NefMoto

Technical => Reverse Engineering => Topic started by: k0mpresd on January 22, 2013, 09:43:04 PM



Title: med17 immo OFF help
Post by: k0mpresd on January 22, 2013, 09:43:04 PM
so here is an med17.5 full flash with ori eeprom and immo OFF eeprom.
maybe some people can help and find a solution?
i believe eeprom immo is decrypted with otp section from flash.

i also have an edc17cp14 immo OFF flash + e2p.
i flashed my spare ecu with the flash (tprot patch applied) and e2p OFF file but the ecu did not boot correctly. canbus communicated but dtc check reported errors and other parts (coding, ect) were not accessible via vcds. so it seems apparent each OFF file is tied to otp area.


Title: Re: med17 immo OFF help
Post by: Gonzo on January 23, 2013, 04:29:37 PM
You can't take the dump off one ECU and just flash it over another ECU.

There is OTP sectors...


Title: Re: med17 immo OFF help
Post by: k0mpresd on January 23, 2013, 04:40:57 PM
thanks for the heads up.
my main point of doing that was to see if the tprot patch allowed it to happen.


Title: Re: med17 immo OFF help
Post by: Gonzo on January 24, 2013, 06:38:49 AM
It seems that IMMO data in the flash is now stored on one (or more) OTP sector(s) so you can't change it.
I've tried already.


Title: Re: med17 immo OFF help
Post by: Rick on January 25, 2013, 02:23:20 PM
It is possible,

but solutions are currently around £300


Title: Re: med17 immo OFF help
Post by: k0mpresd on January 25, 2013, 03:14:54 PM
It is possible,

but solutions are currently around £300

yes, which was my main point of releasing a solution. to see if it could become a little more open.
i honestly dont mind paying for things but at least make it reasonable.
im not paying $400usd just to have an ecu i never use immo defeated. $200 maybe, but not $400.  :)

on a side note, i read cmd can write the otp sectors. dera said there are no physical otp sectors on the flash.
i believe its just a register that keeps them locked. there must be a way to defeat it and unlock them.


Title: Re: med17 immo OFF help
Post by: Gonzo on January 28, 2013, 08:24:31 PM
on a side note, i read cmd can write the otp sectors. dera said there are no physical otp sectors on the flash.
i believe its just a register that keeps them locked. there must be a way to defeat it and unlock them.
That's some f**cking good news if its true