NefMoto

Is there a write-up im not able to find on how to modify the EEPROM/ROM to make it so galleto cant read the rom off the car without going into bootmode? I realize its extra work but if there are posts that talk about how to do it I couldn't find it... Any help would be great and ill figure out the rest. Thanks!

maybe post #14 in this thread is what you want?
http://nefariousmotorsports.com/forum/index.php?topic=7402.msg68438;topicseen#msg68438

I will try this right now. Also, what about changing what the OBD Port sees at the Flash Method from Galletto?

Not what i was looking for. But may be useful for logging or something else. If someone wants to PM me with the information because they dont want it shared here thats fine too... just looking for information on it.

Waste of time, IMO. If somebody wants your code, they'll bootmode it anyway.

In my experience there isn't much anybody has done that is worth protecting (including "pro" tuners).

Just looking for advise on how to change it so Galletto sees a 400BT setting instead of a 800BT which will just cause it to fail anyways. Yes i realize Bootmode will scrape it off. but thats a PITA and if they put that much effort into then fine. Trying to make sure i dont make it as easy as here is a galletto cable just read the rom and send it to me ill figure out what they did. If you have insight that would be great. If not thats fine too. Looks like Tony wrote about it a bit but i havent figured out where that is...

Is it possible to read every tune with boot mode( of course if there is a original 29F800BB)
My friend have tuned car, i only need to read that tune and add 6 gear for cruise control. Is there any chance for brickong ecu while reading, if there is some protection in flash?

not in boot mode. Im just talking about OBDII with no boot mode. I see you can change Seed Keys on 9.1 but in 7.1.1 i cant figure out how to change what is relayed to the software that says memory layout X vs Y. trying though..

The check is done via requestupload and trying to read a higher address.
MPPS uses dynadefine.

If you want to block reading you need to block requestUpload, dynamicallyDefineLocalIdentifier and readMemoryByAddress.
Otherwise it's still possible to read everything.

This will also block ME7Logger.

For non-hybrids there are flash replacement daughterboards which have some logic on reads:
They are more or less intelligent:
One i have come across ages ago just detects if too many addresses are read in a sequential fashion and starts to return return crap,
it can be defeated by writing bootmode code which reads addresses pseudo-randomly.

Others know some more patterns or even check and are harder to defeat.

The simple daughterboards (w/o active logic on them) just rearrange address/data lines

In any case, at this point they're laughably naive; nobody is doing anything that smart that requires protection. And if they are doing something that smart, they don't our need help with disabling OBD reads, rest assured that is a trivial thing for them to do themselves.

Seen those,
but also have seen one which had a cpld or fpga (number was scrubbed off) which really checked that you are not reading x times incrementing the address.
But that was not a ECU which i wanted to dump for RE purposes.

Nevertheless, there are always ways to see what the CPU sees.
 

PRJ I saw you post this on another thread i was trying to re-find to ping you about. How do i go about finding these request calls in the rom... is there something you can point me to that will help get me over the hump? or the  ID's i have many of them for the Rom im working on now.

I have a rom that changes the reading tools  to think its a different chip type and that blocks MPPS / Galletto / and ME7Logger never worked for me on ST10 Roms. Im not looking exactly for a hand out... if you want to help me on the side i would pay you if needed. but im guessing i need to use IDA and breakdown this rom to find the request upload / download and the other portions your talking about. Back to what nyet said at that point idk if i even want to do it...

Rambling so i will stop.

Any help is great, but i understand if the thread goes nowhere as well. :)

Not interested in reversing OBD protocols on 20 year old ECU's really... have more productive things to do.
I told you services that need blocking, get the KWP2000 specs and have at it :P