EST Software Token

As any other software architect/developer, I always crave for new version of a software. I'm excited to learn of its new feature, and E-Sys is no exception. Only caveat, I needed a new PSdZ and a new software token. I learned that somebody was selling a token for some amount and I thought it was exorbitant compared to what it can do. It's relatively cheap, don't get me wrong, but I wasn't ready to pay for something that cost that much and does very little. So, I looked into it and there are probably a hundred ways I could have done it but I settled on one method, which I think would be the best and would give me the greatest flexibility. The result? An EST Software token that doesn't require modifying any of the stock files. A Software token that can be used without modification across several versions. One file, that isn't version-specific.

So, I went and ventured. By mid of August, I was ready with my file. I tested it with my own car. I wasn't worried because I know, the token is only necessary in allowing FDL coding. The token have nothing to do with the actual programming. And I made sure to not change anything I didn't have too. I love my car and which is why it's hard for me to trust somebody else's work. I can never trust something without me fully understanding what it actually does, or what has been done with it and what it's weaknesses are, if any.

The day I was about to release my token, I came across a posting at Bimmerfest that claims to be selling a token for a cheaper price. It was a guy from Korea. I was lucky enough to be able to check it out and downloaded the file. One look at it and I knew I was never going to use it. It is patched, and the certificate was custom generated using his own CA. This was one of the method I thought about and had I been too lazy, would have implemented the same. The method that was used entailed modifying the Crypto module that will render signature and hashing matching unnecessary. I knew it will work but I crossed this method out early on. With it, it's possible to modify a CAFD, distribute it and before you know it, we'd end up with lots of dead car. Why? Because somebody will exploit this and I guarantee, distribute it maliciously with the intent of spreading harm. Color me paranoid, but I worked in the security industry for too long to trust a seemingly innocent file. BMW thought a great deal on securing their files and I wasn't willing to start ignoring the benefit of a signed and secured document.

Back to the software token. While I'm confident that my token works, I was also late in the game and I needed a leverage. I asked for testers and I chose the testers carefully. I made sure they all belong to different continents to cover as much timezones available, and I was lucky to achieve this goal. All testers were great and some actually did more than I expected and I really appreciated that.

So anyway, it was a huge success for me -and for the coding community -although a lot of people will never realize this.

Oh, and that other guy who also sell tokens? That's not the end of it. I'll get back to him in another post.