mkorneyc
Newbie
Karma: +0/-0
Offline
Posts: 10
|
|
« on: October 31, 2019, 06:52:28 AM »
|
|
|
Hello Team, I'm quite a noob in this area, sorry for lame questions from the very beginning. I bought a car (audi a4 b6 1.8 t AMB) and want to play with it by my own. I've never done it before and would be very gratefull for any help possible. The first thing I wanted to start with is Rear O2 Sensor. Firmware is already downloaded using galletto v54, but without eeprom (need to unlock "case" where ECU is located to use boot mode, without it only firmware is available). I read wiki, and not everithing is clear now. So I found few XDFs here, and the thing is ESKONF aria location differs on every XDF, so I cannot be sure that ihis is what I need to modify.. Can anyone point me out how to find what I need int the firmware plz Here is the file attached
|
|
|
Logged
|
|
|
|
fknbrkn
Hero Member
Karma: +186/-24
Offline
Posts: 1456
mk4 1.8T AUM
|
|
« Reply #1 on: October 31, 2019, 07:10:32 AM »
|
|
|
Long story short try to find definition for your software versikn Or crossflash it with well defined one Anyway you can find eskonf by AA FF 00 pattern
|
|
|
Logged
|
|
|
|
mkorneyc
Newbie
Karma: +0/-0
Offline
Posts: 10
|
|
« Reply #2 on: October 31, 2019, 07:42:03 AM »
|
|
|
Long story short try to find definition for your software versikn Or crossflash it with well defined one Anyway you can find eskonf by AA FF 00 pattern
So the best way is to find defenition of 366446 sw? where can I get it?
|
|
|
Logged
|
|
|
|
mkorneyc
Newbie
Karma: +0/-0
Offline
Posts: 10
|
|
« Reply #3 on: October 31, 2019, 07:51:02 AM »
|
|
|
Long story short try to find definition for your software versikn Or crossflash it with well defined one Anyway you can find eskonf by AA FF 00 pattern
Why pattern is AA FF 00? I can find it several times Is data from the wiki inaccurate or not relevant to my block? https://s4wiki.com/wiki/Tuning#Rear_O2_Sensors
|
|
|
Logged
|
|
|
|
mkorneyc
Newbie
Karma: +0/-0
Offline
Posts: 10
|
|
« Reply #4 on: November 01, 2019, 12:40:56 PM »
|
|
|
Can someone point me where to read about hunting for tables/values? Where can I find patterns?
|
|
|
Logged
|
|
|
|
Blazius
|
|
« Reply #5 on: November 01, 2019, 12:43:10 PM »
|
|
|
Just use ESKONF tool if its ME 7.5 , which it is.
|
|
|
Logged
|
|
|
|
mkorneyc
Newbie
Karma: +0/-0
Offline
Posts: 10
|
|
« Reply #6 on: November 01, 2019, 01:00:35 PM »
|
|
|
Thank you Blazius, This tool provided 3 addresses: C:\Users\mkorneyc\Desktop\chip>me7eskonf.exe ./audi_firmware_play
Reading file [./audi_firmware_play] to buffer... Buffer ready... Filesize:1048576 (0x100000)
Searching for ESKONF (Bosch ME7.5) in file: ./audi_firmware_play ## ESKONF_0 (Addr:00011218) -- AA FF 00 30 E3 F8 30 b0:AA ZUE4(95)..:S(10) ZUE3(94)..:S(10) ZUE2(103).:S(10) ZUE1(102).:S(10) ZUE=Ignition coil b1:FF NC........:N(11) NC........:N(11) NC........:N(11) NC........:N(11) b2:00 EV4(89)...:Y(00) EV3(88)...:Y(00) EV2(97)...:Y(00) EV1(96)...:Y(00) EV=Fuel injector b3:30 LSHHK(63).:Y(00) EFLA(48)..:N(11) LDR(104)..:Y(00) TEV(64)...:Y(00) LSHHK=Rear O2, EFLA=Error lamp, LDR=N75, TEV=N80 purgevalve b4:E3 BKV(22)...:N(11) NC(24)....:S(10) AAV(116)..:N(11) MIL(47)...:Y(00) BKV=Brakebooster pump, AAV=Shutoff valve, MIL=OBD lamp b5:F8 NC........:N(11) NC........:N(11) EKP(65)...:S(10) SLP(66)...:Y(00) EKP=Fuel pump, SLP=J299 SAI pump b6:30 ULT(105)..:Y(00) UAGR(114).:N(11) SLV(9)....:Y(00) NWS(115)..:Y(00) ULT=N249 wg valve, UAGR=EGR valve, SLV=N112 SAI relay, NWS=n205 VVT
## ESKONF_1 (Addr:0001121F) -- AA FF 00 30 23 F8 30 b0:AA ZUE4(95)..:S(10) ZUE3(94)..:S(10) ZUE2(103).:S(10) ZUE1(102).:S(10) ZUE=Ignition coil b1:FF NC........:N(11) NC........:N(11) NC........:N(11) NC........:N(11) b2:00 EV4(89)...:Y(00) EV3(88)...:Y(00) EV2(97)...:Y(00) EV1(96)...:Y(00) EV=Fuel injector b3:30 LSHHK(63).:Y(00) EFLA(48)..:N(11) LDR(104)..:Y(00) TEV(64)...:Y(00) LSHHK=Rear O2, EFLA=Error lamp, LDR=N75, TEV=N80 purgevalve b4:23 BKV(22)...:Y(00) NC(24)....:S(10) AAV(116)..:N(11) MIL(47)...:Y(00) BKV=Brakebooster pump, AAV=Shutoff valve, MIL=OBD lamp b5:F8 NC........:N(11) NC........:N(11) EKP(65)...:S(10) SLP(66)...:Y(00) EKP=Fuel pump, SLP=J299 SAI pump b6:30 ULT(105)..:Y(00) UAGR(114).:N(11) SLV(9)....:Y(00) NWS(115)..:Y(00) ULT=N249 wg valve, UAGR=EGR valve, SLV=N112 SAI relay, NWS=n205 VVT
## ESKONF_2 (Addr:00033F7D) -- FF FF 00 F0 3F F0 2C b0:FF ZUE4(95)..:N(11) ZUE3(94)..:N(11) ZUE2(103).:N(11) ZUE1(102).:N(11) ZUE=Ignition coil b1:FF NC........:N(11) NC........:N(11) NC........:N(11) NC........:N(11) b2:00 EV4(89)...:Y(00) EV3(88)...:Y(00) EV2(97)...:Y(00) EV1(96)...:Y(00) EV=Fuel injector b3:F0 LSHHK(63).:N(11) EFLA(48)..:N(11) LDR(104)..:Y(00) TEV(64)...:Y(00) LSHHK=Rear O2, EFLA=Error lamp, LDR=N75, TEV=N80 purgevalve b4:3F BKV(22)...:Y(00) NC(24)....:N(11) AAV(116)..:N(11) MIL(47)...:Y(00) BKV=Brakebooster pump, AAV=Shutoff valve, MIL=OBD lamp b5:F0 NC........:N(11) NC........:N(11) EKP(65)...:Y(00) SLP(66)...:Y(00) EKP=Fuel pump, SLP=J299 SAI pump b6:2C ULT(105)..:Y(00) UAGR(114).:S(10) SLV(9)....:N(11) NWS(115)..:Y(00) ULT=N249 wg valve, UAGR=EGR valve, SLV=N112 SAI relay, NWS=n205 VVT
|
|
|
Logged
|
|
|
|
fknbrkn
Hero Member
Karma: +186/-24
Offline
Posts: 1456
mk4 1.8T AUM
|
|
« Reply #7 on: November 01, 2019, 08:22:09 PM »
|
|
|
again AA FF 00
|
|
|
Logged
|
|
|
|
mkorneyc
Newbie
Karma: +0/-0
Offline
Posts: 10
|
|
« Reply #8 on: November 01, 2019, 11:25:57 PM »
|
|
|
again AA FF 00
I got it. The address I need is 00011218. But why there is similar area starting from 0001121F? The only difference in Brake booster pump bit. Сould it be like that one area relevant to automatic transmission and another to manual? I have auto. If I do not have a pattern (like here AA FF 00) how can I find area in this case? For example how to find KRKTE? Sorry for stupid questions again.
|
|
|
Logged
|
|
|
|
BlackT
|
|
« Reply #9 on: November 02, 2019, 02:53:32 AM »
|
|
|
I got it. The address I need is 00011218. But why there is similar area starting from 0001121F? The only difference in Brake booster pump bit. Сould it be like that one area relevant to automatic transmission and another to manual? I have auto. If I do not have a pattern (like here AA FF 00) how can I find area in this case? For example how to find KRKTE? Sorry for stupid questions again.
Yes there is a two ESKONF, one for manual second for auto. https://youtu.be/nKSe1fPbTlA
|
|
|
Logged
|
|
|
|
Blazius
|
|
« Reply #10 on: November 02, 2019, 05:03:31 AM »
|
|
|
Exactly, 2 versions dont bother with the 3rd. Just change both to the same ( what you wanna code out) and you should be fine. Single value adresses are bit harder to find for newbies, but either you use a similar damos and look where the locations of the maps are , then you go find manually or/and you use IDA to find it in the flash via text and patterns.
|
|
|
Logged
|
|
|
|
|