|
Title: Cloning Simos 18.1 Post by: golfather on February 08, 2022, 05:37:36 AM Hi is there any tools recommended that could clone a Simos 18.1 on the bench?
PCM Flash does not support it for now :( Thanks Title: Re: Cloning Simos 18.1 Post by: birchbark506 on February 08, 2022, 06:02:48 AM no bench for this ecu only boot. i use flex master from mms to read and write these
Title: Re: Cloning Simos 18.1 Post by: ktm733 on February 08, 2022, 07:08:49 AM Can you simply read ecu in boot mode, and trasnfer it to another ecu? No problems?
Title: Re: Cloning Simos 18.1 Post by: H2Deetoo on February 08, 2022, 07:23:12 AM No, as with other ecu's like EDC, PCR, Simos12 the important info is stored encrypted with a key unique to each MCUID.
So in order to clone you first need to decrypt it all using the old MCUID, then re-encrypt it based on the new MCUID. After that a bunch of checksums need to be corrected, which seems to be a PIA for Simos18 :( Regards, H2Deetoo Title: Re: Cloning Simos 18.1 Post by: EanDem on February 08, 2022, 08:27:03 AM Hi is there any tools recommended that could clone a Simos 18.1 on the bench? No cloning for this ECU possible. Use Immo of patch or hardware solutios or just do CP/IMMO via Odis.PCM Flash does not support it for now :( Thanks Title: Re: Cloning Simos 18.1 Post by: IamwhoIam on February 08, 2022, 08:33:54 AM Cloning IS possible but only in boot mode.
Title: Re: Cloning Simos 18.1 Post by: d3irb on February 08, 2022, 09:26:12 AM Cloning IS possible but only in boot mode. And again, you can't just straight clone the data across, and as far as I know there's no commercial tool that supports this. Much easier to just code-patch for Immo off, emulate Immo, adapt Immo, or use one of the commercial tools that can edit Immo data than a full clone. H2DeeToo posted the full details already, but since people don't seem to read - Simos has a few cloning protections: * The chip ID is stored in OTP flash memory and compared in many places, so you can't easily change the chip ID with a patch (there is a trick to this but then you run into some other issues). * The chip ID is used to derive the encryption key for the DFlash protected channels. * The chip ID is used to derive an HW ID value which is stored in a DFlash channel. * The DFlash channels are also protected by several layers of CRC16, including CRC incorporating hidden ("nonce") material specific to the ECU. To fully clone an S18, you would need to: Read the full flash and DFlash from the donor ECU, decrypt all of the protected DFlash channels using the donor ECU's HW ID, fix the HW ID channel, re-encrypt the DFlash channels using the target ECU's HW ID, and then recalculate all DFlash checksums using the new encrypted data and the new CRC nonce. With how many easier ways Immo and flash counter can be changed, there is not much point. Title: Re: Cloning Simos 18.1 Post by: ktm733 on February 09, 2022, 07:53:40 AM No cloning for this ECU possible. Use Immo of patch or hardware solutios or just do CP/IMMO via Odis. Thanks for the straight answer. I will try Odis today, if not I will immo off and call it a day. Thanks for the help. Title: Re: Cloning Simos 18.1 Post by: IamwhoIam on February 09, 2022, 08:31:45 AM And again, you can't just straight clone the data across, and as far as I know there's no commercial tool that supports this. Much easier to just code-patch for Immo off, emulate Immo, adapt Immo, or use one of the commercial tools that can edit Immo data than a full clone. H2DeeToo posted the full details already, but since people don't seem to read - Simos has a few cloning protections: * The chip ID is stored in OTP flash memory and compared in many places, so you can't easily change the chip ID with a patch (there is a trick to this but then you run into some other issues). * The chip ID is used to derive the encryption key for the DFlash protected channels. * The chip ID is used to derive an HW ID value which is stored in a DFlash channel. * The DFlash channels are also protected by several layers of CRC16, including CRC incorporating hidden ("nonce") material specific to the ECU. To fully clone an S18, you would need to: Read the full flash and DFlash from the donor ECU, decrypt all of the protected DFlash channels using the donor ECU's HW ID, fix the HW ID channel, re-encrypt the DFlash channels using the target ECU's HW ID, and then recalculate all DFlash checksums using the new encrypted data and the new CRC nonce. With how many easier ways Immo and flash counter can be changed, there is not much point. all this blah blah blah but who's talking about commercially available tools to do so? I have said it IS possible, not that there are commercially available tools out there that do it, have I? Title: Re: Cloning Simos 18.1 Post by: shanky887614 on May 01, 2022, 07:58:31 AM aarkomander can copy the immo data from a bdm/boot read from the old to the new ecu
https://aarkkom.com/ there are other tools that can do it as well but this tool seems to be my goto tbh for transfering immo data on ecu's |