pcmhacking.net

Posted: **Mon Feb 12, 2024 11:41 pm**

The silicon is a upd78f0835 nec 78k0 chip. It’s programmed by uart or csi. Can’t find any reasonably priced debugging solutions. I think it’s a simple serial interface… I have an old pc with serial port I think. Then it’s just a few resistors.

Idk what software to use?

Also seems like it’s erase, write only. And read? It has onboard flash only 60k I think. Tried mode 35 reads won’t except, 7f 11 responses. Tried mode 36 upload of two bytes to ram also 7f 11 responses.

Got a positive unlock back with known seed and key.

It’s a vpw gm unit.

Posted: **Tue Feb 13, 2024 12:13 am**

Were you getting 7f 11 11 replies?

Posted: **Tue Feb 13, 2024 12:39 am**

If I sent 6c 60 f0 35 00 10 00 00 80
I got 6c f0 60 35 00 10 00 00 80 11
6c 60 7f 11

I think I’ll try to post up a log

Posted: **Tue Feb 13, 2024 1:03 am**

I was just wondering if there's something wrong with how your sending messages.. For some reason I thought you had typed out that you were trying mode 23 read attempts and I was not familiar with 7f 11 responses for mode 23 request.. my bad..
What hardware/software are you sending the messages with? You are sending the checkbyte at the end?

Posted: **Tue Feb 13, 2024 3:17 am**

Using vpw explorer I assume it sends a check byte? And mongoose pro cable

Posted: **Tue Feb 13, 2024 5:35 am**

You are only bet is to test mode 23 dump 4 bytes at a time.

First unlock module than start dumping here is some example.

If you know the seed/key pair, we can find the algo needed, and I can send you some script for dumping bin to log and convert log to bin.

[11:05:37.620] 6C FE F1 28 00
[11:05:37.636] 6C F1 A2 68 00
[11:05:37.641] 6C F1 10 68 00
[11:05:37.647] 6C F1 29 68 00
[11:05:37.652] 6C F1 1A 68 00
[11:05:37.657] 6C F1 40 68 00
[11:05:37.662] 6C F1 58 68 00
[11:05:37.667] 6C F1 60 68 00
[11:05:37.690] 6C 60 F0 27 01
[11:05:37.673] 6C F1 98 68 00
[11:05:37.678] 6C F1 A0 68 00
[11:05:37.683] 6C F1 A1 68 00
[11:05:37.688] 6C F1 A7 68 00
[11:05:37.694] 6C F1 A6 68 00
[11:05:37.699] 6C F1 C0 68 00
[11:05:37.705] 6C F1 AA 68 00
[11:05:37.724] 6C F0 60 67 01 10 71
[11:05:37.759] 6C 60 F0 27 02 27 B0
[11:05:37.781] 6C F0 60 67 02 34
[11:05:47.908] 8C 60 F0 23 00 00 00 01
[11:05:47.935] 8C F0 60 63 00 00 FA 00 00 02
[11:05:47.935] 6C FE F0 3F
[11:05:47.952] 8C 60 F0 23 00 00 04 01
[11:05:47.979] 8C F0 60 63 00 04 FA 01 04 90
[11:05:47.979] 6C FE F0 3F
[11:05:47.996] 8C 60 F0 23 00 00 08 01
[11:05:48.025] 8C F0 60 63 00 08 FA 00 6A 10
[11:05:48.025] 6C FE F0 3F
[11:05:48.042] 8C 60 F0 23 00 00 0C 01
[11:05:48.067] 8C F0 60 63 00 0C FA 01 0C 90
[11:05:48.067] 6C FE F0 3F
[11:05:48.084] 8C 60 F0 23 00 00 10 01
[11:05:48.112] 8C F0 60 63 00 10 FA 00 00 00

Posted: **Tue Feb 13, 2024 9:31 am**

*****
Log File: C:\AVT_Term\cluster_read2.log
Date: 02-12-2024
Time: 18:29:31
*****

--> 06 00 6C FE F1 28 00
--> 05 00 A8 FF 60 02
--> 05 00 49 FE 60 06
--> 05 00 6C FE F1 3F
--> 06 00 6C 60 F1 27 01
--> 08 00 6C F1 60 67 01 55 55
--> 08 00 6C 60 F1 27 02 AA AA
--> 07 00 6C F1 60 67 02 34
--> 0A 00 6C 60 F1 23 00 00 00 04 01
--> 0C 00 6C F1 60 7F 23 00 00 00 04 01 11
--> 05 00 6C F1 60 60
--> 06 00 6C FE F1 28 00
--> 06 00 6C F1 60 68 00
--> 05 00 6C FE F1 3F
--> 06 00 6C 60 F1 27 01
--> 08 00 6C F1 60 67 01 55 55
--> 08 00 6C 60 F1 27 02 AA AA
--> 07 00 6C F1 60 67 02 34
--> 05 00 6C F1 60 60
--> 07 00 88 EA 60 01 00 00
--> 07 00 88 EA 60 01 00 00
--> 0A 00 6C 60 F1 23 00 00 00 00 01
--> 0C 00 6C F1 60 7F 23 00 00 00 00 01 11
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 07 00 88 EA 60 01 00 00
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 07 00 88 EA 60 01 00 00
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 07 00 88 EA 60 01 00 00
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 07 00 88 EA 60 01 00 00
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 07 00 88 EA 60 01 00 00
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 07 00 88 EA 60 01 00 00
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 06 00 CB EB 60 20 91
--> 06 00 6C FE F1 28 00
--> 05 00 A8 FF 60 02
--> 05 00 49 FE 60 06
--> 05 00 6C FE F1 3F
--> 06 00 6C 60 F1 27 01
--> 08 00 6C F1 60 67 01 55 55
--> 08 00 6C 60 F1 27 02 AA AA
--> 07 00 6C F1 60 67 02 34
--> 0A 00 6C 60 F1 23 00 00 00 08 01
--> 0C 00 6C F1 60 7F 23 00 00 00 08 01 11
--> 05 00 6C F1 60 60
--> 06 00 6C FE F1 28 00
--> 06 00 6C F1 60 68 00
--> 05 00 6C FE F1 3F
--> 06 00 6C 60 F1 27 01
--> 08 00 6C F1 60 67 01 55 55
--> 08 00 6C 60 F1 27 02 AA AA
--> 07 00 6C F1 60 67 02 34
--> 05 00 6C F1 60 60
--> 07 00 88 EA 60 01 00 00
--> 07 00 88 EA 60 01 00 00
--> 0A 00 6C 60 F1 23 00 00 00 10 01
--> 0C 00 6C F1 60 7F 23 00 00 00 10 01 11
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 07 00 88 EA 60 01 00 00
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 07 00 88 EA 60 01 00 00
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 07 00 88 EA 60 01 00 00
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 07 00 88 EA 60 01 00 00
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 07 00 88 EA 60 01 00 00
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 07 00 88 EA 60 01 00 00
--> 06 00 CB EB 60 20 91
--> 05 00 49 FE 60 06
--> 06 00 CB C4 60 20 00
--> 05 00 69 C4 60 38
--> 05 00 69 C4 60 3A
--> 05 00 C9 C4 60 3C
--> 05 00 C9 C6 60 20
--> 05 00 69 C6 60 3A
--> 05 00 C9 C6 60 3C
--> 05 00 C9 DE 60 11
--> 06 00 CB EB 60 20 91

Posted: **Tue Feb 13, 2024 9:37 am**

So far as I know this is the problem:
6C F1 60 7F 23 00 00 00 08 01 11

And from what I know it’s not a wrong address it means that mode is not supported period!

So that sucks similar 6c f1 60 7f 35 xx xx xx xx xx 11
Response trying mode 35!

And 36 can’t seem to make that work either!

Posted: **Tue Feb 13, 2024 9:37 am**

The algoro is 0.

Posted: **Tue Feb 13, 2024 1:17 pm**

Service Used Rq Value Pos rsp Neg resp value

Request Download N/A $34 74 12, 22, 23
Request Upload N/A $35 75 12, 22, 23
Data Transfer N/A $36 76 12, 22, 72, 74, 75, 76, 77, 83, 84, 85, 87, 88, 89, 8A, 8B, F0-FE
Write Data Block X $3B 7 12, 22, 23, 31, 33
Read Data Block X $3C 7C 12, 23, 31
Test Device Present X $3F None 12, 22
Request High Speed Mode N/A $A0 E0 12, 22, 23
Begin High Speed Mode Communication N/A $A1 None 12, 22
Programming Prompt N/A $A2 Any mode required for programming None

pcmhacking.net

2004 to 2012 Colorado and 2006 -10 h3 cluster programming

2004 to 2012 Colorado and 2006 -10 h3 cluster programming

Re: 2004 to 2012 Colorado and 2006 -10 h3 cluster programming

Re: 2004 to 2012 Colorado and 2006 -10 h3 cluster programming

Re: 2004 to 2012 Colorado and 2006 -10 h3 cluster programming

Re: 2004 to 2012 Colorado and 2006 -10 h3 cluster programming

Re: 2004 to 2012 Colorado and 2006 -10 h3 cluster programming

Re: 2004 to 2012 Colorado and 2006 -10 h3 cluster programming

Re: 2004 to 2012 Colorado and 2006 -10 h3 cluster programming

Re: 2004 to 2012 Colorado and 2006 -10 h3 cluster programming

Re: 2004 to 2012 Colorado and 2006 -10 h3 cluster programming