Note I am not condoning stealing somebody else’s work – but there are some times you many need/want to bypass this “protection” to fix a tune you rightfully own – or – if you’re like me, you don’t like the idea of lots of mechanical interfaces that could potentially fail over time with corrosion/vibration, etc. When you request to read a location, the encryption chip knows where the byte is that you’re looking for, and then reads the alternate location on the flash chip, and sends the data back – the CPU is non the wiser. This “decryption/encryption” process is kind of a misnomer from what I understand, because in most implementations, the encryption chip sits between just jumbles the contents of the flash around – so the data meant to be stored at a particular address is actually intercepted by the encryption chip, and then the chip stores it in a completely different location on the actual flash chip. Note that you can’t use a willem programmer read flash contents that are behind an encryption board (note: you can, but you will just be reading the ENCRYPTED contents of the flash), because the encryption chip waits to detect the ECU booting, before it “unlocks” and starts decrypting the contents of the flash. This hardware device reads/writes to the chip in essentially the same way the processor does – using the electronic interface of the chip and sending the appropriate electronic signals. If you remove the flash from the PCB, you can read/write it using something like this:
#Car ecu flashing software
Since the boot strap loader is loaded by you into RAM, you can bypass any software protection in place to prevent reading the flash memory contents. This does not require the ECU to have a working version of the ME7 firmware on it. This uses the debugging features supported by the processor to load a program into RAM to allow you to read/write the flash memory.
#Car ecu flashing update
Since this uses the protocols in the ME7 firmware to read the flash memory, it is possible to update the protocols to disable reading.īoot mode means using the boot strap loader built into the C166/C167 processor. This is how the dealership flashes the car and it requires the ECU to have a working version of the ME7 firmware.
![car ecu flashing car ecu flashing](https://www.dhresource.com/0x0/f2/albu/g8/M01/D0/53/rBVaV16g7B6AE492AAKRTEsKcSc598.jpg)
Over OBD means using the KWP1281 or KWP2000 protocols supported by the ME7 firmware.
![car ecu flashing car ecu flashing](http://www.obd2store.com/userfiles/a(186).jpg)
However, I believe it also applies to boot mode.
![car ecu flashing car ecu flashing](https://www.tc-performance.com/gfx/blog/43/43.jpg)
When some mention “over OBD” I first thought that meant in-car flashing only. I would like a little clarification on the difference between some of the terms used around flashing ECUs.