NefMoto

I'm working on a custom ECU flasher for ME7 using Python and pyftdi. My bench setup is solid and verified working with other tools — no issues entering diagnostic sessions or flashing.

✅ What’s Working
FTDI dumb mode properly initiated

SlowInit 5-baud sequence successfully sends 0x01

ECU responds with correct sync bytes: 55 01 8A

ECU ID block and version info are received over KWP1281

Transition to KWP2000 is attempted after sync and ID read

❌ Where It Fails
After sending StartDiagnosticSession (0x10) → 68 6A F0 10, I consistently receive echo responses or partial bytes (e.g., 68 6A F0, or other permutations)

Tried changing the SID from 0x10 to 0x11, adjusting delay before/after sending, and ignoring echo responses

Extended wait time before KWP2000 session and byte-by-byte response monitoring also applied

Still ultimately fails with:
[ERROR] Flash failed: [KWP] ECU did not enter diagnostic session after multiple attempts.

switched to j2534 tactricx and it works man 2 days with that shit ft232rl cable.

FlashCoreCLI>FlashCoreCLI.py -w auto.bin -l ME7_29F800BB
[STATUS] Starting ECU Flash...
  BIN: auto.bin
  Layout: ME7_29F800BB (default)
[J2534] Initializing J2534 interface...
[J2534] Connecting to ECU...
[KWP2000] Starting diagnostic session with J2534...
[TX] 1001
[RX] Simulated receive (waiting for response)...
[SECURITY] Requesting seed (0x27 0x01)...
[TX] 2701
[RX] Simulated receive (waiting for response)...
[SECURITY] No valid seed response
[TX] 3E
[FLASH] Simulated write to ECU using layout: ME7_29F800BB
  Writing block 1/4...
[RX] Simulated receive (waiting for response)...
  Writing block 2/4...
  Writing block 3/4...
  Writing block 4/4...
[TX] 3E
[RX] Simulated receive (waiting for response)...
[J2534] Disconnecting...
[STATUS] Flash successful!

KW1281 handshake is tricky with tactrix though.

Is it faster than nefmoto or mpps?