Pages: [1]
Author Topic: Alfa 156 2.6 V6 0261206168 immo  (Read 4356 times)
nighthunter
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 25


« on: October 14, 2019, 11:11:23 AM »

Hi friends, could someone mod this file to immo off ?
Logged
fluke9
Full Member
***

Karma: +26/-1
Offline Offline

Posts: 113


« Reply #1 on: October 14, 2019, 01:01:27 PM »

Hi friends, could someone mod this file to immo off ?

Wrong forum, there are better forums for things like that, i dont know if it is allowed to link them here.

I did an immo of on a 156 0261204705 ages ago which should be the same hardware,
all i remember is that i based it off a immo off file for the 166 3.0 also with ME2.1.

There where two patterns which included a 0xDA byte which had to be replaced with 0x25.
Or was it 0x25 with 0xDA, i dont remember, but these are the "magic bytes" used on allmost all alfa gasoline ecus to signal IMMO allow/deny.
Logged
nighthunter
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 25


« Reply #2 on: October 15, 2019, 01:43:36 AM »

Thanks.
489C 25 to DA, looks promising i will test it. So there is no need to read and edit the HC711E9?
Logged
fluke9
Full Member
***

Karma: +26/-1
Offline Offline

Posts: 113


« Reply #3 on: October 15, 2019, 04:59:10 AM »

So there is no need to read and edit the HC711E9?

No, immo off works fine without touching the HC711E9 which emulates an eeprom iirc.

What you do is essentially patching the code in the flash from
if (wfsAllow == ALLOWED_0x25)
   allow_start_engine();

to

if (wfsAllow == NOTALLOWED_0xDA)
   allow_start_engine();

The side-effect is that it wont start anymore if the immo is completely ok ;-)
Logged
nighthunter
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 25


« Reply #4 on: October 15, 2019, 11:46:06 AM »

Yes, it works, great!
But i tought that it is too easy just to change the jump condition without having any other integrity/checksum testing done in the code.
Logged
fluke9
Full Member
***

Karma: +26/-1
Offline Offline

Posts: 113


« Reply #5 on: October 16, 2019, 05:59:56 AM »

Yes, it works, great!
But i tought that it is too easy just to change the jump condition without having any other integrity/checksum testing done in the code.

But you should fix up the checksum as it can come up later.
Flash checksum can be done delayed or every X afterruns (when ignition is off and ecu does a few seconds housekeeping)
Logged
nighthunter
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 25


« Reply #6 on: January 10, 2020, 09:30:33 AM »

Hi fluke now we changed the 0261 206 168 ecu with wiring (dual NBO2) completly to 0261204705 due to changing the exhaust piping, but i cant make it work the immo on this one. Could you, please have a look at my file? Ive tried 0x50E0 but this looks to me like a map. Im attaching ori from my flash reader.
Logged
fluke9
Full Member
***

Karma: +26/-1
Offline Offline

Posts: 113


« Reply #7 on: January 11, 2020, 06:35:54 PM »

0x487c from 0x25 to 0xDA should do the trick ;-)
Logged
nighthunter
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 25


« Reply #8 on: January 12, 2020, 03:55:46 AM »

damn.... i cant find the checksum tool ive done it on this old ecu with before,  :-(, i edited the byte could you or some one do me checksum on this file?
Logged
fluke9
Full Member
***

Karma: +26/-1
Offline Offline

Posts: 113


« Reply #9 on: January 12, 2020, 10:35:13 AM »

damn.... i cant find the checksum tool ive done it on this old ecu with before,  :-(, i edited the byte could you or some one do me checksum on this file?

Sorry, dont have any checksum tools for that old ecu anymore.
iirc i ran this for ages without doing the checksum.
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.018 seconds with 17 queries. (Pretty URLs adds 0.001s, 0q)