Pages: [1] 2
Author Topic: MED9info tool (very basic version)  (Read 14293 times)
nubcake
Sr. Member
****

Karma: +53/-4
Offline Offline

Posts: 400


« on: November 19, 2017, 02:24:30 PM »

Here's a small (and very basic) tool I made for my MED9 logger a while ago. It's far from being complete, but I didn't get to work on it for quite a while, so I guess I'll just post it "as is" and maybe it will be useful for someone playing with IDA.

It's a console (cmd) application that takes 2Mb MED9 flash readout, parses it for ECUID and TKMWL and prints out info it found.

EDIT:
Uploaded a new version!
Had to zip it up due to some weird upload bug (was telling me that upload folder is full).
« Last Edit: December 10, 2017, 03:09:31 PM by nubcake » Logged
Khendal
Full Member
***

Karma: +9/-8
Offline Offline

Posts: 226


« Reply #1 on: November 19, 2017, 04:18:38 PM »

Just tried... really thanks Wink
Logged
vwaudiguy
Hero Member
*****

Karma: +53/-37
Offline Offline

Posts: 2024



« Reply #2 on: November 19, 2017, 04:50:02 PM »

Thanks for sharing!
Logged

"If you have a chinese turbo, that you are worried is going to blow up when you floor it, then LOL."
nubcake
Sr. Member
****

Karma: +53/-4
Offline Offline

Posts: 400


« Reply #3 on: December 10, 2017, 03:04:47 PM »

Rolled out a new version. Now 20% more vars! Included some important ones that were missing (like ps_w, etc).
Will eventually get to writing a bit more complicated analysis logic, but for now this will do. Let me know if you find some weirdness.

Did a couple of tests on the available A2L bins - and everything seems to be working as expected. The only known bug is with dual-ECU systems: in those upwg_cw can be picked up as upwg_w, but that essentially doesn't matter, so I didn't bother to fix it. Cheesy
« Last Edit: December 10, 2017, 03:11:50 PM by nubcake » Logged
IamwhoIam
Hero Member
*****

Karma: +52/-115
Offline Offline

Posts: 1070


« Reply #4 on: December 11, 2017, 04:32:22 AM »

Awesome job!!! nmot_w would be helpful, as well as zwout and zwoutakt... thanks for making this tool, I'm loving it already!
Logged

I have no logs because I have a boost gauge (makes things easier)
nubcake
Sr. Member
****

Karma: +53/-4
Offline Offline

Posts: 400


« Reply #5 on: December 11, 2017, 05:23:00 PM »

Awesome job!!! nmot_w would be helpful, as well as zwout and zwoutakt... thanks for making this tool, I'm loving it already!

nmot_w is not included in TKMWL for whatever reason, hence it would require additional code to look specifically for it. However, shouldn't be too hard and will add a lot of convenience, so I'll probably get it done soon'ish. In the meantime you can look for writes to "nmot" in IDA - and nmot_w will be just before one of them. I'd show a picture, but forum won't me upload. Smiley
Logged
HelperD
Full Member
***

Karma: +25/-6
Offline Offline

Posts: 112


« Reply #6 on: December 11, 2017, 05:32:01 PM »

Great share!

If I can help find common markers for you to id more variables please don't hesitate to reach out to me Smiley

Christian
Logged
gt-innovation
Sr. Member
****

Karma: +60/-91
Offline Offline

Posts: 449


« Reply #7 on: December 12, 2017, 04:25:38 AM »

nmot_w is not included in TKMWL for whatever reason, hence it would require additional code to look specifically for it. However, shouldn't be too hard and will add a lot of convenience, so I'll probably get it done soon'ish. In the meantime you can look for writes to "nmot" in IDA - and nmot_w will be just before one of them. I'd show a picture, but forum won't me upload. Smiley

In my tool i found and used this string from the beginning of the file :

39 61 00 00 94 21 FF E8 7C 08 02 A6 4B FF 8F 39

The next 4 bytes after this string is 100% nmot_w in all 2.0l tfsi files.
Logged
Praga
Full Member
***

Karma: +4/-3
Offline Offline

Posts: 62


« Reply #8 on: December 12, 2017, 06:38:43 AM »

Great share !!

Thank you
Logged
focalpoint519
Full Member
***

Karma: +29/-65
Offline Offline

Posts: 148



« Reply #9 on: December 13, 2017, 07:38:18 AM »

Thank you good sir !  Smiley
Logged
superglitch
Jr. Member
**

Karma: +4/-0
Offline Offline

Posts: 45


« Reply #10 on: December 13, 2017, 11:51:42 AM »

This is pretty awesome.  Care to share source code on how you were able to do this?
Logged
bram380
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


« Reply #11 on: January 02, 2018, 10:58:04 AM »

Thank you.

Happy new year !!!
Logged
nubcake
Sr. Member
****

Karma: +53/-4
Offline Offline

Posts: 400


« Reply #12 on: January 18, 2018, 05:46:15 PM »

This is pretty awesome.  Care to share source code on how you were able to do this?

Sorry, no source.
But it's rather primitive. Check FR for documented TKMWL structure. Find out how it's handled in the binary. Code some "hex pattern search". BAM! Smiley
Same goes for ECUID structure parsing.

I was too lazy to implement proper analysis logic for all the "sub-functions" to cover more vars (or some "conditional" vars), but  like mentioned, at some point will probably get to it.

Note that it's only supposed to work for VAG ECUs, since other ME(D)9s will use their own tester communication routines.
Logged
MyTunes
Full Member
***

Karma: +9/-5
Offline Offline

Posts: 83


« Reply #13 on: October 07, 2019, 03:45:28 PM »

Thank you for this!

Did I miss the med9 logger somewhere?
That would be very helpful
Logged
360trev
Full Member
***

Karma: +68/-2
Offline Offline

Posts: 235


« Reply #14 on: November 11, 2019, 04:38:38 AM »

Sorry, no source.
But it's rather primitive. Check FR for documented TKMWL structure. Find out how it's handled in the binary. Code some "hex pattern search". BAM! Smiley
Same goes for ECUID structure parsing.

I was too lazy to implement proper analysis logic for all the "sub-functions" to cover more vars (or some "conditional" vars), but  like mentioned, at some point will probably get to it.

Note that it's only supposed to work for VAG ECUs, since other ME(D)9s will use their own tester communication routines.

Seriously, why not publish the source? I don't really understand this position. After all I am sure you've learned a lot from here and this place is all about learning, sharing with like minded people so they in turn can learn from you. If your only willing to donate binaries it diminishes value considerably.

I strongly urge you to re-consider as there are no major secrets in what you've done, its neat but its such a small piece of code (must be less than a couple of thousand lines its got to be at the stage of being a great learning tool for some...
Logged
Pages: [1] 2
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.036 seconds with 17 queries. (Pretty URLs adds 0s, 0q)