Pages: [1]
Author Topic: Immo functions in flash?  (Read 6081 times)
elRey
Hero Member
*****

Karma: +32/-1
Offline Offline

Posts: 565


« on: March 08, 2012, 08:51:48 PM »

What are the functions in the flash that read/check the immo EEPROM and verify vin?

I'd like to code Vin into flash and check if vin in flash matches vin in EEPROM

Thanks,
Rey
Logged
gremlin
Hero Member
*****

Karma: +196/-9
Offline Offline

Posts: 655


« Reply #1 on: March 10, 2012, 07:06:50 AM »

What are the functions in the flash that read/check the immo EEPROM and verify vin?

I'd like to code Vin into flash and check if vin in flash matches vin in EEPROM

What is your final target? Tuning Anti-copy?
IMHO than it's more easy to patch ECU warm init process with some (VIN or any another special marks) checking routine.
If OK than routine ends with "ret" command, if not OK ends with "srst"
Ecu will be virtually "bricked" (go to endless init loop) - no start, no answer etc...
Logged
elRey
Hero Member
*****

Karma: +32/-1
Offline Offline

Posts: 565


« Reply #2 on: March 10, 2012, 08:01:00 AM »

What is your final target? Tuning Anti-copy?

Yes. But I don't want to disable the vehicle. Maybe just limp mode. I want them to be able to flash it back to stock over OBD.

Has anyone identified the IMMO check in the disassembled code yet? If so, what does it look like so  I know what I'm looking for.

Thanks,
Rey

Logged
gremlin
Hero Member
*****

Karma: +196/-9
Offline Offline

Posts: 655


« Reply #3 on: March 10, 2012, 08:50:02 AM »

Yes. But I don't want to disable the vehicle. Maybe just limp mode. I want them to be able to flash it back to stock over OBD.

Why not a secrect combination of pedals, CCS-switch etc to bypass checking routine?
After that you can rewrite ECU until IGN is on...
Logged
elRey
Hero Member
*****

Karma: +32/-1
Offline Offline

Posts: 565


« Reply #4 on: March 13, 2012, 10:32:59 AM »

I want to copy immo function and set limp mode if vin doesn't match coded vin in flash. Simple.


If someone could point me to the immo function in IDA (sample code from immo3 ecu to search for)  I can start there.

Thanks,
Rey
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.027 seconds with 17 queries. (Pretty URLs adds 0.004s, 0q)