SaldoS4
Newbie
Karma: +0/-0
 Offline
Posts: 12
|
 |
« Reply #435 on: March 24, 2015, 04:06:04 AM »
|
|
|
Of course I first tried this addr just after CS 0xFF area - not worked, and then later I have manually moved func to the address F0030, but its not worked too..
but I found another file on the other TT which also does not work. Its 018BB file. the launch program has placed everything at the right addresses, but its no effect
launch 018BB.bin 018BB.ecu >D:\res.txt
finding tsrldyn...
found: 380BE5
finding vfil_w...
found: 381C8C
finding nmot_w...
found: 00F8A4
finding wped...
found: 3809C2
finding tmotlin...
found: 3848A2
finding B_kuppl (clutch pedal)...
found: 00FD4C.8
finding b_br (brems), brake pedal...
found: 00FD4C.4
Memory Layout: 29F800 Found
Found usable status flag variable at 0x00FDc2
FTOMN found: 1a51d
FTOMN IS: 05
FTOMN CHANGED TO 0x00
Finding a good space for Main Function..
space located at: 0xb46a0
Finding a good space for launch control configuration variables..
space located at: 0x17770
using 0x384FF0 for NLS Counter variable
Finding the offset for call to the code cave..
call will be located at: 0xb09a6
Writing lines of code
code writed successfully to 018BB_mod.bin!!
REMEMBER TO MAKE CHECKSUMS BEFORE YOU PUT THIS FILE,
CHECKSUMS ARE NOT CALCULATED ON THIS FILE
since this file has rsa code parts i have changed the Counter addr to 386000 - no effect. And this second TT car no sense to this changes of Launch implementations. And all variables here are takes their states as it should be, but nothing
If someone can test this files on your own car please post results here
|
|
|
|
« Last Edit: March 24, 2015, 03:59:13 PM by SaldoS4 »
|
Logged
|
|
|
|
maZer.GTi
Full Member
Karma: +68/-6
Offline
Posts: 246
|
|
« Reply #436 on: March 24, 2015, 07:44:41 PM »
|
|
|
Of course I first tried this addr just after CS 0xFF area - not worked, and then later I have manually moved func to the address F0030, but its not worked too..
but I found another file on the other TT which also does not work. Its 018BB file. the launch program has placed everything at the right addresses, but its no effect
launch 018BB.bin 018BB.ecu >D:\res.txt
finding tsrldyn...
found: 380BE5
finding vfil_w...
found: 381C8C
finding nmot_w...
found: 00F8A4
finding wped...
found: 3809C2
finding tmotlin...
found: 3848A2
finding B_kuppl (clutch pedal)...
found: 00FD4C.8
finding b_br (brems), brake pedal...
found: 00FD4C.4
Memory Layout: 29F800 Found
Found usable status flag variable at 0x00FDc2
FTOMN found: 1a51d
FTOMN IS: 05
FTOMN CHANGED TO 0x00
Finding a good space for Main Function..
space located at: 0xb46a0
Finding a good space for launch control configuration variables..
space located at: 0x17770
using 0x384FF0 for NLS Counter variable
Finding the offset for call to the code cave..
call will be located at: 0xb09a6
Writing lines of code
code writed successfully to 018BB_mod.bin!!
REMEMBER TO MAKE CHECKSUMS BEFORE YOU PUT THIS FILE,
CHECKSUMS ARE NOT CALCULATED ON THIS FILE
since this file has rsa code parts i have changed the Counter addr to 386000 - no effect. And this second TT car no sense to this changes of Launch implementations. And all variables here are takes their states as it should be, but nothing
If someone can test this files on your own car please post results here
Try this and report please. Im running this ecu on my car since half year without problems of rsa or something. |
|
|
|
« Last Edit: March 24, 2015, 07:47:15 PM by maZer.GTi »
|
Logged
|
|
|
|
SaldoS4
Newbie
Karma: +0/-0
Offline
Posts: 12
|
|
« Reply #437 on: March 26, 2015, 05:09:44 PM »
|
|
|
You are using another way to addressing tmotlin.. Ok. Thank you. I will try it.
But why launch implementation via launch.php have movb word_384FF0, rl4 instead of mov word_384FF0, r4 ? or it is the same i think
|
|
|
|
« Last Edit: March 26, 2015, 05:14:03 PM by SaldoS4 »
|
Logged
|
|
|
|
maZer.GTi
Full Member
Karma: +68/-6
Offline
Posts: 246
|
|
« Reply #438 on: March 27, 2015, 06:10:35 AM »
|
|
|
You are using another way to addressing tmotlin.. Ok. Thank you. I will try it.
But why launch implementation via launch.php have movb word_384FF0, rl4 instead of mov word_384FF0, r4 ? or it is the same i think
Not the same. movb will only store 8bit. Try and Report  |
|
|
|
|
Logged
|
|
|
|
SaldoS4
Newbie
Karma: +0/-0
Offline
Posts: 12
|
|
« Reply #439 on: March 27, 2015, 03:59:52 PM »
|
|
|
Not the same. movb will only store 8bit. Try and Report i know, i mean the same in this implementation - low byte of counter or a word of counter/ If counter <255, this is the same Thanks mazer! your code works! it seems what tmotlin addressing in launch programm are wrong... |
|
|
|
|
Logged
|
|
|
|
|
gt-innovation
|
|
« Reply #440 on: March 28, 2015, 01:41:14 PM »
|
|
|
Try this and report please.
Im running this ecu on my car since half year without problems of rsa or something.
I think this sw version does not have the rsa algo as others do...For example new binaries with rsa contain this hex values c1 47 fc 10 00 8d eb 98 60 db 00 xx xx xx xx And in those versions the older code that was described in the pdf has the same problems as the php launch exe or the tool i made for injection. http://nefariousmotorsports.com/forum/index.php?topic=7794.msg72719#msg72719 |
|
|
|
|
Logged
|
|
|
|
|
sonique
|
|
« Reply #441 on: June 20, 2015, 08:50:33 AM »
|
|
|
hello any one help me why not working this file lc scrip ? not hold rpm limit and not need clutch  ecu file create some error sorry my english not very good thanks launch.exe "Seat leon cupra 1.8T 180HP 06A906032T 026
1206545 352761.ori.bin" seat.ecu
finding tsrldyn...
found: 380D2F
finding vfil_w...
found: 380DB2
finding nmot_w...
found: 00F876
finding wped...
found: 380AC2
finding B_kuppl (clutch pedal)...
found: 00FD4A.9
finding b_br (brems), brake pedal...
found: 00FD4A.5
Memory Layout: 29F400 Found
FTOMN found: 165c1
FTOMN IS: 05
FTOMN CHANGED TO 0x00
Finding a good space for Main Function..
space located at: 0x7d6c0
Finding a good space for launch control configuration variables..
space located at: 0x178b0
using 0x384FF0 for NLS Counter variable
Finding the offset for call to the code cave..
call will be located at: 0x7c098
Writing lines of code
code writed successfully to Seat leon cupra 1.8T 180HP 06A906032T 0261206545 352
761.ori_mod.bin!!
REMEMBER TO MAKE CHECKSUMS BEFORE YOU PUT THIS FILE,
CHECKSUMS ARE NOT CALCULATED ON THIS FILE
ME7Info.exe "Seat leon cupra 1.8T 180HP 06A906032T 0261206
545 352761.ori" -o seat.ecu
read 1116 map entries
mapped 198 aliases
matchOpcode(0, D74XXXXX) out of bounds
Error: getOpc(0) out of range
get_dpp_addr(1) out of bounds
written 571 definitions
written output to file seat.ecu |
|
|
|
|
Logged
|
|
|
|
|
SB_GLI
|
|
« Reply #442 on: June 25, 2015, 10:48:44 AM »
|
|
|
Edit: Throttle body was bad.
|
|
|
|
« Last Edit: June 27, 2015, 03:51:15 PM by SB_GLI »
|
Logged
|
|
|
|
madeindk
Jr. Member
Karma: +1/-2
Offline
Posts: 42
|
|
« Reply #443 on: June 29, 2015, 03:37:17 AM »
|
|
|
Why is this so hard to do on med9.1?
|
|
|
|
|
Logged
|
|
|
|
|
ddillenger
|
|
« Reply #444 on: June 29, 2015, 04:46:32 AM »
|
|
|
Why is this so hard to do on med9.1?
It's not. |
|
|
|
|
Logged
|
Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your experience!
Email/Google chat:
DDillenger84(at)gmail(dot)com
Email>PM
|
|
|
madeindk
Jr. Member
Karma: +1/-2
Offline
Posts: 42
|
|
« Reply #445 on: June 29, 2015, 10:18:51 PM »
|
|
|
It's not.
Well.. Someone told me i have to disassemble a me7 and med9, before i will get it to work. I couldnt just use winols, and would never learn it, with looking at maps. I could not use the me7 method. Thats.. Not great news. |
|
|
|
|
Logged
|
|
|
|
|
ddillenger
|
|
« Reply #446 on: June 29, 2015, 10:21:46 PM »
|
|
|
Crawl--->Walk--->Run
|
|
|
|
|
Logged
|
Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your experience!
Email/Google chat:
DDillenger84(at)gmail(dot)com
Email>PM
|
|
|
madeindk
Jr. Member
Karma: +1/-2
Offline
Posts: 42
|
|
« Reply #447 on: June 29, 2015, 10:26:23 PM »
|
|
|
Crawl--->Walk--->Run
 So what you are saying is, disassemble and then i can run? |
|
|
|
|
Logged
|
|
|
|
madeindk
Jr. Member
Karma: +1/-2
Offline
Posts: 42
|
|
« Reply #448 on: June 30, 2015, 05:38:07 PM »
|
|
|
Wonder if its possible to code some useful for this in c or c++.
I could definitely code it, but im not quite sure, if its possible to convert it
|
|
|
|
|
Logged
|
|
|
|
chora
Newbie
Karma: +0/-0
Offline
Posts: 16
|
|
« Reply #449 on: July 04, 2015, 03:41:27 AM »
|
|
|
I have tried in rs4 file with no sucesso
Any guess ir help apreciated
Thanks
|
|
|
|
|
Logged
|
|
|
|
|
