Pages: 1 [2] 3
Author Topic: Compare flash bytes with bin file ?  (Read 11036 times)
woj
Sr. Member
****

Karma: +33/-1
Offline Offline

Posts: 455


« Reply #15 on: February 24, 2018, 02:32:47 PM »

If that log has anything to do with any reality, even alternate in somebody's head, the time stamps suggest indeed that this is done by reading the blocks out, the complete block-by-block CRC check should take a couple of seconds in total. Nevertheless, I find all too hard to believe.
Logged
superglitch
Jr. Member
**

Karma: +3/-0
Offline Offline

Posts: 43


« Reply #16 on: February 24, 2018, 04:05:35 PM »

Simply put there’s no way manufacturers are going to share how to read out full data, it will be a simple query to the ecu for the Cal ID and CVN.
Logged
marcjero
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 36


« Reply #17 on: February 24, 2018, 06:26:18 PM »

As I said I'm confused about this. I dont' know if a block CRC can be done in a standardized way. If yes they could do this.

But I find the benefit of block CRC vs simple CVN check is very thin. If a tuner can fake the CVN he will be able to fake the block CRC as well.

Reading the blocks throught OBD won't work for all ECUs. Howerver it would be a killer option as no workaround would be possible then.

So there are 3 options :

-1 CVN check : easy to do but weak
-2 Blocks CRC : more difficult to implement but a bit stronger
-3 Read Blocks : straightforward, very stong but only work for a limited set of ECUs

Code:
[15:30:35] Status : R/W Function available
is interesting as it seems that the ecu is in read/write mode. So it looks like they use option 3.

Another option would be to send the blocks to the ECU and then ask (how ?) the ECU to compare the bytes on it side. This would give similar timestamps. Realistic or not ?
 

I have a question regarding flash and boot mode (ME7) I understand that the EEPROM content is not updated at all when flashing in boot mode. Is it correct ? So there is a problem if CVN has changed right ?









« Last Edit: February 24, 2018, 06:54:50 PM by marcjero » Logged
nyet
Administrator
Hero Member
*****

Karma: +476/-75
Offline Offline

Posts: 10735


WWW
« Reply #18 on: February 24, 2018, 08:28:24 PM »

Interesting. I would like to know more about how CVN is calculated, and if modifying ME7 binaries changes the CVN read by OBD.

Note: my interest is specific to ME7.

In particular, do they have a whitelist of all possible ME7 ECU revisions? I assume crossflashing from similar (stock) ECUs is ok? Or not ok?
Logged

ME7.1 tuning guide (READ FIRST)
ECUx Plot
ME7Sum checksum checker/corrrector for ME7.x

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your experience.
prj
Hero Member
*****

Karma: +349/-74
Offline Offline

Posts: 3911


« Reply #19 on: February 24, 2018, 09:22:45 PM »

Pretty sure someone made that up, or w/e.

They can only check with EOBD standard. Flashing algorithms are manufacturer-specific for every car, and they are not available for third parties either.
Remember, to initiate any checksum checking you need to have seed-key access to the ECU, and that's just not going to happen, it's not information the OEM's have to give out.
The amount of work to make a universal tool that speaks every vehicle specific protocol is unreal too. Just not going to happen, nor is it part of any standard.

Read the ME7 FR on how CVN is calculated and queried, it's all in there.

On any ECU to bypass this, you need to read the original CVN, store it in the binary, and when CVN calc request is sent instead of calculating it, just load RAM values with stored value.
Or you can patch Mode 9 request to answer fixed values instead of actual CVN. Mode 9 is the only thing there is in the ecu's that can be checked universally. Needs a huge database of all possible calibrations, but that is still doable vs. trying to get programming access to each ecu.

Waste of time if you ask me. It will be just worked around, because you are trusting the ECU to tell you something. And ECU is just running code inside it. Those that are implementing this legislation aren't too bright.

Also, all that 2014/45/EU says is that from Euro 6 on gasoline vehicles, they want to use EOBD readiness in place of gas analyzers. Nothing else.
« Last Edit: February 24, 2018, 09:42:34 PM by prj » Logged
woj
Sr. Member
****

Karma: +33/-1
Offline Offline

Posts: 455


« Reply #20 on: February 25, 2018, 02:04:21 AM »

Where is that supposed verification log coming from BTW?

They do check readiness in Sweden where I live, but I have not seen anyone coming anyone near my car with a tester / reader in the Netherlands before I moved (the same car). And I know for sure that in certain other countries this is pure fiction, regardless of what EU directives say. What I would like to know is what is the exact procedure here in Sweden, is it just reading monitor status, or resetting them through DTC clearing and seeing if they behave as expected. I know they leave the device connected for some minutes, but that could as well be incidental / work parallelisation. In any case, all this is done with engine off.

As to how is the CVN calculated, why not check the code? I did for ME7.9.10 (car / ECU is from early 2008), and the only thing I found is that for PID 09 only 00 (goes without saying) and 04 requests are supported. 04 is calibration ID and it sends a fixed SW number from the flash. So no CVN here whatsoever.
Logged
prj
Hero Member
*****

Karma: +349/-74
Offline Offline

Posts: 3911


« Reply #21 on: February 25, 2018, 06:42:34 AM »

CVN is implemented after 2005 MY IIRC.

Also they check readiness monitors with EOBD. Diesel has a readiness monitor for EGR, but not for DPF I think.
Once again, readiness monitors are something the ECU says - and what I've done in the past is replace the service function with my own, that just always says that everything is fine and dandy.
Logged
marcjero
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 36


« Reply #22 on: February 25, 2018, 07:47:21 AM »

They can only check with EOBD standard. Flashing algorithms are manufacturer-specific for every car, and they are not available for third parties either.
Remember, to initiate any checksum checking you need to have seed-key access to the ECU, and that's just not going to happen, it's not information the OEM's have to give out.
The amount of work to make a universal tool that speaks every vehicle specific protocol is unreal too. Just not going to happen, nor is it part of any standard.

Well it looks like the manufacturers are contributing to this. The Diesel Gate helped to convince them. Galletto can flash a large number of ecus so I think they can do similar things with the active help of manufacturers.

Read the ME7 FR on how CVN is calculated and queried, it's all in there.

Where can I find this doc please ?

Or you can patch Mode 9 request to answer fixed values instead of actual CVN. Mode 9 is the only thing there is in the ecu's that can be checked universally. Needs a huge database of all possible calibrations, but that is still doable vs. trying to get programming access to each ecu.

Looks like they already have a database from manufacturers.


Logged
marcjero
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 36


« Reply #23 on: February 25, 2018, 07:54:52 AM »

Where is that supposed verification log coming from BTW?

They do check readiness in Sweden where I live, but I have not seen anyone coming anyone near my car with a tester / reader in the Netherlands before I moved (the same car). And I know for sure that in certain other countries this is pure fiction, regardless of what EU directives say. What I would like to know is what is the exact procedure here in Sweden, is it just reading monitor status, or resetting them through DTC clearing and seeing if they behave as expected. I know they leave the device connected for some minutes, but that could as well be incidental / work parallelisation. In any case, all this is done with engine off.

This is planned to start in France in May. This will be an european inspection. So most verification processes will be common for all EU countries. I think the OBD part will be shared in order to limit costs and to get a simpler relationship with manufacturers. Anyway each country can add its own verifications.
Logged
prj
Hero Member
*****

Karma: +349/-74
Offline Offline

Posts: 3911


« Reply #24 on: February 26, 2018, 10:05:24 AM »

Well it looks like the manufacturers are contributing to this. The Diesel Gate helped to convince them. Galletto can flash a large number of ecus so I think they can do similar things with the active help of manufacturers.
SOURCE?

You're just making shit up as you go, it's getting boring.
Logged
KasperH
Hero Member
*****

Karma: +19/-8
Offline Offline

Posts: 633


« Reply #25 on: February 26, 2018, 02:10:48 PM »


Read the ME7 FR on how CVN is calculated and queried, it's all in there.

Where can I find this doc please ?


FFS.
Logged
marcjero
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 36


« Reply #26 on: February 26, 2018, 02:28:41 PM »

SOURCE?

You're just making shit up as you go, it's getting boring.
Source is a local tuner. I stop boring you now.
Logged
prj
Hero Member
*****

Karma: +349/-74
Offline Offline

Posts: 3911


« Reply #27 on: February 26, 2018, 05:33:45 PM »

Source is a local tuner. I stop boring you now.
Yeah, so you have no source.
Logged
marcjero
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 36


« Reply #28 on: February 26, 2018, 05:51:40 PM »

These informations were shared to me by a well known profesional  tuner. This is all I can say. Probably not enough for you.

I think that a tuner would not warn customer this way without solid reasons. Because he is loosing business saying that.

Let's see what will happen in May. I got answers to my questions. I will keep you updated about the new inspection checks.
Logged
woj
Sr. Member
****

Karma: +33/-1
Offline Offline

Posts: 455


« Reply #29 on: February 27, 2018, 01:42:24 AM »

Because he is loosing business saying that.

The opposite. The crowd of people wanting to remove DPF/EGR and what not is always going to be large (in some countries this is national sport and people budget money for this before they even buy the car), for him it is a reason to charge more for the service claiming he can bypass the check but it needs his magic touch (and this magic for EOBD readiness is really simple, the average customer does not need to know that). And he can charge old customers for fixing their cars before they get "caught". Come to think of it, that's a genius plan Cheesy

Of course, I don't know that particular person so it's a general remark rather than personal, but it does reflect things I have heard of in the "tuning scene".
Logged
Pages: 1 [2] 3
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.024 seconds with 16 queries. (Pretty URLs adds 0s, 0q)