tadope
Full Member
Karma: +2/-25
 Offline
Posts: 221
|
 |
« Reply #15 on: January 20, 2022, 12:24:47 PM »
|
|
|
Is it possible to do this in 512kb ecu?
I've searched in S3 1024 file and found "3D 06", if I search the same in my 512kb ecu the value is different
I'm not experienced like others here but I'm 90% sure that 512ecu is always narrowband o2. And 1024ecu is always Wideband. They are very much not interchangeable. If one has things you need then what I do is copy the table data over manually one at a time. |
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #16 on: January 20, 2022, 01:10:45 PM »
|
|
|
I'm not experienced like others here but I'm 90% sure that 512ecu is always narrowband o2. And 1024ecu is always Wideband. They are very much not interchangeable.
If one has things you need then what I do is copy the table data over manually one at a time.
You have no clue what you're on about. Is it possible to do this in 512kb ecu?
I've searched in S3 1024 file and found "3D 06", if I search the same in my 512kb ecu the value is different Of course it's possible. You will have to locate the same code. If you don't know how to disassemble the two files and compare, then you are not going to have any chance. Also this topic was about AMK. |
|
|
|
|
Logged
|
|
|
|
speed69
Newbie
Karma: +1/-0
Offline
Posts: 12
|
 |
« Reply #17 on: January 20, 2022, 02:52:24 PM »
|
|
|
Of course it's possible. You will have to locate the same code. If you don't know how to disassemble the two files and compare, then you are not going to have any chance.
Also this topic was about AMK.
I've attached a screenshot showing what I did (searched in the 512kb bin what is the most similar possible nearest chacacters that have in 1024KB ecu at the addresses you pointed), but i'm really not sure how to properly do the disassemble you mentioned. I'm just a hobbyist not pro a tuner. I've randonly found your post thats why I'm replying here, this mod caugh my attenttion bcs is something that will help me logging with VisualME7logger. by the way its an awesome program! edit: following that logic I've mentioned I found: 512kb ecu
0x59160 - 3D 06 -> CC 00
0x5D88E - 3D 08 -> CC 00
0x5E95C - 3D 03 -> CC 00
|
|
|
|
« Last Edit: January 20, 2022, 03:12:25 PM by speed69 »
|
Logged
|
|
|
|
|
Blazius
|
|
« Reply #18 on: January 20, 2022, 09:31:58 PM »
|
|
|
I've attached a screenshot showing what I did (searched in the 512kb bin what is the most similar possible nearest chacacters that have in 1024KB ecu at the addresses you pointed), but i'm really not sure how to properly do the disassemble you mentioned. I'm just a hobbyist not pro a tuner.
I've randonly found your post thats why I'm replying here, this mod caugh my attenttion bcs is something that will help me logging with VisualME7logger. by the way its an awesome program!
edit: following that logic I've mentioned I found:
Do not attempt this without double checking with disassembly. You gonna change some random thing and brick the ecu or something. |
|
|
|
|
Logged
|
|
|
|
speed69
Newbie
Karma: +1/-0
Offline
Posts: 12
|
|
« Reply #19 on: January 21, 2022, 04:47:34 AM »
|
|
|
Do not attempt this without double checking with disassembly. You gonna change some random thing and brick the ecu or something.
Too late, I've tested in my ECU, no bricks but also no connection with engine running.  Is there any place where I can learn to dissassemble the bin? |
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #20 on: January 21, 2022, 08:29:12 AM »
|
|
|
Is there any place where I can learn to dissassemble the bin? If you need to ask a such question, you will never be capable of it. This is not something you do through a tutorial. You need to: 1. Reverse the current binary 2. Look at the function that is being patched in the binary and what is being done, understand why. 3. Transfer the same modification to your binary. I can tell you already now that the functions in 512k and 1024k are different code wise. I have more than 20 years experience reversing. I do not see that you will get anywhere within a few years of seriously attempting this without a strong IT background, if you even have the brain to do it. Specifically stuff like comms or flashing related code is much more difficult to go through than standard ASW logic, as it also requires knowing the comms standards inside and out, so you have any understanding of what you are looking at. |
|
|
|
« Last Edit: January 21, 2022, 08:31:04 AM by prj »
|
Logged
|
|
|
|
speed69
Newbie
Karma: +1/-0
Offline
Posts: 12
|
|
« Reply #21 on: January 21, 2022, 09:25:58 AM »
|
|
|
If you need to ask a such question, you will never be capable of it. This is not something you do through a tutorial.
You need to:
1. Reverse the current binary
2. Look at the function that is being patched in the binary and what is being done, understand why.
3. Transfer the same modification to your binary.
I can tell you already now that the functions in 512k and 1024k are different code wise.
I have more than 20 years experience reversing. I do not see that you will get anywhere within a few years of seriously attempting this without a strong IT background, if you even have the brain to do it.
Specifically stuff like comms or flashing related code is much more difficult to go through than standard ASW logic, as it also requires knowing the comms standards inside and out, so you have any understanding of what you are looking at.
I have asked about disassembly and started my search in forum and google, got some interesting things (like Andy Whittaker tutorial and script => https://andywhittaker.com/ecu/disassembling-a-bosch-me755-with-ida-pro/ ) but yeah, it is a lot more complex than I imagined when I asked I did what I did because the way you said seem like it was easy to do (search same thing in 512kb file and replace with "CC 00", and bingo!) but its fine if I'm not able to get this solution to my 512kb ecu, good to learn. I still interested in what you have discovered and shared. Thank you anyway! |
|
|
|
|
Logged
|
|
|
|
N01KzMK4
Newbie
Karma: +0/-0
Offline
Posts: 21
|
|
« Reply #22 on: December 20, 2023, 09:38:01 AM »
|
|
|
Im sorry to Highjack this post, but does any one know where i can find these Values on a 032HJ ecu from a MK4 ?
0x3D73E - 3D 06 -> CC 00
0x75C2C - 3D 08 -> CC 00
0x76AFE - 3D 03 -> CC 00
I searched the whole file and they are not there so its def a diferent memory adress
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #23 on: December 20, 2023, 10:23:54 AM »
|
|
|
Im sorry to Highjack this post, but does any one know where i can find these Values on a 032HJ ecu from a MK4 ?
0x3D73E - 3D 06 -> CC 00
0x75C2C - 3D 08 -> CC 00
0x76AFE - 3D 03 -> CC 00
I searched the whole file and they are not there so its def a diferent memory adress
Use VehiCAL logger it is free for VAG ME7 C167 and has an automatic built-in patcher for this, that does it for you on any binary. |
|
|
|
|
Logged
|
|
|
|
N01KzMK4
Newbie
Karma: +0/-0
Offline
Posts: 21
|
|
« Reply #24 on: December 21, 2023, 03:11:42 AM »
|
|
|
Use VehiCAL logger it is free for VAG ME7 C167 and has an automatic built-in patcher for this, that does it for you on any binary.
From my understanding ( i might be wrong) it doesnt work with a cheap blue KKL cable .. mine is an FT232RL chip. ill give it a try anyway |
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #25 on: December 21, 2023, 03:37:24 AM »
|
|
|
From my understanding ( i might be wrong) it doesnt work with a cheap blue KKL cable .. mine is an FT232RL chip.
ill give it a try anyway Tactrix J2534 clones cost about the same as a KKL cable these days on Aliexpress. About 10 EUR incl. shipping. How much cheaper do you need? It costs less than driving 100km lol. |
|
|
|
|
Logged
|
|
|
|
N01KzMK4
Newbie
Karma: +0/-0
Offline
Posts: 21
|
|
« Reply #26 on: December 21, 2023, 05:06:18 AM »
|
|
|
Tactrix J2534 clones cost about the same as a KKL cable these days on Aliexpress. About 10 EUR incl. shipping.
How much cheaper do you need?
It costs less than driving 100km lol.
Noted, I will order one for myself than, reason i said that is because when i do a google search it comes up with cables in the 500-900 euro range. Thank you for your help |
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #27 on: December 21, 2023, 06:10:29 AM »
|
|
|
Noted, I will order one for myself than, reason i said that is because when i do a google search it comes up with cables in the 500-900 euro range.
Thank you for your help I am not sure what you searched for but even an original Tactrix OpenPort cable is around 180 EUR: https://ecutools.eu/chip-tuning/openport-20/I thought about making a J2534 driver for KKL cables, but once I realized that J2534 clones have come down to 10 EUR in price I abandoned that idea. J2534 is a good idea regardless, if you move on to newer ECU's you can still use the cable for logging and flashing. |
|
|
|
|
Logged
|
|
|
|
N01KzMK4
Newbie
Karma: +0/-0
Offline
Posts: 21
|
|
« Reply #28 on: December 23, 2023, 01:12:02 PM »
|
|
|
I am not sure what you searched for but even an original Tactrix OpenPort cable is around 180 EUR: https://ecutools.eu/chip-tuning/openport-20/I thought about making a J2534 driver for KKL cables, but once I realized that J2534 clones have come down to 10 EUR in price I abandoned that idea. J2534 is a good idea regardless, if you move on to newer ECU's you can still use the cable for logging and flashing. My cable arrived today, got a Tactrix Openport 2.0 Rev E for about 26€ off amazon, its transparent body, black board, golden pins ( the better quallity one) as i read a compare between this one and the green board one, already tested it with Vehical and it works, just did an init to check compatibillity but it works, thank you prj both for your sugestion, and for making me7 protocol free, really appreciate it, merry christhmas and happy new year. Already patched my file, ill be doing the config tomorrow and log my car properly Sent from my SM-N9860 using Tapatalk |
|
|
|
|
Logged
|
|
|
|
|
