Hi there,

I am trying to read a SIM4LE ecu in bootmode. The processor is SAK-C167CS-LM and the flash is AM29F400BB.

I am using this photo as a guide:

The resistor that i am using is 8.2k soldered to ground and the ECU is on the bench.
The cable that i am using is a blue kkl.
The minimon version that i am using is the latest one, 2233.
While the processor is a C167CS-LM i cant find it in the available processors in the minimon so i choose the C167CR one.

The reply that i get from minimon when i try to connect is this:

Can you please help me on that? I am only interested in reading the external flash chip only because the address and data lines are scrambled so reading it using a willem doesnt provide usable data and code.

Regards

You can always remove the chip and read it externally.

You know how to disassemble, but you don't know how to lineswap it back to normal 

Ha!!!

I never said anything like hard "protection"!
The fact that i haven't used minimon before, does that mean that the protection is hard?
And yes of course i know how to add new features in a code, i am doing it the last couple years in motorcycle and other offroad ECUs.


I never said that i dont know how to lineswap it back to normal.
I just wanted to use minimon on this one and read the contents of the ECU that i have in my hands and not a binary that i found somewhere on the internet.
You can also use WinOLS to turn a lineswapped binary back to normal.

And yes i have proper legal versions of both IDApro and WinOLS, since i am a professional and i like using genuine legal tools to help me put food on the family table.

So instead of trying to judge, try to give some help to someone that asks for it.

At the end i desoldered the flash and read it with my batronix.
But i would really like some help on minimom as i would like to make it work with this ECU. If you are willing to help, then please do help. I can give more details on this issue.

Oh and by the way daniel2345, can you please tell me why i dont get any notifications for the replies from this forum? Ah yes i have checked the "Notify me of replies" and the email address is valid. I just thought to ask you since you seem to know a lot...

Now this is the reply that i was expecting in the first place.

Here is how i set the settings in minimon from the disassembly in IDA.

I set the exact same values in the exact same order and here is where i am stuck now.
At first i have to say that i am working on a Win8.1 64 bit system, but results are the same on WinXP also.
Minimon is really slow. The only baud rate that it can communicate is 57600.
After it gets a proper reply from the ECU it starts writing to the system registers. This process is really slow.
When setting the SYSCON it says that it failed to get a reply from the mcu.
On the other registers i get no error but it takes like one minute to set all the registers. I would expect it to do it in a couple seconds but it takes almost a minute, maybe more.
I think that the problem is that i dont pull the P0L4 the correct way. I have tried using a 8k resistor and without a resistor. I pull it down first and then power on the ECU. Minimon can init after a couple tries. Should i pull the P0L4 without a resistor, power on, connect with minimon and let the P0L4 floating? I read the datasheet a few times but it is not really clear to me.

Hello. Now I have SIM4LKE (Have different with SIM4LE) on table. Read OK with Galletto v54 . But I noticed the oddity. If i puldown P0L4 , than  power on the ECU , than try read - i have bad , not correct readed file.
If i puldown P0L4 , than  power on the ECU, than remove pull down - I have normal readed file. For read I use VAG ME7 BOOT MODE 29f800.
But I can not write file. I always have write error  on 1% and have no change in file (i read it after attempwritting) . If I write readed file - all ok