GM E38 E67 E40 Kernel/Bootloader Development Extravaganza

[Tazzi]

Oh booo, that sucks, sorry. What ecm was that one?

E38

[In-Tech]

I'm sure you have spares

I received my BGA and PQFP flash chips and a couple of those proto boards for the PQFP for sometime.

I hate it when the car fooks up something perfect

[Tazzi]

What makes it ironic, is I was literally going to the car to dump its flash and then pump it into another ecu to test out the cloning in my own car for the slave change ect.

So.. looks like Ill need to first fit and flash a replacement ecu. Throw the old one on the bench to find its key cause thats something random now.

[ironduke]

What makes it ironic, is I was literally going to the car to dump its flash and then pump it into another ecu to test out the cloning in my own car for the slave change ect.

So.. looks like Ill need to first fit and flash a replacement ecu. Throw the old one on the bench to find its key cause thats something random now.

Curious what it was giving you for a seed?? If it was 0000 I am assuming you've already tried just pushing the kernel??

[Tazzi]

What makes it ironic, is I was literally going to the car to dump its flash and then pump it into another ecu to test out the cloning in my own car for the slave change ect.

So.. looks like Ill need to first fit and flash a replacement ecu. Throw the old one on the bench to find its key cause thats something random now.

Curious what it was giving you for a seed?? If it was 0000 I am assuming you've already tried just pushing the kernel??

Tried 0000 and FFFF.

Seed is 88EE.. so I also tried using the seed as the key... but no luck

Ill rip it out tomorrow and replace it. It can be a work in progress tomorrow.

I watched a REALLY cool video today in regards to satellite hacking, can see it here: https://www.youtube.com/watch?v=lhbSD1Jba0Q
It gave me the thought of encrypting to loader though basic operations which surprisingly worked first go.. figured I may run into a watchdog freaking out but works just fine

[Tazzi]

Updated first post with first release (1.0.7400.1501).

It does require a license. I need to pop some more up on the server tomorrow morning, but feel free to pm or message below for one and Ill shoot one through

[Highlander]

What makes it ironic, is I was literally going to the car to dump its flash and then pump it into another ecu to test out the cloning in my own car for the slave change ect.

So.. looks like Ill need to first fit and flash a replacement ecu. Throw the old one on the bench to find its key cause thats something random now.

Curious what it was giving you for a seed?? If it was 0000 I am assuming you've already tried just pushing the kernel??

Tried 0000 and FFFF.

Seed is 88EE.. so I also tried using the seed as the key... but no luck

Ill rip it out tomorrow and replace it. It can be a work in progress tomorrow.

I watched a REALLY cool video today in regards to satellite hacking, can see it here: https://www.youtube.com/watch?v=lhbSD1Jba0Q
It gave me the thought of encrypting to loader though basic operations which surprisingly worked first go.. figured I may run into a watchdog freaking out but works just fine

Try Key same as seed
What happened was that whole area was written with the same word. It should work. key $88EE

[In-Tech]

I watched a REALLY cool video today in regards to satellite hacking, can see it here: https://www.youtube.com/watch?v=lhbSD1Jba0Q
It gave me the thought of encrypting to loader though basic operations which surprisingly worked first go.. figured I may run into a watchdog freaking out but works just fine

The automotive industry is way behind what can be done to secure the car stuff, their creeping up on it. As for the video, what STB uses a 6802 or variant? The popular stuff was using a 68xx variant back in the 90's then moved to a tms370 at end of 90's, st7, st19 etc. Glitching basically makes the cpu see clear bits as it's running through code and if you hit it right while a jump is getting prepared, now a cd6780(example) becomes cd0080 and if your "load" is sitting there it gets executed. A branch, stack, etc. wherever the glitch "lands" during process.

[Tazzi]

Just patching the code since I made a late modification to the licensing which doesnt work with the current released version. Also fixed the version numbering so it will be 1.0.Y.X. Where X is the automated build number and Y will be the increase in version. New release shortly.

[In-Tech]

Just fyi, it doesn't install on winXP 32. https://www.envyouscustoms.com/computer-requirements/