|
Title: ecu that will not erase/reflash. Post by: k0mpresd on March 11, 2010, 09:50:33 AM i have a 29f800 apr flashed ecu that i cannot get to erase and/or reflash. i have tried flashing using bootpin and i also desoldered flash and used my external programmer.
reading using bootpin dumps correct file. flashing using bootpin/bench harness results in the software reporting flashing 100% but the data on the ecu being unchanged. at least most of it anyways. the stuff im trying to edit anyways remains unchanged. desoldering and reading in external programmer results in dumping almost all garbage data. trying to program flash says chip must be erased first. erase chip, software reports erase ok. but flashing chip hangs at 50%. i think ok then, erase, resolder to ecu, flash using bootpin. so i resolder to ecu, flash using bootpin, and still data on flash remains unchanged. im thinking i need to solder a blank flash and flash that way, lol. does this make sense to anyone? anyone seen anything like that? Title: Re: ecu that will not erase/reflash. Post by: k0mpresd on March 11, 2010, 12:49:26 PM so upon closer inspection, the software seems to change my readiness byte edits back to stock when the ecu reboots. how does it do this?
Title: Re: ecu that will not erase/reflash. Post by: ArgDub on March 11, 2010, 02:22:44 PM apr changes the maps but the program also, so they can do that thing with the cruise control stalk. It seems to be a trick so you can't change program.
well, all I can think now is that there is a duplicate of readiness table somewhere in dump and ecu restores back to stock when reboots Title: Re: ecu that will not erase/reflash. Post by: k0mpresd on March 12, 2010, 03:21:44 AM well, all I can think now is that there is a duplicate of readiness table somewhere in dump and ecu restores back to stock when reboots this is what im thinking too. i looked for the table but couldnt find it. im not a coder. but this file has be very very interested in wanting to learn some code. i hate being defeated. i even 00'd the dtc table starting somewhere around 107xx. and that was even reverted back to stock after flashing. i think me and ida may become a little closer friends now. anyone want to help me with the code? i would very much like to reverse this file. Title: Re: ecu that will not erase/reflash. Post by: ArgDub on March 12, 2010, 12:20:48 PM have you looked for table byte complement, 2' complement, shift, reverse order... and combinations? I do not think they use a complex encryption. if you send me the file I will try to help.
Title: Re: ecu that will not erase/reflash. Post by: Tony@NefMoto on May 27, 2010, 12:47:54 PM Boot pin flashing should bypass any and all code on the ECU. You talk directly to the CPU hardware and upload your own program into RAM to run. Then this program you upload handles the flashing process. I can't think of anyway that the program on the chip could prevent the boot pin flashing process.
What did you attempt to change? I assume it is more likely that APR relocated some of the data, and you are editing the old unused values. |