anyone know how to do this properly?

i tried:

boot ecu with bootpin, soldered chip still in place, dump file. bad file.
boot ecu with bootpin with no flash/encryption board, reattach flash/encryption board, dump file.

the second method got what looked to be a good file. but upon closer inspection it was not good. and after flashing the file, the ecu was a brick. guess i should mention i desoldered the pin header and soldered the 29f800 directly to the ecu.

parts of the bootloader (?, hex 0-9fff) were different. so i cut and paste the hex from a stock file. the ecu would boot enough for vagcom to log in but the part # showed as THIS-IS-THE (RAM-PROGRAM). so there were other parts in the file that were no good. i tried a few more copy/paste but gave up after a short while because i just did not have the time to screw with it.

i know its possible to dump a good decrypted file using the encryption board but i had not so much luck with it. i just got a psop44 adapter in the mail today for my programmer so i wasnt able to try that method. is that the only way to get it done?

i think the adapter will help. the data has to be read off the flash decrypted by the ecu. so the encrypted data passes through the board and comes out decrypted. it would be the same as reading it with a programmer. theres some revo patents floating around the internet that talk about it. how thats one of the flaws of the encryption boards.

well its mostly moot at this point. since i i soldered the soldered the psop44 to the ecu and flashed over the "encrypted" tune that was on it.

i need a new soldered ecu to play with.

it was an m box. i did bootpin and reflashed it that way. the ecu is already back in the hands of the customer.

I got a small program called Descrambler that I used a couple of times with great success. its mostly to descramble Superchips, Dimsport, and a couple of other types of files. It can actually scramble the file again after its modified and use the same board again.

@ overspeed :

if you can do a 'in the car' or bench-diagnose-job via vag-com, you can actually get the numbers and software-revision from the ecu.
I've yesterday successfully read-out a socketed (and perhaps also encrypted) chip from a Seat-ecu. This was
done via a home-made ME7 bench-flash-cable, KWP2000+ box and the special version from chiptunawarehouse's ME7 edition
of the kpw2000 software. Took 10 minutes (512Kb chip), and i was expecting garbage, but the file is 100% correct .

@  ktech :  I would like to have a look to that 'Descrambler' program of yours. Would you be so kind to
                PM me abouth it ? Purely for educational purposes ofcourse. I found a list of supported encryptions i think of the
                software-program you mean.

@ k0mpresd  : It's been a while, since we've spoken via email (almost a year). Thanks for the audi-tt ecu-immo-solution.
                    I've got hold of a different programmer for the chip and all is fine and working ! Thanks for that  
                    If you still have that encrypted socket, perhaps i can help you out...

We tried to read an APR chip today, was about to get it to read in boot mode - but the data was not good.

So we removed it:

You could read any of these "encrypted" chips by making a chip reader that will start on the address the MCU requests on a reset and then proceed randomly from there.  None of the encrypted chips I've seen are using very complicated logic devices.  They don't have enough logic to parse the contents of the ROM in order to predict a jump - at the best, they can watch the speed at which requests come and check for too many sequential accesses. 

I have two other projects to finish first then this is next for me.  Hopefully have it done by summertime lol.