|
nubcake
|
 |
« on: November 19, 2017, 02:24:30 PM »
|
|
|
Here's a small (and very basic) tool I made for my MED9 logger a while ago. It's far from being complete, but I didn't get to work on it for quite a while, so I guess I'll just post it "as is" and maybe it will be useful for someone playing with IDA.
It's a console (cmd) application that takes 2Mb MED9 flash readout, parses it for ECUID and TKMWL and prints out info it found.
EDIT:
Uploaded a new version!
Had to zip it up due to some weird upload bug (was telling me that upload folder is full).
|
|
|
|
« Last Edit: December 10, 2017, 03:09:31 PM by nubcake »
|
Logged
|
|
|
|
Khendal
Full Member
Karma: +9/-8
 Offline
Posts: 226
|
|
« Reply #1 on: November 19, 2017, 04:18:38 PM »
|
|
|
Just tried... really thanks  |
|
|
|
|
Logged
|
|
|
|
|
vwaudiguy
|
|
« Reply #2 on: November 19, 2017, 04:50:02 PM »
|
|
|
Thanks for sharing!
|
|
|
|
|
Logged
|
"If you have a chinese turbo, that you are worried is going to blow up when you floor it, then LOL."
|
|
|
|
nubcake
|
|
« Reply #3 on: December 10, 2017, 03:04:47 PM »
|
|
|
Rolled out a new version. Now 20% more vars! Included some important ones that were missing (like ps_w, etc). Will eventually get to writing a bit more complicated analysis logic, but for now this will do. Let me know if you find some weirdness. Did a couple of tests on the available A2L bins - and everything seems to be working as expected. The only known bug is with dual-ECU systems: in those upwg_cw can be picked up as upwg_w, but that essentially doesn't matter, so I didn't bother to fix it.  |
|
|
|
« Last Edit: December 10, 2017, 03:11:50 PM by nubcake »
|
Logged
|
|
|
|
|
IamwhoIam
|
|
« Reply #4 on: December 11, 2017, 04:32:22 AM »
|
|
|
Awesome job!!! nmot_w would be helpful, as well as zwout and zwoutakt... thanks for making this tool, I'm loving it already!
|
|
|
|
|
Logged
|
I have no logs because I have a boost gauge (makes things easier)
|
|
|
|
nubcake
|
|
« Reply #5 on: December 11, 2017, 05:23:00 PM »
|
|
|
Awesome job!!! nmot_w would be helpful, as well as zwout and zwoutakt... thanks for making this tool, I'm loving it already!
nmot_w is not included in TKMWL for whatever reason, hence it would require additional code to look specifically for it. However, shouldn't be too hard and will add a lot of convenience, so I'll probably get it done soon'ish. In the meantime you can look for writes to "nmot" in IDA - and nmot_w will be just before one of them. I'd show a picture, but forum won't me upload.  |
|
|
|
|
Logged
|
|
|
|
HelperD
Full Member
Karma: +25/-6
Offline
Posts: 112
|
|
« Reply #6 on: December 11, 2017, 05:32:01 PM »
|
|
|
Great share! If I can help find common markers for you to id more variables please don't hesitate to reach out to me Christian |
|
|
|
|
Logged
|
|
|
|
|
gt-innovation
|
|
« Reply #7 on: December 12, 2017, 04:25:38 AM »
|
|
|
nmot_w is not included in TKMWL for whatever reason, hence it would require additional code to look specifically for it. However, shouldn't be too hard and will add a lot of convenience, so I'll probably get it done soon'ish. In the meantime you can look for writes to "nmot" in IDA - and nmot_w will be just before one of them. I'd show a picture, but forum won't me upload. In my tool i found and used this string from the beginning of the file : 39 61 00 00 94 21 FF E8 7C 08 02 A6 4B FF 8F 39 The next 4 bytes after this string is 100% nmot_w in all 2.0l tfsi files. |
|
|
|
|
Logged
|
|
|
|
Praga
Full Member
Karma: +4/-3
Offline
Posts: 62
|
|
« Reply #8 on: December 12, 2017, 06:38:43 AM »
|
|
|
Great share !!
Thank you
|
|
|
|
|
Logged
|
|
|
|
focalpoint519
Full Member
Karma: +29/-65
Offline
Posts: 148
|
|
« Reply #9 on: December 13, 2017, 07:38:18 AM »
|
|
|
Thank you good sir ! |
|
|
|
|
Logged
|
|
|
|
superglitch
Jr. Member
Karma: +4/-0
Offline
Posts: 45
|
|
« Reply #10 on: December 13, 2017, 11:51:42 AM »
|
|
|
This is pretty awesome. Care to share source code on how you were able to do this?
|
|
|
|
|
Logged
|
|
|
|
bram380
Newbie
Karma: +0/-0
Offline
Posts: 5
|
|
« Reply #11 on: January 02, 2018, 10:58:04 AM »
|
|
|
Thank you.
Happy new year !!!
|
|
|
|
|
Logged
|
|
|
|
|
nubcake
|
|
« Reply #12 on: January 18, 2018, 05:46:15 PM »
|
|
|
This is pretty awesome. Care to share source code on how you were able to do this?
Sorry, no source. But it's rather primitive. Check FR for documented TKMWL structure. Find out how it's handled in the binary. Code some "hex pattern search". BAM! Same goes for ECUID structure parsing. I was too lazy to implement proper analysis logic for all the "sub-functions" to cover more vars (or some "conditional" vars), but like mentioned, at some point will probably get to it. Note that it's only supposed to work for VAG ECUs, since other ME(D)9s will use their own tester communication routines. |
|
|
|
|
Logged
|
|
|
|
MyTunes
Full Member
Karma: +9/-5
Offline
Posts: 83
|
|
« Reply #13 on: October 07, 2019, 03:45:28 PM »
|
|
|
Thank you for this!
Did I miss the med9 logger somewhere?
That would be very helpful
|
|
|
|
|
Logged
|
|
|
|
360trev
Full Member
Karma: +68/-2
Offline
Posts: 235
|
|
« Reply #14 on: November 11, 2019, 04:38:38 AM »
|
|
|
Sorry, no source. But it's rather primitive. Check FR for documented TKMWL structure. Find out how it's handled in the binary. Code some "hex pattern search". BAM! Same goes for ECUID structure parsing. I was too lazy to implement proper analysis logic for all the "sub-functions" to cover more vars (or some "conditional" vars), but like mentioned, at some point will probably get to it. Note that it's only supposed to work for VAG ECUs, since other ME(D)9s will use their own tester communication routines. Seriously, why not publish the source? I don't really understand this position. After all I am sure you've learned a lot from here and this place is all about learning, sharing with like minded people so they in turn can learn from you. If your only willing to donate binaries it diminishes value considerably. I strongly urge you to re-consider as there are no major secrets in what you've done, its neat but its such a small piece of code (must be less than a couple of thousand lines its got to be at the stage of being a great learning tool for some... |
|
|
|
|
Logged
|
|
|
|
|
