|
Title: ABT riser board Post by: Sandstorm3k on April 13, 2021, 01:03:27 AM A member of my group couldn't get his car flashed, so I told him to come over and i'd help him out.
As I expected there was some sort of riser chip in his ECU, so we already swapped it with a replacement ECU. But this chip did raise my attention, it doesn't look like some basic riser board. The car was officially tuned by the "SEAT dealership" documentary of it is still in the car. On the ECU it has some ABT sticker and inside this "ABT EDaS V3.01". Now it has a few switches and jumpers, i'm wondering if there is anyone who can shed some more light on these? I've tried looking for it but couldn't find any interesting info regarding the chip. Another weird thing; the file that came off it has one un-fixable checksum. ME7SUM also reports it, but can't correct it. I've already checked the bin, seems a pretty garbage tier tune so i've gotten him a better one. Right now i'm really wondering what this board is actually doing and what it can do regarding the jumpers & switches. (It also won't flash in bootmode; as expected) (Sorry if i might have posted this in the wrong section) Title: Re: ABT riser board Post by: nyet on April 13, 2021, 01:36:03 AM literally not worth investigating.
Title: Re: ABT riser board Post by: Sandstorm3k on April 13, 2021, 02:02:57 AM literally not worth investigating. I figured, but still find it an interesting piece of hardware. Will get it desoldered and have a functioning ECU again.Title: Re: ABT riser board Post by: gremlin on April 13, 2021, 02:57:37 AM literally not worth investigating. Still explored 17 years ago. Saved for the history museum :) Title: Re: ABT riser board Post by: gremlin on April 13, 2021, 03:13:12 AM I've already checked the bin, seems a pretty garbage tier tune so i've gotten him a better one. Connect RES pin to GND on riser program connector and read ECU in boot mode. And ... magic done ... you get decrypted binary file. Title: Re: ABT riser board Post by: Sandstorm3k on April 13, 2021, 03:15:28 AM Very interesting stuff, thanks a ton! (As far as i can understand such schemes) so the dip switches are basically telling the board which memory chip is installed.
Weirdly enough I could simply read it through OBD, it just wouldn't let me write it. And this weird checksum which ME7Sum can't correct. (032HN 0002 bin). Edit: still raises the question, why would companies go through all the hassle creating such hardware. While an ME7 ECU in stock form can do all of this. And someone with the right tools could easily desolder this garbage. Title: Re: ABT riser board Post by: gremlin on April 13, 2021, 03:46:48 AM Edit: still raises the question, why would companies go through all the hassle creating such hardware. While an ME7 ECU in stock form can do all of this. And someone with the right tools could easily desolder this garbage. You are asking from a modern point of view. But 20 years ago, little was known to the general public about these ECU capabilities. Tuning companies were just trying to protect themselves from stupid copying of firmware dumps This board has a second purpose. Tuning dealers have a number of "clean" modules that, after being soldered to the client's ECU, can program the encrypted file received from the tuner and cannot duplicate it in other cars. Title: Re: ABT riser board Post by: gremlin on April 13, 2021, 04:05:46 AM (As far as i can understand such schemes) so the dip switches are basically telling the board which memory chip is installed. Dip switch configurate board to emulate flash chip type used in ECU. On the board always soldered 29F800 chip. BTW it's Fujitsu chip and if you transfer it on ECU board that can't be write in boot mode because this chip have manufacturer ID unsupported by ME7.x Title: Re: ABT riser board Post by: prj on April 13, 2021, 04:32:05 AM A kind of master-slave system basically.
Funny how you can just dump the entire thing using DDLI, RequestUpload or ReadMemoryByAddress though. |