Pages: [1] 2 3 ... 35
Author Topic: 2step & Antilag Auto Add Script. for ME7.X  (Read 190019 times)
edduu
Newbie
*

Karma: +20/-0
Offline Offline

Posts: 17


« on: February 28, 2013, 04:10:54 PM »

thanks that sn00k, maded a step by step line by line what to modify to the setzi62 launch control code, i were available to do a script that will modify all the addresses for you without making it manually.


you must have PHP installed.
you must have in same folder a file called dump.ecu, generated by Me7Info (running Me7Info.exe -n yourecufile.bin)
you must have in same folder your 1mb BIN, called ecu.bin.
run it in CMD: php launch.php

it will generate a ecumod.bin file with the changes.

remember to checksum it before uploading into a car.

https://github.com/edduu/2stepscript

updated: 03/02/2013

download it from github, the file in the attachments its old!!

updated: 02/16/2016

Do not use this file until you read this:

http://nefariousmotorsports.com/forum/index.php?topic=6308.msg69447#msg69447
http://nefariousmotorsports.com/forum/index.php?topic=4721.msg84763#msg84763
« Last Edit: February 16, 2016, 02:04:45 PM by nyet » Logged
nyet
Administrator
Hero Member
*****

Karma: +417/-48
Offline Offline

Posts: 9253


WWW
« Reply #1 on: February 28, 2013, 04:13:57 PM »

Wow. Now that is abuse of php.

Logged

ME7.1 tuning guide (READ FIRST)
ECUx Plot
ME7Sum checksum checker/corrrector for ME7.x

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your experience.
k0mpresd
Hero Member
*****

Karma: +131/-43
Online Online

Posts: 1585


« Reply #2 on: February 28, 2013, 04:18:20 PM »

big thanks.  Smiley
Logged
edduu
Newbie
*

Karma: +20/-0
Offline Offline

Posts: 17


« Reply #3 on: February 28, 2013, 04:19:15 PM »

i would like to learn perl but you know.. i make websites from 8 years ago and its simple effective and make this in another lang would take me the double of time and i already work in something else, few time for do this things, this is like a hobbie XD!
Logged
ddillenger
Hero Member
*****

Karma: +617/-19
Offline Offline

Posts: 5647


« Reply #4 on: February 28, 2013, 04:41:22 PM »

I'm applauding you just because your first post wasn't asking for something, but rather contributing. Good work, and I hope to see this implemented.
Logged

Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your experience!

Email/Google chat:
DDillenger84(at)gmail(dot)com

Email>PM
nyet
Administrator
Hero Member
*****

Karma: +417/-48
Offline Offline

Posts: 9253


WWW
« Reply #5 on: February 28, 2013, 04:42:02 PM »

I'm applauding you just because your first post wasn't asking for something, but rather contributing.

AMEN!
Logged

ME7.1 tuning guide (READ FIRST)
ECUx Plot
ME7Sum checksum checker/corrrector for ME7.x

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your experience.
edduu
Newbie
*

Karma: +20/-0
Offline Offline

Posts: 17


« Reply #6 on: February 28, 2013, 05:04:56 PM »

well i like a lot about reverse engineering, ollydbg, injecting some code even on linux apps, i've a friend great on that also thats here with me all days, just that is my first time that i'm fixing code in a ecu with a unusual proccesor for me like the c166/7, also i've just a clone mpps cable, i've to open the ecu case if i do something wrong for put in boot mode, that if i want start trying injecting code and something goes wrong.. also having gdb in linux and ollydbg on windows is great for debugging and do this stuff easy, but on this ecus i dont know, do you know if there is any tool for debug the ecu while car is running, or at least emulate?


Logged
nyet
Administrator
Hero Member
*****

Karma: +417/-48
Offline Offline

Posts: 9253


WWW
« Reply #7 on: February 28, 2013, 05:09:33 PM »

also i've just a clone mpps cable, i've to open the ecu case if i do something wrong for put in boot mode

You might consider getting a cheap ebay cable and using the nefmoto flashing tool for when you don't brick the ecu too Smiley

Quote
do you know if there is any tool for debug the ecu while car is running, or at least emulate?

None yet.

There are various real time emulators in use, but they are only to emulate the flash, not the ECU itself.

BTW if you get further with c166 reverse engineering, I could use your help with me7sum (see my sig)
Logged

ME7.1 tuning guide (READ FIRST)
ECUx Plot
ME7Sum checksum checker/corrrector for ME7.x

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your experience.
sn00k
Sr. Member
****

Karma: +58/-2
Offline Offline

Posts: 277


« Reply #8 on: March 01, 2013, 04:47:32 AM »

im glad to see people are still working on making it more simple to implement..  Smiley

there are better ways to write LC and NLS routines, but i think this is the simple one where people open their eyes to further possibilities.. Tongue
Logged
ported2flow
Full Member
***

Karma: +2/-0
Offline Offline

Posts: 73


« Reply #9 on: March 01, 2013, 11:49:03 PM »

hi edduu!!

great php app nice work mate...

i just tested the app on an me7.1.1 and it works good so far but i think it modifys wrong ftomn.
just to let you know and maybe others have the same issue and you can fix it in an later release


thank you
Logged
edduu
Newbie
*

Karma: +20/-0
Offline Offline

Posts: 17


« Reply #10 on: March 02, 2013, 01:59:43 AM »

please post your .bin or pm me it, and i will check it out.

i search FTOMN looking for 05 40 54 83 84 B8 C0 C0 C0 80 80 bytes on the bin file, maybe those bytes are different in your ecu. i'm looking for a ecu me 7.1.1 on the forum.
« Last Edit: March 02, 2013, 02:06:13 AM by edduu » Logged
edduu
Newbie
*

Karma: +20/-0
Offline Offline

Posts: 17


« Reply #11 on: March 02, 2013, 02:19:43 AM »

ok, i just downloaded a 2.7T audi me7.1.1 ecu, and the FTOMN is like this:


01A400 : 05 40 54 83 84 B8 C0 C0 C0 80 80 05  40 54 83 84 B8 C0 C0 C0 80 80 05 00 08 05 01 02

as different than the ME 7.5 that i've tested, the array of bytes that i search, is repeated 2 times., the 05 yellow is that is currently searching, i don't know if i have to make the script modify only the last one, try it (modify the green one). just put the 05 on the first occurrence that have been modified to 00, put it back to 05, and the next 05, at 00. it must be the only change that you have to made, the other offsets are well calculated from what i see no errors at finding other offsets.

if with that little modify works, will be the first 2.7T that i see spitting fire from the exhaust with ecu tune only, EuroDyne only have this stuff on a3, jetta's and some S but all 1.8T i think.

if it works will be easy to fix, just a bucle like the one for search the address of the jump to the codecave and done Smiley.


someone can try the script? i had no time to test it on a car yet, but i rechecked all code and might write all bytes ok.

« Last Edit: March 02, 2013, 02:28:19 AM by edduu » Logged
edduu
Newbie
*

Karma: +20/-0
Offline Offline

Posts: 17


« Reply #12 on: March 02, 2013, 03:13:44 AM »

first post updated.

changelog:

- added a simple verify for those who dont put the right names that the script search for.
- after some research, in some post sn00k said: b_brems is named b_br, (brake pedal), in me7info, something that the PDF said, that can be calculated with the B_kuppl.X (mask) -2.. looks like it can get calculated only in some ECUs, and in others is just completely different address and mask, so the script now looks for b_br and their mask from the me7info dump.
- in some ecus (me 7.1.1) the FTOMN array of bytes for find it is repeated 2 times, so i modify now the last one (this mean that they are 2 bytes 05 that can be the address), if it dont works try changing the other 05 value, all the hard part (the 9 lines, 100+ bytes to check and calculate) are already calculated and its something for gratificate and say thanks lol XD.

« Last Edit: March 02, 2013, 03:35:57 AM by edduu » Logged
edduu
Newbie
*

Karma: +20/-0
Offline Offline

Posts: 17


« Reply #13 on: March 02, 2013, 03:23:50 AM »

i dont see where to modify the first post attachments, i can only change the text Sad, here got the one with those improvements explained above.

hope it helps and fix the issues to the users that pmed me.
« Last Edit: March 02, 2013, 03:25:35 AM by edduu » Logged
ported2flow
Full Member
***

Karma: +2/-0
Offline Offline

Posts: 73


« Reply #14 on: March 02, 2013, 06:42:33 AM »

yea edduu i thought the same because there are two times the "05" position..
Logged
Pages: [1] 2 3 ... 35
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.022 seconds with 17 queries. (Pretty URLs adds 0s, 0q)