Ill have to rip off the case on one of these Ford ones and probe the pins to find where the BDM pins go to. BDM is there as a bit of a backup tool to put in the initial flash or recover bad ones. Getting setup with BDM on PPC for things that allow in-circuit debugging is extremely pricey so BDM loses out on both those circumstances. Yeah, would be easier to look in with windows software. I dont believe Holden have read bootloaders so they are custom design.
Recon your spot on though, everything has originated from the manufacturers bootloader.
Rolls wrote:Well most of them would be copying the official bootloaders that the OEM tuning tools use so I figure it is fair game.įair game Makes me laugh, its like a battle of the hackers Regarding copying the custom code, in a legal/copyright sense this is no different from copying the original ford tunes, however personally I would frown on it more as they are making their living from these, ford are making money selling cars, not ECU code. This is how we did it and it is easier than you'd think. OR just load up your scan tool of choice and start logging some PIDs, you then correlate the PIDs to a RAM address and from the RAM addresses find find the routine that stores this value, then you find the table within the ROM very quickly. This could take a few months per platofmr.
#HOW TO USE EFILIVE 7.5 FULL#
Build a full harness and tweak each variable one by one and continuously poke the RAM, then once you find some variables that are known you can start dumping out tables.
#HOW TO USE EFILIVE 7.5 SOFTWARE#
They didn't even do it from scratch, they just hacked IDS to get the secret keys as it was easier to hack Windows software than a PPC with a debugger. I have found the security algorithm, secret keys and the UDS command routine in the Ford ROM but that was with a massive helping hand from that adventures in IO document that gave me some great starting points. Sure you could dump the flash with a BDM but finding the security algorithm is challenging, even more so if you don't even know there is a security algorithm to find in the first place.
#HOW TO USE EFILIVE 7.5 HOW TO#
To actually figure out how to flash one of these vehicles from first principles with no inside knowledge would be very challenging and time consuming if you were not an expert at reverse engineering/cracking, especially if they use security algorithms that require a seed (eg Ford). Well most of them would be copying the official bootloaders that the OEM tuning tools use so I figure it is fair game.
0 kommentar(er)
