Pages: [1] 2 3
Author Topic: Compare flash bytes with bin file ?  (Read 29487 times)
marcjero
Full Member
***

Karma: +4/-0
Offline Offline

Posts: 58


« on: February 22, 2018, 02:09:09 PM »

Hello,

I would like to know if it's possible to compare the flash content of the ecu with a bin file without actually reading the flash ? I mean using the kwp protocol and without using the boot mode of the ecu.

Thank you.

Envoyé de mon Nexus 4 en utilisant Tapatalk

Logged
nyet
Administrator
Hero Member
*****

Karma: +604/-166
Offline Offline

Posts: 12232


WWW
« Reply #1 on: February 22, 2018, 10:58:29 PM »

Depends on the ecu.

ME7 can do it (Nef uses this technique)

I do not know what others.
Logged

ME7.1 tuning guide (READ FIRST)
ECUx Plot
ME7Sum checksum checker/corrrector for ME7.x

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your experience.
marcjero
Full Member
***

Karma: +4/-0
Offline Offline

Posts: 58


« Reply #2 on: February 23, 2018, 05:56:47 AM »

Ecu is meg 1.0 I think it's similar. Is the mechanism you ate thinking about based on checksum calculations ?

Envoyé de mon Nexus 4 en utilisant Tapatalk

Logged
nyet
Administrator
Hero Member
*****

Karma: +604/-166
Offline Offline

Posts: 12232


WWW
« Reply #3 on: February 23, 2018, 01:00:52 PM »

Ecu is meg 1.0 I think it's similar. Is the mechanism you ate thinking about based on checksum calculations ?

Yes, in fast mode, Nef queries the ECU for checksums of each sector against the local file before deciding whether or not to read/write.
Logged

ME7.1 tuning guide (READ FIRST)
ECUx Plot
ME7Sum checksum checker/corrrector for ME7.x

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your experience.
marcjero
Full Member
***

Karma: +4/-0
Offline Offline

Posts: 58


« Reply #4 on: February 23, 2018, 01:19:05 PM »

Thank you so there is no way to do a real byte to byte comparison right ? I found a PDF on the forum that describes the flashing protocol for me 7 and it looks like what you are saying.
My goal is to hide a remap from outside.  I think I have to make sure that segment checksums calculated after mods are matching the original ones.

Envoyé de mon Nexus 4 en utilisant Tapatalk

Logged
eliotroyano
Hero Member
*****

Karma: +47/-7
Offline Offline

Posts: 796


« Reply #5 on: February 23, 2018, 07:18:24 PM »

My goal is to hide a remap from outside.  I think I have to make sure that segment checksums calculated after mods are matching the original ones.

CVN?Huh
Logged
prj
Hero Member
*****

Karma: +903/-420
Offline Offline

Posts: 5787


« Reply #6 on: February 23, 2018, 07:44:00 PM »

CVN of course.

And what are you going to hide?
One run with the car and a diag log, and done.

On newer ECU's each flash is recorded in EEPROM, and it's read out at the dealer after, you will get flagged regardless of current CVN.
Logged

PM's will not be answered, so don't even try.
Log your car properly.
marcjero
Full Member
***

Karma: +4/-0
Offline Offline

Posts: 58


« Reply #7 on: February 23, 2018, 08:42:09 PM »

Sorry but what does CVN mean ?
My problem is that Europe is introducing deeper OBD checking during the car inspections. They will now automatically check if the ecu software is genuine.

AFAIK they will process this way :
-Get the VIN and the software number from the ecu
-Download the matching bin file
-Compare the ecu firmware with the bin file

Knowing that most ECU are write only by default, I guess they will use the checksum method that should work most of the time.

I agree that a serious analysis (using logger or dumping the ecu in boot mode) will reveal the remap but this will require more knowledge about the car and will cost much more.







Logged
marcjero
Full Member
***

Karma: +4/-0
Offline Offline

Posts: 58


« Reply #8 on: February 23, 2018, 08:50:43 PM »

On newer ECU's each flash is recorded in EEPROM, and it's read out at the dealer after, you will get flagged regardless of current CVN.

Yes that's another issue. Do you know if flashing in boot mode can prevent the flash counter increment ?
Logged
superglitch
Jr. Member
**

Karma: +4/-0
Offline Offline

Posts: 45


« Reply #9 on: February 23, 2018, 10:55:21 PM »

Yes that's another issue. Do you know if flashing in boot mode can prevent the flash counter increment ?

I have heard that on the newest ECU's boot mode access count is recorded, most of the older stuff you'll be fine to do just boot mode.
Logged
superglitch
Jr. Member
**

Karma: +4/-0
Offline Offline

Posts: 45


« Reply #10 on: February 23, 2018, 10:57:29 PM »

Sorry but what does CVN mean ?

Calibration Verification Number

For each ECU type you'll need to figure out the algorithm it uses to calculate the CVN before spitting it out, I would start by checking the basics such as summing or crc.
Logged
marcjero
Full Member
***

Karma: +4/-0
Offline Offline

Posts: 58


« Reply #11 on: February 24, 2018, 04:40:53 AM »

Ok I understood cvn is the checksum of the flash. Cvn is stored on flash and maybe in eeprom as well.

Of course they could just check this value but they seem to verify each block of the firmware. So is it possible to run the kwp checksum calculation function without actually updating the flash ?
Logged
prj
Hero Member
*****

Karma: +903/-420
Offline Offline

Posts: 5787


« Reply #12 on: February 24, 2018, 10:04:24 AM »

Sorry but what does CVN mean ?
My problem is that Europe is introducing deeper OBD checking during the car inspections. They will now automatically check if the ecu software is genuine.

AFAIK they will process this way :
-Get the VIN and the software number from the ecu
-Download the matching bin file
-Compare the ecu firmware with the bin file

I think the sun is closer to the earth than you are to the truth.
The check is simply a CVN check. The testers for the cars are EOBD, they don't have access to ANYTHING regarding ECU firmware or flashing.
It's as simple as reading the CVN from the car and check if this CVN is in the CVN database as an OK or not.
It's not tied to a car, ECU, engine or anything like that, the CVN is unique enough, that it's enough to submit only the CVN. The likelihood of a CVN collision is practically 0.
Logged

PM's will not be answered, so don't even try.
Log your car properly.
woj
Hero Member
*****

Karma: +41/-3
Offline Offline

Posts: 500


« Reply #13 on: February 24, 2018, 12:14:27 PM »

The check is simply a CVN check. The testers for the cars are EOBD

Is there a specific KWP for this? Should I look in the canonical OBD command set?
EDIT: Never mind, found it, OBD PID 09.

As for the preceding discussion:

1. Where is this information about enhanced OBD checks in Europe?

2. A curiosity - on my ME ECU just checking the block crcs increases the flash counter, so I don't think they would be doing that, also for the reason of having to know a specific manufacturer KWP protocol for this, I can hardly see this happening in practice.

« Last Edit: February 24, 2018, 12:16:46 PM by woj » Logged
marcjero
Full Member
***

Karma: +4/-0
Offline Offline

Posts: 58


« Reply #14 on: February 24, 2018, 01:14:00 PM »


1. Where is this information about enhanced OBD checks in Europe?


These OBD operations are part of the new european vehicle inspection (2014/45/UE I think). They claim they are are able to detect any change in the ecu software. They can detect tuning and mods (disabled DPF will be detected as well)
There is not a lot of details about the processing they do but I got an example of possible output :

Code:
[15:30:31] Status : Connecting OK

[15:30:31] Status : S1 OK

[15:30:32] Status : S2 OK

[15:30:35] Status : S3 OK

[15:30:35] Status : R/W Function available

[15:30:35] Status : Device waiting for commands.

[15:30:40] Status : Finding USB Device Status: OK

[15:30:53] Status : Verifying 29F400BT Flash Block 0 OK

[15:31:06] Status : Verifying 29F400BT Flash Block 1 OK

[15:31:19] Status : Verifying 29F400BT Flash Block 2 OK

[15:31:32] Status : Verifying 29F400BT Flash Block 3 OK

[15:31:45] Status : Verifying 29F400BT Flash Block 4 OK

[15:31:58] Status : Verifying 29F400BT Flash Block 5 OK

[15:32:11] Status : Verifying 29F400BT Flash Block 6 NOT OK Emission Law Fraud Detected

[15:32:24] Status : Verifying 29F400BT Flash Block 7 OK

[15:32:37] Status : Verifying 29F400BT Flash Block 8 OK

[15:32:51] Status : Verifying 29F400BT Flash Block 9 NOT OK Emission Law Fraud Detected

[15:32:57] Status : Verifying 29F400BT Flash Block 10 OK

[15:32:57] Status : Device waiting for commands.

This check is done mainly to detect DPF removals. But it will detect any tuning as well. Does it look like a CVN check. I'm confused too.
Logged
Pages: [1] 2 3
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.023 seconds with 16 queries. (Pretty URLs adds 0s, 0q)