NefMoto

so here is an med17.5 full flash with ori eeprom and immo OFF eeprom.
maybe some people can help and find a solution?
i believe eeprom immo is decrypted with otp section from flash.

i also have an edc17cp14 immo OFF flash + e2p.
i flashed my spare ecu with the flash (tprot patch applied) and e2p OFF file but the ecu did not boot correctly. canbus communicated but dtc check reported errors and other parts (coding, ect) were not accessible via vcds. so it seems apparent each OFF file is tied to otp area.

You can't take the dump off one ECU and just flash it over another ECU.

There is OTP sectors...

thanks for the heads up.
my main point of doing that was to see if the tprot patch allowed it to happen.

It seems that IMMO data in the flash is now stored on one (or more) OTP sector(s) so you can't change it.
I've tried already.

It is possible,

but solutions are currently around £300

yes, which was my main point of releasing a solution. to see if it could become a little more open.
i honestly dont mind paying for things but at least make it reasonable.
im not paying $400usd just to have an ecu i never use immo defeated. $200 maybe, but not $400.  :)

on a side note, i read cmd can write the otp sectors. dera said there are no physical otp sectors on the flash.
i believe its just a register that keeps them locked. there must be a way to defeat it and unlock them.

That's some f**cking good news if its true