Sorry, but you can't do anything with german cars (BMW, Audi and Mercedes) - everything is end-to-end encrypted. This is not the case for almost all other vendors that usually use unencrypted CAN bus.
This is simply not true. Here's a recent set of fixes - now because they don't have over the air updates or free ones, how many people will ever get their cars updated: "Researchers said they were able to combine the 14 flaws to escalate their access to the car's inner CAN bus".
My bad, i thought that BMW is almost the same as Mercedes, it turns that it is not. Mercedes doesn't have such flaws by design - there are no writable connections from media and can bus to steering, engine, gearbox etc. And everything is encrypted there (unlike CAN). I expected that BMW is same as Mercedes (since they use same flexray chips), but it seems that BMW screwed up their setup.
Surprisingly little on VW AG CANbus is encrypted, I'm not sure where you're getting this idea. I haven't worked with BMW and Mercedes since around 2010 but I doubt they're much different.
I have written my own ECU flashing tool for Simos18 as well as a message injection system for the VW/Audi MQB platform (similar to the commercially available PolarFIS product). Really the only protection at all is that ECU flash files are encrypted in transit (on dealer DVDs) and over the wire, but with a fixed AES key and IV which is present in plaintext on the flash once the file is written. The CAN gateway messages are generally not encrypted, both over the infotainment CANbus and the powertrain CANbus.
Almost all cars are nearly completely insecure once you have interior physical access - which, IMO, is mostly OK as long as the bus wiring is in a reasonable location inaccessible to someone like a taxi passenger.
What is more interesting is the prevalence of head units with wireless or remote access - over 3G, Bluetooth, and WiFi. Compromising these hosts (and then finding a pivot or escalation between the infotainment bus and the powertrain bus via the gateway) is an interesting attack vector.
I tried to hack my Mercedes, but CAN bus is really useless as it doesn't have anything usable and everything is encrypted over FlexRay and there are not easy way to hack essential parts of the car (unlike CAN bus in say Ford).
May be i was wrong, but there are nothing on the CAN bus in latest generations of Mercedes.
I didn't know that FlexRay had made such inroads and I do apologize - I balked at your mention of Audi because I have personal experience there but it turns out I was just familiar with the one German place FlexRay hasn't reached yet!
It does seem like most commodity FlexRay systems are still hackable although it's certainly harder than CAN where you can just attach a node and start spewing garbage from whichever address you'd like: https://brage.bibsys.no/xmlui/bitstream/handle/11250/2453093... (I'd expect all modern BMWs to be similar or identical to this MINI for cost reasons, although as evidenced I may be surprised!).
I still haven't found a robust use of end to end encryption anywhere in an automotive application - even the "most protected" routines like ECU flashing seem to be protected by weak XOR/known-secret seed/key security in tandem with symmetric cryptography using fixed key material.
I tried to find anything how to decrypt FlexRay paper your provided, but found only very limited observable information.
Looks like it is AES-CBC with static IV, not very good, but not that bad. Still very very far from hackable. Even if you will be able to guess AES key (somehow) there are no way to hack asymmetric keys. Sure you can leak them during delivery of firmware, but i really feel that this is not the case for Mercedes. Also that's how they make money (and provide security) - lock down access to everything.
