GM E38 E67 E40 Kernel/Bootloader Development Extravaganza
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
Looks like theres quite a few people having lots of success (emails and PMs sent to me).
If success/fails/everything be posted here.. that would be great. Much easier for me to answer back one location or keep track of how everyone is going.
If success/fails/everything be posted here.. that would be great. Much easier for me to answer back one location or keep track of how everyone is going.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
-
- Posts: 159
- Joined: Fri Aug 25, 2017 5:28 pm
- cars: liberty gen 5
- Location: Adelaide
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
I've just bought 2 x E38's back to life. (AAKC - 12635862 - serv#12633238)
Both of them had scrambled vins and serial numbers and now they both have them back 100%!!!!!!!!
This was done with a genuine Ford VCM2 pass thru but would no doubt work with Tactrix, MDI, AVDI etc etc
I've attached the file I used to write them with too.
Good work badboy!!!!
Both of them had scrambled vins and serial numbers and now they both have them back 100%!!!!!!!!
This was done with a genuine Ford VCM2 pass thru but would no doubt work with Tactrix, MDI, AVDI etc etc
I've attached the file I used to write them with too.
Good work badboy!!!!
- Attachments
-
- E38 2010.rar
- (663.21 KiB) Downloaded 196 times
-
- Posts: 159
- Joined: Fri Aug 25, 2017 5:28 pm
- cars: liberty gen 5
- Location: Adelaide
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
This is the log from the one I can't get in to. Out of all the bricks I had, this would have been the easiest but so far I've had no luck.
It's definitely not tunerlocked. It was flashed wrong and brought back to life with SPS(Vauxhall/LS2/LS3), but I think that's what scrambled it in the first place. I can load this one up in my paid SPS account and get it to want to start programming with a Holden VIN but choosing Chev out of the drop down list, but it fails. Reprogramming Error E4491 and E4423 - unknown reprogramming error 5 at step 0.
The Vauxhall SPS brought back one of the the other 2 I have earlier today but scrambled the vin and serial number - Tazzi's flasher has now restored that with my 2010 bin file.
[06:30:43:075] Checking if kernel already running
[06:30:43:075] Kernel not running
[06:30:43:090] Requesting VIN..
[06:30:43:106] VIN is: 6G1EK54H98L960615
[06:30:43:106] Requesting Serial..
[06:30:43:121] Serial is:
[06:30:43:121] Requesting OS..
[06:30:43:137] Operating System: 12619078
[06:30:43:137] Detected GM E38
[06:30:58:129] Checking if kernel already running
[06:30:58:269] Kernel not running
[06:30:58:269] Operating System: 12619078
[06:30:58:269] Starting tester present
[06:30:59:439] Disabling DTC Faults
[06:30:59:439] Requesting to disable vehicle chatter
[06:30:59:439] Checking ECU programmed state
[06:30:59:455] Programmed state is: 0x00
[06:30:59:455] Requesting to enter programming mode
[06:30:59:455] Requesting highspeed mode
[06:30:59:470] Performing Security Negotiation
[06:30:59:486] Incorrect key, opening custom key dialog
[06:31:07:085] User cancelled custom key dialog. Exiting read routine.
[06:36:09:132] Opened file: E:\TUNED FILES\VE SS SERIES 2 HENRY\E38 2010.bin
[06:36:15:594] Checking if kernel already running
[06:36:15:761] Kernel not running
[06:36:15:767] Operating System: 12619078
[06:36:15:772] Starting tester present
[06:36:16:875] Disabling DTC Faults
[06:36:16:880] Requesting to disable vehicle chatter
[06:36:16:887] Checking ECU programmed state
[06:36:16:892] Programmed state is: 0x00
[06:36:16:894] Requesting to enter programming mode
[06:36:16:899] Requesting highspeed mode
[06:36:16:903] Performing Security Negotiation
[06:36:16:918] Incorrect key, opening custom key dialog
[06:36:20:097] User cancelled custom key dialog. Exiting write routine.
[06:30:34:510] Initializing Envyous Customs J2534 Scantool
[06:30:34:526] DLL successfully loaded
[06:30:37:490] Connected to Scantool
[06:30:37:505] Firmware: 2.4.73
[06:30:37:505] API: 04.04
[06:30:37:505] DLL: 2.4.73.75
[06:30:37:505] Battery Voltage: 12.925
[06:30:59:470] Requested seed frame: 00,00,07,E8,67,01,10,00,
[06:30:59:470] Module seed is 0x1000
[06:30:59:470] Calculated key is 0x9802
[06:30:59:486] Key response frame: 00,00,07,E8,7F,27,36,
[06:30:59:486] Key Incorrect, Could be tuner locked
[06:36:16:911] Requested seed frame: 00,00,07,E8,67,01,10,00,
[06:36:16:911] Module seed is 0x1000
[06:36:16:911] Calculated key is 0x9802
[06:36:16:917] Key response frame: 00,00,07,E8,7F,27,36,
[06:36:16:918] Key Incorrect, Could be tuner locked
It's definitely not tunerlocked. It was flashed wrong and brought back to life with SPS(Vauxhall/LS2/LS3), but I think that's what scrambled it in the first place. I can load this one up in my paid SPS account and get it to want to start programming with a Holden VIN but choosing Chev out of the drop down list, but it fails. Reprogramming Error E4491 and E4423 - unknown reprogramming error 5 at step 0.
The Vauxhall SPS brought back one of the the other 2 I have earlier today but scrambled the vin and serial number - Tazzi's flasher has now restored that with my 2010 bin file.
[06:30:43:075] Checking if kernel already running
[06:30:43:075] Kernel not running
[06:30:43:090] Requesting VIN..
[06:30:43:106] VIN is: 6G1EK54H98L960615
[06:30:43:106] Requesting Serial..
[06:30:43:121] Serial is:
[06:30:43:121] Requesting OS..
[06:30:43:137] Operating System: 12619078
[06:30:43:137] Detected GM E38
[06:30:58:129] Checking if kernel already running
[06:30:58:269] Kernel not running
[06:30:58:269] Operating System: 12619078
[06:30:58:269] Starting tester present
[06:30:59:439] Disabling DTC Faults
[06:30:59:439] Requesting to disable vehicle chatter
[06:30:59:439] Checking ECU programmed state
[06:30:59:455] Programmed state is: 0x00
[06:30:59:455] Requesting to enter programming mode
[06:30:59:455] Requesting highspeed mode
[06:30:59:470] Performing Security Negotiation
[06:30:59:486] Incorrect key, opening custom key dialog
[06:31:07:085] User cancelled custom key dialog. Exiting read routine.
[06:36:09:132] Opened file: E:\TUNED FILES\VE SS SERIES 2 HENRY\E38 2010.bin
[06:36:15:594] Checking if kernel already running
[06:36:15:761] Kernel not running
[06:36:15:767] Operating System: 12619078
[06:36:15:772] Starting tester present
[06:36:16:875] Disabling DTC Faults
[06:36:16:880] Requesting to disable vehicle chatter
[06:36:16:887] Checking ECU programmed state
[06:36:16:892] Programmed state is: 0x00
[06:36:16:894] Requesting to enter programming mode
[06:36:16:899] Requesting highspeed mode
[06:36:16:903] Performing Security Negotiation
[06:36:16:918] Incorrect key, opening custom key dialog
[06:36:20:097] User cancelled custom key dialog. Exiting write routine.
[06:30:34:510] Initializing Envyous Customs J2534 Scantool
[06:30:34:526] DLL successfully loaded
[06:30:37:490] Connected to Scantool
[06:30:37:505] Firmware: 2.4.73
[06:30:37:505] API: 04.04
[06:30:37:505] DLL: 2.4.73.75
[06:30:37:505] Battery Voltage: 12.925
[06:30:59:470] Requested seed frame: 00,00,07,E8,67,01,10,00,
[06:30:59:470] Module seed is 0x1000
[06:30:59:470] Calculated key is 0x9802
[06:30:59:486] Key response frame: 00,00,07,E8,7F,27,36,
[06:30:59:486] Key Incorrect, Could be tuner locked
[06:36:16:911] Requested seed frame: 00,00,07,E8,67,01,10,00,
[06:36:16:911] Module seed is 0x1000
[06:36:16:911] Calculated key is 0x9802
[06:36:16:917] Key response frame: 00,00,07,E8,7F,27,36,
[06:36:16:918] Key Incorrect, Could be tuner locked
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
oh, must be a recovery seed/key then maybe?? Wonder what the keys is...
shows as 0x1000... yet SPS says its 0000..
Wonder if the key is 0xEFFF.
Glad its working well for you!!!
shows as 0x1000... yet SPS says its 0000..
Wonder if the key is 0xEFFF.
Glad its working well for you!!!
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
-
- Posts: 579
- Joined: Thu Feb 13, 2020 11:32 pm
- cars: Mainly GM trucks, a Cruze and an Equinox for dailys..
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
Works for my bench unit at work!!! Can't wait to get home and try the problematic one.. Nice!! Love how it came up with the save file name for me, excellent..
Looks like the ecu is in recovery but it had 1000 for a seed?? Weird how Tazzi's program comes up with the 0x1000 for seed and gmsps says it's 0000... I'm assuming his program looks to see if it's in recovery?? I thought that was when the seed is 0000 but its already unlocked?
Can you try a tuner lock key of 0000??? or even try 1000...
Looks like the ecu is in recovery but it had 1000 for a seed?? Weird how Tazzi's program comes up with the 0x1000 for seed and gmsps says it's 0000... I'm assuming his program looks to see if it's in recovery?? I thought that was when the seed is 0000 but its already unlocked?
Can you try a tuner lock key of 0000??? or even try 1000...
-
- Posts: 159
- Joined: Fri Aug 25, 2017 5:28 pm
- cars: liberty gen 5
- Location: Adelaide
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
1000 worked. F me. Awesome!!!
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
OK sweet, I'm going to add trying to use the seed as the key in next version.
Very interesting!
Very interesting!
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
Can I get a dump of that ecu? So I can try replicate it on my bench?julespatch wrote:1000 worked. F me. Awesome!!!
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
-
- Posts: 159
- Joined: Fri Aug 25, 2017 5:28 pm
- cars: liberty gen 5
- Location: Adelaide
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
ahh shit sorry, i got halfway thru it and stopped. just wrote straight over the top
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
No stress. I'll add the coding for trying seed as the alternative key anyways, just nice to be able to test and verify
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726