there’s lots of them out there but ) to complement that and join all of your CSS and JS into a single compressed file.

Install a PHP Byte Code caching system to cache any code generated by PHP – we used XCache as it was available via yum but eAccellerator gets good reviews too [although it just hung in our environment].

3. Turn on the Page Compilation feature in Magento!

Yes, I know it’s labelled as Beta, and yes I know it falls over most of the time you run it, but if you run it from the command line, as the same user that owns your web files then it works just great creating a new single directory in /includes/src containing flattened files of all your Magento files with the naming format directory_directory_etc_filename.php

This shaved at least 1 second off of every page load for us (amazing but true) however was a job to install as it ignores any modules installed in /app/code/community.

No worries though, you can work around this by just copying the whole module directory to the /app/code/local directory and rerunning the compiler and then it works great.

4. Load you Magento cache directories into a memory filesystem

Sounds a strange thing to do but you can load your /var/cache/ directory into a memory based ‘tmpfs’ which makes it much faster. Also you can move your sessions to your database instead however this slowed things down for us so we left them as files.


So once you’ve done this on a mid-spec Media Temple DV server you can reduce page times from about 10 seconds down to just over a second, which believe me seems fast compared to how clunky Magento can be when running. Have fun!


Magento performance and optimization

How do I use the inbuilt magento profiler to see bottlenecks?

Magento Compiler – Improve your performance

9 Methods to Speed Up Magento โ€“ A Guide to Making Magento Faster

Magento performance hosting

Magento Site Performance Optimization

Performance is Key! – Notes on Magentoโ€™s Performance